The Tide (of Spam) is High
by Michael Dinowitz
It started with a blackout across Northeastern America and ended with a virus attack across the Net like few others before it. The blackout of '03 damaged computers, caused security features to go offline, and basically messed up chunks of the Net. As companies restarted or repaired their servers, many holes were left open. Spam and virus writers took this as an opportunity to go wild. The first sightings that something was coming could be seen late at night when bots from networks such as Hinet.net (well known for its spamming) and others started attacking sites and scanning them for email addresses. This is a common tactic for spammers, but not to the degree that was seen. It was as if spammers had seen the opportunity and pushed their equipment into high gear.
The House of Fusion server was scanned by bots for almost 20 meg worth of hits, which is actually quite a bit. Luckily, we have security features that prevented them from retrieving any email addresses, and their own code caused them to error out in places. On the other hand, there were sites that provided spammers with a plethora of addresses. And then the attacks started.
Spam. Lots of spam. Huge reams of spam. Enough spam to make the average person cry. Different subjects, different posters, but always the same thing -- Spam, with attached viruses.
Some networks, such as nasa.gov, were heavily infected and sent out lots and lots of these viruses. Others, being more secure, blocked them but also sent out messages in reply saying, "Your email cannot go through." These messages did not go to the spamming domains. They went to the forged "From" addresses of the email. This meant that innocent people started to receive email blaming them for spam, claiming that they sent things that they did not, and generally filling up their mailboxes even more. Between spam, viruses and reports, today was a slow day for the Net. Not slow because nothing was happening, but slow because everything was happening and the Net dragged along.
Luckily, the House of Fusion mailing lists do not allow any attachments, so the two posts that got to CF-Talk because they were reportedly from a subscribed member did not infect anyone. A fast line of code to the House of Fusion custom spam filters prevented any other virus-containing messages from getting to the system, or even bogging it down.
Some mailservers, such as IMS with their Prism anti-virus technology, were able to automatically block these viruses from their users. Unfortunately, most mailservers simply are not equipped with good anti-virus protection. Most networks are not equipped to prevent viruses from being passed on to their end users. And most end users, even today, are not smart enough to simply not open up a virus email.
My advice is to do three things:
- Hide all email addresses on your site using the technique in Fusion Authority issue 121 (How to Stop Spammers From Ripping Your Pages).
- Use the technique mentioned above for blocking user agents from your site to keep bots away from you, so that even though there's no email addresses on your site (as step 1), they'll simply not be able to move around anywhere on your site, basically leaving you alone.
- Get a good mailserver or a good ISP that will protect you. I would tell you what ISPs are not good, but in doing so, I might be brought up on charges, as mentioned in the article below ("Are Bug Reports Against the Law?").
According to News.com, this virus simply grabbed email addresses out of a person's address book or other locations on the server. This is untrue, or if it is true, something else is going on. How can I make this claim? A few thousand messages came to an address that does not exist in anyone's address book. This address is a blackhole address that exists only hidden on webpages so that a bot will find it and use it send spam. It is only in existence to catch spam. Yet it caught several thousand of these spam viruses.
This means that somebody must have this address in their address book. As nobody does, it points to the use of bots to collect email addresses.
World Squirms as Sobig Returns (News.com, August 19, 2003)
Virus Alert!! (Your Details) (House of Fusion Archives, CF-Talk, August 19, 2003)
Your Details (House of Fusion Archives, CF-Talk, August 19, 2003)
The Tide is High (House of Fusion Archives, CF-Community, August 19, 2003)
Latest ColdFusion Talk (CF-Talk)
- CF8 enterprise, CF8 Standard, CF7 Standard on same computer?
- Installing CF8 on a server with dot net / asp net
- Hi everyone
- cfgrid bind component path not working
- Auto-append params
- rematchnocase not working
- CFHTTP call in CFC, returning content fails
- Trying to use cfexecute to run batch file
- extracting numbers from a string
- CFC and MG2 where does validation fit in?
Latest ColdFusion Jobs (CF-Jobs)
- ColdFusion Positions Houston, TX and Greenville, SC
- Coldfusion Web Developer - Natick, MA
- Need Remote LAMP or WIMP or ColdFusion Work
- ColdFusion Developers/Arlington, Virginia/Direct
- ColdFusion MX Developers Needed in NYC!
- Seasoned ColdFusion Developer Available
- Available:Sr ColdFusion Developer
- Mid Lvl ColdFusion Developer - Phoenix, AZ
- ColdFusion Developer - Knoxville, TN
- ColdFusion Positions in TX and SC!!! Immediate!
