Some interesting trends are becoming pretty apparent in the messaging security arena. The one that I’d like to point out here is the use of robots or zombies being used to distribute email threats. This phenomena is definitely making it’s mark by changing the playing field for messaging security vendors a bit. So, in fact that it’s the sole cause of driving one method of protection near extinction. Open Relay Data Bases. Once upon a time, there was a service used by many to stop spam in its tracks. This service consisted of databases that contained IP addresses of open relay machine (SMTP servers that were improperly configured or that allowed mail to relayed through them that should not have been). This service worked great when the primary method of distributing spam was to use some SMTP servers that were wrongly open to anyone, and allowed this type of activity. With the use of Zombies, spammers now have a new primary method for sending spam, which consists of their own network of SMTP servers that they control. There is no more demand for open relay SMTP servers, the spammers are doing fine without them. Some supporting information to this dying breed of spam protection would be the recent news about the recent closure of ORDB.org. After 5 and a half years of service, they were forced to close their doors of operation. http://www.theregister.co.uk/2006/12/22/ordb_shutdown/
What’s next? What other affects will we see from the use of these zombie networks? Will these Zombie networks expose how “Real-Time” the current “Real-Time” Black Lists (RBL’s) are? Will they expose more vulnerabilities? Surely these Zombie networks are capable of doing more than sending Spam.