Home / Blogs

Raspberries! Botnet Spam Just Got a Whole Lot More Dangerous

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
Neil Schwartzman

Many have heard of botnets, but for those that aren't certain what they are: Botnets are armies of hacked zombie computers that have malware on them, and send spam email at the command of operators anywhere in the world. They can also be told to deploy denial of service attacks, by all hitting the homepage of a given company, or attacking the DNS server or a service or country. There are a lot of ways to become infected; through malicious emails, on 'driveby infection' websites and even through search results. Once a machine is infected it continues to operate normally, but surreptitiously does malicious things behind the owner's back.

As messaging champions we are most concerned about their email activity, and that is actually pretty easy to deal with:

Blocklist services like Spamhaus' PBL (policy blocklist) allow ISPs and mailbox providers to determine what IP addresses should never-ever send email. So, for example, my ISP Comcast will announce to the world which IPs they own are dynamic, assigned to residential end users and should never send any email. My machine should never send email itself, rather, it should be using Comcast's outbound facing servers, or Gmail, or something of that sort. If email is seen coming directly from my IP address they then know something is wrong and they can safely ignore the mail.

ISPs and other receiving domains then leverage services like SURBL's domain blocklist into play, checking messages that make it past the first few layers of protection, looking at content within the message for bad domains.

So if I email from a legitimate source but include a link to criminalbank.com — SURBL will stop it from ever making it to someone's inbox. This offers recipients and mailbox providers several levels of security and methods of dealing with botnets. One is focused on identifying non-legitimate sources of mail traffic, and the other verifies the content of a message for links to malicious.

The botnet operators have begun using an old trick, which is to hack into a website (usually running a badly configured version of WordPress software) and then using a URL to a page they create in the body of spam emails, which redirects to their criminal domain; they purloin the good reputation of a small site to their own ends.

SURBL and the other domain blocklists like the DBL and URIBL have a heck of a time catching these spams, since the URLs appear to be legitimate, which means more spam in the inbox for you and me.

This past week or so, the botnet has been sending out hundreds of millions of spam with these compromised-redirect domains (they can be bought on the criminal black-market for pennies) and promoting a scam weight-loss program involving The Raspberry Ketone Diet, and using a stolen clip from the Dr. Oz Show to lend some legitimacy to their wares.

I've personally seen at least 250 different Raspberry-related domains registered recently, all of them related to this spam blast. This is the continuation of a multi-platform spam campaign that started in February — spammers, probably the same ones, were also abusing social media and skewing search results earlier this year. This is truly a second-hand spam attack.

Unfortunately there isn't much the normal user can do to protect themselves from becoming 'botted' apart from updating their software and operating system daily, and even then, with the proliferation of 'zero-day' exploits, it is always a game of catch-up. People who are running WordPress can lock down their software, that would help a lot. And, of course, never buy anything spam tries to sell you.

All of this talk of food makes me want to go eat some toast, with raspberry jam, of course!

Originally published at Message Bus – reposted with permission.

By Neil Schwartzman, Executive Director, The Coalition Against unsolicited Commercial Email - CAUCE. More blog posts from Neil Schwartzman can also be read here.

Related topics: Cyberattack, Cybercrime, Malware, Spam



To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Sponsored Topics

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

Government Guidance for Email Authentication Has Arrived in USA and UK

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments