Aug 102007

The UK news this morning (and last night) had an item on about plans to tackle the problem of phishing with various suggestions (most of which make sense). Similar stories about phishing and how people are being ripped off by fraudsters regularly come up on the news. One thing that rarely gets a mention except in passing with a suggestion to run a ‘protected computer’ is how regular computer users who ignore security are contributing to the problem.

Almost all spammers (and phishers) these days use botnets to spew out their sewage; as someone who runs a mail server for a large organisation I regularly take a look at where spams entered the Internet mail system. In the vast majority of cases it has entered via a location that is obviously a client machine operated by an ‘innocent’ person ignorant of what their computer is being used for.

There are plenty of places to point the finger of blame …

  • The companies who produce operating systems that are so vulnerable to being compromised when connected to the Internet.
  • Those who use viruses and worms to create ‘botnets’ of vulnerable machines to be used for a variety of purposes.
  • The ISPs who irresponsibly fail to block outgoing mail not going through their mail servers. Whilst some (me!) should be able to opt out of such a block because we (I) run our own mailserver it should not be open by default.

Finally, the person who runs a computer irresponsibly is also to blame. Obviously not everyone wants to become a security expert, but there are a few easy steps to make it more difficult for your computer to be broken into. And they should accept that if they get infected they could get slung into a ‘quarantine’ … ISPs can and should be able to detect infected machines being used by spammers and sling them into a ‘quarantine’ network with limited functionality. This ‘quarantine’ is dead simple to setup, as I’ve done it myself.

To reduce it to an analogy, if you were to leave a car parked with the handbrake left off are you totally blameless if someone leans against the car and it rolls down a hill and kills someone ? People tend to regard leaving an infected computer online as being a trivial matter; it is not.

May 192007

Just fixed the scripts that create (and update) my spam report. I decided long ago not to block spam (previously it was difficult to block it properly because of how email was setup; I could properly block it now but it would ruin the report), so I could produce an archive of spam and do some basic analysis on the content. I’ve been running the report a few years now (the oldest spam in hand dates to roughly June 2003) and it now shows the expected trends … the number of spams is growing and the size of each spam message is growing (because many these days are image spams).

Apart from the existence of spammers themselves (if they were to vanish overnight, nobody would mourn), there are two major contributions to the spam problem :-

  • People unwittingly providing the spammers with massive supercomputer with an enormous amount of network bandwidth available. Almost every
    spam you and I get has been sent via someone’s infected computer. If you don’t have a router between your computer and the internet,
    buy one online in the next 15 minutes. Whilst there are other things you can (and should) do to make your computer more secure, a router is
    probably the biggest single thing you can do.
  • ISPs who don’t bother to deal with infected machines. In the old days, if you were to warn a network administrator that they had a machine
    with a possibly dangerous infection sending large quantities of network traffic, they would move heaven and earth to fix the problem. Today
    an unfortunate number of ISPs would rather let the spam go through than possibly annoy a customer.