SPAMBUSTER Part 2 of 3: Botnets, Blacklists, and Berries.

Posted in Business Technologies by Luis Rodriguez on December 8, 2009
Tags: blacklists, botnets, domain, email, email security, Internet, IT, linkedin, managed services, network, networking, security, spam, traffic, Windows

In part one of SPAMBUSTER we covered what is commonly referred to as address spoofing.

Today we are venturing into darker territory; one of Theft, Spies, and Zombies. I’ll be honest; the total Geek in me really wants to run with this  Zombie theme, but I’ll try to keep it toned down.

It’s easy to think that e-mail fraud only amounts to bad links and phony deals regarding pharmaceuticals, but in all actuality SPAM is much more like a gateway to Cyber-Crime. Let’s put it this way, with anonymity a spammer can use false trust via misrepresentation to harvest, exploit or steal sensitive information and digital resources.

Let’s examine the botnet. There are many qualities of a botnet and given it’s illegal nature it can be somewhat of a moving target to define. Traditionally, botnets are computers infected with software that secretly adds your computer to an “army”. This “army” can be organized to spread anything and everything between standard SPAM (unsolicited email) to viruses via the Internet. Since the owner of the computer is unaware their computer has been enlisted into the botnet’s army, the infected computer is often referred to as a Zombie.

Once a botnet’s creator (a.k.a “bot-herder” or “bot master”) has built a Zombie Army, the Zombie can be given instructions for sending out messages from your e-mail account to others. These botnets can even be sophisticated enough to steal your computer processing power and redirect it to whatever task the bot-herder has in mind.

The main thing about botnets are that by design, they are setup to secretly propagate like bunnies and -more importantly- there are times they can regenerate even after their removal if you are not using the right tools. As a result it’s important to understand that protecting your network – and in this case your e-mail traffic – is just as crucial with outbound traffic as it is with inbound traffic (fig. 1.1).

fig. 1.1

Case in point, our Managed Services group at High Touch has seen situations where small offices (2-10 workstations) can be sending out as many as 200 e-mails from each address on their domain without them even knowing it. After a prolonged period of time, this type of traffic can easily land your domain into a blacklist and these lists are easier to get on then they are to get off. Blacklists refer to large Internet databases that store historical information about servers and domains that engage in SPAM/Malware like activities.  So if your domain (i.e. mybusiness.com) is sending out 200 e-mails and 150 of them are reported -by other email users- as SPAM then PRESTO! your business is now an Spammer (albeit indirectly).

So how can you inoculate your e-mail to prevent infectious Zombie behavior from taking afoot on your network? Simple, pay a professional. I know, I know, it sounds expensive but it is really not that bad. Take some time and Google Search e-mail security and you’ll find that there are just as many affordable financial models as there are SPAM killing programs. Ultimately, I’m sure you can find one that balances the cost of security with your potential loses should your entire e-mail system be brought down or blacklisted.

Also, I really don’t have anything regarding berries. I just needed another B word for my fancy title.

Luis is the Products Manager for Research & Development at High Touch, Inc.  He carries Microsoft, SonicWALL, Six Sigma, APICS, Unix/Linux expertise and certifications. For more tech advice and reviews you can follow Luis on Twitter using @rodlui1 or look him up on LinkedIn.

Advertisement