News that a number of the world’s spammers have taken a recent hit and had their servers brought down is good news, but worst could be to follow as the cybercriminals have too much invested to walk away.

One huge Botnet was recently reduced to a trickle as one set of anti-spammer guardians fought hard to bring them down. The figures are truly amazing, with some issuing billions of individual spam emails each year, meaning that millions are being sent on a daily basis.

But although these successes are worth a collective round of applause, the sheer size of the spam operations has worrying implications for all to see. Spam started as a mischievous trick on friends – it’s innocent beginnings belong to a different time now.

But once the crooks saw the advantage in sending out emails to a somewhat gullible database of email enthusiasts who appeared to park their brains elsewhere when items dropped into their inboxes, the flood gates opened. Some weren’t completely fictitious of course and no doubt many men have benefitted from under the counter Viagra, but offers of millions from dead kings, or pictures of curvy tennis stars which actually had dirtier things attached than a picture of a raised skirt, soon alerted most to the spammers deadly armoury.

Now the defences are more sophisticated and the computer security industry has woken up to the fact that it’s far better to stop the spam reaching its destination in the first place, than to rely on someone saying no to an offer of a forty million pound fortune from an African chief.

The various internet platforms and mail servers are now far more effective in stopping spam than they used to be, so there’s almost a desperation in the spammers actions now, as though they continually have to up the number of spam in order to get the one profitable hit.

But the crooks face a double whammy. Spam filters continually get better and people get more cynical. Therefore, the numbers have to ever increase, meaning that the servers which push through this rubbish will be easier to spot and bring down.

It sounds like a win win situation; unfortunately, it isn’t.

Spammers are not ‘geeks’ sat in their bedrooms romantically fighting the system to earn a loaf of bread. Nowadays they are geeks sat in huge offices fighting the system to earn their organised crime bosses far more than a loaf of bread (in fact, millions of loaves).

And organised crime bosses always have an eye on the takings. If profits begin to drop, it won’t be a prosaic shrug and a bringing down of the shutters for a while, Make no mistake, the crime bosses (and some Governments), will have invested a fair bit of their ill-earned gains to set up their spam operations and walking away from that, and the potential rewards, means that the focus will switch elsewhere.

Spam will maybe last another five years as a profitable, albeit mostly illegal, road to riches. But as it starts to die, the real danger is where the crime bosses will direct their geeks attention then.

One battle might go to the computer security industry, but the cyber war is far from over.

Guest article by Neil Camp 

One of the reasons why good antivirus firewall software is needed is because of spam attacks.

And even though spam levels have been reduced slightly due to concerted effort from the ‘good’ guys, sound antivirus firewall software is still essential because the advances made on the spammers will soon be reversed and the number of spam emails will soon return to normal.

Computer security companies recently provided some idea as to how the spammers took great care when sending out their rubbish emails and revealed how the people behind the Cutwail botnet (which is also known as Pushdo) sent out over 1.7 trillion individual messages.

Remember a botnet is a network of zombie (virus infested and comprised) computers that send out emails without the user’s knowledge.

The companies gained access to the Cutwail servers and discovered that between June in 2009 and August in 2010, they had sent more than 1.7 trillion spam emails, which works out at around three billion a day.

The access also revealed that just over 30% of the sent messages were accepted during the SMTP transaction, which roughly translates to 500 billion messages hitting the mark. The rest were shot down because they might have been invalid addresses, been the subject of SMTP errors, or be on blacklists.

Yet the profits from the 500 billion emails alone (of which only a very small amount made it through the spam filters) are reckoned to have been between nearly $2 million and just over $4 million.

The Cutwail botnet was almost brought down and the amount of spam emails dramatically reduced, but the security companies believe that the botnet will soon reach previous levels of traffic.

Another botnet’s activities, Rustock, was also dramatically curtailed by what’s thought to be have been the activities of a group of anti-spam activists. Rustock was responsible, in 2010 alone, for sending out just over 40 billion spam emails a day. Just recently, that figure had doubled and was peaking at around 250,000 individual messages a second.

Then it all went quiet as the botnet effectively stopped sending emails. The network of zombie computers which made up the botnet numbered 815,000 and these were controlled by over 20 individual servers. So efficient had the botnet become, that it alone accounted for around 50% of all spam on the internet.

Experts reckon that Rustock, like Cutwail, will soon be back up to speed and sending out billions of spam emails again soon; so computer users are being warned to ensure that their antivirus firewall software is up to date.

Guest Article by Neil Camp 

It may be hard to believe, but the antivirus security industry has reported that cybercriminals are already exploiting the horrific situation in Japan.

The antivirus security industry said that soon after the disaster began to be reported worldwide across the internet, cybercriminals were establishing scams and doing as much as they could to exploit the situation.

It’s become a trend that once a big news event begins filling the ether, cybercriminals quickly set out to highjack the search terms and in effect, poison the results which relate to the story. This might happen in the case of news about a particular celebrity (the death of Michael Jackson was a great example), or a natural disaster (such as the New Zealand earthquake).

Antivirus security companies are warning their customers to be very wary of some of the search results when looking for “Most Recent Earthquake in Japan”. This search term is leading to many fake AV variants.

Another antivirus security company reported that they had spotted a Japanese Tsunami related Facebook scam. This was based on a survey and encouraged participants to give away personal data.

The industry is warning all computer users to be extremely vigilant when it comes to clicking on certain search engine results. They explain that cybercriminals move extremely fast to control the ‘search engine’ real estate on certain suddenly popular search terms. And because they can invent news and facts, they can react more quickly than genuine news sites and forums, that take longer to check out facts, or process basic information.

One way to try and avoid being caught by the spammers, is to use a service such as Google News Filter, which applies its own vetting procedure to search results. Furthermore, incoming emails with links on the subject of the earthquake, or Facebook posts that contain links, should be treated with suspicion unless they can be verified as being legitimate.

As always, a degree of cynicism appears to be the best approach.

Guest Article by Neil Camp 

Data capture by cybercriminals is most definitely on the increase and we all should know the dangerous implications of being robbed online.

But are we so certain that we’re not victims of a more subtle form of data capture, one practised by the big legitimate companies.

Just because it’s a high-street operation, and one that has a very recognisable brand, does not mean that they are immune to trying to wheedle out as much information as they can from their customers.

Nowadays marketing efforts live, or die on personal data. Customers are not merely sold to, or encouraged to buy, they are targeted. Firstly, they are defined and secondly, they are profiled. This is because, and let’s be honest here, companies don’t want to waste efforts selling something their customers don’t want.

Take the large ecommerce operations which quickly build profiles of their customers because they closely monitor their buying habits. Say one customer has bought a particular type of book in the past, the online retailer will store this information in a complex database and regularly send out up dates to let the customer know of other books they might fancy within the genre, or just any books just published.

Despite some reservations, the system actually works as it allows the customer to be targeted correctly which leads to a lot less time being wasted for the company and their customers.

There are two downsides of course. Firstly, the very real danger that the data might get into the wrong hands and be used for nefarious means. Secondly, this sort of marketing destroys the sense of serendipity when it comes to shopping.

Take the first point. Companies are becoming ever more sophisticated at capturing data, so much so, that anyone completing an online data form, should always check out the small print terms and conditions. The rise in social media has resulted in so much personal data being out there (and inter-linked), that some companies will see that information as worth mining and storing on their database. Thus, a company might not just be acquiring your data, but your network of friend’s data as well.

Now, arguably, with a responsible company, that does not matter, because, given they have a reputation to keep and Data Protection Laws to adhere to, they will bend over backwards to protect their databases. But, with less scrupulous companies, there might be a temptation to sell their data on, or ‘lose it’ through poorly protected IT systems.

And this ‘precision bombing’ approach to marketing does lose the sense of serendipity, of browsing through products that you haven’t bought before, just because the company can’t be that clever (based on moods and whims) to calculate your future tastes. At least not yet!

But the point is, always be careful when you handover your personal data. Mostly it will be used responsibly, but if you have any doubt, it’s best to run for the hills and refuse to hand it over!

Guest Article by Neil Camp 

Antivirus reviews can take many forms and one from the EU cyber crime agency ENISA, questions how botnets are measured and their impact assessed.

ENISA stands for European Network and Information Security Agency and issues many antivirus reviews and advice documents throughout the year.

ENISA has written two studies about botnets which were published at a recent workshop in Cologne, Germany. They set out to evaluate the threat of the botnet problem and how effective are the current measures in dealing with them.

Botnets are basically a network of zombie computers which are used to send out millions of spam emails. Spammers rely on huge numbers to make their process work: you send out many thousands of emails and expect one reasonable reply (say an order, or someone submitting personal details). Just that one response out of thousands makes the spammer viable. But to send out millions of emails requires time and energy, and many computers.

The advantage with machines that have been compromised (usually by a Trojan which takes control without the user knowing) is that they are effectively anonymous and are not linked with the spammer. They sit there, performing the usual tasks for their owner, yet are also, unbeknown to their owner, performing other tasks for the hacker. And this might include issuing thousands of emails on a daily basis.

And each individual computer (the bot) which has been infected (the zombie) sits within a network of likewise compromised machines (the botnet).

Many local authorities in the UK have discovered that their PCs have been unwittingly enrolled into various botnets exploited by hackers throughout the world.

But ENISA say that the threat of the botnets might be overestimated, given that although millions of machines have indeed been infected, the hacker might be able to employ a fraction of those to perform a single task.

Indeed, the number of machines that can be exploited by the hackers is considerably smaller than many reports have initially suggested. This does not diminish the threat of such networks of zombie computers, but it does try to put forward a more realistic picture.

Both the ENISA antivirus reviews are available online.

Guest Article by Neil Camp