Posted by: Jay Dugan
anti-malware, antivirus software, botnets, malware, port 25, Pushdo, security appliance, security policies, SMTP, spam, viruses
One way to combat spam is at the source, as was done in the Pushdo case. According to a recent Network World story, researchers hope to use this case to gather valuable data that will help in this effort. Half of the offending servers were located with one hosting company that wisely chose to shut them down. The article pointed out, however; two ISPs in China did not respond to requests to turn off Pushdo servers.
Botnets use these command and control servers to send instructions to thousands of infected PCs around the World. Many of these PCs are in India and other third world countries. Perhaps it is the socio-economic conditions in those places that limit the ability of users there to purchase up to date anti-malware and antivirus software.
From a user standpoint, a well patched machine with up to date anti-malware and antivirus software is the best protection. Additionally, a corporate network should employ a good security appliance at the perimeter that blocks spam and viruses and with security policies that require that outgoing simplified mail transfer protocol (SMPT) is limited to port 25 and the internal IP address of the corporate mail server. This will limit any rouge mail servers from spewing out spam from the corporate network.