African businesses can help stamp out spambots

November 16, 2012

Most people and organizations in sub saharan Africa who uses personal computers complain about spam mails but how many people know that their own PCs are most likely responsible for sending it? I was having a chat with a well-known software programmer whom I wanted to find out what can be done to minimize the ever increasing problem. He told me that designers of spambots create malware that converts the personal computers of unsuspecting Internet users into spam-generating zombies. Most bogus emails he has  received appear to come from someone he feels is a legitimate sender.This is because cyber criminals have grown in sophistication, on par with other larger organized crime rings across the world. The crooks use a fraction of processing power from thousands of personal computers which are normally daisy chained together where spambots manage to send billions of unwanted emails without the PC’s owner ever noticing.Some companies in sub saharan Africa of all sizes are actively taking part in these schemes because they are aiding and abetting the proliferation of spam botnets, or spambots, without awareness.This has affected very many individual home users countless web users in the country are being affected daily. Unlike widely publicized exploits of yore , today’s spambots prefer to operate in the dark.One recent example globally was Rustock which has been considered to be one of the world’s largest spambots, Rustock, which has been shut down, infected more than one million PCs and generated 30 to 44 billion unwanted emails about 48 percent of all the junk messages sent, according to security company Symantec.

Shockingly, very few African IT experts and managers have heard of it as confirmed in my fact finding mission. Existing Heuristics and fuzzy logic tools that are available are a far cry from meeting the detection needs of most organizations.According to security expert who did not want his name to be mentioned, many attack methods successfully avoid detection by traditional security mechanisms. That’s because new detection avoidance schemes are increasingly sophisticated. Malware can have the power to continuously mutate, changing its signature in the process. Attackers work to avoid creating recognizable patterns. Often, intruders install backdoors for easy re-entry and there seem to be limitless ways of eluding detection.So what steps can you take to prevent your organization from becoming the target of an attack? Is there any way to stamp out spambots in Africa? Probably, the best way is to put into place a regular vulnerability testing program to identify weaknesses and quickly address those found. These systems basically scan computers and networks to sniff out holes much like professional hackers do. They find backdoors typically left open and unnoticed by other methods.  By conducting regular internal and external vulnerability testing to identify weaknesses, set priorities, and monitor remediation results, your organization will be in a better position to ward off the bad boys and girls of our generation.

Contador Harrison