This article is a part of the series on undesired email (spam, phishing, viruses, etc.). The material covers the Poisons and the Remedies.
By Stas Bekman.
Published: May 15th 2006
If previously it was relatively easy to block spammers, since they used to spam from a handful of IPs, the new undesired email prevention technologies made them abandon this approach, as they were getting blocked as soon as they would start sending spam. The new solution used by spammers is the botnets. Botnet is a cluster of computers that were broken into ("owned") by a person or via a virus attack (usually mounted via email). A program is installed on all these computers, which now control these computers remotely - therefore those machines are usually referred to as zombies. Now a spammer who wants to send a lot of spam doesn't need to send it from one machine, they simply distribute the attack via thousands of computers, which now makes it really hard to detect just based on the volume of email coming from the same IP, since each zombie sends just one or a few messages to the same target.
Using botnets defeats some of the spam-prevention techniques, but not all of them. However there is a relatively easy way to avoid attacks from zombies, which are normally owned by dial-up users. Dial up users normally send email through their ISP's outgoing SMTP server, but spammer usually send directly from the owned machine to the target, bypassing the ISP's outgoing SMTP server. Therefore by rejecting all email coming from dial-up accounts (there are RBLs just for that purpose). That way you can help eliminate a big part of the attack mounted via botnets (though some of your users may be unhappy if someone tries to send email to them from an MTA running from a dial-up account). Spammers however can still get through if instead sending email directly from the dial-up machine, they will instead send it through the ISP's outgoing SMTP server. Spammers will have to send very little spam from each dial-up zombie, because ISP will very quickly detect and prevent that machine from sending those emails.
Read about the Remedies to learn how to deal with the problem.
And here are some pointers for additional information on the subject:
| Just
What Is a Botnet? (http://zine.dal.net/previousissues/issue22/botnet.php) Hunt
Intensifies for Botnet Command &
Controls (http://www.eweek.com/article2/0,1895,1933210,00.asp) Stop the
bots (http://www.securityfocus.com/columnists/398) Interview
with a Botnet Host (http://blog.spywareguide.com/2006/05/interview_with_a_botnet_host_1.html) Most
spam generated by botnets, says expert (http://news.zdnet.co.uk/internet/security/0,39020375,39167561,00.htm) Invasion
of the Computer Snatchers (http://www.washingtonpost.com/wp-dyn/content/article/2006/02/14/AR2006021401342.html) |
Continue reading about other email-related Poisons or jump into the Remedies section.