Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Spam sent via spambots?
From: GuidoZ <uberguidoz () gmail com>
Date: Sun, 31 Oct 2004 20:30:06 -0500

And further, does anyone have any idea how to pick apart how much of
that is simply relaying type activity vs.dedicated spam-bot activity?

Does it matter?

Personally, I think it matters quite a bit. If the current laws are
ever enforced, it could shape the way spammers operate. Instead of
facing the concequences of your actions, you take over a few machines
and get away with it. Or once caught, you play dumb... even though you
knew all along what the systems were being used for.

As I'm sure you're aware, groups of zombie machines are used for a
handful of different things. Everything from DDoS attacks to the topic
at hand. These groups are frequently "rented out" to do the dirty
work. It's become so much of a problem that the media is picking up on
it. It's been reported in the news and various forums several times. A
few sample articles: (Google for more)
 - http://go.microsoft.com/fwlink/?LinkId=35825
 - http://www.shortnews.com/shownews.cfm?id=40747
 - http://newpaper.asia1.com.sg/top/story/0,4136,67698,00.html

Point being - knowing how much spam is bot-nets and how much is
"legit" (as in the sender is aware they are sending it) would be good
information to know. It may help enforcement of current laws or shape
new ones. Having a grasp on, or some understanding of, the problem is
the first step to solving it, don't you agree?

Obviously laws and enforcement isn't the only means. It's obviously
not done much to help so far; plus you have the added problems of who
enforces what laws where. Check http://www.spamlaws.com/ for more info
on your local area (worldwide).

(P.S. Removed your email address from the "Reply All" as requested
Nick. Hopefully this will serve as a reminder to others that you
prefer not to receive duplicates.)

--
Peace. ~G


On Sun, 31 Oct 2004 18:22:36 -0600 (CST), J.A. Terranson <measl () mfn org> wrote:

On Mon, 1 Nov 2004, Nick FitzGerald wrote:

In another thread Hugo van der Kooij wrote:

Securing every machine on the internet would be a good start. 95% of all
spam messages I have seen lately gets send from DSL or Cable IP addresses.
These are machine which run spamware without the user knowing (s)he is
sending out spam by the buckets untill their ISP shuts them down.

Really?

95%?

Does anyone have sound statistics on how much spam comes from DSL/Cable
IP-space?

We see at minimum, several thousand a day, and while I can't give you a
statistic, I can state with great confidence that the vast majority,
likely a lot higher than 95%, comes from zombied machines, almost all on
DSL/Cable space.

And further, does anyone have any idea how to pick apart how much of
that is simply relaying type activity vs.dedicated spam-bot activity?

Does it matter?

--
Yours,

J.A. Terranson
sysadmin () mfn org
0xBD4A95BF

        "An ill wind is stalking
        while evil stars whir
        and all the gold apples
        go bad to the core"

        S. Plath, Temper of Time

_______________________________________________


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]