News that a number of the world’s spammers have taken a recent hit and had their servers brought down is good news, but worst could be to follow as the cybercriminals have too much invested to walk away.

One huge Botnet was recently reduced to a trickle as one set of anti-spammer guardians fought hard to bring them down. The figures are truly amazing, with some issuing billions of individual spam emails each year, meaning that millions are being sent on a daily basis.

But although these successes are worth a collective round of applause, the sheer size of the spam operations has worrying implications for all to see. Spam started as a mischievous trick on friends – it’s innocent beginnings belong to a different time now.

But once the crooks saw the advantage in sending out emails to a somewhat gullible database of email enthusiasts who appeared to park their brains elsewhere when items dropped into their inboxes, the flood gates opened. Some weren’t completely fictitious of course and no doubt many men have benefitted from under the counter Viagra, but offers of millions from dead kings, or pictures of curvy tennis stars which actually had dirtier things attached than a picture of a raised skirt, soon alerted most to the spammers deadly armoury.

Now the defences are more sophisticated and the computer security industry has woken up to the fact that it’s far better to stop the spam reaching its destination in the first place, than to rely on someone saying no to an offer of a forty million pound fortune from an African chief.

The various internet platforms and mail servers are now far more effective in stopping spam than they used to be, so there’s almost a desperation in the spammers actions now, as though they continually have to up the number of spam in order to get the one profitable hit.

But the crooks face a double whammy. Spam filters continually get better and people get more cynical. Therefore, the numbers have to ever increase, meaning that the servers which push through this rubbish will be easier to spot and bring down.

It sounds like a win win situation; unfortunately, it isn’t.

Spammers are not ‘geeks’ sat in their bedrooms romantically fighting the system to earn a loaf of bread. Nowadays they are geeks sat in huge offices fighting the system to earn their organised crime bosses far more than a loaf of bread (in fact, millions of loaves).

And organised crime bosses always have an eye on the takings. If profits begin to drop, it won’t be a prosaic shrug and a bringing down of the shutters for a while, Make no mistake, the crime bosses (and some Governments), will have invested a fair bit of their ill-earned gains to set up their spam operations and walking away from that, and the potential rewards, means that the focus will switch elsewhere.

Spam will maybe last another five years as a profitable, albeit mostly illegal, road to riches. But as it starts to die, the real danger is where the crime bosses will direct their geeks attention then.

One battle might go to the computer security industry, but the cyber war is far from over.

Guest article by Neil Camp 

One of the reasons why good antivirus firewall software is needed is because of spam attacks.

And even though spam levels have been reduced slightly due to concerted effort from the ‘good’ guys, sound antivirus firewall software is still essential because the advances made on the spammers will soon be reversed and the number of spam emails will soon return to normal.

Computer security companies recently provided some idea as to how the spammers took great care when sending out their rubbish emails and revealed how the people behind the Cutwail botnet (which is also known as Pushdo) sent out over 1.7 trillion individual messages.

Remember a botnet is a network of zombie (virus infested and comprised) computers that send out emails without the user’s knowledge.

The companies gained access to the Cutwail servers and discovered that between June in 2009 and August in 2010, they had sent more than 1.7 trillion spam emails, which works out at around three billion a day.

The access also revealed that just over 30% of the sent messages were accepted during the SMTP transaction, which roughly translates to 500 billion messages hitting the mark. The rest were shot down because they might have been invalid addresses, been the subject of SMTP errors, or be on blacklists.

Yet the profits from the 500 billion emails alone (of which only a very small amount made it through the spam filters) are reckoned to have been between nearly $2 million and just over $4 million.

The Cutwail botnet was almost brought down and the amount of spam emails dramatically reduced, but the security companies believe that the botnet will soon reach previous levels of traffic.

Another botnet’s activities, Rustock, was also dramatically curtailed by what’s thought to be have been the activities of a group of anti-spam activists. Rustock was responsible, in 2010 alone, for sending out just over 40 billion spam emails a day. Just recently, that figure had doubled and was peaking at around 250,000 individual messages a second.

Then it all went quiet as the botnet effectively stopped sending emails. The network of zombie computers which made up the botnet numbered 815,000 and these were controlled by over 20 individual servers. So efficient had the botnet become, that it alone accounted for around 50% of all spam on the internet.

Experts reckon that Rustock, like Cutwail, will soon be back up to speed and sending out billions of spam emails again soon; so computer users are being warned to ensure that their antivirus firewall software is up to date.

Guest Article by Neil Camp 

Antivirus reviews can take many forms and one from the EU cyber crime agency ENISA, questions how botnets are measured and their impact assessed.

ENISA stands for European Network and Information Security Agency and issues many antivirus reviews and advice documents throughout the year.

ENISA has written two studies about botnets which were published at a recent workshop in Cologne, Germany. They set out to evaluate the threat of the botnet problem and how effective are the current measures in dealing with them.

Botnets are basically a network of zombie computers which are used to send out millions of spam emails. Spammers rely on huge numbers to make their process work: you send out many thousands of emails and expect one reasonable reply (say an order, or someone submitting personal details). Just that one response out of thousands makes the spammer viable. But to send out millions of emails requires time and energy, and many computers.

The advantage with machines that have been compromised (usually by a Trojan which takes control without the user knowing) is that they are effectively anonymous and are not linked with the spammer. They sit there, performing the usual tasks for their owner, yet are also, unbeknown to their owner, performing other tasks for the hacker. And this might include issuing thousands of emails on a daily basis.

And each individual computer (the bot) which has been infected (the zombie) sits within a network of likewise compromised machines (the botnet).

Many local authorities in the UK have discovered that their PCs have been unwittingly enrolled into various botnets exploited by hackers throughout the world.

But ENISA say that the threat of the botnets might be overestimated, given that although millions of machines have indeed been infected, the hacker might be able to employ a fraction of those to perform a single task.

Indeed, the number of machines that can be exploited by the hackers is considerably smaller than many reports have initially suggested. This does not diminish the threat of such networks of zombie computers, but it does try to put forward a more realistic picture.

Both the ENISA antivirus reviews are available online.

Guest Article by Neil Camp 

Even with the best precautions, internet security is constantly being threatened by clever phishing emails which try and trap the unsuspecting surfer.

Internet security is vital for everyone, so being on guard against phishing emails is vital.

Take a recent email purporting to be from Adobe which got through a number of spam filters and at first sight looks quite genuine, but there are number of worrying points.

By the way, the author of this article has not tested the web link which was provided, and nor should any reader, so this email might well be genuine!

But let’s have a look at why, even if it was a genuine one, it should be kicked out.

It starts like this:

Dear x,

Adobe is pleased to announce that a new version of Acrobat PDF Reader was released today with new features, options and improvements.

Good start. But note the simple typeface and there was also no logos and picture accompanying the text (one way the spammers get it through the spam filters).

Next comes the call to action. The second paragraph started with an active hyperlink to the supposed Adobe website (removed here and shortened, and please do not use this link by cut and pasting it into your browser bar):

official-adobe-download.org

Firstly, never use an active hyperlink in an email. It’s easier just to click it and go straight through to the website concerned, but resist. If it concerns Adobe and interests you, either look for your own Adobe shortcut, or do a search for their main site. Never click on the link provided, because that is the classic trick.

See how the address is made up: official-adobe-download. That doesn’t smell right. Downloads are retrieved from the official Adobe site, which has a .com address (not a .org address as in the example given) and not from this website which is not even a second tier page, but a main Home Page (why does Adobe need a separate site for downloads)?

The conclusion is that this will link the unsuspecting user to a fake site which will then encourage the user to download not genuine Adobe software, but most probably a Trojan Horse which will then sit on the computer and begin its real purpose (stealing data).

The email then fleshes out the message to make it sound even more genuine. So this sensible list follows:

What’s new in this version :

• Read, search, and share PDF files.
  
• Convert to PDF.
  
• Export and edit PDF files
  
• Add rich media to PDF files
  
• Combine files from multiple applications
  
• Increase productivity and process consistency
  
• Streamline document reviews
  
• Collect data with fillable PDF forms
  
• Protect PDF files and content
  
• Comply with PDF and accessibility standards

All that is camouflage, before the link appears again, just in case you didn’t click it the first time (the classic second call to action).

To get more and upgrade to this version, go to  : official-adobe-download.org

Now more window dressing to finish off the email:

Start downloading the update right now and let us know what you think about it.

We’re working on making Adobe Acrobat Reader better all the time !

Talk soon,

The people at Adobe       

Copyright © 2011 Adobe Systems Incorporated. All rights reserved.

Chatty, relaxed and all the words spelt properly (apart from dubious ‘fillable’ in above list). A nice try and apologies to Adobe if this is genuine (of course, if they did sent it out, they should know better), but this sort of email can trick anyone, unless they follow the rules. Always be sceptical, look for the obvious (not quite right website addresses) and never, ever use an imbedded link in an email.

So, when it comes to internet security, always be a cynic!

Guest Article by Neil Camp 

Software antivirus giant Symantec – developer of the Norton brand of products – has issued its January 2011 MessageLabs Intelligence Report.

Symantec, one of the largest software antivirus companies in the world, revealed in its latest monthly report that global spam levels were down, although it still accounts for some 78.6% of all email traffic sent. And that’s the lowest since March 2009 when the rate had dropped to 75.7%.

The drop, says Symantec, was due mainly to three botnets – Lethic, Rustock and Xarvester – stopping operations and disagreement amongst a number of pharmaceutical spam-sending gangs.

A senior analyst at Symantec said:
“The closure of spam affiliate, Spamit, was partially responsible for the disruption to spam output. However, there are likely other factors at work, such as consolidation and restructuring of pharmaceutical spam operations which has led to instability in the market likely to be exploited as a business opportunity by other spam gangs. We expect to see more pharmaceutical spam in 2011 as new pharmaceutical spam brands emerge and botnets compete for their business.”

Botnets are hugely important when it comes to spamming and its reckoned that they were responsible for much of the spam circulating the globe. Indeed Rustock accounted for nearly half of all spam sent and on day alone, might have sent in the region of 44 billion spam emails. This gives it the distinction of being the single largest spam-sending botnet.

The Symantec analyst said about Rustock:
“At various points during Rustock’s history, the botnet has often exhibited irregular spamming patterns by sending huge volumes of spam before going quiet for several weeks at a time. But throughout 2010, its spamming pattern was more regular and it had been active non-stop until December 2010. Our investigation revealed no evidence of Rustock being disrupted in any way either by law enforcement or through other action.”

The bad news is though, that Rustock has resumed spamming – although not at its previous levels – and the Bagle botnet has taken over where the others left off, accounting for 20% of all spam emails; a figure which is growing.

Other parts of the report show that the number of email borne viruses is down as well, with one in 364.8 contained a virus, which equates to 0.274% and compares with the previous figure of 0.3%. And phishing slightly increased, with one in 409.7 emails explaining a get quick rich scheme.

Which goes to show that the need for software antivirus programmes has not at all lessened.

Guest Article by Neil Camp