Spam, Phishing, and the Looming Challenge of Big Botnets

What could a spammer or phisher do with a botnet of a thousand machines? a hundred thousand? a million? Send lots of email is the least worrisome answer to these questions. As anti-spam and anti-phishing defenses improve, there is more than sufficient financial motivation for spammers and phishers to consider what they can accomplish with enormous scale. We begin by looking at a wide range of anti-spam defenses. Many of these, like rate limiting and port 25 blocking, will simply no longer work against big botnets; we explain why. Further, the basic cryptographic assumptions underlying the implementation of SSL certificates and DomainKeys/DKIM need re-examination in light of the massive computing power of big botnets. We describe possible attacks by spammers and phishers, and the implications these attacks have in terms of defense.
Computer Science