WizGidget

January 15, 2010

Botnets – Cockroaches of the Internet

Filed under: Belton Journal, Info Bytes, News — pmckinley @ 10:57 AM

Years ago the spammers would send their spam out from a single or even several computers.  They might forge the “from” address to make it not as obvious where it was coming from, but it was relatively easy to “blacklist” ip addresses that were producing spam.  Often they would send the original spam through an “open relay” — that is, an email server that accepts email for relaying without regard for where it’s coming from or where it’s going.

These days email servers are pretty much locked down — they will only accept email for addresses they know how to deliver.  And with the CanSpam law, it would be pretty unwise to send out spam where the email could easily be traced back to the sender.  It would be just asking for fines and jailtime.

Nowadays, spam is mostly sent from botnets.  A botnet is a collection of virus-infected computers that can be controlled by an individual or group.  Because the ‘bots are usually running behind some form of firewall, they can’t be directly controlled from the internet.  Instead they are designed to run autonomously, meaning they’re smart enough to “phone home” — that is, to connect to any of a group of controllers for instructions and data as well as uploading data that the bot may have collected. Botnets are crafted to be really hard to detect, as well as being really hard to identify the perpetrators.

Botnets are used for more than just sending out spam.  They also collect from the host computers things like email addresses, personal data like credit card information, and even intellectual property from businesses.  They can also be used to try to infect computers on the same network using security holes in Windows.  Among other things they can be used to mount a “denial of service” attack, by using thousands or even millions of ‘bots to flood websites or internet services with so much traffic that it clogs their networks or overloads their servers.  There was a widely publicized incidence of this recently with the Facebook/Twitter attack that took place in August of 2009 (“facebook twitter attack“) that was apparently contracted to botnet operators by the Russian government.

The good news about botnets is that although they have tended to live free on the net for several years, researchers and ISP’s (Internet Service Providers) have begun to fight back and have successfully shut down at least two botnets.  Be assured this is not a problem that will be solved overnight: like cockroaches the cybercriminals will find ways to adapt and evade, but at least for now the researchers are making some headway on clobbering the botnets.

Here’s a couple articles on successful botnet elimination from “DarkReading” and “FireEye“.

The thing you need to do to avoid having your computer join a ‘botnet is to make sure you have a good anti-virus, anti-spyware program running on your computer.  I don’t recommend the free ones — who’s paying the person that has to constantly be on the watch for new viruses?

January 9, 2010

Secure Your WiFi!

Filed under: Tips & Tricks — pmckinley @ 7:07 PM

WizGidget strongly recommends securing your WiFi (wireless) network.  Having your Wifi router unsecured opens your network to abuse such as people using your network connection to send out spam and/or viruses, as well as giving them network access to your computers.  Some of our advertising mentions some of the risks of having an unsecured WiFi, including mentioning a CNET article.

Here’s the article we mentioned on the WiFi Can-Spam conviction.

As a side note, though, we believe it’s not likely that much spam is being sent via “borrowed” WiFi bandwidth these days. Virtually all of the spam being sent out now is coming from a “botnet” — thousands to millions of individual PC’s that have been infected with a virus that then uses those computers to send out spam email, virus-infected email, and perpetrate something called a “Denial of Service”.  You may remember hearing news about the network attack that brought down Facebook and Twitter recently — that attack was done using a botnet.  Here’s an article about that.

Surf Safe!

WizGidget

Typhoid Mary of the Internet

Filed under: Belton Journal, Netiquette, Tips & Tricks, Warnings — admin @ 6:56 PM

The problem is that about 1 in 20 people have a virus on their computer that collects email addresses.   When the virus finds a new email address in emails, it then targets that address with virus-infected email, trying to infect that person’s computer as well.   It also passes the address on to the virus’s author, who then sells the address to spammers.

When you send email with a bunch of addresses in the To: or Cc: fields, all those addresses are published to everyone who receives the email — including the virus.  1 in 20 means if you send the email to 20 people, you’re approaching 100% likelihood that all of those addresses will be compromised!

The same thing applies to addresses in the body of the message, or in any attachments.  They will be picked up by the virus too.

The solution is fairly simple:

  1. If you need to send an email to a bunch of people, especially people who don’t necessarily know or email one another, use the Bcc: instead of To: or Cc:.  The B in Bcc means “Blind”, which means that the recipients don’t see  the list of recipents.
  2. If you forward or reply to an email, be sure to strip out any email addresses in the body of the message you’ve included.
  3. Be sure you have a good and up-to-date virus- and spyware-scanning software on ALL your PC’s.  You don’t want to be the unwitting stoolie for the cybercriminals!
  4. When you get an email from someone who’s included zillions of people in the To: or Cc:, gently remind them that it’s a Really Bad Idea.  You may  refer them to this article by including the link http://www.wizgidget.com/typhoid.

If you think about it, this all makes good sense.  Let’s say I come across something  interesting or funny and email it to 5 of my friends.  Each of them in turn also thinks it’s worth passing on and they forward it to 100 of their friends.  500 people now have the first 6 addresses.  Then let’s say 100 of those people either like or dislike it and forward it to 100 of their friends.  Now 1500 people, mostly total strangers, have my address, along with my 5 hapless friends.  It’s about like having my email written on the walls of all the restrooms in Texas.  I don’t know about you, but I don’t want 1500 strangers to have my email address.  And the geometric progression goes on – 10% of the next round forwards it on, and 10% of the next round forwards it on.  Pretty soon everyone on the internet has my email address – including spammers, and cybercriminals.

So, don’t be the Typhoid Mary of the Internet.  Use the Bcc:, and be careful what you forward to friends, stripping out all addresses so that they don’t get propagated.  Educate your friends when they make the same mistake – it’s as easy as doing a reply-all and then move the addresses into the Bcc:, and give them the link to this article.

Update: 2010 04 09:
It’s fairly common for people to send an email to an email list such as a Yahoo! group, and copy some of their friends on the To: or Cc:.  All of the above caveats apply many times over.  For example, we participate in the Midtex Inclusive Homeschoolers Yahoo group, which has 285 members as of this posting.  The 1 in 20 rule says that there are 14 members of that group who have an email-collecting virus on their computer.  So, for a Midtex member to copy one or more of their friends on a message to the list, their friend’s email would now be compromised 14 times over, not to mention being published to 285 strangers.  Not very friendly, eh?

WizGidget

Powered by WordPress

Bad Behavior has blocked 34 access attempts in the last 7 days.