Junk e-mail raises flags

E-mail is fast becoming more of a nuisance than a convenience.

When inboxes aren’t overflowing with sales pitches and pornography, they’re socked with viruses and worms attached to e-mails that can appear to be from co-workers.

The growing glut threatens to force a dramatic change in the free flow of e-mail.

“What was intended for immediate collaboration is quickly on the way to ruin,” said John Mozena, co-founder and vice president of the Coalition Against Unsolicited Commercial E-mail. “People are learning the hard way that they can’t make themselves so available.”

Junk-mail senders and other mischief-makers now are using nefarious disguises to dupe people into opening messages that many computer users have learned to avoid. One popular tactic, known as “spoofing,” fools people into viewing e-mail that it appears to have been sent by relatives, friends or co-workers.

Spammers compound the confusion by using viruses and worms to spread their spoofed sales pitches. The viruses raid electronic address books, where they attach to new e-mail addresses to continue the vicious cycle. That explains why e-mail users sometimes receive out-of-office replies from folks they never contacted.

The vast majority of the spoofed e-mails are from spammers. But because it takes only a few adjustments of computer settings to pull off the spoofs, tech professionals say more people are getting in on the act.

Sterling Network Integration Inc. in Rolling Meadows recently helped track down the origins of threatening e-mail sent to an employee under the name of her company’s network administrator. The messages repeatedly warned the employee about her Internet use at work and eventually ordered her to report to the company’s human resources department.

When she did, and learned there were no problems with her behavior, company officials realized that someone had infiltrated their network. Sterling traced the e-mails to an angry former employee.

“People really shouldn’t have to waste so much time and resources on stuff like that,” said Ryan Ellison, Sterling’s vice president of engineering.

BrightMail Inc., a spam-fighting software firm, reported that more than 5.2 million junk e-mails were sent in September, making up roughly 30 percent of all e-mail correspondence.

According to Jupiter Research, the average amount of spam received per user each day has nearly doubled, to 6.2 from 3.7 e-mails per day. By 2007, Jupiter predicts the average e-mail user will be exposed to more than 3,900 spam messages annually – more than 10 a day.

Fighting the cyber crud is costly and time-consuming. Consumers pay Internet service providers about $2 a month to stem the flow. And if 100 workers receive only five junk mails a day and spend five seconds reviewing each one, an employer will lose 10.5 days a year in productivity.

David Witsiepe, chief technology officer of Kemper Valve & Fittings Corp. in Island Lake, Ill., sought help after determining that company workers spent about 30 minutes every morning clearing out their inboxes.

Ellison said spammers and hackers are not the only ones to blame for the growing problem.

“A lot of ordinary computer users and network administrators need to take a long, hard look at themselves,” he said. “At a certain point, their negligence is just as much a part of the problem.”

Too many businesses practice poor Web hygiene and don’t ensure that servers are properly configured. As a result, tech support professionals are making hundreds of dollars a day by doing work on Internet servers that is equivalent to flipping a light switch.

“People set up these things in the gung-ho days of the Internet when a lot of people really didn’t know what they were doing,” said James Placer, a senior network engineer and security analyst for Interactive Business Systems Inc. “And then they just sort of forgot to go back and make necessary changes.”

Placer and Ellison say that a significant amount of spam would disappear overnight if businesses inspected every server and closed all the “open relays” that permit outsiders to use the server.

Spammers also take advantage of software glitches and viruses that few computer users bother to fix. Though fixes can be downloaded easily from Microsoft and Symentec’s Web sites, a relatively new virus, W32.Bugbear, is expected to plague computers well into next year.

“Installing software without ever updating it or (tightening) the security of it when problems are announced is like running a toxic waste dump in a neighborhood,” Mozena said.

Until more people assume responsibility for their computers and the networks they’re paid to maintain, the cat-and-mouse game will continue, Ellison said.