In e-mail warfare, the spammers are winning

March 14, 2004|By Scott Shane | Scott Shane,SUN STAFF

By all accounts, Bob Morse is a solid citizen who runs a small wedding video and Web design business in northern California. So why did he send an e-mail peddling hard-core Russian pornography to Francis Uy at the Johns Hopkins University?

The short answer: He didn't know he'd done it.

For Uy, who works at Hopkins' Center for Talented Youth, the Russian porn offer was just one of 77 junk messages that landed in his home and office inboxes that day. From all that garbage, he had to fish out 16 e-mails that were actually for him.

Both men were victims of an assault that has turned the Internet into a war zone - a contest of wills between spammers and those who would stop them. So far, the spammers are winning.

"It's annoying, it's a waste of time and it's a waste of money," says Uy. "The spammer is a leech."

Morse couldn't agree more. A torrent of furious complaints alerted him that his business server had been hijacked and turned into a "spam zombie" that spewed out junk messages to Uy and thousands of other unwilling recipients.

"I was really angry and embarrassed," he said. "I panicked. I couldn't understand how this could happen."

As the 10th anniversary of the first unsolicited commercial e-mail approaches, spam has grown beyond mere aggravation. Junk threatens to overwhelm the world's e-mail systems. It accounts for almost 17 billion messages a day, and 60 percent to 80 percent of U.S. e-mail traffic.

The spammers' newest tactic is particularly ominous.

Mass e-mailers are commandeering thousands of computers run by unsuspecting home and business users like Morse. Since mail from spammers' known Internet addresses is quickly blocked by spam filters, hijacking "clean" computers gives spammers a limitless supply of new return addresses.

Computer worms

Hacker-spammers began hijacking machines on a large scale last year, using a computer worm called Sobig. Delivered by e-mail, Sobig "installs itself as a little server on your computer that the bad guys can control," says Internet security consultant John R. Levine.

Sobig spawned a generation of new worms with names such as MyDoom, Netsky and Bagle, all capable of opening computers to remote access by spammers. "It's rapidly become the method of choice," Levine says.

Fighting back isn't easy, says Bob Morse. He'd love to find the culprit who took over his server and see him punished - but how?

"Where is this person? What country is he in, and what laws do they have there?" asks a frustrated Morse. "It's really not an easy thing to track down."

Global hijacking may be the most insidious weapon, but it's just one of many that spammers use to get their pitches past electronic filters. They employ forged return addresses, bizarre spellings, blocks of random text and other tricks becoming all too familiar to PC users.

By making the computer a portal for porn, fraud and computer viruses, the flood of spam is tainting a mode of communication that until now has made life easier for millions.

Anti-spam law

Worried that spam could turn people away from the Internet altogether, the nation's biggest e-mail providers - America Online, Microsoft, Yahoo and EarthLink - joined forces last week to file lawsuits against hundreds of spammers, using a new federal anti-spam law.

"Things are looking pretty bleak," says John C. Mozena, a Detroit public relations consultant and co-founder of the Coalition Against Unsolicited Commercial E-mail. "We anti-spammers are kind of like the Marines on Guadalcanal - just dug in and trying to hold off the enemy."

Dug in firmly on the other side is a 41-year-old former Baltimorean named Steve Worrell.

Each day, from his tropical perch in Costa Rica, Worrell says he looses 10 million unsolicited e-mails on the world. "There's good spam and bad spam," Worrell says. "I don't send the kind of penis enlargement ads that come 30 times a day. I do legitimate Internet marketing."

What products does he advertise? "I'm not going to name my clients," he says.

Worrell is a bit vague about his background, but he served a prison term in Kansas in the 1980s for fatally shooting a man, and he eventually moved to Baltimore. Here he operated a Towson computer business in the 1990s and ran adult Web sites.

He left behind Maryland tax liens and a bankruptcy, but he says he moved to Costa Rica in 1999 for the climate, not for legal sanctuary.

"It's 72 degrees to 74 degrees year round, and I have tropical fruit trees in my yard," he says.

Worrell says he is mystified by the reaction of people who call the toll-free numbers in his e-mails to complain about being spammed. "They're so choked up with emotion - it's amazing," he says. "I don't get it."

Fury has accompanied spam from the moment of its birth. Students of Internet history say the first automated, unsolicited commercial mailing was sent April 12, 1994, when a husband-and-wife immigration law firm in Arizona sprayed Internet newsgroups with a pitch for help with the government's "green card lottery."

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.