When Botnets Get Stymied, You’re Next
by J.D. Falk
Director of Product Strategy, Receiver Services
You’ve probably heard about botnets by now — those networks of home computers infected by viruses or other malware, controlled en masse by some shadowy bad guys. Botnets are used to send most of the world’s spam, attack web sites, steal credit card numbers and other personal information, or other nefarious activities — for anyone, for a fee.
Broadband connections are so prevalent these days, all over the world, that botnet operators can pick and choose which infected computers are sufficiently high-bandwidth for their needs. But these broadband connections all flow through one ISP or another, so ISPs are very aware of the problem — and extremely concerned.
Today MAAWG released a paper aimed at helping these ISPs, titled “MAAWG Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks.” It’s the product of many discussions, including many of the leading experts. “As an industry,” MAAWG Chair Michael O’Reirdan said in the press release, “we are becoming more proactive in alerting customers when bots are detected on their computers and in helping users remove the malware before it can harm them.”
It’ll take some time, and a lot of work, but the effectiveness of botnets will — after a while — be reduced. And then what? Now that they’ve gotten a taste of all the money to be made, the botnet operators won’t go back to flipping perogies. They’ll find another way.
That’d be you.
Yes, you, the humble email marketer, with the power to blast advertisements at billions of carefully collected email addresses every hour — and the wisdom not to. You’ve spent years carefully honing your system for perfect deliverability, but it could all come crashing down in moments.
There’s that shiny USB key fob your top salesperson got at a conference in St. Petersburg, Florida, which put her laptop under the control of a bad guy in St. Petersburg, Russia. Or the pretty email stationary Outlook plugin your receptionist downloaded, so now his mail to “all” about free flu shots has a virus attached. Or your client using the same username and password for your site where they upload their creative that they do on another site where they download porn.
Or it could be an attack targeted directly at you. This week researchers uncovered a botnet which specifically goes after “4,600 of the world’s most popular and wealthy businesses,” according to Dark Reading — one of the best jounalistic sources of botnet-related information. These bots are reportedly primarily interested in financial transactions, because that’s literally where the money is, but how long until they use those same intrusion points to send spam?
We’ve seen it happen already. More than once, a Return Path client’s IP range has suddenly started sending more mail than before, different mail than usual, which shows up in our reputation network — and when they investigated, it’s been an infected machine sending spam. It didn’t look like these were targeted attacks, but rather run-of-the-mill botnet activity. These companies are very lucky that the botnet operator didn’t know what that they’d stumbled into a gold mine of carefully tuned email sending machines, each with a better reputation than the last.
So of course you’re working on securing your network, and promoting a culture of security throughout your organization; your business, your reputation, your customers all depend on it. But how do you know it’s enough? That’s where Return Path comes in.
You already know that our data network captures delivery statistics for much of the mail you send, and reveals that data in our industry-leading Deliverability Monitoring products and the free senderscore.org. So you know how useful this can be in tracking and planning the mail you intended to send.
A cool side effect — which we’re throwing in for free — is that the same tools also reveal mail you didn’t intend to send from those IP addresses. Whether it was sent by mistake, by broken software, or by a botnet that somehow slipped into your network, we’ll see it and you’ll know.
There are other companies who provide intrusion monitoring, and security advice specific to your platform and environment. You’ll still need that. But with Return Path, you’ll know your email program is safe and secure — or learn quickly if it isn’t.