news / tech talk
Increase in SPAM due to Botnets.
by Lee LeClair01/19/2007
As seen in Inside Tucson Business
- Arizona Daily Star
- BizPlanIt
- Linux World Expo
- 40 under 40
- They're on the A-List
- Dotche system built by Ephibian
- AzBusiness
- Arizona Daily Star
- Arizona Daily Star
- Phoenix Business Journal
- Ranking Arizona
- The Arizona Republic
- Hostingtech.com
- American City Business Journals Inc.
- AZtechBiz
- Inside Tucson Business
- Arizona Business Gazette
- Inside Tucson Business
- Fiesta Mall
- Arizona Daily Star
- .com Success!
- Business Wire
- Buck's Woodside Menu
- CRN
- Arizona Daily Star
- LocalBusiness.com
- The Business Journal - Phoenix
- Phoenix Business Journal
- LocalBusiness.com
- Business Wire
- Inside Tucson Business
- internet.com
- AzBusiness
- AZtechBiz
- designshops.com
- AZtechBiz
- BizAZ
- Virtualized Cloud
- Collaboration and Communication
- Personally Identifiable Information
- Cyberwarfare
- iPad and E-Readers
- Trusted Platform Module
- Smartphone Data Security
- Cyber-Espionage
- DTNs
- Have a Plan
- Cloud Computing - Part 2
- Impact of Technology on Existing...
- Data Archiving
- Mobile Telephony - Part 2
- Cloud Computing
- Social Networks
- Password Management
- Netbooks
- Microtargeting
- Packet Analysis
- IP v6
- Surge Protection
- Traveling Safely
- Thin Client
- Uptime
- Mobile Telephony
- Know Thy Programs
- Voice Over IP - Part 3
- Google Apps
- Virtual Computing
- Securing Users
- Simple Desktop Management
- Service Oriented Architecture
- Light-based Communication
- Data Mining
- Small Business Architecture
- Voice Over IP - Part 2
- Business Automation
- Database Needs
- DMZs
- CPUs
- SPAM & Botnets
- Security Testing
- Customer Advocacy
- Laptop Security
- Windows Vista
- Large Scale Deployment
- Network Access Control
- Generator Use
- Uninterrupted Power Supplies
- Web Site Security
- Blu-ray vs. HD-DVD
- Dual-Core Processors
- Business Security
- AJAX
- 3G Mobile Internet
- Apple Intel Processors
- Entertainment Tech
- Cafe Wireless
- Commercial Hosting
- Gaming Consoles
- Voice Over IP
- Blogging
- Is WI-FI Secure?
- OpenDocument Format
- Allured Publishing Changes Name to...
- Computer Model Can Help Prevent War?
- Defense contractors run gamut from...
- ASU gears on-site construction...
- The Cleveland Foundation Selects...
- Global Partners Join Forces to Speed...
- Intuit Completes Acquisition of...
- Strategy unveiled on how tobacco tax...
- Gaiam's, Real Goods' revenues increase...
- LSST Awarded Time on TeraGrid
- Aldine Independent School District...
- Miraval featured in Natural Solutions...
- Ventana Medical Systems Joins TSIA to...
- UA $3 Million Bioterrorism Grant...
- Arizona Center for Integrative...
I have been reading about (and personally seeing) the surge in email spam on the Internet in recent months. One of the causes of this has been the increasing use of intelligently controlled botnets to send and perpetuate this email. Botnets are large groups of computers that have been taken over by computer criminals. These computers are all over the world and consist of both home and business PCs. Once they are infected or taken, they are used as drones to carry out the commands of a central manager, normally in groups. They are most often used to spew forth spam trying to sell penny stocks and Viagra and the kind of thing people are so used to seeing now. The motive is obvious, they are paid for these emails.
However, it is interesting to note that a good percentage of recent spam seems to be gibberish. It is not trying to sell anything, it is just odd and nonsense text snippets. Security experts reason that this is to confound spam filters. As with anti-virus software, spam is a game of act and react with spammers devising new and clever ways to beat spam filters as spam filters are constantly improved to catch more spam. The recent nonsense spam appears to be meant to confuse the statistical filtering engines that many spam filters use to determine whether email is genuine or not.
Another interesting aspect of the recent use of botnets is the intelligence and efficiency of the botnet controllers. Where botnets were once somewhat crudely guided, the recent surge in spam is the result of sophisticated botnet management. Recent forensics of compromised PCs indicate that when a system is initially infected or captured, a small program immediately runs a hacked version of a very good commercial anti-virus and anti-spyware software to scan and remove any other malicious programs on the attacked PC. In effect, the sophisticated program is cleaning the machine of any other bad programs so that it will have total control of the system. Next, it notifies a management system that it is in a ready state. The management system is a remote PC or server that directs the PC about what to do, when to do it, and even directs it to use moving proxy systems.
Botnets tend to use proxies because a common method of fighting spam is to note where it is coming from and block those network addresses from being able to send further spam. The botnet manager servers detect this and redirect various botnets to use other unblocked proxies while they find new network addresses for the blocked proxies. They use randomization of timing and continued attempts at contact in case systems are lost or disconnected. Most of this is automated intelligence so only a few people can manage botnets of thousands of PCs. In addition, since botnets tend to show up on security radar when huge masses of PCs are doing the same thing, the controllers have devised groupings of smaller botnets with varied tasks so that they are not as noticeable. It is truly an extraordinary system that most corporations would envy.
How do they get control of all these PCs? Most people buy a PC, load their programs on it and then simply use it. Seems straightforward. However in the meantime, the software manufacturers have discovered (or had brought to their attention) bugs in their software. They release patches after a few months but a lot of PCs have already been exposed. In addition, most people do not download and apply the patches that come out. Meanwhile automated programs run constantly looking for vulnerable PCs, 24 hours a day, 7 days a week, 365 days a year. Most broadband connections are always on. That’s part of it. More is brought on by people themselves. They click on links in email some acquaintance sent or they surf around to questionable sites and click on some flashing picture or link. In these cases, the user is basically initiating the action that is subverting this PC. What can you do? Patch early and often. Get and use anti-virus and anti-spyware programs frequently. Finally, take the time to be careful what you click on and allow. Unless you want to join the fast growing ranks of a popular botnet near you.
Lee Le Clair is the CTO at Ephibian. His Tech Talk column appears the third week of each month in Inside Tucson Business
However, it is interesting to note that a good percentage of recent spam seems to be gibberish. It is not trying to sell anything, it is just odd and nonsense text snippets. Security experts reason that this is to confound spam filters. As with anti-virus software, spam is a game of act and react with spammers devising new and clever ways to beat spam filters as spam filters are constantly improved to catch more spam. The recent nonsense spam appears to be meant to confuse the statistical filtering engines that many spam filters use to determine whether email is genuine or not.
Another interesting aspect of the recent use of botnets is the intelligence and efficiency of the botnet controllers. Where botnets were once somewhat crudely guided, the recent surge in spam is the result of sophisticated botnet management. Recent forensics of compromised PCs indicate that when a system is initially infected or captured, a small program immediately runs a hacked version of a very good commercial anti-virus and anti-spyware software to scan and remove any other malicious programs on the attacked PC. In effect, the sophisticated program is cleaning the machine of any other bad programs so that it will have total control of the system. Next, it notifies a management system that it is in a ready state. The management system is a remote PC or server that directs the PC about what to do, when to do it, and even directs it to use moving proxy systems.
Botnets tend to use proxies because a common method of fighting spam is to note where it is coming from and block those network addresses from being able to send further spam. The botnet manager servers detect this and redirect various botnets to use other unblocked proxies while they find new network addresses for the blocked proxies. They use randomization of timing and continued attempts at contact in case systems are lost or disconnected. Most of this is automated intelligence so only a few people can manage botnets of thousands of PCs. In addition, since botnets tend to show up on security radar when huge masses of PCs are doing the same thing, the controllers have devised groupings of smaller botnets with varied tasks so that they are not as noticeable. It is truly an extraordinary system that most corporations would envy.
How do they get control of all these PCs? Most people buy a PC, load their programs on it and then simply use it. Seems straightforward. However in the meantime, the software manufacturers have discovered (or had brought to their attention) bugs in their software. They release patches after a few months but a lot of PCs have already been exposed. In addition, most people do not download and apply the patches that come out. Meanwhile automated programs run constantly looking for vulnerable PCs, 24 hours a day, 7 days a week, 365 days a year. Most broadband connections are always on. That’s part of it. More is brought on by people themselves. They click on links in email some acquaintance sent or they surf around to questionable sites and click on some flashing picture or link. In these cases, the user is basically initiating the action that is subverting this PC. What can you do? Patch early and often. Get and use anti-virus and anti-spyware programs frequently. Finally, take the time to be careful what you click on and allow. Unless you want to join the fast growing ranks of a popular botnet near you.
Lee Le Clair is the CTO at Ephibian. His Tech Talk column appears the third week of each month in Inside Tucson Business