Spam is on the rise again. After a leveling off period in 2005, junk mail is on the rise once again. Junk mail has doubled in late 2006 from the same period in 2005. The upswing in spam can be attributed to new technology being used by the spammers these days. For a while the anti-spam software was doing a good job at rejecting mail being sent from servers that were known to distribute spam. But like most things in life (good and bad), the spammers have figured out a way to get around the anti-spam software. They have learned how to set up botnets. This article will show you how to protect yourself from having your computer becoming part of a botnet.
A botnet is a network of computers that are connected to the internet via broadband, like DSL, or a cable modem. Without the owners knowing it, their computer is being used to send out spam. Any PC that is always connected to the internet via broadband is at risk of becoming part of a botnet. Since the junk mail is sent from a group of personal computers, the anti-spam filters allow a bunch of it to get through. A botnet isn’t exactly something new, but the way the spammers have learned to conceal them is. The latest botnet software allows them to get control of your PC by simply visiting a rigged website, or by clicking on a spam message itself. Once this happens, the volume of junkmail being sent by your computer is small enough that you are unaware of what’s going on. The spam filters then have a hard time figuring out the difference between legitimate and bot generated mail sent by the same computer. Pretty Slick, HUH!
So how can you stop these spammers from hijacking your PC?
Start with a good firewall and a secure browser…. If you are currently using Internet Explorer for your browser, upgrade to IE version 7 right away! Prior versions of IE were anything but secure. The newer version 7 has much better defenses built in. Another great alternative (a better one in my humble opinion) is to use Mozilla Firefox for your web surfing. Firefox from day one was a much better browser than IE. Although IE 7 has corrected much of the problem.
Protect your Home Network…. If you have a wireless or wired network set up at home, make sure you are taking full advantage of the firewall features that came with the router. Look through the manuals that came with the router, and verify that it is set up in a secure way. Most all router come with firewall protection these days.
Spam Fighters…. As bad as junk mail has gotten again in the last several months, there are some good things going on in the anti spam world. As the spammers work hard to come up with new ways to deliver all that junk mail, the major ISP’s and mail portals continue to improve their spam filtering devices to keep us from being taken over by junk mail. As time goes by the end user will be able to have a more enjoyable experience sending and receiving e-mail. But you still will need to keep your end of the bargain secure! Although most ISP’s and larger mail portals have done reasonably well with their anti-spam efforts, that can’t be said about all the anti-spam efforts. In the US, federal authorities have brought charges against several businesses under the CAN-SPAM Act. The law which is 3 years old now, only protects against businesses originating spam within the US borders. The bad news is it won’t offer any protection from spam sent from overseas, and it’s provisions are mostly being ignored outside of our country. The law states that all commercial e-mails being sent must provide a return address (actual physical street address), and a way to opt out of future mailings. When analyzing 10,000 e-mails selected randomly, less than 1% met the requirements of the law according to a company called MX Logic. So with no jurisdiction outside our borders, much of the spam originates from there now. Another spam fighter device being used is called sender-authentication technology. Microsoft’s Sender ID and Yahoo’s DomainKeys are attempting to succeed in fighting spam. The system works like this, your bank registers the IP Addresses of it’s mail servers. If you receive an e-mail that appears to come from your bank, but doesn’t originate from one of the registered addresses, you will either be alerted or the e-mail will be deleted automatically. According to Microsoft’s director of on-line safety strategy and planning, by the end of 2006 40% of all legitimate e-mails received by Hotmail users was being authenticated by Sender ID. This system has it’s problems though! It can’t be effective if all the major phishing- target sites don’t participate. And some of the sites that register their addresses are actually phishing sites. For example, say a phishing site has a domain name that is actually a misspelled version of a bank’s name. It could publish it’s mail server information, and Sender ID would authenticate this mail even though it was from a malicious site. So it does have a few weaknesses.
Yahoo and AOL partner with GoodMail…. For Yahoo and Aol users, each of these companies has partnered with a company called GoodMail. GoodMail only deals with companies who have zero history of sending spam. They offer a service call Certified E-mail, which is used by legitimate bulk e-mailers. The mailings are routed through GoodMail’s e-mail servers which insert a unique cryptographic token into each message. Partner e-mail services recognize the token when the message is received and it is then marked with a special icon like “AOL Certified Mail”. Those who are worried about identity theft delete all mailings from any financial institutions. The critics (everyone has at least one) say this just affords the wealthy bulk e-mailers a straight shot into your inbox with their message. Goodmail charges it’s customers 0.25 per message and splits the monies with their partners. Goodmail claims to turn down 3 out of 4 bulk e-mailers due to their record on sending spam not being clean enough. If you aren’t getting as much spam recently, it’s probably because your e-mail service is doing a decent job defending against it.
As the spammers find new technology to get their message into your inbox, the ISP’s and Mail Portals adjust to stop them. No matter what you do, don’t rely solely on your browser or e-mail account to protect you 100% of the time. Stay up to date with your browser upgrades, use a firewall (get Norton Internet Security or Mcafee Internet Security), and DO NOT open suspicious e-mails. Use your common sense at all times, and spam can be a minor inconvenience at best in your internet life