For David Hart, monitoring spam is a matter of atonement. The technician, formerly a consultant for a spammer, reformed a couple of years ago and started his own DNS blackhole list -- a list of Internet addresses that have been identified as spam senders. Volunteers at TQM3, including Hart, watch e-mail traffic for likely spammers and constantly update the list, which is then available to systems administrators across the Internet.
"There's a certain amount of guilt," Hart said. "I was wrong, and this is part of making amends for a profound misjudgment on my part."
Recently he's been getting plenty of opportunities to redeem himself, thanks to the "tail" -- a screen on his e-mail server that shows all the IP addresses on the Internet that are being added to his spam list. Normally, the tail twitches along at a steady rate, but lately, activity has exploded.
"It's been scrolling so fast that it's been hard to keep up with it," Hart said. "Since the early summer we have seen a significant increase, and it has been reported elsewhere."
The growth in spam is also showing up at companies such as Postini, which analyses Internet traffic using its filtering system before delivering it to clients.
"We're seeing growth in overall spam in terms of volume and relative percentage," Postini founder Scott Petry said.
The company monitored nearly 70 billion e-mails in September and October, and spam levels soared by 59 percent during that period. The company says that 91 percent of e-mails are now spam.
Why? There is no single cause, say experts, but rather a confluence of unfortunate events. One of the biggest problems is that the main vehicle for spam -- vast networks of home computers infected with malware, known as "botnets" -- have been growing in size.
These botnets have existed for about five years. They are created when worms or Trojan horse programs are used to infect a PC, taking control of it and forcing it to accept commands sent by a central controller.
The commands, traditionally sent via a real-time online chat protocol called Internet Relay Chat (IRC), were initially used to force large numbers of bots to attack a target Web site, flooding it with traffic in a distributed denial of service (DDoS) attack.
botnets
DDoS attacks still happen, but bots are increasingly used to send spam e-mails, in effect acting as their own mail servers. In the 1990s, spam was mostly channelled via unprotected e-mail servers online, used to send thousands of unsolicited e-mails anonymously. But then network administrators began locking them down.
Now, spammers send e-mail directly from home machines thanks to botnet operators who program them to become e-mail servers and then sell their processing power and bandwidth. These money-motivated operators are honing their product, warned David Watson, who works on the UK Honeynet project (www.ukhoneynet.org.), a non-profit research effort to track spammers' activities.
"Because of the high risk/reward ratio, the major perpetrators are upping their game and producing ever more professional and effective cyber-scams on an almost daily basis," he said.
Today's bots are infected with modular, kit-based software that can easily be upgraded and reconfigured to take advantage of any new vulnerability discovered in Windows; botnets are almost exclusively targeted at Windows PCs.
"There are changes in command and control capabilities and a move to shorter-lived botnets that deliver their spam very quickly," Watson warned. "And the adoption of peer-to-peer communication will also make it harder for system defenders to keep on top."
Marvel for a moment: botnet operators are people who have worked out how to upgrade the software on thousands of machines almost simultaneously without their owners' knowledge. It would be impressive if the effects weren't so deleterious.
distributed
Botnet operators in the past controlled infected machines from a single point. Today, advanced malware such as the Sinit worm (www.technewsworld.com/story/32602.html.) uses the same techniques as best-known peer-to-peer file distribution networks such as Kazaa, with infected machines forwarding instructions and software updates to each other.
This makes botnets even harder to take down, and now that some botnets use encrypted communications, it's even harder for experts to monitor their controllers.
Botnet operators are becoming smarter too about how they use the infected machines, explained Simon Heron, a director at security company Network Box.
"In the old days, a compromised machine would start cranking out thousands of e-mails per hour," he said.
That would slow the user' s PC down. "It became very easy to realize that you'd been violated," he said.
But nowadays, operators send out smaller flurries of e-mail from each machine, keeping them below the ISPs' (and users') radar.
"Now that they're doing it in a more subtle fashion, it's difficult to realize that they've been violated," noted Heron.
How can botnet operators maintain the overall volume of their e-mail while reducing the number of e-mail per bot?
By increasing the number on the network. According to Dean Turner, senior manager of Symantec's Security Response team in the US, the company saw almost 4.7 million new active bot network machines in the first half of this year.
Johannes Ullrich, chief research officer at the SANS Internet Storm Center, which monitors online threats, saw the number of attacking client machines rocket from 770,000 on Oct. 15 to 1.845 million six days later.
expanding
Why are botnets expanding so much now? One reason could be Stration (www.tinyurl.com/yj3pjd.), one of the most aggressively distributed pieces of malware that Graham Cluley, senior technology consultant at anti-virus company Sophos, has seen. The worm, which persuades users to install it by claiming to be a system patch, accounted for half of all malware seen online on some days, according to Sophos.
"It's constantly being refined to get past antivirus products," Cluley said, adding that there have been over a hundred new versions of the worm created in a single day.
It mostly targets English language speakers, "so, we're not seeing as many bots created in non-English-speaking parts of the world as we used to," he said.
But Hart is. According to his figures, large numbers of new bots are coming from Poland.
"The spammers have really focused in on these developing technology countries that have a sudden burst of broadband," he said.
Countries just beginning to roll out broadband often have large numbers of computers with older, unpatched operating systems ripe for infection. Take China, which is the largest source of botnet machines after the US. Research group Ovum says that broadband penetration in China has been growing at 79 percent a year for the past three years. Within the next 12 months it will become a bigger broadband market than the US, Ovum says.
The types of spam being sent are also changing, Heron warned.
In particular, spam mail promoting cheap, penny stocks in obscure companies have grown in volume. Called "pump and dump" spam, it works by sending false or outdated "inside information" to large numbers of people urging them to buy the stock, promising a leap in price. The spammers, who have bought the stock cheap, dump it on the market and pocket the difference.
"Pump and dump" spam often uses embedded images, rather than text or HTML links, making it harder to spot, says Cluley, who believes many are being sent from Stration-infected computers.
"We've begun to see that overtaking the traditional spams" that sell performance-enhancement drugs, Heron said. "It must be giving a better return to the spammers."
It is a bad deal for victims, as the www.spamstocktracker.com. Web site illustrates.
block
Hart wishes that ISPs would simply block all unauthorized traffic on port 25, which computers use to send e-mail.
He argues that any port 25 traffic not destined for an ISP's own mail server and accompanied with an authorized user name and password should be rejected. However, neither of the UK's most popular ISPs, BT Retail and NTL, block this port, although they do scan for bot-like activities on their own network.
But if botnet operators continue to send fewer mails from each bot, scanning for telltale activities may become more difficult -- and experts worry that the mails could become more effective.
"Lower-volume target attacks are on the rise," Watson said. "Just like in the legitimate world, better market demographics and more targeted sales techniques can sometimes yield better results, and cyber-criminals understand this."
Building a database of more targeted information about an individual, such as where they work, and sending mail specifically to them will enable spammers to increase their per-spam yield.
The trade-off for more focused spam will be the effort involved in gathering information about their targets, explained Heron.
But just as legitimate markets evolve, so do illegitimate ones, Watson concluded.
"One of the common opinions in the botnet tracking community is that in this particular arms race, the black hats currently have the upper hand," he said.
Taiwan is a small, humble place. There is no Eiffel Tower, no pyramids — no singular attraction that draws the world’s attention. If it makes headlines, it is because China wants to invade. Yet, those who find their way here by some twist of fate often fall in love. If you ask them why, some cite numbers showing it is one of the freest and safest countries in the world. Others talk about something harder to name: The quiet order of queues, the shared umbrellas for anyone caught in the rain, the way people stand so elderly riders can sit, the
Taiwan’s fall would be “a disaster for American interests,” US President Donald Trump’s nominee for undersecretary of defense for policy Elbridge Colby said at his Senate confirmation hearing on Tuesday last week, as he warned of the “dramatic deterioration of military balance” in the western Pacific. The Republic of China (Taiwan) is indeed facing a unique and acute threat from the Chinese Communist Party’s rising military adventurism, which is why Taiwan has been bolstering its defenses. As US Senator Tom Cotton rightly pointed out in the same hearing, “[although] Taiwan’s defense spending is still inadequate ... [it] has been trending upwards
Small and medium enterprises make up the backbone of Taiwan’s economy, yet large corporations such as Taiwan Semiconductor Manufacturing Co (TSMC) play a crucial role in shaping its industrial structure, economic development and global standing. The company reported a record net profit of NT$374.68 billion (US$11.41 billion) for the fourth quarter last year, a 57 percent year-on-year increase, with revenue reaching NT$868.46 billion, a 39 percent increase. Taiwan’s GDP last year was about NT$24.62 trillion, according to the Directorate-General of Budget, Accounting and Statistics, meaning TSMC’s quarterly revenue alone accounted for about 3.5 percent of Taiwan’s GDP last year, with the company’s
There is nothing the Chinese Nationalist Party (KMT) could do to stop the tsunami-like mass recall campaign. KMT Chairman Eric Chu (朱立倫) reportedly said the party does not exclude the option of conditionally proposing a no-confidence vote against the premier, which the party later denied. Did an “actuary” like Chu finally come around to thinking it should get tough with the ruling party? The KMT says the Democratic Progressive Party (DPP) is leading a minority government with only a 40 percent share of the vote. It has said that the DPP is out of touch with the electorate, has proposed a bloated
RSS