Argh! Its a brand new day, and another brand new batch of Spam to delete from the inbox.. For those of you that may have a passing curiosity of where all this unsolicited stuff originates from, I have found that the current state of affairs is probably best described through the work of Joe Stewart - Director of Malware Research at SecureWorks. In his latest Threat Analyses document: "Spam Botnets to Watch in 2009", as well as a previous document from 2008: "Top Spam Botnets Exposed", Mr. Stewart goes into detail about the various Bot-based, Spam Generation clusters that exist on the Internet, and how they can be categorized based on their behaviour - including the "types" of Spam each cluster tends to yield. To combat this phenomenon, a number of ISP's (including the ISP I purchase my services from) have implemented outbound TCP Port 25 (SMTP) blocking - forcing the customer to only use the SMTP servers associated with the ISP. It was rather alarming to read in Mr. Stewart's latest document about a category of malware known as "Gheg" or "Tofsee" that has the capability to "...route spam through the victim's ISP's mailserver" - effectively circumventing the whole TCP Port 25 blocking techinque above! I had asked around for any evidence that such a "smarter" Spam Bot actually exists, and was provided the following section of a packet capture by the "honeynor.no" group: 47 45 54 20 2F 73 70 6D 2F 73 5F 61 6C 69 76 65 GET /spm/s_alive
http://www.spamcop.net/spamgraph.shtml?spamyear
http://www.secureworks.com/research/threats/botnets2009/ http://www.secureworks.com/research/threats/topbotnets/
G.N. White Handler On Duty (and now a clean inbox to boot)
|
G. N. 23 Posts Jan 16th 2009 |
Thread locked Subscribe |
Jan 16th 2009 1 decade ago |
On the plus side, if the spam is now routed through the ISP's servers, this gives the ISP a chance to filter it, or at very least rate-limit it.
|
Anonymous |
Quote |
Jan 20th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!