Saturday, November 11, 2006

New wave of spammers

A couple of days back Guardian reported the new ways adopted by spammers. Here is a summary of the article:

Why spam is out of control ? There is no single cause, say experts, but rather a confluence of unfortunate events. One of the biggest problems is that the main vehicle for spam - vast networks of home computers infected with malware, known as "botnets" - have been growing in size.

These botnets have existed for about five years. They are created when worms or Trojan horse programs are used to infect a PC, taking control of it and forcing it to accept commands sent by a central controller. The commands, traditionally sent via a real-time online chat protocol called Internet Relay Chat (IRC), were initially used to force large numbers of bots to attack a target web site, flooding it with traffic in a distributed denial of service (DDoS) attack.

DDoS attacks still happen, but bots are increasingly used to send spam emails, in effect acting as their own mail servers. In the 1990s, spam was mostly channelled via unprotected email servers online, used to send thousands of unsolicited emails anonymously. But then network administrators began locking them down.

Now, spammers send email directly from home machines thanks to botnet operators who program them to become email servers and then sell their processing power and bandwidth.

How can botnet operators maintain the overall volume of email while reducing the number of emails per bot? By increasing the number on the network. According to Dean Turner, senior manager of Symantec's Security Response team in the US, the company saw almost 4.7m new active bot network machines in the first half of this year. And Johannes Ullrich, chief research officer at the SANS internet Storm Center, which monitors online threats, saw the number of attacking client machines rocket from 770,000 on October 15 to 1,845,000 six days later.

The trade-off for more focused spam will be the effort involved in gathering information about their targets, explains Heron. But just as legitimate markets evolve, so do illegitimate ones, concludes Watson. "One of the common opinions in the botnet tracking community is that in this particular arms race, the black hats currently have the upper hand."

No comments: