The media, online and off, has been full of scare stories about the 'biggest Internet attack ever' and how a distributed denial of service (DDoS) campaign aimed against anti-spam outfit Spamhaus Read More
peaked at an attack volume of 300 Gbps (the highest ever recorded by those who record such things) was 'slowing down the global Internet'. DaniWeb didn't join the rush to shout 'the sky is falling' as, frankly, we didn't believe it as there was precious little evidence to be found that the DDoS attack was impacting anyone other than Spamhaus along with it's anti-DDoS protection service CloudFlare and their upstream providers. Sure it was a serious attack, one that could well have implications on the direction such things are heading in, and potentially could be bad news for all of use. However, the Internet did not slow down and for the vast majority of global users there was no noticeable effect at all. The one area that you might think would be impacted is the amount of spam that reaches your mailbox. After all, if one of the main organisations responsible for keeping the lid on spam distribution channels is taken off air then surely we can expect to see spam levels peak. So when a press release arrived following these attacks which proclaimed that spam is twice as likely to be hitting mailboxes than previously, I was concerned. But only for a few moments, as a bit more reading reassured me that it had nothing to do with the Spamhaus attacks at all.
Hear the name 'Virus Bulletin' and you immediately think of anti-virus and anti-malware certification and testing, but the same organization also carries out comprehensive spam filtering reviews. In the latest of these anti-spam comparative reviews, some 17 of the products and services put to the test passed with colours that flew enough to get the coveted 'VBSpam award' but there's a catch: the majority of them did so by catching less spam than they used to. In fact, a lot less spam. Of the 19 anti-spam solutions tested, only a rather worrying three of them managed to improve their spam catch rates with nine seeing the percentage of spam they missed at least double compared with recent test results. Indeed, as a result of the overall test figures, Virus Bulletin now reckons that a spam is almost twice as likely to make it into your inbox on average when compared to the previous batch of tests.
If that wasn't bad enough, it appears that the majority of the products tested also had quite a bit more difficulty in preventing false positives. Only four of them correctly identified all the legitimate email in the test runs. When it came to one of the biggest scourges in the average email inbox, phishing scams, more than half of the filters failed missed "at least 10%" of them in a dedicated feed of pure phishing mail messages.
This downward trend has been spotted before as a result of the VB testing, a very similar statistical drop popped up early in 2012 and continued throughout the first half of the year before the filters caught up with the con men and halted the decline. "Spam has been a relatively good news story in recent years, with spam levels declining while catch rates remained high," VB's Anti-Spam Test Director, Martijn Grooten insists though "in spam filtering, the devil is in the details, and when we look at these details, we see more emails slipping through the maze."
Considering that much of the spam that gets delivered will come complete with malware attachments or links to an exploited web site, the fact that spam catch rates are falling is of concern. Not least as it suggests that the bad guys are keeping ahead of the good guys in terms of tweaking the delivery process in order to avoid the filtering traps. While the anti-spam industry does appear to have a record of catching up with these tricks and tweaks, the fact that it takes them half a year to do so really isn't good enough.