BT launches zombie and spam buster

News by Fiona Raisbeck

BT is to launch a spam blocking system which aims to cut junk email off at the source within its broadband network.

BT is to launch a spam blocking system which aims to cut junk email off at the source within its broadband network.

The Content Forensics system, which was developed by StreamShield Networks, scans and analyses the content of millions of emails every day to identify potentially problematic messages originating within the BT network.

BT proposes to contact affected customers as soon as the spam emails reach their inboxes and help them rectify the problem.

Furthermore, they aim to seek permission from the infected computer user to keep the zombie PC infected and allow their abuse team to trace movements from that device.

By doing this they hope to detect which public internet relay chat (IRC) the zombie is connected to and where it receives commands from the botnet controller. BT aim to monitor the public IRC server and contact the server administrator who can find which "conversation" is being sent by the botnet controller and allow the internet service provider (ISP) to track them down.

Stratis Scleparis, CTO, BT Retail said: "In a world-first, we're turning the tables on professional spammers and cutting off this scourge of the internet at the source. This innovative approach tracks down and reduces spam messages on our network, and at the same time helps our customers overcome the threat of infection by bots."

Geoff Bennett, director of product marketing, StreamShield believes it's a positive step from BT and if ISPs - in conjunction with law enforcement - complete such trace operations quickly enough it will become uneconomical for criminals to use this technique.

"In a real forensic chase, there will be a series of PCs, each one typically compromised by the botnet controller and owned by an innocent person. The quicker this process can take place, the higher the chances of back-tracing the connection to the actual criminal gang. If there's too much delay, then the guilty parties will just walk away, and you can't trace them", he said.

"Using ‘conventional' zombie detectors the detection might not be made for weeks. With Content Forensics it's more like hours, and that could really make a difference in the economics of botnets," he added.

However, Ian Castle, senior consultant, ECSC, questioned the effectiveness of this system. "This approach is very resource intensive and is reactive to the problem rather than proactive. This method is novel but it's always going to be a race against time to catch the botnet controller," he said.

Moreover, Ken Munro, managing director, SecureTest, said: "This new system may result in a drop in spam in the short term, but in the long run it won't stop it. It's guaranteed that the criminals will find a new way of propagating spam and it will always be a catch up game."

BT has yet to announce a date for the launch of this service.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events