New Study May Hold Key to Blocking Spam

Ninety percent of the illicit Web sites using spam to generate traffic are clustered on only 2.5 percent of the registrars accredited by the Internet Corporation for Assigned Names and Numbers, making the spam problem seem almost manageable.

A recent report by security software maker Symantec reveals thatspam accounted for an average of 80 percent of traffic hittinge-mail gateways in April, spiking as high as 87 percent at times.That is a daunting figure, but Garth Bruen of KnujOn looks at theproblem in a different way.

According to a study being presented this week by KnujOn to theHigh Technology Crime Investigation Association, 90 percent of theillicit Web sites using spam to generate traffic are clustered onjust 20 registrars — that is only 2.5 percent of the 800registrars accredited by the Internet Corporation for AssignedNames and Numbers.

That can make the spam problem seem almost manageable.

“What is shocking is how concentrated this problemis,” said Bruen, founder of the anti-spam service.“Most providers are playing by the rules. The ones that arenot adhering to policy are wreaking the most havoc across theWeb.”

The Ohio chapter of the High Tech Crime InvestigationAssociation is holding its spring training conference at LakelandCommunity College in the Cleveland suburb of Kirtland.

KnujOn, is an online subscription service whereusers can send their spam and other unwanted e-mail, which it usesto take the offending sites offline. KnujOn — that’s“no junk” spelled backward — doesn’t attackthe sites directly. It takes advantage of the policies of serviceproviders and site hosts that prohibit spam and deceptivepractices. It uses a policy enforcement engine with forensics toolsto sort through thousands of samples of unwanted e-mail to profilefraud operations so they can be shared with law enforcementagencies, financial institutions and service providers. “Wefill out the paperwork automatically and follow through on theprocess,” Bruen said.

The service claims to have shut down more than 50,000 sites sofar, and by focusing on the relatively small number of sites thatbenefit from spam, Bruen hopes to take the economic incentive outof the insidious practice.

The botnets — networks of compromised computers controlledby hacker — that send the spam are huge in number, but themore important targets are the actual landing sites advertised inthe spam messages. A botnet of hundreds of thousands of computersmight generate millions of e-mail messages in a blast. But the spammessages might carry links to only several hundred URLs. The URLsare often redirects that boil down to fewer real domains, and 90percent of these domains are controlled by just 20 registrars.

“So lots of senders [are] sending lots of messages herdingvictims into a very small corral,” Bruen said. “Thissituation raises interesting questions about who benefits from thesale of junk products and services or who allows these activitiesto persist.”

-- William Jackson