Categories
Security

What is Spam?

Spam is the junk mail of the Web. You can classify Spam as any unwanted or unrequested email message or comment on a Website. Everyone is affected by Spam at one time or another, and just by having a Website, or an active Email account, you will receive Spam.

Sometimes Spam can be harmless and it’s simply bulk email Advertising by a legitimate business. What makes it Spam is permission. As mentioned above, Spam is unwanted or unrequested email. The Australian Communications and Media Authority defines permission into two categories, inferred permission and express permission.

Express permission means someone filled in a form or requested the contact in some way. Newsletter subscribe forms where you fill in your details are express permission because the subscriber is signing up knowing they will receive emails from the website owner.

Inferred permission means the person has given their details with the reasonable expectation that they’ll receive communications, for example, someone purchases a ticket to an event even though they’re not explicitly subscribing to receive marketing communications, it’s reasonable to assume that purchasing or requesting a ticket to an event you’re likely to then receive marketing material or other communications.

Anyone sending communications without either of the above two forms of permission is by definition sending Spam.

Another type of Spam is inherently malicious, either directly or indirectly. Spammers such as the Spam networks that mass market Viagra pills fall into this category. Some Countries don’t have the same Spam laws as Australia, even the same Cyber crime laws, so something that constitutes Cyber crime in Australia isn’t necessarily crime in other parts of the world.

I’ve read case studies of Spam networks that use malware or computer viruses to infect thousands of computers around the world and then use these massive ‘Botnets’ to send their Spam.

Many website owners send out mass email communications to their lists from platforms such as Mailchimp which has strict requirements to prevent Spam, but if your PC is infected with Malware joining you to a Spam Botnet, your PC could be sending Spam emails without you even realising it.

This video by Kaspersky Labs describes what a Botnet is.

What is a Botnet? By Kaspersky Labs

The more computers they infect with their Malware, the more emails they can send. Many online business models can earn income from Advertising to mailing lists and the more emails they can send the more income the business can potentially make, Spammers work the same way.

The difference is, most people ask for permission before sending emails and use legitimate marketing platforms to ensure they follow the Law. Spammers use Malware to build their “marketing platforms”, and they use either lists of email addresses they’ve stolen, or they purchase email lists from black market list providers.

Another type of Spam is comment Spam. Anyone who’s worked on WordPress websites has seen comment spam, typically in the comment section of a WordPress post or sent via the contact form on a Website. This type of Spam is similar to email Spam and probably even has the same end goals.

One way Spammers distribute Malware to infect users and create their botnets is by filling Websites with comments containing Malicious links. When someone clicks on the malicious link they might be taken to a fake website that looks legitimate but in the background it downloads Malware to the users computer.

Spammers also send out Phishing emails which serve the same purpose as the comment Spam. We’ve all received emails from the Nigerian prince asking us to donate money, but some Phishing scams are harder to identify, which is why you should always be vigilant when clicking any links in an email, because even if it looks like it’s coming from someone you trust, it’s fairly easy to ‘spoof’ an email sender, or perhaps the person you trust is also infected and they don’t know they’ve sent you the email.

There is no easy answer to preventing Spam, either as a recipient or as potential victim of a Botnet. We use computers and the Web all day, we click links, we download PDF documents, we browse to websites. Your website can be a target as well. Most people set up their sites with the intention to (hopefully) cater to large volumes of Web traffic and WordPress, being a popular platform like Microsoft Windows, is also a popular target to cyber criminals.

The more legitimate traffic you attract to your website for communicating with potential clients, the more likely you are to attract attackers too.

We can’t stop Spam anymore than we can stop any other form of crime, but there are some things we can do to help prevent it. Things like using Antivirus products, being careful of the things you download and sign up for and not clicking links in emails.

On your websites and computers you can install firewalls and anti-spam scanners, we also perform regular maintenance to ensure security issues are patched. Deleting spam comments in WordPress or any other CMS is also important.

But Spam will most likely keep coming. As long as legitimate businesses can make money online, the same can be said for Spam and cyber crime.

Leave a Reply

Your email address will not be published.