Last week, we covered the deflation of an international spam operation known as HerbalKing, thanks to the efforts of the FTC, Spamhaus, and New Zealand authorities. On Tuesday, October 14, the FTC was granted an injunction against the owners and operators of HerbalKing. Said injunction prohibited the defendants from spamming, making false product claims, and froze all US assets of both the company and the individuals in question. Coming as it did on the heels of a major operation to take down known spam-friendly ISP Atrivo, there was hope that the sting might might bring new (if temporary) relief to users.
Unfortunately, that relief did not materialize. Investigations of the relevant time period show no visible decrease in spam mail traffic, according to the Sydney Morning Herald. Security company IronPort reported some 142 billion spam messages were sent on Sunday, which represents a normal drop for a non-weekday. For the week, spam volume dropped from 90.9 percent to 89.7 percent of all e-mail, but a 1.2 percent shift could easily represent little more than background noise.
The Herald has theorized that control of the botnet may have shifted from one organization/group to another, while Spamhaus' Quentin Jenkins noted in a blog entry that "botnet spam systems are very automated and will continue to spam even if the operators do not log in and control them. These spammers set up tens of thousands of domains, and the spam systems rotate in new ones every day... Spamhaus notes that most will not quit spamming until they are behind bars."
Of the two explanations, Jenkins' is significantly more plausible. Spammers, after all, are not in the business of giving away their assets, particularly if those assets include the servers and domains that are responsible for one-third of total spam volume (as reported by Spamhaus). Spam botnets are economically viable because they can be automated and operated with minimal need for administrator oversight. As for the FTC's injunction, freezing someone's assets (Lance Atkinson's, specifically), sounds impressive, but the government can only freeze the assets and accounts it's aware of and has legal jurisdiction over. The government's limited ability to truly freeze assets creates numerous loopholes and helps explain why banking in the Cayman Islands is so very popular.
The legal action against HerbalKing may not have impacted the total amount of spam flowing across the Internet, but judging the success or failure of the investigation solely by this criterion would be a mistake. The male enhancement products HerbalKing distributed and advertised as "all natural," were, in fact, laced with sildenafil—the active ingredient in Viagra. Since sildenafil can cause complications when taken in concert with other medications, its presence was a nontrivial detail HerbalKing "forgot" to disclose. Putting direct heat on Atkinson, meanwhile, encourages him to cut a deal with the US government and exchange what he knows about the international botnet industry in exchange for a smaller fine or lesser sentence.
Comparing and contrasting the effects of the Atrivo takedown with the FTC indictment should provide fresh insight to both security researchers and law enforcement officials. International cooperation and multipronged assaults on spam operations have occurred with increasing frequency in 2008; it's a trend that will hopefully continue next year. Technological counterattacks, like cutting off Atrivo, obviously produce the best short-term gains, but rooting out the problem in the long run will require a strategy that addresses both the technical and the human sides of the botnet business.
No comments:
Post a Comment