- The Washington Times - Wednesday, June 23, 2004

Spammers are trying to trick computer users into opening junk messages by using software programs to collect personal information and include it in their e-mail.

By inserting things like passwords or the names of relatives and pets in the subject line and body of e-mail, spammers make their messages look more legitimate, possibly improving their sales, British spam filtering firm Messagelabs said.

The spammers acquire the information using “spyware,” software that downloads onto a computer without the user’s knowledge, then transmits information about that computer to a person or group. Spyware is often used to steal credit-card numbers, Internet passwords and other information that can be used in identity theft.

“In the subject line, [spammers] can start to use some sort of personal information to make you think it’s relevant,” said Brian Czarny, Messagelabs’ vice president of marketing. “If they can improve their response rates a little bit, that will increase their profits so much more.”

Messagelabs discovered the connection between spam and spyware after several customers received messages that appeared to be spam, but contained bits of information that made it seem like the sender knew the recipient.

The company did a search of those customers’ computers and found spyware on all of them. Nearly a third of all computers have some sort of spyware, Internet provider Earthlink reported this week.

E-mail users respond to fewer than one out of every 1 million spam messages sent because spam is easy to spot, Internet security experts said. By including personal information, users might believe the e-mail was sent by someone who knows them.

Until now, Internet security experts assumed spyware was used mainly to collect personal information for credit-card and identity theft. But Messagelabs’ recent findings highlight a long-held belief that all cyber-criminals — including spammers and creators of viruses, worms and spyware — are working in tandem. Internet security firms believe that most spam comes from “zombie” computers that have been hijacked using a software program installed by a virus or worm.

Lawmakers are exploring legislation to regulate spyware, but Congress is not expected to pass a bill this session. A judge in Utah on Tuesday granted a temporary stay on enforcement of a state law that bans spyware, after a New York company argued that it would hurt Internet advertising.

Under the Utah law, it is illegal to create or install computer software that tracks Internet activity on a computer and sends the information somewhere.

Attorneys for WhenU, a company that sells software that creates pop-up ads based on the surfing habits of computer users, said it would be unfairly hurt by the law. WhenU contends that it only provides the software to those who ask for it and does not collect personal information.

“Spyware is a problem and we want to put an end to it,” said WhenU Chief Executive Officer Avi Naider. “WhenU supports appropriate antispyware legislation at the federal level, but unfortunately Utah’s act also impairs legitimate Internet advertising.”

The Information Technology Association of America warned in a letter yesterday to the House Energy and Commerce Committee that existing spyware legislation does not draw a clear enough distinction between legitimate Internet advertising and spyware.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide