‘Backscatter’ Leading to Failure of Spoofed Accounts

According to recent developments, victims of hackers who have spoofed or compromised legitimate e-mail accounts for spamming purposes are now getting failed delivery e-mails in huge volumes disclosed security software company - Webroot on August 5, 2008.

This phenomenon is called "backscatter" and making many personal e-mail accounts virtually useless, as they fall to 'denial of service' attacks that are taking place due to the flooding of bounced e-mails and auto-replies to inboxes.

In February 2007, Researchers at Webroot revealed that as per the spam estimates, out of every 2 Million spam mails, 72,000 were bounced notifications returned to the addresses of the senders, resulting in problems of duplicate addresses for the victims. The problem's cause was the same that 'backscatters' cause.

According to Mike Irwin, Chief Operating Officer at Webroot, 90% of more than 6 Trillion official e-mails in 2008 is likely to be spam that would incredibly strain IT resources in managing not just the volume of spam but also the resultant backscatter. Citing an instance, Irwin said that recently an Internet Service Provider had to go offline when it was trying to take in 10,000 backscatter e-mails per second, as reported by Vnunet on August 5, 2008.

Furthermore, security researchers consider backscatter can be hugely devastating for the small-sized businesses that do not have a dedicated IT department to effectively tackle this problem. Backscatter is particularly problematic as the number of failed delivery e-mails that are a result of e-mails dispatched to full inboxes or non-existent addresses, are extremely hard to block and thus labeled as spam, require a significant drain of resources and time to clean them out.

Moreover, Dr. Chenxi Wang, Principal Analyst at Forrester wrote that organizations continue to struggle to cope with spam amounts and attack techniques long after spam first evolved as a grave problem. And a number of these organizations see a continued drain of investments to manage this spam, as reported by BusinessWire on August 5, 2008.

Hence security experts recommend organizations to adopt filters and to appropriately connect them with technologies of management.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 8/19/2008