ComputersTech Trace

Hello Botnet My old Friend: The Forces Behind the Send-to-a-Friend Spam Mess

Think back to that time when your mom figured out she could input your email in those send-to-a-friend features on websites in order to easily zip you information on all the mittens, bakeware and cat condos she thinks you should buy. It might take a little convincing for you to believe it, but it turns out that isn’t the most annoying use of send-to-a-friend.

Thanks to those ever-enterprising spammers with a little help from their botnet friends, the send-to-a-friend feature has never been so popular. Unfortunately.

The challenges facing spammers

Try not to shed a tear over the plight of the poor spammer, but there are certain difficulties facing these fine folks when it comes to blasting their Canadian pharmacy links across the internet. Not only is sending massive amounts of email expensive, but do it and you’re bound to get nailed by spam filters based on IP reputation. It also isn’t as easy as it used to be to get someone to click on a weight loss pill link.

Using the send-to-a-friend module to send spam emails helps eliminate these problems. Since it’s someone else’s server sending the emails, that eliminates the expense to the spammers, and since these modules have generally been used to send legitimate emails to people who might actually be interested in them, there aren’t any worries about a spam filter catching these spam emails based on IP reputation. Also, with the spam links couched in actual product or service information, people may be more likely to click on them.

What of that other challenge facing spammers, the one requiring someone to actually fill out all those send-to-a-friend forms in order to launch their spam? Oh, don’t you fret.

Botnet business

Before you can rest assured that all the send-to-a-friend spamming dirty work is efficiently handled by a botnet, one essential question must be answered: what is a botnet? A botnet is a network of internet-connected devices (also known as bots) that have been infected with malware that allows them to be operated remotely by cybercriminals, essentially giving attackers a bunch of computer devices that will automatically do their bidding. You may be familiar with DDoS botnets, which are the botnets used to generate the tremendous amount of malicious traffic in DDoS attacks, as they are arguably the most famous of the botnets. Spam botnets are also prolific, however, and very much deserving of their standing in the bowels of the internet.

The botnets behind the send-to-a-friend spam mess are what are called form-filler bots, so named because they are capable of automatically filling in forms like the ones used in the send-to-a-friend feature which typically ask for the sender’s name and email address, the recipient’s name and email address, and a short note, this last field being where the spam link is placed.

Crime and punishment and avoiding both

It would be nice if the people and businesses who suffered because of these nefarious spamming activities were, you know, the people and businesses behind these nefarious spamming activities. Alas, it is far more likely that the only consequences suffered will be felt the websites hosting the send-to-a-friend features abused by spammers. They are at serious risk of being blacklisted by major email providers (think Gmail) which not only renders email marketing difficult if not impossible, but hampers email communications with users.

The number one way to prevent misuse of the send-to-a-friend feature is for a website to be protected by a bot-filtering solution that is able to sniff out suspicious and malicious traffic, filtering and blocking when necessary to keep form-filler bots and other bad bots from going to work.

If this is not currently a possibility, websites with a send-to-a-friend feature at least need to have a rate-limiting mechanism that prevents an unreasonable number of requests from being issued from an IP address over a pre-determined period of time. Requiring users to register or fill in CAPTCHAs in order to send an email may also prevent misuse.

I saw this ultra-warm jacket and it made me think of you…

All joking aside, when used the way it is intended, send-to-a-friend is a handy feature that makes it easy to share info on products and services that probably are interesting to the recipient. As such, this feature must be protected. Who among us has not honestly considered a cat condo, after all?

Share: