Sobig.f proves why focusing on commercial spam is a mistake
One of the biggest mistakes being made on the anti-spam front by vendors, service providers, lawmakers, and lawyers is the focus they are placing on technological and legal solutions that attempt to define, in one-size-fits-all fashion, what spam is.

Many of these solutions start with the notion that spam is unsolicited commercial e-mail. They leave alone other types of unwanted e-mail --- worms, viruses, surveys, political messages, chain letters, etc ---- that are equally empowered to destroy the Internet's e-mail system.

Perhaps now, with the latest variant of the Sobig worm wreaking havoc on the Internet, these misguided anti-spam fighters will realize that defining spam is a waste of time. Tracing Sobig's footsteps and side effects,… shall reveal that focusing on any one type of unwanted e-mail leaves the Internet's e-mail system vulnerable to an irretrievable breakdown. The same industry-wide standards that could help in the battle against spam can also relieve the Internet's e-mail system of the life-threatening congestion caused by worms like Sobig.…

To cover their tracks, senders of unwanted e-mail prey on this weakness --- the ability to "spoof" an e-mail header --- in the Internet's SMTP standards. Even worse, this weakness is often exploited to make an e-mail look to the recipient as though it's coming from someone they already know. This technique increases the likelihood that the unwanted e-mail will get opened by the recipient. .

To a recipient, the Sobig worm and a spammer look very much the same. They're both the source of a tremendous amount of unwanted e-mail. They both forge the originator's credential information to cover their tracks. They both flood the Net with unnecessary traffic. They're both a drain on the recipient's (or receiving organization's) time, money, and productivity. But where they differ is in their distribution. Whereas a spammer will often send transmissions from a single or small number of addresses, Sobig works like a Distributed Denial of Service (DDoS) attack. First, it finds vulnerable systems on the Internet and then, via its payload, it deputizes them into originating more worm-laden e-mail.

The result is very spam-like. An enormous amount of e-mail traversing the Internet, all bearing forged credentials that not only aren't traceable to the originators of the worm itself, but aren't even traceable to the deputized system. But it gets worse.…

http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2914521,00.html