February 04, 2009Bots are Jumpin'
Yeow! Botnet-sent spam has jumped through the roof here in the last couple of days. Most of it is promoting medz and sex chat. The ecrush and ekiss junk is still also in full spew.
Content filtering isn't very effective because the content is minimal and changes with nearly every message. A good blocklist that tracks botnets is about the only defense on the server.
One telltale sign of the medz spammer hearkens back to a domain name technique I saw used a couple of years ago. The spammer registers a series of domain names that consist of different combinations of two words from what appears to be a fixed list. Sometimes one of the words stands out—in the recent flood, the word that I see often is lith. The domain names are lith-this or that-lith, all registered with presumably phony Chinese owners. Through my spam-ESP, I'm sensing that an American is behind the whole thing.
I've now seen the lith spammer branching out into French and German spam messages. Could this search for customers in other languages mean that the faltering economy is hitting spammer business, too? Well, one can dream.
In the meantime, Microsoft can claim that their malware removal tool is eliminating lots o' bots, but from this current flood, I'd say the botnets are winning.Posted on February 04, 2009 at 08:42 AM