Computer end users are increasingly becoming the targets of cyber criminals and spammers who are employing sublime tactics to make them the unwitting mass distributors of harmful spam.
According to Richard Broeke, security consultant at specialist IT security company Securicom, the trend of cyber criminals using end-user workstations as spam distribution centres by turning them into email servers is gaining considerable momentum in South Africa.
“It’s an alarming trend and we are seeing it more and more,” says Broeke, adding that a combination of lack of user education and awareness, inadequate security and, incorrect usage of technology is helping to spur the trend on.
He explains that bots, software which is designed to invisibly install itself on the target machine, turns the computer into a distributor of malicious threats. These bots, which are also known as Trojans, unwittingly downloaded from infected emails and websites, effectively turn a workstation into a mail server and in turn cause the machine to send out huge volumes of spam, in a lot of the cases also containing malware, to the random e-mail addresses harvested from the infected machine.
The impacts are far reaching. For the end user, it negatively affects productivity because the workstation becomes cumbersome and slow as it battles to cope with the massive volumes of outgoing mails. For those on the receiving end of the unsolicited spam, there is the increased risk of infection by harmful viruses, spyware and malware – and of course, bots.
For companies it can lead to their public IP address being blacklisted on one or more Real Time Blacklists (RBLs), disrupting and preventing the receipt and distribution of important, business-related mails. Depending on which RBL the company mail server is listed on, email communication can be halted for days and getting de-listed can be a chore.
“Aside from putting a spanner in the works in terms of productivity and communication, having your company mail server hi-jacked for spamming and then blacklisted can be quite damaging for your business’s reputation.
“It’s also a major waste of bandwidth. With such large amounts of mail being sent out, a 3 gig ADSL cap can literally vaporise and disappear in just 20 minutes,” says Broeke.
Because bots are so sneakily deployed, users and companies are left non-the-wiser that a workstation has been hijacked and turned into a mail server until no one in the organisation can send or receive mail – by which stage the company’s public IP address has more than likely already been blacklisted.
That’s why Broeke says, user education is so important.
“User awareness is one of the most powerful weapons against this trend. All companies and individuals with an internet presence should be aware of this problem and observe basic IT security principles such as not opening mails from untrusted sources, especially spam, and avoiding downloading programmes and applications from the web.
“Users should also be aware of the symptoms and report to their IT department if their workstation suddenly becoming drastically and inexplicably slow,” says Broeke.
Companies also need to have adequate security in place.
“While a firewall can’t stop trojans from being downloaded, it can stop mailer daemons and therefore stop spam from being sent from the company network. Unfortunately, 85% of companies don’t have their firewalls correctly configured to prevent this, or the correct logging and reporting facilities.
“Companies should have a best of breed firewall in place and ensure that it is configured to allow traffic from certain locations only. Firewall protection must also be supplemented with adequate anti-virus and anti-spyware protection.
He concludes saying that securing an environment however goes way beyond a firewall and anti-virus and anti-spyware software.
"These are just tools and the best approach is to introduce the human element into a multi-level solution.
“Because cyber criminals are becoming more sophisticated in their methods and the threats associated with having an internet presence are continuously evolving, managing IT security has become labour-intensive and requires specialised skills. For companies that can’t afford to retain the necessary resources in-house, commissioning the services of a managed security consultancy is good alternative as it gives an organisation access to a dedicated team of specialists who will monitor and maintain network security 24 hours a day, seven days a week.”