Effective spam and malware countermeasures

FOSS Aalborg, June 4th, 2008

Peter N. M. Hansteen

peter@bsdly.net


Table of Contents
Malware, virus, spam - definitions
A history of malware
A history of malware, cont'd
History: The Morris Worm
Microsoft vs the internet
Modern malware
Spam
Spam: characteristics
The ugly truth
Code audits
Fighting back
Tools: content scan
The comedy of our errors
Behavioral methods
Behavioral methods: greylisting
Behavioral methods: greylisting (cont'd)
Behavioral methods: greytrapping
Combinations and pitfalls
Where do we fit in?
a working model
The output: logs, tags
Giving spammers a harder time: spamd
Giving spammers a harder time: The rules
Blacklists and whitelists
Giving spammers a harder time (cont'd)
SMTP connections by length
Protecting the expensive appliance
Protecting the expensive appliance (cont'd)
spamdb and greytrapping
Active spam sending hosts (traplist)
Incremental improvements in recent versions
Conclusions
Resources