Home / Blogs

Raspberries! Botnet Spam Just Got a Whole Lot More Dangerous

Neil Schwartzman

Many have heard of botnets, but for those that aren't certain what they are: Botnets are armies of hacked zombie computers that have malware on them, and send spam email at the command of operators anywhere in the world. They can also be told to deploy denial of service attacks, by all hitting the homepage of a given company, or attacking the DNS server or a service or country. There are a lot of ways to become infected; through malicious emails, on 'driveby infection' websites and even through search results. Once a machine is infected it continues to operate normally, but surreptitiously does malicious things behind the owner's back.

As messaging champions we are most concerned about their email activity, and that is actually pretty easy to deal with:

Blocklist services like Spamhaus' PBL (policy blocklist) allow ISPs and mailbox providers to determine what IP addresses should never-ever send email. So, for example, my ISP Comcast will announce to the world which IPs they own are dynamic, assigned to residential end users and should never send any email. My machine should never send email itself, rather, it should be using Comcast's outbound facing servers, or Gmail, or something of that sort. If email is seen coming directly from my IP address they then know something is wrong and they can safely ignore the mail.

ISPs and other receiving domains then leverage services like SURBL's domain blocklist into play, checking messages that make it past the first few layers of protection, looking at content within the message for bad domains.

So if I email from a legitimate source but include a link to criminalbank.com — SURBL will stop it from ever making it to someone's inbox. This offers recipients and mailbox providers several levels of security and methods of dealing with botnets. One is focused on identifying non-legitimate sources of mail traffic, and the other verifies the content of a message for links to malicious.

The botnet operators have begun using an old trick, which is to hack into a website (usually running a badly configured version of WordPress software) and then using a URL to a page they create in the body of spam emails, which redirects to their criminal domain; they purloin the good reputation of a small site to their own ends.

SURBL and the other domain blocklists like the DBL and URIBL have a heck of a time catching these spams, since the URLs appear to be legitimate, which means more spam in the inbox for you and me.

This past week or so, the botnet has been sending out hundreds of millions of spam with these compromised-redirect domains (they can be bought on the criminal black-market for pennies) and promoting a scam weight-loss program involving The Raspberry Ketone Diet, and using a stolen clip from the Dr. Oz Show to lend some legitimacy to their wares.

I've personally seen at least 250 different Raspberry-related domains registered recently, all of them related to this spam blast. This is the continuation of a multi-platform spam campaign that started in February — spammers, probably the same ones, were also abusing social media and skewing search results earlier this year. This is truly a second-hand spam attack.

Unfortunately there isn't much the normal user can do to protect themselves from becoming 'botted' apart from updating their software and operating system daily, and even then, with the proliferation of 'zero-day' exploits, it is always a game of catch-up. People who are running WordPress can lock down their software, that would help a lot. And, of course, never buy anything spam tries to sell you.

All of this talk of food makes me want to go eat some toast, with raspberry jam, of course!

Originally published at Message Bus – reposted with permission.

By Neil Schwartzman, Executive Director, The Coalition Against unsolicited Commercial Email - CAUCE. More blog posts from Neil Schwartzman can also be read here.

Related topics: Cyberattack, Cybercrime, Malware, Spam


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Mobile Internet

Sponsored by Afilias Mobile & Web Services


Sponsored by Verisign

DNS Security

Sponsored by Afilias

IP Addressing

Sponsored by Avenue4 LLC

Promoted Posts

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

Government Guidance for Email Authentication Has Arrived in USA and UK

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years