The appearance of these types of malware has meant that antivirus programs have had to take another leap forward to improve the protection they offer users. While the term "antivirus software" would appear to imply that such software only protects against viruses, its range of functions has once again been widened, just as happened when worms and Trojan horses first appeared.
It is often argued that spam is not a type of malware, as it does not contain any software. While this may be true, spam can still be very harmful, if only because of the space it occupies on computers and servers, and the time which has to be spent deleting it. If a company's employee spends 5 minutes a day deleting unwanted emails, it is easy to calculate the financial impact of this; over the course of a year, 5 minutes a day are the equivalent of more than two working days dedicated solely to deleting spam (on the basis of 8 hours a day, and 200 working days a year). You only need to work out the average daily salary of the company's employees to see just how much money can be lost as a result.
(Of course, the above calculation could also be used to argue that the coffee machine is one of the greatest causes of losses in any business, as more time is usually spent taking coffee than deleting spam. However, drinking coffee is something which employees enjoy, while the resultant caffeine intake is good for the company's productivity; by contrast, deleting unwanted emails is not something which anyone likes doing.)
Junk mail has a series of characteristics which make it relatively easy to identify. Almost all of them use very similar messages to try to persuade the user to buy something. Specialized software can use the structure and content of these messages to create a profile of the emails received, and can then use this profile to classify some mail as spam.
The main challenge when creating such profiles is how to avoid labeling as spam messages which are users actually need to receive. For example, it would not be possible to systematically delete any email containing the word "Viagra", which frequently appears in spam, as in some circumstances this word could appear in a legitimate email. So the analysis must be based on more than one word, or on the appearance of combinations of words or email formats.
A good system for detecting unwanted emails must be capable of learning. In other words, when the system incorrectly identifies a message as being spam, it should be able to "study" the message and learn which characteristics make it of interest to the user. Then, when similar messages are received in the future the system will not reject them.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.