Naked Security: How to send 5 million spam emails without even noticing

ATN-300InsightaaS: Regular Across the Net readers will be aware of our respect for  Naked Security, a news/blog site hosted by security vendor Sophos; we visit the site reguarly, and feature a post or so per month here on our site. Today’s post is a good example of why we make Naked Security a regular destination. A team working for Sophos in Hungary set up “a carefully-configured ‘honeybot’ that would receive spamming commands from its botmasters, generate spam messages, and send them out” – replicating a bot in a network right up to the point of delivery, where messages were captured by a “special dead-end server that was blocked off from the internet.”

The results of the experiement? In one week, the honeybot spammed 5.5 million email addresses, sending over 750,000 unique messages but using only 30 GB, which might well go undetected by a user or admin. Based on the experiment, the authors concluded that a single 10,000 node botnet could generate 50 billion spam messages per week. Statistics like this make a mockery of government policies like the Canadian government’s recently-enacted Canadian Anti-Spam Legislation (CASL). Regulations won’t protect users against even accidental infection from a 50 billion message deluge; strong security ‘shields’ and well-understood, effectively-followed policies are essential weapons in fighting against the mountains of cyber-trash that these kinds of tactics deliver.

We write about bots, also known as zombies, fairly frequently on Naked Security.

That’s because they’re the money-making machinery of modern cybercrime.

The idea is simple: malware on your computer regularly “calls home,” often by making an innocent-looking web request using HTTP, just like your browser.

But instead of fetching a web page for display, the bot (short for “malware robot”) downloads a list of instructions, which it carries out using your computer and your network connection.

For example:

  • Logging your keystrokes to steal online usernames and passwords.
  • Searching through your files for interesting data to steal.
  • Tricking you into clicking on ads to generate pay-per-click revenue.
  • Posting “recommendations” for your friends on your social networks.
  • Downloading more malware, for example ransomware that scrambles your data and demands an unlock fee.
  • Acting as a proxy, or relay, and charging rent to other crooks so they can use your internet connection to cover their tracks.
  • Attacking other people’s websites, making you look like the crook.

But the criminal activity most associated with bots is spamming.

That’s because spammers don’t just use a bot here and a bot there to send unwanted emails, they use a whole collection of bots at the same time (typically tens of thousands or more), for truly distributed spamming power…

Read the entire post! Link



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.