Re: spam-filtering policy

["Frynge Customer Support" <frynge () frynge com>]

This topic is of concern to me and my company.  I deal with issues like this 
all the time.

Your company may not be a spammer, BUT how do you know if your companys 
server has been compromised?  Many servers on the internet are unwilling 
zombies "botnets", waiting for a hacker/spammer to start using.

The spammer will gain access through html injection, insecure php/asp files, 
database entry, insecure permissions or a host of other insecurities and 
then leaves a script on your server.  At the correct time, he will initiate 
50,000 scripts in one botnet,  world wide through a controller interface.

The controller always moves around.  They never stay in one place and hence 
rarely get caught.

When initiated, it will send out millions of spams.  Even if your lucky and 
its detected in days or weeks, how many spams are sent out?  The reality is, 
its not detected in days or weeks and sometimes not in months!!!! And 
usually is stopped by firewall blacklisting on specific servers or spam 
filtering policies.

The controller then moves to another "node".  They have thousands of these 
"nodes" with tens of thousands of infected computers on each node"

Not only that, there are people that are using these zombies for DDOS 
attacks, to compromise other systems and also to commit fraud on a large 
scale.  Usually through click fraud or credit scams.   I would assume 
organised crime is behind most of these and pays these rogue "controllers" 
to do specific tasks.

Most of them seem to come out of Europe and China where laws are not valid 
and control is fairly difficult.

What type of fraud are you asking?  Well click fraud is the easiest target. 
Not only can you get one of these node centers to spam, but also you can 
install trojans that do almost anything, like click on a website in the 
background.  The user never knows they are infected and little pieces of 
their cpu are being harnessed.  Simply with click fraud, all you get is one 
controller to intiate a node.  He then leaves his location.  The infected 
computers just simply clicks on a specific ad.   The ad would hosted on 
another offenders website, and they make alot of money in one day.

As one professional at panda antivirus software stated....
The botnet we recently helped dismantle with RSA had infected over 50,000 
computers with the Clickbot.A Trojan. Imagine if each of those 50,000 
computers made the botnet controller one dollar each day the system 
operated. If it takes us a few weeks to shut him down, the operator makes 
millions."

These botnet controllers are being used for all different methods, from 
spam, to click fraud, to DDOS and probably blackmailing.  Its a crazy world 
out there with alot going on that most are not aware of.


So what do we do about spam???  What is our spam solution? :)

I fear that it is not one thing that will solve this problem.  Because the 
hacker/spammers always seem to be one step ahead and also they can hide in 
places that we cannot reach, we will have to take a multi pronged attack on 
this problem.

A new world order with international law, international taxes and 
international regulation will curb rogue entities in foreign countries. 
Spam policies like spam haus and others, where admins police their own 
systems and get in trouble when they have leaks will create accountability 
for the smaller entities.  I truely believe the addition of FREE operating 
system software with FREE updates at the core of our computers will curb the 
zombied computer state.  At this point, with microsoft hording their 
software and updates, and other companies doing the same, we will always be 
in a perpetual security crisis, because alot of people do not go out and buy 
the legitimate software.  These are the bulk of people who are causing this 
zombied computer state in my mind.  Also the other portions are the people 
who are lazy and just do not update their computer or not bother to install 
a good anti virus program and keep it updated.  Only when we make the 
operating system free and updates can be controlled on a large scale, only 
then, it cannot be used to spam or advertise to us, and these zombie centers 
can be dismantled.

I also feel that solutions on the end user can help as well, but as everyone 
knows spam assassin and boxtrapper are not fool proof and can be quite a 
pain to use.

Those are my 2 cents on spam :)

Kelly Sigethy
http://www.frynge.com


----- Original Message ----- 
From: "cc" <cc () belfordhk com>
To: "Security Basics" <security-basics () securityfocus com>
Sent: Tuesday, December 12, 2006 8:49 PM
Subject: spam-filtering policy


> Dear All,
>
> Since there's no 100% effective spam filtering mechanisms
> so far, is it 'effective' to block (every/some) domains/IPs
> and have the admin of those domains/IPs  send an online
> application to whitelist the domains/IPs?
>
> If it is an effective policy, wouldn't this create more
> of a hassle for the admins of valid/innocent domains?
>
> If it isn't an effective policy, why does anyone use it?
>
> The reason why I'm asking is that my co-worker has been
> trying to send an e-mail to a customer whose ISP seems to
> be using such a spam-filtering policy.  This ISP is blocking
> my company's domain, for some stupid reason.  My company
> certainly doesn't spam.
>
> Since I'm ever-learning the ins-and-outs of mail server
> administration, I'm curious as to what everyone here
> thinks.
>
> Thanks
>
> Ed
>
>
>
>
> ---------------------------------------------------------------------------
> This list is sponsored by: ByteCrusher
>
> Detect Malicious Web Content and Exploits in Real-Time.
> Anti-Virus engines can't detect unknown or new threats.
> LinkScanner can. Web surfing just became a whole lot safer.
>
> http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
> ---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------