According to David Skoll, president and CEO of Ottawa, Ont.-based Roaring Penguin, a high volume of spammers this month have hacked their way into vulnerable desktop PCs, which are in most cases home, SOHO and small business users hooked up to cable or DSL lines that currently don’t have a firewall in place and have been impacted by a virus. Spammers are using those machines as a mechanism to avoid having their spam filtered by blacklists and increase their chances of getting their spam delivered.
“People have to secure their machines,” Skoll said. “If you are a small business you have to have a firewall, and you should update your antivirus.”
These attacks are proving that whitelisting or blacklisting alone can’t fight off these spam messages because DNS-based blacklists typically only looks at the IP address of the sender. Skoll explained that new spam technology is coordinating delivery attempts among many compromised mail machines in order to bypass real-time blacklists.
“It’s going to make IP-based blacklisting less effective just because you would have to blacklist 20 to 30 times more IP addresses than you do already,” Skoll said.
Resellers who have been selling the CanIt and CanIt PRO solutions will have their current customers protected from the recent blitz of zombie attacks.
A hit-and-run detection feature, also known as greylisting, has been included in the solution since last year, which instantly wipes out roughly 30 per cent of all spam messages before the CanIt filters start to do their part.
“Since these spammers are hopping around from computer to computer they never retry sending spam from the same place,” he said. “No question about it we can block a 100 per cent of these spam messages with no false positives because we are not looking at the content of the message.”
The CanIt solution leverages proprietary techniques that detects whether spamming software is being used and stops it before reaching the mail server.
“These Zombie attacks are going to get worse just because it’s really easy to take over a lot of computers and it’s an effective way of covering your tracks and bypassing blacklists, so it will increase,” he said. “My guess is that a good spammer right now with the Zombie software could probably capture hundreds of computers in an hour by scanning for vulnerable computers.”