SpamRats Running Rampant on the Internet
August 17, 2007 (PRLEAP.COM) Technology NewsSURREY, BC Wizard IT Services: As security threats continue to plague email and Internet users, Wizard IT recently launched its newest project, SpamRats.com. The much anticipated SpamRats project is now up and running and is being introduced as a 'Solution Set' of fully-automated and free Real Time BlackLists (RBLs), designed to target various Trojans, Bots, infected PCs and other IP address which are being used to send out spam.
Building on its reputation as a leader in anti-spam technologies, Wizard IT is now offering the public these anti-spam tools for free through the SpamRats website(www.SpamRats.com) and through MagicMail, a product offering from its sister company LinuxMagic. The tools provided on the SpamRats website are designed to be used use by anyone and on almost any email server.
Michael Peddemors, President/CEO of Wizard IT, strongly believes that stopping the sender is better than trying to filter what they send. He says that the use of IP Reputation is one of the most effective ways for Internet service providers to reduce overhead, bandwidth, and the amount of Unwanted Bulk Email (UBE) received.
"It is a 'Zero Day' protection approach that is needed to stop the millions of Trojans and Bots that send spam or attack servers. People need to be protected against new and unknown threats before the vulnerability is discovered and exploited, said Mr. Peddemors. He added, we have seen the progression of how Spammers have tried to get around filters. At first there were plain text spam messages, then it was spam in attachments, after it was spam hidden in images, then it was in PDF's, and now we see Spam in WAV audio and voice messages. Spammers will always try to get around the filters because there is so much money to be made, but if you can stop the connection at the point when you determine it likely to be an infected PC or a spam engine, then you get 'Zero Day' protection. If you know what is going to be sent to you is infected or abusive, filtering technology 'should not' be your first line of defence.
Based on statistics, Wizard IT has found that the most abusive types of connections are those that either run dictionary attacks, or mass mailings that usually conform to the following four types:
* Botnet/Spammers from IP's with no Reverse DNS
* Botnet/Spammers from infected PC's (Dynamic or Generic Reverse DNS)
* Email Marketing Companies
* Compromised Servers
The list that are available for public use include:
RATS-Dyna - RATS-Dyna is a collection of IP Addresses that have been found sending an abusive amount of connections or trying too many invalid users at ISP and Telco's mail servers. They are also known to conform to a naming convention that is indicative of a home connection or dynamic address space.
RATS-NoPtr - RATS-NoPtr is a collection of IP Addresses that have been found sending an abusive amount of connections or trying too many invalid users at ISP and Telco's mail servers. They are also known to have no reverse DNS, a technique often used by bots and spammers. Email servers should always have reverse DNS entries.
Anybody wanting to deploy the SpamRats RBL's should visit www.spamrats.com.