YOU ARE HERE: LAT HomeCollections

Spam entangles e-mail users as it proliferates on the Web

Unwanted messages (think male enhancement pills) account for 93% of the more than 200 billion e-mails that clog inboxes daily. And that's despite ever-evolving security measures thrown at spammers.

September 23, 2009|DAVID LAZARUS

It's the sort of spam that gets your attention: an e-mail showing a topless woman offering drugs that promise to enhance a man's sexual prowess, illustrated with very naughty before-and-after photos.

One such e-mail, ostensibly from a Canadian pharmacy, arrived in Beverly Hills resident Tom Hayostek's AOL inbox in July. He ignored it, figuring that would prompt the spammer to go elsewhere.

It didn't.

Since then, Hayostek, 51, said he's received multiple versions of the spam message every day -- more than 200 so far. Tuesday morning was no exception.

He's complained to AOL. He's complained to the Federal Trade Commission, the Federal Communications Commission, the California attorney general and his elected representatives.

Each said they sympathize with Hayostek's plight but can't do anything.

"I feel like I've been left hanging out to dry," he told me. "It's like I'm being cyber-terrorized every day in my own house, and no one can help me."

In fact, the so-called Canadian pharmacy spam has become one of the most prevalent spam messages online, inundating many people's inboxes with unwanted solicitations for male-enhancement drugs and painkillers.

McAfee Inc., the Silicon Valley network-security giant, estimates that spam in general now accounts for about 93% of the more than 200 billion e-mails that traverse the Internet daily. The Canadian pharmacy spam is believed to comprise about three-quarters of all spam sent.

"It's a huge amount," said Adam Wosotowsky, one of McAfee's top spam cops.

Some experts have linked the Canadian pharmacy spam to the Russian mob. My poking around turned up a different suspect. More on that in a moment.

David Cowings, a senior network security official at Symantec Corp. in Silicon Valley, said most Internet service providers and big companies have become highly proficient at filtering out spam messages before they reach people's inboxes.

But spammers are nothing if not ingenious at circumventing each new security measure that's thrown at them.

"They're very adaptive," Cowings said. "As soon as you plug a hole, they find a new way to get in."

They're also highly cunning in masking their identity.

In Hayostek's case, he was unable to simply set up a spam filter on his computer because the pharmacy changed its Internet domain -- the "from" part of the e-mail message -- on a daily basis.

Attempts to opt out of receiving further e-mails were fruitless. Clicking the link to unsubscribe resulted in either a broken link or a returned e-mail.

And day after day, the explicit spam arrived in Hayostek's inbox.

"It's a huge problem," he said. "My kids use the same computer. I don't want them seeing this."

Because the spam identified the sender as a Canadian pharmacy, Hayostek naturally assumed the e-mails were originating north of the border.

But when I checked out the spammer's domain registry, it turned out the messages were originating from China. The various domains could be traced to a Beijing company called China Springboard, which creates and maintains Web addresses for Chinese businesses.

No one at China Springboard responded to my e-mail seeking more details about the pharmaceutical company (and I use the term loosely) or the products it sells. I also received no response from the Chinese businessman listed as the site's operator.

As Internet users know, not all service providers are equally adept at fighting spam. Seth Zwicker, a Woodland Hills tech consultant, said Yahoo Mail now leads the pack thanks to a recent security upgrade. Google's Gmail is a close second, he said.

Zwicker placed Microsoft's Hotmail in third place for spam protection, and said that AOL brings up the rear among the big four web-mail providers.

"They have the most spam getting through," he said.

That pretty much gibes with my experience. My AOL inbox, more so than my Yahoo, Gmail and Hotmail accounts, gets the largest volume of unwanted e-mail.

It's not for lack of trying. Mike Jones, who heads AOL's anti-spam efforts, told me the company blocks about 80% of all e-mail arriving in the company's servers before it can reach members -- about 2 billion messages a day.

But he said service providers like AOL are fighting an uphill battle against spammers. As Hayostek discovered, spammers routinely switch domains to skirt filters, forcing the service provider to play catch-up.

Spammers also use viruses and other techniques to plant malicious software in people's computers, enabling the machines to be used as surreptitious spam conduits. This too does an end run around filters because it means the source of the spam is constantly changing.

To a great extent, it's up to computer users to protect themselves with smart online behavior. Jones said Hayostek made a big mistake in trying to unsubscribe from the Chinese spammer's mailing list.

"That just tells the spammer you're a real person," he said. "This will only get you on more spam lists."

Los Angeles Times Articles