As an update from yesterday’s post the botnet attacks are getting even more frequent. I’ll post some notes tomorrow on best practice for ISPs contending with spam. You can see the increase in frequency and intensity over yesterday. Some crook somewhere has obviously decided on a new “marketing campaign”.
I sometimes sit and watch SPAM attacks coming in on our mail servers. ISPs are constantly having to ward off spam. It is like being in a cyber war. What is mind boggling is that sheer volume. The chart below shows unwanted mail below the x axis and legitimate stuff above.
You can barely make out the legitimate mail because in the scale it is dwarfed by the spam. It is also interesting to observe that the attacks come in waves. You can see the major incoming waves on Sunday evening followed by periodic smaller attacks which appear to be the work of botnets.
This spam is of course not passed on to our customers who pay us for a premium service. You can zoom in by clicking a couple of times on the picture.
I don’t know about you but I have started getting spam through Facebook. So far it isn’t the classical type of spam selling viagra etc. I have however been getting friend requests from attractive young ladies with exotic names.
I also seem to be inundated with notifications of rubbish that I have no interest in checking out.
I was discussing this with Dave Ward, one of our Tech Consultants, who mentioned that Fortinet have now brought out Spam2.0 filters for their firewalls. Social Networking sites have started having their vulnerabilities exploited.
People are getting spammed with direct messages, apparently from friends. Facebook chat, for example, is one way used to insert worms onto someone’s PC and thence onto your network.
Fortinet has an application that allows companies to let employees access Facebook whilst blocking access to applications such as chat known to be vunerable. Screenshot below. You might need to click a couple of times on the picture to get it to a viewable size/quality. Also check out the recent Wikipedia article on Social Networking Spam.
PS Don’t get me wrong here. I am a happily married man and whilst I’m sure I quite like being chatted up by nice young ladies one has to ask why complete strangers, whose interests seem to be dating and meeting members of the opposite sex, would want to approach me…
I have recently started corresponding with Randy Abrams of anti virus company www.eset.com. He has commented on some of my posts in the past. He offered this postulation today:
“Sometimes I receive spam from legitimate companies. They shouldn’t be spamming me, but this isn’t the Viagra, Rolex, and other run of the mill spammers I am talking about… these are generally IT companies.
So, I am considering automatically subscribing these spammers to Industry News with an email indicating that they have been subscribed and can choose to opt out. Your thoughts. Good idea? Too good for them? Give it a try?”
My standard response to legitimate spammers is to reply to them asking whether they have read www.trefor.net? It seems only fair. They are sending me unsolicited mail. It’s amazing how many of them then do read the blog, I get quite a lot of positive feedback this way. I’m sure some of them are reading this post now 🙂 . I have a fairly relaxed view on life. We are all trying to earn a living. We all need to be friends within sensible bounds.
Trefor.net started being subjected to spam attacks a while ago. Any domain that has been in use for a while gets it as spammers’ systems learn of its existence. The interesting thing is that these attacks come in waves. I can sit in the Network Operations Centre and watch email traffic surge due to an attack.
The occurrence of these waves often coincides with spam on trefor.net which appears as comments in posts. Fortunately I have to moderate comments so they aren’t seen by readers. I never get spam email because our systems catch pretty much all of it.
I’ve been talking to a number of anti-spam and anti virus technology vendors recently.
It is important to keep up with what is going on in this field. As we move into 2009 it is a subject I will be writing more about.
In the meantime I came across this map of sources of SPAM. There are a number of them floating around online. It is interesting to see that all the usual suspects are there: South East Asia, Russia, Brazil.
I was quite surprised to see so much activity in the USA and Europe. Perhaps I shouldn’t have been.
The Washington Post has reported that USA colo provider McColo has had it’s internet connectivity cut off by its ISPs because it had been playing host for some time to Spammers. It’s very much worth reading the article.
One of our tech support team, Will Curtis, mentioned to me today that the amount of spam he has been receiving on his home email account dropped considerably around two weeks ago.
He also came across this article which tells that the Federal Trade Commission in the USA had raided an organisation that was supposedly one of the largest spam gangs in the world. The Chicago based gang had all its equipment confiscated.
I asked around to see if anyone else had similarly experienced the reduction in spam. Amazingly Ian Christian from the netops team had also seen a reduction and was able to provide a graph to show it in action. There is a clear drop in week 41.
Unfortunately spam will inevitably rise again. Our current monitors suggest that 37% of mail inbound through the Timico mailsafe system is spam. Very little of it makes it through to the end users though.