30 November 2007 14:56 GMT
Bot Roasting
Its been a busy day in SophosLabs today, not because there is a huge increase in malware or spam, but because of the renewed interest in bots following the conclusion of the second phase of the FBI’s “bot roast“. News of the arrest of an 18 year old from New Zealand has brought a number of enquiries from TV and Radio our way.
We’ve already had one BBC TV crew in the Lab today, and BBC Radio 4 are due in later today (although this was already scheduled for a planned documentary on bots).
These sort of distractions make a change from our usual work and we welcome the efforts of law enforcement tracking down the criminals. Bots still remain a significant problem and the ‘bot-herders’ are getting more and more sophisticated in trying to defeat anti spam techniques like IP blocking (blocking the address of a machine known to send spam). IP reputation systems can very very effective at dropping the connection from the Bot without having to accept any part of the spam message. But now the spammers are simply retrying with other bots immediately. This can result in a flood of connection attempts that can be worse than receiving the spam message and deleting it later. A blend of techniques are required, and this blend needs to be continuously improved and modified before the bad guys find a way to get past your defences.
This is what takes up most of our day, so a little light relief from media is (usually) welcome
Mark Harris, Director of SophosLabs
