previous page: Undesired Email Flavours: Internet Hoaxes and Chain Letters
page up: Anti-SPAM, Anti-Phishing and Anti-Viruses Techniques
next page: How SPAM Finds you: Directory Harvest Attacks (DHA)

How SPAM Finds you: Botnets


This article is a part of the series on undesired email (spam, phishing, viruses, etc.). The material covers the Poisons and the Remedies.

By Stas Bekman.

Published: May 15th 2006

How SPAM Finds you: Botnets

If previously it was relatively easy to block spammers, since they used to spam from a handful of IPs, the new undesired email prevention technologies made them abandon this approach, as they were getting blocked as soon as they would start sending spam. The new solution used by spammers is the botnets. Botnet is a cluster of computers that were broken into ("owned") by a person or via a virus attack (usually mounted via email). A program is installed on all these computers, which now control these computers remotely - therefore those machines are usually referred to as zombies. Now a spammer who wants to send a lot of spam doesn't need to send it from one machine, they simply distribute the attack via thousands of computers, which now makes it really hard to detect just based on the volume of email coming from the same IP, since each zombie sends just one or a few messages to the same target.

Using botnets defeats some of the spam-prevention techniques, but not all of them. However there is a relatively easy way to avoid attacks from zombies, which are normally owned by dial-up users. Dial up users normally send email through their ISP's outgoing SMTP server, but spammer usually send directly from the owned machine to the target, bypassing the ISP's outgoing SMTP server. Therefore by rejecting all email coming from dial-up accounts (there are RBLs just for that purpose). That way you can help eliminate a big part of the attack mounted via botnets (though some of your users may be unhappy if someone tries to send email to them from an MTA running from a dial-up account). Spammers however can still get through if instead sending email directly from the dial-up machine, they will instead send it through the ISP's outgoing SMTP server. Spammers will have to send very little spam from each dial-up zombie, because ISP will very quickly detect and prevent that machine from sending those emails.

Read about the Remedies to learn how to deal with the problem.

Related Links

And here are some pointers for additional information on the subject:


Know your Enemy: Tracking Botnets (http://www.honeynet.org/papers/bots/)
Using honeynets to learn more about Bots

Computer Security: When Bots Attack (http://www.baselinemag.com/article2/0,1540,1947029,00.asp)
An extensive showcase of botnet "technologies"

Bringing Botnets Out of the Shadows (http://www.washingtonpost.com/wp-dyn/content/article/2006/03/21/AR2006032100279.html)
Online Volunteers Monitor Illegal Computer Networks

Just What Is a Botnet? (http://zine.dal.net/previousissues/issue22/botnet.php)

Hunt Intensifies for Botnet Command & Controls (http://www.eweek.com/article2/0,1895,1933210,00.asp)
. Operating under the theory that if you kill the head, the body will follow, a group of high-profile security researchers is ramping up efforts to find and disable the command-and-control infrastructure that powers millions of zombie drone machines, or bots, hijacked by malicious hackers.

Stop the bots (http://www.securityfocus.com/columnists/398)
Botnets are a major source of evil on the Internet, from spam, phishing attacks, virus propagation and denial-of-service attacks to the stealing of financial information and other illegal activity. Does disbanding them raise legal and ethical implications?

Interview with a Botnet Host (http://blog.spywareguide.com/2006/05/interview_with_a_botnet_host_1.html)

Most spam generated by botnets, says expert (http://news.zdnet.co.uk/internet/security/0,39020375,39167561,00.htm)
Spam expert Steve Linford says that 70 percent of spam now comes from botnets - networks of zombie PCs captured in previous security attacks

Invasion of the Computer Snatchers (http://www.washingtonpost.com/wp-dyn/content/article/2006/02/14/AR2006021401342.html)
Hackers are hijacking thousands of PCs to spy on users, shake down online businesses, steal identities and send millions of pieces of spam. If you think your computer is safe, think again



Continue reading about other email-related Poisons or jump into the Remedies section.

previous page: Undesired Email Flavours: Internet Hoaxes and Chain Letters
page up: Anti-SPAM, Anti-Phishing and Anti-Viruses Techniques
next page: How SPAM Finds you: Directory Harvest Attacks (DHA)