Representative Expression

But back to the increase. On my main machine I have SpamPal configured to use every possible blacklist and still the spam was getting through 'untagged'. (Spampal is set up to identify spam and tag it rather than delete it. When it reaches my mail client (Thunderbird or MS Outlook), it is then filtered in the junk folder. Thunderbird also has the ability to 'trust' the spampal headers that are applied to detected spam and will automatically 'junk' that mail.

History of Spam

When was first born of first became a problem, it most likely originated from a number of servers rented by a spammer and based in a country such as China where they didn't care who was paying for what providing they paid. There was a proliferation of machines responsible for sending out masses of spam to users througout the world. When people first started fighting spam, this made it easy since all you had to do was block a single IP, or block a range of known addresses used for sending spam.
This is when the spammers started getting clever. Number one, they were paying for these servers in countries like China and depsite the profits, when they realised they could could get the service for free, it was a no brainer. By searching for and using email servers that were not protected they could send their mails using those servers. (Open Relays are one method they use). But this again has a drawback when it comes to detection because there are only so maany Open Relays and once a list of these is compiled, users can block those servers.

The Aim

Using a low number of email servers to send spam could mean that a single addition to an RBL would mean that the spam run would not be very effective.
For example, using a single email server to send 10,000,000 emails is not very effective if that email server is placed on an RBL
The ultimate aim of the spammer is to use a large number of mail servers to send his spam.
For example, using 10,000,000 email servers to send one spam each is highly effective. If would be difficult to have an RBL with 10,000,000 entries within it. And even if such a list existed, the amount of processing power required to scan a list of 10,000,000 entries would be far too consuming and mostly not be effective.

Real Life

In the figures above, 10,000,000 computers used to send 1 email each was a figure used to prove the point. But that could become a reality today.
There are so many Open Relays in the world and as network administrators tighten these down, it becomes harder for the spammers to find them.
There are still the 'average Joe User' types who set up their own dedicated servers or even an email server running on their home network and don't configure it properly leading to it being used as an Open Relay. But these too are reducing as ISP's close down or restrict access to what services home users can use. Likewise, network adminstrators are paying attention to the reports of nadly configured servers and terminating the accounts of those who end up getting their networks blocked becaue of mis-use by a spammer.
There will always be the network or country who turns a blind eye to the spammer, but this leads to easy identification and blocking of the servers.
So where will the spammer get his 10,000,000 computers from to use as mail servers?
Simple. Your computer.

Bot Net as an Email Server

We have all heard of viruses and trojans (if you haven't then you should be very affraid).
A virus by definition now is something that does damage to your computer.
A trojan is something that resides on your computer and has the potential to do something that you are not aware of, whether that be damaging or simply logging all of your online bank details for example.

A Bot Net is a collection of computers that have had software installed on it without the knowledge of the user.
Bot Nets can be used for any number of purposes. Hosting websites, attacking other computers with DOS (Denial Of Service Attacks), finding other computers to install trojans (or make them into Bot Net clients) and amongst many other users, they can also be used to send email.

A computer that is part of a Bot Net is often linked to a controller. The controller can instruct the Bot Net to go to another computer and download more software depending on the usage required by the Bot Net controller. If the Bot Net controller recieves an order to send out a million emails, then he tells his Bot's to fetch the email application (if not already on the infected or 'owned' PC). He then tells the Bot where to get it's list of recipients to send the emails to. It behaves like a distributed email server.

So now rather than rely on a small number of email servers, or known vulnerable email servers, the spammer has the resources available to use a massive number of email servers to send a few of his emails. If a percentage of his Bot's become listed on RBL's, he loses a small percentage of his spam output.

By using someones home computer, they are unlikely to notice a few emails being sent out per hour. The spammer isn't going to give the game away by sending massive amounts of data that would be noticed by the user. It may even be clever enough to learn when you use it, and when you don't. It will use your bandwidth when you are not.

How do the Bot Nets get onto my PC ?

Without starting a Microsoft bashing war, since Windows based PC's are the most predominant used in the home, and we all know the hype surround the vulnerability with various Microsoft Operating systems, the fact remains that these computers form the bulk of most of the Bot's that exist today.
There are a number of techniques that the Bot Net controllers will use to get the Bot Net application installed on your PC. From Viruses to Trojans in emails, to using exploits in the Operating system, exploits in Web Browser's, they hav many ways of getting them into your PC.

Are Bot Nets the reason for the recent increase in Spam?

By looking at the IP addresses of the spam that has been getting through my filters, there is a large increase from residential IP's.
In english, this means an increase from home users.
They will still have to employ other techniques since most home users on broadband use ADSL connections which can be easily detected.
Simarly, many home users are on Dynamic IP addresses, (ie. you get a new address each time you reset your PC/Router), and these too can be easily detected and used to form a blacklist. But the fact is, over 90% of the spam that has evaded my filtering in the past two weeks has most likely come from PC's part of a massive Bot Net.

What Can I do to prevent becoming part of a Bot Net?

Some will say the quick answer is to switch to Linux (or any *nix based OS) and ditch Microsoft Windows. We all know that isn't going to happen for whatever reason.
But you must ensure that you have a decent firewall enabled either on your PC or at your Router and ideally both.
Keep your Anti-Virus up to date.
Keep your Anti-Spyware up to date.
Right now, my personal choice for my home PC's is AVG by Grisoft.
They have had one of the better Anti-Virus solutions for a long time and send out regular updates.
Ewido was one of the better Anti-Spyware tools out there and made even better when Grisoft recently purchased them. So at the moment AVG Anti-Spyware is just Ewido with Grisoft markings, but is still the same great product underneath.
What is more, you can get both products for free and continue to use them for free after the 30day evaluation period expires. You lose some functionality, and may have to do some actions manually, (such as perform an update to get the latest definitions with AVG Spyware), but that isn't too much hassle when you consider the effectiveness of the products.
That said, I don't mind paying a subscription for something that I consider worthwhile which is why I subscribe to both AVG products.

But in singing the praises of AVG, I also use two other services just to be on the safe side. For viruses I use an online service VirusTotal. This allows me to submit files for instant verification by uploading them to VirusTotal it checks them against a number of AVG vendors. If it's a virus it will detect it.
I also use the Opensource SpyBot - Search and Destroy. The User Interface is not as user friendly as some others, but its detection and cleaning rate are up there with the best. It also has some useful tools and helps protect your browsers from known vulnerabilities.

• I would always recommend having two methods of Virus and Spyware detection on your PC
• Scan memory, internet folders and workspace every day
• Scan the complete computer weekly

That information is in addition to the standard good practice of not opening mail from people you don't know, not clicking sites that you don't know etc etc etc.

RBL - Real Time Blackhole - (Wiki Def)
Bot Net - (Wiki Def)
Anti-Virus (Wiki Def)
Anti-Spyware - (Wiki Def)