Posted by TechPunk on December 2, 2010 at 10:24 am
As we all know, spam is a major hassle in our inboxes. A major source of these unwanted emails is what is known as a Botnet. A Botnet consists of a wide Network of computers whichj have been compromised by a virus or worm and are used together to do some troublemaker’s bidding. Once your computer is infected, it can be controlled by a remote server to collect private info off of your PC, or join together with other infected computers to send waves of spam to all your contacts or even create a Denial of Service Attack (DDOS) which uses your PC to send a constant barrage of data at a selected server to flood it and take it down.
In 2009 it was estimated that 90% of all email is spam causing a huge strain on computer networks and hours of lost productivity.
John Leyden at The Register reports on the investigation one of the largest Botnet spammers ever:
FBI investigators have named a 23-year-old Russian as a prime suspect behind the operation of the infamous 500,000 Mega-D botnet, blamed for an estimated one in three spam emails prior to a take-down operation early last year.
Oleg Nikolaenko, a 23-year-old Moscow resident, was accused of violating US anti-spam and fraud laws in a sworn testimony by an FBI agent investigation the case, the Smoking Gun reports.
Webmail records from two Gmail accounts and financial transactions (via the ePassporte service) link Nikolaenko to the operation of the botnet, according to court paper submitted in a grand jury investigation.
The Mega-D zombie network was infamous as a prolific source of counterfeit prescription, herbal remedy and fake Rolex spam. A January 2009 takedown operation mounted by security firm FireEye hit Mega-D very
hard, drastically affecting spam output, which has returned but never to the same noxious levels.
Go read the whole thing.
Continue Reading
Posted by TechPunk on January 19, 2010 at 3:05 pm
These are the simple facts my friends. There are two moves that any ISP can do to combat Spam and reduce the spread of Botnets and they won’t cost an arm and a leg either. John E. Dunn @ Techworld gives us the scoop:
Two simple techniques could be used to strangle botnets, a security expert has claimed. First, block email port 25 by default. Second, tell users when they are spewing spam from compromised PCs.According to Trend Micro’s CTO, Dave Rand, who is leading a campaign to reform the way ISPs approach the matter of botnets and spam, the two countries that adopted such techniques, The Netherlands and Turkey, have seen a huge reduction in the numbers of botnetted PCs.
Go read it all and see that a little security can go a long way when dealing with spam.
Continue Reading
Posted by TechPunk on January 14, 2010 at 3:29 pm
If you hate the amount of unsolicited email that winds up in your inbox, you are gonna love the strides that researchers are taking to fight the dreaded botnets that exist solely to cause you pain and suffering any time you access your mail.
Some researchers are not taking this sitting down and have taken the fight to the cyber-crooks in an attempt to slow the spread of malicious software throughout the Web.
Kelly Jackson Higgins @ DarkReading puts together a great read on what is working and what is not in this fight:
For the most part researchers monitor and study botnets with honeypots and other more passive methods. Then security vendors come up with malware signatures to help their customers scan for these threats. But some researchers are turning up the heat on the bad guys’ botnet infrastructures by taking the lead in killing some botnets: Aside from last weekend’s takedown by Neustar of Lethic, which is responsible for about 10 percent of all spam, FireEye last November helped shut down the MegaD botnet. And researchers at the University of California at Santa Barbara in May revealed they had taken the offensive strategy one step further by infiltrating the Torpig botnet, a bold and controversial move that stirred debate about just how far researchers should go to disrupt a botnet.
Back in 2008 after two major ISPs halted traffic to malicious hosting provider McColo, spam worldwide dropped around 70 percent because McColo had been the main home to most botnet command and control (C&C) servers.
Arbor Networks fills us in on the Lethic Spambot:
There’s another spambot afoot, and of its activities is to spam pharmacy and pill spam. We found it via the malcode in our zoo and the C&C traffic that we hadn’t characterized previously. AV coverage of the samples is modest. The botnet appears to be spamming the usual unwanted junk, and appears to be a medium sized botnet.
Give these guys and girls a hand for wading into this spam infested cesspool and doing the heavy work so we don’t have to.
Cheers!
Continue Reading
