Friday, December 29, 2006

At the beginning of the month, half a million compromised personal computers were each sending thousands of emails a day all over the planet.
Looking at my spam folder, I suspect a lot of them were to me. A quick look into that dark vault of nastiness shows me:

1. Advertisements for cheap (pirated) software -- also probably containing the very worms that would turn my own machine against unsuspecting email in-boxes
2. Over 100 "pump-and-dump" stock scams
3. About thirty "people" telling me I'm paying too much for my mortgage
4. Free Anti-Spyware application offers for products I've never heard of which would probably log my keystrokes and email everyone in my address list until I'm hated by everyone
5. Discount pharmaceuticals many, many, many times

While all this is nice, for some reason the very thought that the internet itself feels the strain of the increased bandwidth used up by these messages fills me with quaking rage.
They slow everything up for everyone and, through using these zombie computers that people unwittingly leave plugged into the cable modem all the time they totally avoid prosecution and punishment. Further, these spam messages spoof the return address, triggering email bounces, auto-replies, and yet more wasted network capacity. As a side note, I personally think the punishment for spambot herders, if they are ever brought to justice, should not include hand typing apologies to everyone they have ever spammed, but rather something involving warm maple syrup and stinging insects. And maybe a small surgical laser.
Anyway, the Shadowserver Group (some unofficial, take-matters-into-their-own-hands, stop-spam-by-whatever-method-is-most-effective, track-down-and-fix-compromised-herds-of-spambots volunteer hacker-types) got their own present on December 25th.
20% of those spamming machines vanished from tracking.
The current theory is that people got new machines for Christmas, unplugged the old ones (which were probably running quite poorly, what with all the invisible background emailing) and haven't turned them back on.
The new machines may be Macs, but most likely they are Windows XP machines with Service Pack 2, which turns the firewall on by default. Hopefully, that difference will prevent a re-infection -- at least until the spammers find a work-around.
Will this equal a 20% reduction in spam clogging the internet? Maybe for a while. The remaining remote-controlled machines could probably be further modified to push even more to make up the difference, but this would slow those machines even further and prompting a sooner "refresh" to a more security-focused operating system.
From June of this year through November the increase in BotNet infections tripled. Obviously, the bad guys are getting better at what they do.
The poorly written text we sometimes see within spam messages is an (admittedly mildly-successful) attempt to foul modern spam filters.
Compromised personal computers are being used more and more often to launch denial of service attacks against websites and networks while they continue to let everyone know about the latest and best online casino.
In the last ten minutes I got over three hundred messages in my work email address from our own spam filter about bugs it intercepted and, as I may have complained before, over 80% of our inbound email traffic is flagged, accurately, as spam.
The filter just caught another seventy while I typed that last bit. Make that eighty.
The short-term relief seems to have been considerably shorter than I'd hoped.
In a future post, I'll discuss my new (totally on the up and up and legitimate) Windows Vista install and how it works day to day in the real world*.

* "real world" as defined by me. Any resemblance to the actual world or reality itself is coincidental.

No comments: