For David Hart, monitoring spam is a matter of atonement. The technician, formerly a consultant for a spammer, reformed a couple of years ago and started his own DNS blackhole list -- a list of Internet addresses that have been identified as spam senders. Volunteers at TQM3, including Hart, watch e-mail traffic for likely spammers and constantly update the list, which is then available to systems administrators across the Internet.
"There's a certain amount of guilt," Hart said. "I was wrong, and this is part of making amends for a profound misjudgment on my part."
Recently he's been getting plenty of opportunities to redeem himself, thanks to the "tail" -- a screen on his e-mail server that shows all the IP addresses on the Internet that are being added to his spam list. Normally, the tail twitches along at a steady rate, but lately, activity has exploded.
"It's been scrolling so fast that it's been hard to keep up with it," Hart said. "Since the early summer we have seen a significant increase, and it has been reported elsewhere."
The growth in spam is also showing up at companies such as Postini, which analyses Internet traffic using its filtering system before delivering it to clients.
"We're seeing growth in overall spam in terms of volume and relative percentage," Postini founder Scott Petry said.
The company monitored nearly 70 billion e-mails in September and October, and spam levels soared by 59 percent during that period. The company says that 91 percent of e-mails are now spam.
Why? There is no single cause, say experts, but rather a confluence of unfortunate events. One of the biggest problems is that the main vehicle for spam -- vast networks of home computers infected with malware, known as "botnets" -- have been growing in size.
These botnets have existed for about five years. They are created when worms or Trojan horse programs are used to infect a PC, taking control of it and forcing it to accept commands sent by a central controller.
The commands, traditionally sent via a real-time online chat protocol called Internet Relay Chat (IRC), were initially used to force large numbers of bots to attack a target Web site, flooding it with traffic in a distributed denial of service (DDoS) attack.
botnets
DDoS attacks still happen, but bots are increasingly used to send spam e-mails, in effect acting as their own mail servers. In the 1990s, spam was mostly channelled via unprotected e-mail servers online, used to send thousands of unsolicited e-mails anonymously. But then network administrators began locking them down.
Now, spammers send e-mail directly from home machines thanks to botnet operators who program them to become e-mail servers and then sell their processing power and bandwidth. These money-motivated operators are honing their product, warned David Watson, who works on the UK Honeynet project (www.ukhoneynet.org.), a non-profit research effort to track spammers' activities.
"Because of the high risk/reward ratio, the major perpetrators are upping their game and producing ever more professional and effective cyber-scams on an almost daily basis," he said.
Today's bots are infected with modular, kit-based software that can easily be upgraded and reconfigured to take advantage of any new vulnerability discovered in Windows; botnets are almost exclusively targeted at Windows PCs.
"There are changes in command and control capabilities and a move to shorter-lived botnets that deliver their spam very quickly," Watson warned. "And the adoption of peer-to-peer communication will also make it harder for system defenders to keep on top."
Marvel for a moment: botnet operators are people who have worked out how to upgrade the software on thousands of machines almost simultaneously without their owners' knowledge. It would be impressive if the effects weren't so deleterious.
distributed
Botnet operators in the past controlled infected machines from a single point. Today, advanced malware such as the Sinit worm (www.technewsworld.com/story/32602.html.) uses the same techniques as best-known peer-to-peer file distribution networks such as Kazaa, with infected machines forwarding instructions and software updates to each other.
This makes botnets even harder to take down, and now that some botnets use encrypted communications, it's even harder for experts to monitor their controllers.
Botnet operators are becoming smarter too about how they use the infected machines, explained Simon Heron, a director at security company Network Box.
"In the old days, a compromised machine would start cranking out thousands of e-mails per hour," he said.
That would slow the user' s PC down. "It became very easy to realize that you'd been violated," he said.
But nowadays, operators send out smaller flurries of e-mail from each machine, keeping them below the ISPs' (and users') radar.
"Now that they're doing it in a more subtle fashion, it's difficult to realize that they've been violated," noted Heron.
How can botnet operators maintain the overall volume of their e-mail while reducing the number of e-mail per bot?
By increasing the number on the network. According to Dean Turner, senior manager of Symantec's Security Response team in the US, the company saw almost 4.7 million new active bot network machines in the first half of this year.
Johannes Ullrich, chief research officer at the SANS Internet Storm Center, which monitors online threats, saw the number of attacking client machines rocket from 770,000 on Oct. 15 to 1.845 million six days later.
expanding
Why are botnets expanding so much now? One reason could be Stration (www.tinyurl.com/yj3pjd.), one of the most aggressively distributed pieces of malware that Graham Cluley, senior technology consultant at anti-virus company Sophos, has seen. The worm, which persuades users to install it by claiming to be a system patch, accounted for half of all malware seen online on some days, according to Sophos.
"It's constantly being refined to get past antivirus products," Cluley said, adding that there have been over a hundred new versions of the worm created in a single day.
It mostly targets English language speakers, "so, we're not seeing as many bots created in non-English-speaking parts of the world as we used to," he said.
But Hart is. According to his figures, large numbers of new bots are coming from Poland.
"The spammers have really focused in on these developing technology countries that have a sudden burst of broadband," he said.
Countries just beginning to roll out broadband often have large numbers of computers with older, unpatched operating systems ripe for infection. Take China, which is the largest source of botnet machines after the US. Research group Ovum says that broadband penetration in China has been growing at 79 percent a year for the past three years. Within the next 12 months it will become a bigger broadband market than the US, Ovum says.
The types of spam being sent are also changing, Heron warned.
In particular, spam mail promoting cheap, penny stocks in obscure companies have grown in volume. Called "pump and dump" spam, it works by sending false or outdated "inside information" to large numbers of people urging them to buy the stock, promising a leap in price. The spammers, who have bought the stock cheap, dump it on the market and pocket the difference.
"Pump and dump" spam often uses embedded images, rather than text or HTML links, making it harder to spot, says Cluley, who believes many are being sent from Stration-infected computers.
"We've begun to see that overtaking the traditional spams" that sell performance-enhancement drugs, Heron said. "It must be giving a better return to the spammers."
It is a bad deal for victims, as the www.spamstocktracker.com. Web site illustrates.
block
Hart wishes that ISPs would simply block all unauthorized traffic on port 25, which computers use to send e-mail.
He argues that any port 25 traffic not destined for an ISP's own mail server and accompanied with an authorized user name and password should be rejected. However, neither of the UK's most popular ISPs, BT Retail and NTL, block this port, although they do scan for bot-like activities on their own network.
But if botnet operators continue to send fewer mails from each bot, scanning for telltale activities may become more difficult -- and experts worry that the mails could become more effective.
"Lower-volume target attacks are on the rise," Watson said. "Just like in the legitimate world, better market demographics and more targeted sales techniques can sometimes yield better results, and cyber-criminals understand this."
Building a database of more targeted information about an individual, such as where they work, and sending mail specifically to them will enable spammers to increase their per-spam yield.
The trade-off for more focused spam will be the effort involved in gathering information about their targets, explained Heron.
But just as legitimate markets evolve, so do illegitimate ones, Watson concluded.
"One of the common opinions in the botnet tracking community is that in this particular arms race, the black hats currently have the upper hand," he said.
They did it again. For the whole world to see: an image of a Taiwan flag crushed by an industrial press, and the horrifying warning that “it’s closer than you think.” All with the seal of authenticity that only a reputable international media outlet can give. The Economist turned what looks like a pastiche of a poster for a grim horror movie into a truth everyone can digest, accept, and use to support exactly the opinion China wants you to have: It is over and done, Taiwan is doomed. Four years after inaccurately naming Taiwan the most dangerous place on
Wherever one looks, the United States is ceding ground to China. From foreign aid to foreign trade, and from reorganizations to organizational guidance, the Trump administration has embarked on a stunning effort to hobble itself in grappling with what his own secretary of state calls “the most potent and dangerous near-peer adversary this nation has ever confronted.” The problems start at the Department of State. Secretary of State Marco Rubio has asserted that “it’s not normal for the world to simply have a unipolar power” and that the world has returned to multipolarity, with “multi-great powers in different parts of the
President William Lai (賴清德) recently attended an event in Taipei marking the end of World War II in Europe, emphasizing in his speech: “Using force to invade another country is an unjust act and will ultimately fail.” In just a few words, he captured the core values of the postwar international order and reminded us again: History is not just for reflection, but serves as a warning for the present. From a broad historical perspective, his statement carries weight. For centuries, international relations operated under the law of the jungle — where the strong dominated and the weak were constrained. That
On the eve of the 80th anniversary of Victory in Europe (VE) Day, Chinese Nationalist Party (KMT) Chairman Eric Chu (朱立倫) made a statement that provoked unprecedented repudiations among the European diplomats in Taipei. Chu said during a KMT Central Standing Committee meeting that what President William Lai (賴清德) has been doing to the opposition is equivalent to what Adolf Hitler did in Nazi Germany, referencing ongoing investigations into the KMT’s alleged forgery of signatures used in recall petitions against Democratic Progressive Party legislators. In response, the German Institute Taipei posted a statement to express its “deep disappointment and concern”
RSS