Mail Viruses Junk Spam Phishing and now Dark?
Okay, I’ve seen a new term come across the horizon in the battle of the email inbox. First there were viruses, then junk mail, which became known as Spam and then Phishing attacks now we’re up to DarkMail. According to scmagazine , an IT security focused publication, the earmarks of darkmail are similar to junkmail but greater in volume. According to the article one domain withstood 10 million messages in one day as the sender went alphabetically through addresses on the domain.
In some cases this is used simply as a Distributed DoS (Denial of Service) attack, but more often now as a way of brute forcing the message through junk filters. With a DDoS it’s possible to filter out the source IP addresses and just drop connections from them. (Most seem to be residential virus laden/trojan infected machines.) However, as the numbers of machines involved grow it becomes frustratingly tedious to block them all. Plus, there’s a bit of know how involved with filtering out offending IP’s. Maybe mail server software should have an automatic “pacing”. In other words if you receive too many connections from the same machine in a limited period of time, block it for a longer period to cool its heels a bit. If it’s a legitimate transaction, most of those would be one or two messages at a time, but if it’s a mailing list it could be more. Even so, a legitimate user wouldn’t mind the delay. As the intensity of incoming messages from a single IP continues perhaps the delay should continue to get longer?
Popularity: 1% [?]
Related Posts - How do I email lots of people without all their addresses showing up? OK, I'm prompted to post this because for the 2nd time this month I've received an "I'm changing my email address" message. In both cases, what appear to be 100-200 email addresses were all in the To: field and I cringed as I skimmed the list and found my more......
- More on the virus/trojan front I have a couple new things to post. One, in my futher investigation of the server logs, from the last big topic.... (read the entries below.) I've discovered at least one MAC, so this should be a warning that no one should take system security for granted. Likely someone has......
- Network security - how safe is your network? Looking at ARP A while back I did a network security series and one of the points that I mentioned was that it's important to know what is normal for your network. In other words, what machines are NORMALLY connected, what services are normally running, etc. Well, I'm about to start a serious......
Related Websites - Threat Outbreak Alert: Fake Bin Laden Pictures E-mail Messages on May 13, 2011 Source: Security Intelligence Operations Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain pictures of Osama Bin Laden The text in the e-mail message instructs the recipient to open a .zip attachment to view the pictures. However, the .zip attachment contains a......
- Microsoft Security Bulletin Summary for July 2010 MS10-042 - Vulnerability in Help and SupportCenter Could Allow Remote Code Execution (2229593) "This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if......
- Click to Call Adding click to call (click2call) capability to your blog will enable users to call you directly from your website. Clients, buyers, or shoppers no longer need to leave your website or even their computer to initiate a phone call. There are settings to control the looks and feel of the......
Similar Posts
- AT&T rbl block inquiry site
- Ways to deal with Junk Mail (2 of 2)
- Postgrey and the power of Greylisting to fight Spam
- How do I email lots of people without all their addresses showing up?
- Why? (Why couldn’t AT&T make sure their mail servers weren’t using old dialup IPs that are blacklisted….)