Spam floods SA networks

Leo Kok

Johannesburg - While most people were enjoying a lazy Sunday morning, South Africa was the target of one of the biggest electronic spam attacks to date.

According to anti-virus group Symantec and partner AntiSpam Africa, electronic spam increased by more than 300 percent on Sunday.

Networks monitored by Symantec quickly reached their maximum capacity even though most people were not at the office. By Monday morning, this figure had nearly doubled as people switched on their computers and started using their e-mail.

Patrick Evans, chief executive of Symantec South Africa, said the attack was unique because 36 of the 50 internet addresses that generated most of the spam were South African.

The network of one of the biggest parastatal institutions monitored by Symantec carried more than 21 000 spam messages within an hour on Monday compared to a normal average of 3 000 to 3 500 per hour.

The spam attack seems to be harmless in general although it paralyses the network and uses up valuable bandwidth for other e-mail and internet use. Evans said 84% of the available e-mail bandwidth was used up by spam on Monday.

Media reports elsewhere in the world indicated that the unsolicited mail, mostly written in German, contained a neo-Nazi message.

It seems as if the attack was launched worldwide and formed part of the German neo-Nazi movement's protest against what they call Germany's "guilt culture".

Evans explained that cyber hackers and people who send out spam no longer use it as a means of bragging, but rather for financial gain.

Beware of the bots

The latest mid-year survey conducted by Symantec showed that the number of electronic bots (a type of virus that can be controlled like a robot from a remote base) in circulation increased significantly.

A bot finds its way to an unprotected computer through an e-mail or website. It then installs itself on the computer and spreads to other computers on the network or through e-mail as quickly as possible.

Evans said the bot sends out a message to its creator to inform him or her that it has access to an unprotected computer. The creator of the bot then sells access to the bot - and thousands of infected computers in the process - to the so-called "Russian mafia" and other syndicates.

The syndicates threaten to use the bots as "mercenaries" to paralyse an institution's computer system by bombarding it with spam unless the institution pays a ransom.

Evans said the problem in South Africa is that most institutions check all incoming e-mail for viruses or spam, but few businesses check outgoing e-mail. They therefore are unaware that their networks are being abused to send viruses and spam.