Ict

Computer end users are unwittingly becoming harmful spam distributors

Richard Broeke, Security Consultant, Securicom

Computer end-users are increasingly becoming the targets of cyber criminals and spammers who are employing sublime tactics to make them the unwitting mass distributors of harmful spam.

The trend of cyber criminals using end-user workstations as spam distribution centres by turning them into email servers is gaining considerable momentum in South Africa. It’s an alarming trend where the combination of lack of user education and awareness, inadequate security and incorrect usage of technology are all helping to spur the trend on.

Bots, software which is designed to invisibly install itself on the target machine, turns the computer into a distributor of malicious threats. These bots, which are also known as Trojans, unwittingly downloaded from infected emails and websites, effectively turn a workstation into a mail server and in turn cause the machine to send out huge volumes of spam, in a lot of the cases also containing malware, to the random e-mail addresses harvested from the infected machine.

The impacts are far-reaching. For the end user, it negatively affects productivity because the workstation becomes cumbersome and slow as it battles to cope with the massive volumes of outgoing mails. For those on the receiving end of the unsolicited spam, there is the increased risk of infection by harmful viruses, spyware and malware – and of course, bots.

For companies, it can lead to their public IP address being blacklisted on one or more Real Time Blacklists (RBLs), disrupting and preventing the receipt and distribution of important, business-related mails. Depending on which RBL the company mail server is listed on, email communication can be halted for days and getting de-listed can be a chore.

Aside from putting a spanner in the works in terms of productivity and communication, having your company mail server hi-jacked for spamming and then blacklisted can be quite damaging for your business’s reputation. It’s also a major waste of bandwidth. With such large amounts of mail being sent out, a 3 gig ADSL cap can literally vaporise and disappear in just 20 minutes. Because bots are so sneakily deployed, users and companies are left non-the-wiser that a workstation has been hijacked and turned into a mail server until no one in the organisation can send or receive mail – by which stage the company’s public IP address has more than likely already been blacklisted. All companies and individuals with an internet presence should be aware of this problem and observe basic IT security principles such as not opening mails from untrusted sources, especially spam, and avoiding downloading programmes and applications from the web. Users should also be aware of the symptoms and report to their IT department if their workstation suddenly becoming drastically and inexplicably slow.

While a firewall can’t stop trojans from being downloaded, it can stop mailer daemons and, therefore, stop spam from being sent from the company network. Unfortunately 85% of companies don’t have their firewalls correctly configured to prevent this, or the correct logging and reporting facilities. Companies should have a best-of-breed firewall in place and ensure that it is configured to allow traffic from certain locations only. Firewall protection must also be supplemented with adequate anti-virus and anti-spyware protection.

tel: (+27) 82-575-0426

email: Richard@securicom.co.za