E-mail bomb

From Wikipedia, the free encyclopedia

 This article does not cite any references or sources. (February 2008)
Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed.

In Internet usage, an e-mail bomb is a form of net abuse consisting of sending huge volumes of e-mail to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted in a denial-of-service attack.

There are two methods of perpetrating an e-mail bomb -- mass mailing and list linking.

Mass mailing consists of sending numerous duplicate mails to the same email ID. These types of mail bombs are simple to design; but due to their extreme simplicity, they can be easily filtered by spam filters. Email-bombing using mass mailing is also commonly performed as a DDoS attack by employing the use of "zombie" botnets; hierarchical networks of computers compromised by malware and under the attacker's control. Similar to their use in spamming, the attacker instructs the botnet to send out millions or even billions of e-mails, but unlike normal botnet spamming, the e-mails are all addressed to only one or a few addresses the attacker wishes to flood. This form of email bombing is similar in purpose to other DDoS flooding attacks and, because it often targets dedicated hosts that handle the website and e-mail accounts of a business, can be just as devastating to both services of the host. It also is more difficult to defend against than a simple mass-mailing bomb because of the multiple source addresses and the possibility of each zombie computer sending a different message or employing stealth techniques to defeat spam filters.

List linking on the other hand, consists of signing a particular email id up to several subscriptions. This type of bombing is effective as the person has to unsubscribe from all the services manually. In order to prevent this type of bombing, most services send a confirmation email to your inbox when you register for the subscription on that particular website.

A variant of mail-bombing popular in Russia is called a ZIP bomb. After most commercial mail servers began checking mail with anti-virus software and filtering certain malicious file types, trojan horse viruses tried to send themselves compressed into archives, such as ZIP, RAR or 7-Zip. Mail server software was then configured to unpack archives and check their contents as well. That gave black hats the idea to compose a "bomb" consisting of an enormous text file, containing, for example, only the letter z repeated millions of times. Such a file compresses into a relatively small archive, but its unpacking (especially by early versions of mail servers) would use a high amount of processing power, RAM and swap space, which could result in denial of service. Modern mail server computers usually have sufficient intelligence to recognize such attacks as well as sufficient processing power and memory space to process such attachments without interruption of service, though some are still susceptible to this technique if the ZIP bomb is mass-mailed.