Feed on

Bye Bye Rustock

I suppose it might be tempting fate to give the Russian mafia the finger, but I did, mentally anyway.

ArsTechnica’s account of the takedown of the Rustock spam network was satisfying to read. Thanks Microsoft, even if you caused the problem. I read this a while ago

The Rustock botnet, responsible at its height for sending 30 billion spam e-mails a day, went silent last Wednesday. Its command and control servers, responsible for telling the millions of machines recruited into the network which spams to send, were taken offline. With the botnet now headless, the deluge of spam was halted.

and I didn’t imagine it would affect me directly. I don’t get a lot of spam, at least not that I see in my inbox (none yet from Col. Gadaffi offering me a share of his loot).

How wrong I was!

I have since looked at the daily discard reports for my mail. Ordinarily, they’re something I only look at when investigating a non-delivery, and these are rare.

Last year, e.g., an accounting firm sent mail on behalf of Transport for London and it went into the bit bucket — because they didn’t ensure it would pass a reverse DNS lookup, i.e., that the sending server appeared to belong to TfL.

The reports usually show dozens of rejected attempts every day to deliver mail to my domain. They come from machines or bots that are known to be infected and which are blacklisted by spamhaus.org and others. They include non-existent recipients I’ve blacklisted. The mail server cuts off the sender at once, the mail is never accepted never mind not delivered.

Since Rustock was rusticated my discard reports have dropped dramatically, sometimes to a few lines a day!

Of course, it will only be a temporary relief — the mailing lists full of dead and non-existent addresses are still out there, along with millions of insecure Windows XP computers and millions of people who don’t have any real understanding of computer security.

Bruce Schneier points in his security blog to an interesting paper on the mental models of people who don’t understand security. These people aren’t going away, so understanding how they think, and don’t, matters if the problem is ever to be resolved — supposedly.

But fundamentally this is blaming the user for design flaws of the product. Users of Apple and Linux operating systems may be smarter, on average, than Windows users, but they’re better protected by better design in the first place.

Like many people, I recently reread the Wikipedia article on the Chernobyl nuclear accident recently. For a long time the users were blamed, Microsoft fashion. Eventually, the idea that the design should have precluded the accident from occurring seems to have gained currency.

Someday Microsoft may get it.

Update: Interesting article on cyber-security and human behaviour in The Atlantic (see conference proceedings link at the end).


Leave a Reply