Packet Rat: One good spam deserves another
Michael J. Bechetti
As Super Bowl Sunday dawned, the MyDoom e-mail worm began to unleash its wrath. The spam-bearing and address-spoofing pest had not yet infiltrated the cyberrodent's networks, but not for lack of trying.
The MyDoom attack succeeded only in dropping the Rat's mail server performance by a few percentage points. Internetwide, it proved a relatively well-behaved interloper, using just enough bandwidth to knock SCO Group Inc. for a loop. But the wired one saw the threat as a good excuse to head to the bunker for the day. 'Duty calls,' he sighed to his spouse.
What he didn't tell Mrs. Rat was that he had managed to hack the TiVo digital videorecorder he'd given her for Christmas to set up a video stream to the projection display in the conference room. As he arrived at the office, he shouted to his gathered henchmen, 'It's MyDoom Super Bowl party time!'
With the video feed established and a steady stream of nachos coming from the office kitchenette, the whiskered one and his minions settled in to watch the Patriots and Panthers.
Unfortunately, the best-laid plans of men and rodents oft go astray. As one acolyte poured himself a root beer, he spotted a pop-up alert on the mail gateway monitor.
'Um, Houston, we have a problem,' he reported. 'Looks like that new antivirus and antispam software we put up last week is slamming itself.'
Abandoning his party sub, the Rat checked some of the queued messages.
'Oh, rats,' he muttered after checking the raw sources of a few messages. The MyDoom virus concealed the origin of its infected e-mail by spoofing the accounts of its victims' address books, and it had apparently found its way onto a machine on an agency contractor's network. Now it was sending out e-mail in the names of brass at the Rat's agency.
That in itself wasn't the problem; most external mail servers were dutifully catching the virus-laden messages and bouncing them back. The problem was that they were bouncing back at the Rat's network. And his mail gateway was doing the same'returning MyDoom-spawned messages to itself and to all the servers that were bouncing messages back to it.
The Rat buried his face in his paws. 'We've got a feedback loop going, and if we don't do something now, Monday morning isn't going to be pretty. The mail server's going to spam itself out of existence. Huddle up.'
With minutes left on the clock, the Rat called the play. While his wirepullers pass-blocked by unplugging the WAN-side connection to the mail gateway, and his sysadmins went deep to start deleting the rapidly growing queue, the Rat dropped back into the pocket and recoded the mail-handling rules for the virus checker. He uploaded, activated and called the signal: 'Plug it back in!'
Within moments, the warning lights on the console turned from red to green. As the team went back to the game, one underling asked the Rat, 'So what did you do to stop the spam feedback?'
'I forwarded all of it to SCO,' he replied. 'I figure they can handle a little more hate mail.' The Packet Rat once managed networks but now spends his time ferreting out bad packets in cyberspace. E-mail him at firstname.lastname@example.org.