7th German Anti Spam Summit 2009

2009-10-01

Sorin Mustaca

Avira, Germany
Editor: Helen Martin

Abstract

Sorin Mustaca reports on the 7th German Anti Spam Summit.


Table of contents

The 7th German Anti Spam Summit, hosted by the eco organization (http://www.eco.de/veranstaltungen/ 7dask.htm), took place last month at the beautiful Biebrich castle in Wiesbaden, Germany.

The theme of this year’s summit was ‘Spam – advertising and compromising (unsolicited emails as cause and effect of botnets)’. Despite the fact that most of the participants were German, the official language of the summit was English. In general, the event was angled towards those in technical and legal management. A stream of presentations ran alongside a series of sponsor workshops.

Day 1

On the first day, the presentation stream was split into two parts: one dedicated to the role of registries and registrars and the second to digital brand management.

The speakers in the first part were representatives of the .INFO and .ORG registries and the Austrian and German ccTLDs. The content of their presentations could be summed up by a single sentence: ‘The registries are not allowed to interfere with the registrars’. I must confess that these presentations left me with a bitter taste in my mouth. It confirmed why we see so many fake domains being registered with the sort of names that even a non tech-savvy user would recognize as suspicious. While on the one hand attempting to hunt down online fraudsters, the authorities are blocking the very organizations which could enforce some guidelines in this field. I appreciated the fact that the speakers were very honest and open to discussion and suggestions. However, all my ideas for slowing down or preventing the fake domains from being registered proved unrealistic due to the same legal issues which force the registries to step aside.

The presentations on digital brand management covered standards related to online security, domain name and trademark misuse, domain monitoring and reputation management (checking where and how your brand and domain name are used).

A podium discussion attempted to determine what registries and registrars should do in the future, but failed to reach any real conclusions.

Days 2 & 3

The second day of the conference was a lot busier and more interesting than the first – there were around 150 delegates in attendance.

The day started with some warm-up speeches from the German authorities from Hessen-IT (the region in which the conference took place) and from the BSI (the Federal Office for Information Security). The highlight of the day was a presentation by two students from the University of Bonn who took the Conficker worm apart and suggested a smart way to immunize computers by fighting the worm with its own weapons. Whether or not this is ethical was not addressed and remains to be decided.

A very interesting presentation, for which the press was requested to leave the room, was about abuse and fraud management at the ISP 1and1 (www.1und1.de). It was nice to see a big ISP caring about what its customers are doing to the Internet for a change, rather than merely the other way around.

The other presentations discussed how to cooperate in combating spam, how different European countries combat spam (and fail to do so), and discussed SURBL.

The last day of the conference was reserved for a workshop run by the same students that took Conficker apart. They presented different techniques to fight and eventually control complex botnets, as well as showing how to get more information from honeypots.

Conclusions

I was pleasantly surprised to see delegates at this event from the major ISPs in Germany (although unfortunately I didn’t see anybody from T-Online, the biggest ISP in Germany) – which suggests that, at least in Germany, security on the Internet is an issue that is being taken seriously.

I also noticed that a couple of European email marketing companies were present at the event. I have to admit that I consider their activity to be one of the main reasons why spam is so hard to catch nowadays. I asked two of the representatives why they were attending. The answer? They were trying to learn how to send ‘cleaner’ emails. Applause, please.

The opinions expressed in this report are those of the author and do not represent those of the author’s employer or of Virus Bulletin.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.