« Here it comes... | Main | Newsgator buys Ranchero (NetNewsWire) »
September 28, 2005
Fighting a War
Since Monday afternoon, I have been fighting a war. The smoke has cleared, and the front is now quiet, and I have a chance to look over the battlefield.
Starting sometime in the wee hours of Monday morning, a virus author controlling a large army of zombie machines started a massive propagation campaign, sending hundreds of thousands of messages to myriad targets on the Internet. Besides their binary payload, the messages had one crucial thing in common:
Their headers were forged to appear as though they’d originated from the company of my employ - from a randomly generated username (usually invalid) at my company’s domain.
As these messages reached their targets, immense numbers were rejected or bounced. They “returned” to their apparent port of origin. Us. Even though our inbound mail server is a buffed dual-Xeon 2GB spam-processing machine, it quickly developed a backlog of over 90,000 messages. All “legitimate” - because they were bounces, not actual spam or viruses. From myriad IP addresses, because the originating spam campaign had myriad targets.
In the end, we built a script snippet that would delete any bounce messages - related to the given storm surge or not. First pass took 20 minutes and deleted over 43,000 messages from the backlog. A tweak, another run, and 15,000 more were gone. Two hours, several passes, and no more surges later, we’d caught up.
More than anything, this simply reminds me that there’s a shadow war on the Internet - one that most users rarely see the depths of. spambots, virus campaigns, zombie armies, cancelbots, incessant probes, firewalls, VPNs, virus filters, spam filters… there will come a time when this overhead becomes too burdensome to do business online. Not sure what will happen, then. The Internet shares part of the UNIX philosophy, in that it “doesn’t prevent you from stupid things, so as not to prevent you from doing clever things”. But the stupid is growing, and doing its best to eat the clever.
Posted by jim at September 28, 2005 02:38 PM