Spam's Not Going Anywhere --- Except Your Inbox

McAfee has finally released the results of its S.P.A.M. (Spammed Persistently All Month) experiment, which began in March.

The project: take 50 people from ten countries to defy common sense and for 30 days surf the Web on a computer with no anti-spam software. Not just that, they were to take risks, and respond to spam, to make matters worse.  The results were unsurprising. Of course, being the security company that it is, and having its own anti-spam product, McAfee has a vested interest in the results.

It took less than 24 hours for the first spam message to reach an inbox. Over the 30 day project, the volunteers received 104,000 spam e-mails, or about 70 spam messages per day per participant. That actually seems rather low to us (comparing it to own spam results). However, percentage-wise, that was 87% of the email they received, so perhaps it also has to do with usage of the email address. Although they were trying to get spammed, our thought is that if you subjected this to someone who was actively using their email address over a longer period of time, spam would go up.

At any rate, interestingly, the type of spam was ranked as follows:

Top 10 Most Popular Spam Categories:
  1. Financial
  2. Advertisements
  3. Health and medicine
  4. Adult
  5. Free stuff
  6. Credit cards
  7. Education
  8. Money making, 'get rich quick' schemes
  9. IT related
  10. Nigerian scams
Yes, after all this time, the Nigerian scam still ranks in the top 10, despite all the publicity around it. Of course, the "country" varies from email to email (we still see 'em), but it's the same basic scam.

Country-wise, here are the favorites:

The Global 'Spam League':
  1. United States: 23,233
  2. Brazil: 15,856
  3. Italy: 15,610
  4. Mexico: 12,229
  5. United Kingdom: 11,965
  6. Australia: 9,214
  7. The Netherlands: 6,378
  8. Spain: 5,419
  9. France: 2,597
  10. Germany: 2,331
#1 is unsurprising, but #2? That's a big surprise. McAfee's press release did indicate that "campaigns" have become more targeted, and less generic.

Foreign language and social engineering spam are two areas in which participants received a larger than anticipated number of e-mails. France and Germany were the two countries that received the most foreign language spam, with 11 percent and 14 percent respectively, something which McAfee expects to increase substantially across the globe in the future. "If we'd have done this experiment two years ago, I would have expected a much smaller percentage of the spam to be written in a foreign language," said Guy Roberts, director of Avert Labs. "Although this is a small percentage of the overall spam, it's something we expect to grow.
Social engineering and foreign language? Ugh, they're playing on our psychology now. Also, since the participants were taking risks, they noticed their laptops were all slowing down as the month went by. And don't even ask about increased pop-ups. Why? Malware, right?

"Many of our participants noticed that their computers were slowing down, which means that while they were surfing, unbeknownst to them, Web sites were installing malware," said Jeff Green, senior vice president of McAfee Avert(R) Labs. "In just 30 days there was quite a noticeable change in the system performance of their computers. Notably showing just how much malware was being installed without their knowledge. Spam is much more than a nuisance; it's a very real threat."
Right, but these people were taking serious risks, and were unprotected. A smart user might be hammered by spam, but with a little care (we know, we know, not everyone is careful), they would be reasonably safe. On the other hand, there's a McAfee Security Suite we're sure McAfee would love to sell you.

The lesson learned isn't really new: watch out for scams, don't open attachments if you're not expecting it, and keep your PC protected with an AV program - whether it's McAfee's or not. Spam's not going anywhere; it's here to stay, so have fun sifting through it. BTW, this is one reason some redirect all their email to a Gmail account: their spam filter works on incoming mail, so it keeps email pretty clean, even without an anti-spam application.
Tags:  spam, box, here, inbox, AM