Website Design in Aberdeen, Scotland.
Development,
Content Management and Web Hosting
The resurgent spammers
October 2, 2008
The last three months have seen an escalation of the spam wars to new levels. Recently we had the picture spam, which proved hard to stop, and since then we have seen three or four new technical additions to their arsenal designed to get them through the latest antispam measures. It is a bit like the cold war, where one side escalates the conflict, then the antispam defenders develop a counter measure, and so on, with no sign of anything but increases in the volume of spam sent, which looks to have doubled again over the last three months.
Currently we employ a myriad of antispam measures, including 4 different rbl and abuse list checkers, followed by a fully configured spam assassin if they get through the first stage. But in the last few days we have employed a newer technique, which has proved massively effective, so far, fingers crossed. We will roll this out onto the rest of our servers as soon as we are convinced that it is not stopping legitimate emails. This technique involves examining some of the characteristics of the incoming server trying to drop the mail off - a bit like checking the postman is correctly attired before accepting your mail.
The biggest difficulty with large amounts of the current wave, is that most of it is coming from hacked PC's, and as such looks much like any other email from that pc in terms of its provenance. If you blacklist the pc or the ISP, then legitimate emails will also be affected, possibly from hundreds of other PC's on that network. And heuristic analysis of the contents of the email is not so easy, due to the ever changing patterns that spammers use to hide their real intent. So in the last few weeks we have seen lots of emails with lines of random words at the bottom of the email, or even lines of random byte characters, each line carefully crafted by an algorithm to fool a spam block.
And these hacked pc's are controlled by bot masters spread out over the world, some of whom control literally thousands of machines, and who are able to vary their tactics, timing and content at the drop of a hat, or so it seems.
It would be easy to blame Microsoft for this problem, for allowing so many machines to be hacked, but the truth is, a pc is a dangerous tool, difficult to control and difficult to use.
Imagining that a pc is easy to control is perhaps the biggest mistake most owners of hacked pc's have made. A pc can provide so much, but it can also cause a lot of damage in the wrong hands, and especially so when the owner of the pc is blind to the fact that when he/she goes to bed at night, their pc is busy spewing out spam to the rest of the world, under the control of a Russian, Romanian, Chinese or even US botmaster.
But for the moment we are pleased to have made a bit more of a gain in the antispam wars, albeit at the cost of myriad processing cycles.
Comments (0)
No comments.
