Application security, Security Strategy, Plan, Budget

BT takes on spam, zombies


BT has announced it will launch a spam blocking system that aims to cut junk email off at the source within its broadband network.

The Content Forensics system, developed by StreamShield Networks, scans and analyses the content of millions of emails every day to identify potentially problematic messages originating within the BT network.

BT proposes to contact affected customers as soon as the spam emails reach their inboxes and help them rectify the problem.

Furthermore, it wants to seek permission from the infected computer user to keep the zombie PC infected and allow their abuse team to trace movements from that device.

The company hopes to detect which public internet relay chat (IRC) the zombie is connected to and where it receives commands from the botnet controller. BT aims to monitor the public IRC server and contact the server administrator who can find which "conversation" is being sent by the botnet controller and allow the internet service provider (ISP) to track them down.

Stratis Scleparis, CTO, BT Retail said: "In a world-first, we're turning the tables on professional spammers and cutting off this scourge of the internet at the source. This innovative approach tracks down and reduces spam messages on our network, and at the same time helps our customers overcome the threat of infection by bots."

Geoff Bennett, director of product marketing, StreamShield, believes it's a positive step from BT and if ISPs - in conjunction with law enforcement - complete such trace operations quickly enough it will become uneconomical for criminals to use this technique.

"In a real forensic chase, there will be a series of PCs, each one typically compromised by the botnet controller and owned by an innocent person. The quicker this process can take place, the higher the chances of back-tracing the connection to the actual criminal gang. If there's too much delay, then the guilty parties will just walk away, and you can't trace them," he said.

"Using ‘conventional' zombie detectors the detection might not be made for weeks. With Content Forensics it's more like hours, and that could really make a difference in the economics of botnets," he added.

However, Ian Castle, senior consultant for ECSC, a U.K.-based IT consulting firm, questioned the effectiveness of this system.

"This approach is very resource intensive and is reactive to the problem rather than proactive. This method is novel but it's always going to be a race against time to catch the botnet controller," he said.

Moreover, Ken Munro, managing director, SecureTest, said: "This new system may result in a drop in spam in the short term, but in the long run it won't stop it. It's guaranteed that the criminals will find a new way of propagating spam and it will always be a catch up game."

BT has yet to announce a date for the launch of this service.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.