The end of spam?

The takedown of Waledac, which was sending around 1.5 billion spam emails per day, opens up new techniques for the fight against these mails.

The words rotting and Denmark can't be too far off the lips of many of us when checking our mails. Drowned in false offers of watches and wonder cures, sweet messages from conquests you can't remember ever having met and the men who absolutely want to give you money, do you still manage to find the odd mail that doesn't ask for your credit card details?

Freedom to publish and send whatever we want to is a founding principle of the internet. The neutrality of the internet, that's to say the principle on which your data isn't treated any differently to the data of anyone else, is another. We are theoretically free to access whatever we want and receive whatever other users judge right to send us.

The management of domain names, this method of humanising addresses, is today under the responsibility of ICANN, which guarantees the neutrality of the distribution of these precious domains. Every domain name has an owner, who buys the right to use it on a yearly basis.

This freedom, which existed because political elites misunderstood its importance, is today being increasingly controlled. The government of the world's biggest country, China, has assigned 30,000 civil servants to "protect" internet content.

In the UK, as in many other countries, the battle against child pornography or terrorism serve as cover under which laws whose application can result in the reduction of the effectiveness of protection of intellectual property rights.

A positive and rather unexpected aspect of this reduction in liberties, both from the legal and jurisprudential view, has recently been demonstrated in an action by Microsoft. About time?

Waledac: 70,000 computers infected

Modern spam services are based on botnets, networks of tens of thousands of badly protected computers controlled remotely over the Internet. Waledac brought together more than 70,000 infected computers..

As viruses, spam and other malware mainly target Microsoft operating systems, Microsoft does of course have a commercial interest in taking the disease out at source, to improve product and brand image.

Usually, to get rid of spam, which mainly circulates via email, email account suppliers block IPs from certain notorious sources: this is the black list method. Emails sent from these sources quite simply don't arrive. This list cannot however cover as many as 70,000 different IPs, the number controlled by the botnet.

Microsoft looks to take things back to the source

Without opening, and therefore violating the secrecy of correspondence, it isn't easy to know if a given mail is spam or not. Action must be taken at source, and this is what Microsoft did, first of all by reducing communications from infected computers.

In order to put them into quarantine, they targeted P2P communications between zombie computers and domain names corresponding to the botnet as well as certain servers. This didn't however mean that the computer owned by Mrs X or Mr Y, who wasn't aware of what was going on, would be able to administer an antidote to itself.

So as to target those people and computers directly concerned, a final step was required: legal action. With the transfer of control of 276 domain names used by Waledac to Microsoft, following the lack of response from domain name holders, which prevented the owners of the botnet to change domain names, and therefore addresses, this enormous source of spam will no longer function.

Naturally, Microsoft is congratulating itself on the success of its action and has taken the opportunity to send out a communication on security solutions. Don't forget that, while Microsoft's solutions are effective, numerous other solutions from other providers are also available, some of them for no charge.

Spam, then, is perhaps living its final swansong this year. With the law now being effectively used against them, botnets will be vulnerable to both technical and judicial attack... and what has been applied with success to botnets could well be used against peer-to-peer networks with a central nervous system.


> Buyer's Guides: Our Pick of The Best Products