7th German Anti Spam Summit 2009

2009-10-01

Sorin Mustaca

Avira, Germany
Editor: Helen Martin

Abstract

Sorin Mustaca reports on the 7th German Anti Spam Summit.


Table of contents

The 7th German Anti Spam Summit, hosted by the eco organization (http://www.eco.de/veranstaltungen/ 7dask.htm), took place last month at the beautiful Biebrich castle in Wiesbaden, Germany.

The theme of this year’s summit was ‘Spam – advertising and compromising (unsolicited emails as cause and effect of botnets)’. Despite the fact that most of the participants were German, the official language of the summit was English. In general, the event was angled towards those in technical and legal management. A stream of presentations ran alongside a series of sponsor workshops.

Day 1

On the first day, the presentation stream was split into two parts: one dedicated to the role of registries and registrars and the second to digital brand management.

The speakers in the first part were representatives of the .INFO and .ORG registries and the Austrian and German ccTLDs. The content of their presentations could be summed up by a single sentence: ‘The registries are not allowed to interfere with the registrars’. I must confess that these presentations left me with a bitter taste in my mouth. It confirmed why we see so many fake domains being registered with the sort of names that even a non tech-savvy user would recognize as suspicious. While on the one hand attempting to hunt down online fraudsters, the authorities are blocking the very organizations which could enforce some guidelines in this field. I appreciated the fact that the speakers were very honest and open to discussion and suggestions. However, all my ideas for slowing down or preventing the fake domains from being registered proved unrealistic due to the same legal issues which force the registries to step aside.

The presentations on digital brand management covered standards related to online security, domain name and trademark misuse, domain monitoring and reputation management (checking where and how your brand and domain name are used).

A podium discussion attempted to determine what registries and registrars should do in the future, but failed to reach any real conclusions.

Days 2 & 3

The second day of the conference was a lot busier and more interesting than the first – there were around 150 delegates in attendance.

The day started with some warm-up speeches from the German authorities from Hessen-IT (the region in which the conference took place) and from the BSI (the Federal Office for Information Security). The highlight of the day was a presentation by two students from the University of Bonn who took the Conficker worm apart and suggested a smart way to immunize computers by fighting the worm with its own weapons. Whether or not this is ethical was not addressed and remains to be decided.

A very interesting presentation, for which the press was requested to leave the room, was about abuse and fraud management at the ISP 1and1 (www.1und1.de). It was nice to see a big ISP caring about what its customers are doing to the Internet for a change, rather than merely the other way around.

The other presentations discussed how to cooperate in combating spam, how different European countries combat spam (and fail to do so), and discussed SURBL.

The last day of the conference was reserved for a workshop run by the same students that took Conficker apart. They presented different techniques to fight and eventually control complex botnets, as well as showing how to get more information from honeypots.

Conclusions

I was pleasantly surprised to see delegates at this event from the major ISPs in Germany (although unfortunately I didn’t see anybody from T-Online, the biggest ISP in Germany) – which suggests that, at least in Germany, security on the Internet is an issue that is being taken seriously.

I also noticed that a couple of European email marketing companies were present at the event. I have to admit that I consider their activity to be one of the main reasons why spam is so hard to catch nowadays. I asked two of the representatives why they were attending. The answer? They were trying to learn how to send ‘cleaner’ emails. Applause, please.

The opinions expressed in this report are those of the author and do not represent those of the author’s employer or of Virus Bulletin.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles

The number of incidents attributed to the Lazarus Group, a.k.a. Hidden Cobra, has grown rapidly since its estimated establishment in 2009. In this paper, ESET researchers Peter Kalnai and Michal Poslusny look at various cells within the group, that…

VB2018 paper: Fake News, Inc.

As the world grapples with massive disinformation campaigns waged by the intelligence agencies of hostile nations, we should not forget that such activities are not limited to the purview of the Bears or Pandas of the world, and that even relatively…

Alternative communication channel over NTP

Nikolaos Tsapakis explores Network Time Protocol (NTP) as an alternative communication channel, providing practical examples, code, and the basic theory behind the idea.

VB2018 paper: Under the hood: the automotive challenge

In an average five-year-old car, there are about 30 different computers on board. In an average new car, there are double that number, and in some cases up to 100. That’s the size of network an average SMB would have, only there’s no CIO/CISO, and…

VB2018 paper: Android app deobfuscation using static-dynamic cooperation

Malicious Android applications are quite common, and can even be found from time to time in the Google Play Store. Thus, a lot of work has been done in both industry and academia on Android app analysis, and in particular, static code analysis. One…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.