This topic is of concern to me and my company. I deal with issues like this
all the time.
Your company may not be a spammer, BUT how do you know if your companys
server has been compromised? Many servers on the internet are unwilling
zombies "botnets", waiting for a hacker/spammer to start using.
The spammer will gain access through html injection, insecure php/asp files,
database entry, insecure permissions or a host of other insecurities and
then leaves a script on your server. At the correct time, he will initiate
50,000 scripts in one botnet, world wide through a controller interface.
The controller always moves around. They never stay in one place and hence
rarely get caught.
When initiated, it will send out millions of spams. Even if your lucky and
its detected in days or weeks, how many spams are sent out? The reality is,
its not detected in days or weeks and sometimes not in months!!!! And
usually is stopped by firewall blacklisting on specific servers or spam
filtering policies.
The controller then moves to another "node". They have thousands of these
"nodes" with tens of thousands of infected computers on each node"
Not only that, there are people that are using these zombies for DDOS
attacks, to compromise other systems and also to commit fraud on a large
scale. Usually through click fraud or credit scams. I would assume
organised crime is behind most of these and pays these rogue "controllers"
to do specific tasks.
Most of them seem to come out of Europe and China where laws are not valid
and control is fairly difficult.
What type of fraud are you asking? Well click fraud is the easiest target.
Not only can you get one of these node centers to spam, but also you can
install trojans that do almost anything, like click on a website in the
background. The user never knows they are infected and little pieces of
their cpu are being harnessed. Simply with click fraud, all you get is one
controller to intiate a node. He then leaves his location. The infected
computers just simply clicks on a specific ad. The ad would hosted on
another offenders website, and they make alot of money in one day.
As one professional at panda antivirus software stated....
The botnet we recently helped dismantle with RSA had infected over 50,000
computers with the Clickbot.A Trojan. Imagine if each of those 50,000
computers made the botnet controller one dollar each day the system
operated. If it takes us a few weeks to shut him down, the operator makes
millions."
These botnet controllers are being used for all different methods, from
spam, to click fraud, to DDOS and probably blackmailing. Its a crazy world
out there with alot going on that most are not aware of.
So what do we do about spam??? What is our spam solution? :)
I fear that it is not one thing that will solve this problem. Because the
hacker/spammers always seem to be one step ahead and also they can hide in
places that we cannot reach, we will have to take a multi pronged attack on
this problem.
A new world order with international law, international taxes and
international regulation will curb rogue entities in foreign countries.
Spam policies like spam haus and others, where admins police their own
systems and get in trouble when they have leaks will create accountability
for the smaller entities. I truely believe the addition of FREE operating
system software with FREE updates at the core of our computers will curb the
zombied computer state. At this point, with microsoft hording their
software and updates, and other companies doing the same, we will always be
in a perpetual security crisis, because alot of people do not go out and buy
the legitimate software. These are the bulk of people who are causing this
zombied computer state in my mind. Also the other portions are the people
who are lazy and just do not update their computer or not bother to install
a good anti virus program and keep it updated. Only when we make the
operating system free and updates can be controlled on a large scale, only
then, it cannot be used to spam or advertise to us, and these zombie centers
can be dismantled.
I also feel that solutions on the end user can help as well, but as everyone
knows spam assassin and boxtrapper are not fool proof and can be quite a
pain to use.
Those are my 2 cents on spam :)
Kelly Sigethy
http://www.frynge.com
----- Original Message -----
From: "cc" <cc@belfordhk.com>
To: "Security Basics" <security-basics@securityfocus.com>
Sent: Tuesday, December 12, 2006 8:49 PM
Subject: spam-filtering policy
Dear All,
Since there's no 100% effective spam filtering mechanisms
so far, is it 'effective' to block (every/some) domains/IPs
and have the admin of those domains/IPs send an online
application to whitelist the domains/IPs?
If it is an effective policy, wouldn't this create more
of a hassle for the admins of valid/innocent domains?
If it isn't an effective policy, why does anyone use it?
The reason why I'm asking is that my co-worker has been
trying to send an e-mail to a customer whose ISP seems to
be using such a spam-filtering policy. This ISP is blocking
my company's domain, for some stupid reason. My company
certainly doesn't spam.
Since I'm ever-learning the ins-and-outs of mail server
administration, I'm curious as to what everyone here
thinks.
Thanks
Ed
---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher
Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.
http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher
Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.
http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
