Nearly everyone complains about spam, but how many people know that their own PCs are most likely responsible for sending it?
Designers of spambots create malware that converts the PCs of unsuspecting internet users into spam-generating zombies. By using a fraction of processing power from thousands of PCs daisy-chained together, these spambots manage to send billions of unwanted emails without the PC's owner ever noticing.
A recent example is Rustock. One of the world's largest spambots, Rustock, which has been shut down, infected more than one million PCs and generated 30 to 44 billion unwanted emails -- about 48 percent of all the junk messages sent, according to security company Symantec. Yet few have heard of it.
Bogus emails can appear to come from someone you know is a legitimate sender. One of today's newest malware variants is called Gameover, and the email transporting the trojan is seemingly sent from the US Federal Reserve Bank or the FDIC.
Cyber criminals have grown in sophistication, on par with the largest of organized crime rings.
But let's keep in mind that companies of all sizes are actively taking part in these schemes. I say “actively” because they are aiding and abetting the proliferation of spam botnets, or spambots, without awareness.
From individual home users to Fortune 500 companies, countless web citizens are being affected daily. But unlike widely publicised exploits of yore (remember the ILOVEYOU and Melissa worms?), today's spambots prefer to operate in the dark.
Many attack methods successfully avoid detection by traditional security mechanisms. That's because new detection avoidance schemes are increasingly sophisticated.
Like something organic and Darwinian, malware can have the power to continuously mutate, changing its signature in the process.
Attackers work to avoid creating recognisable patterns. Often, intruders install backdoors for easy re-entry. There seem to be limitless ways of eluding detection.
Heuristics and fuzzy logic tools may be an improvement, but they are a far cry from meeting the detection needs of most organisations.
So what steps can you take to prevent your organisation from becoming the target of an attack? Is there any way to stamp out spambots?
Probably the best way is to put into place a regular vulnerability testing program to identify weaknesses and quickly address those found.
These systems basically scan computers and networks to sniff out holes much like professional hackers do. They find backdoors typically left open and unnoticed by other methods.
By conducting regular internal and external vulnerability testing to identify weaknesses, set priorities, and monitor remediation results, your organisation will be in a better position to ward off the bad guys.