Following the tracks: understanding snowshoe spam

Filed Under: Featured, Law & order, Podcast, SophosLabs, Spam

Brett Cove at VB2011Brett Cove from SophosLabs in Vancouver presented his talk, "Following the tracks: understanding snowshoe spam", at the Virus Bulletin 2011 conference in Barcelona this morning.

While there has been a lot of press about botnets being shutdown resulting in lower volumes of spam reaching our gateways, there has been very little discussion about tackling "snowshoe" spammers.

What is snowshoe spam? The name was chosen because snowshoes are used to distribute your weight across a larger surface to prevent sinking.

Snowshoe spammers distribute their spamming across a high number of IP addresses to distribute their reputation widely. This often defeats volume based detection schemes used by large email hosts like Gmail and Yahoo!.

Snowshoes slide from VB2011Brett explained how the passing of the US CANSPAM Act created the correct loopholes for "legal" spamming. Most snowshoe spam skirts the edges of this legislation in a pseudo-legal manner (at least in the US).

After explaining the problem and differentiating snowshoe spam from more typically criminal botnet spam, Brett discussed what should be done to reduce the effectiveness of this technique.

He suggests it will likely require a combination of better laws, cooperation from ISPs and better recognition of the problem itself.

Thanks to Virus Bulletin for permission to share Brett's slides.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.