• OUR SERVICES
• PRICING
• ABOUT US
• SUPPORT
• PARTNERS
• CONTACT

Botnet Spam

Millions of Microsoft Windows computers around the world have been taken over by criminal gangs, via viruses. These computers, controlled in groups of thousands, comprise what are known as Botnets. The owners of these computers are mostly unaware that their computers are being used for criminal activity.

The operators of these networks sell time on them to a large variety of criminal enterprises - hackers, phishers, for DDoS attacks, and spammers.

The majority of spam sent nowadays is sent via Botnets.

A sample Botnet Spam:

Return-Path: <comcontn@ici.net>
Received: from ici.net (200.muba.bstn.bstnmaco.dsl.att.net [12.98.13.200])
        by mail.skywaywest.com (8.11.0/8.11.0) with SMTP id fAPMkRS06535
        for <postmaster@skywaywest.com>; Sun, 25 Nov 2007 14:46:27 -0800
Message-Id: <200711252246.fAPMkRS06535@mail.skywaywest.com>
From: "Cash Program" <comcontn@ici.net>
To: <postmaster@skywaywest.com>
Subject: Cash Rewards Program
Sender: "Cash Program" <comcontn@ici.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Date: Sun, 25 Nov 2007 17:36:10 -0500
Reply-To: "Cash Program" <comcontn@ici.net>
Content-Transfer-Encoding: 8bit
Status: O
Content-Length: 11720
Lines: 261

[body snipped]
    

As with other sorts of Spam, we look at the Received: headers. This Spam was received by our mail server from 12.98.13.200, which has Reverse DNS of 200.muba.bstn.bstnmaco.dsl.att.net, and claimed in the HELO to be ici.net. Since this is the only Received: header in the message, we can be quite sure a Botnet spammer sent this to us from an AT&T ADSL connection at 12.98.13.200.

A lot of Botnet Spam will have additional forged Received: headers. Through experience, you'll learn to spot the messages that were sent directly to your mail server from a DSL or cable connection. Most Botnet Spam comes from consumer DSL or cable ISPs - all large consumer ISPs have enormous numbers of customers whose machines have been taken over by these criminals, and their abuse departments are chronically underfunded, unstaffed, and unprepared to handle the work of trying to get them secured.

[ Back to Skyway West Knowledge Center ]

[ Back to Spam Resource Page ]

Please send corrections or suggestions for improvements in this page to abuse@skywaywest.com