CANSPAM and the rise of Botnets
The CAN‐SPAM Act of 2003 outlined ways that the US Federal Government, specifically the Federal Trade Commission, can go after spammers and apply criminal and civil penalties for violating the Act. The law is designed to also give Federal Law Enforcement the ability to take offline data centers that are responsible for the deluge of SPAM (Goodchild, 2008).
There have been two recent cases of the FTC shutting down ISPs that were accused of spamming: McColo and 3TSP. The removal of these ISPs actually had an impact on global SPAM rates, but only in the order of 20% (Clayburn, 2008). The majority of SPAM is sent through botnets, which are established through advanced malware campaigns. Now, SPAM has returned to the same level as before the McColo takedown.
The growth of botnets post‐CAN‐SPAM legislation has some wondering whether the threat of closing previously legal hosting businesses that sent SPAM drove the market to the cyber crime underworld. The supply and demand of SPAM remains high, even to this day. The increase in SPAM, malware, and botnets is correlated with a timeline consistent with the CAN‐SPAM campaigns.
I believe that it can be posited that the rise of modern advanced malware is a direct result of SPAM campaigns over botnets. Because the fear of losing money by being shut down by the FTC after the passage of CAN‐SPAM, most spammers started to send SPAM through rented channels such as botnets. This, in turn, has fueled an increase in advanced malware tactics to bypass traditional security mechanisms. This is an example of capital markets doing what they do best: increasing specialization for increased efficiency and cost.
For this to be true, the argument that botnets have grown substantially over the last 4 years must be explored. Because malware and botnets are often linked, one way to measure the growth of botnets is to look at the number of malware signatures that anti‐virus vendors distribute. In Symantec’s 2009 Threat Report, it indicated an increase in 2008 of more than 165% of the number of unique pieces of malware that it detected in 2007 (Symantec, 2009).