Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Spam sent via spambots?
From: James Riden <j.riden () massey ac nz>
Date: Mon, 01 Nov 2004 14:38:01 +1300

Nick FitzGerald <nick () virus-l demon co uk> writes:

J.A. Terranson wrote:

And further, does anyone have any idea how to pick apart how much of
that is simply relaying type activity vs.dedicated spam-bot activity?

Does it matter?

Yes, as many of the former are simply due to (legitimate user) 
misconfiguration and do not provide any form of backdooring to the 
system, whereas the spammers are much more actively involved in 
"managing" the latter and can actively update/replace/supplement the 
code running on them.  Thus the latter are much more likely able to 
avoid (or perhaps "survive") "fixing".

Very little spam seems to come from traditional open mail relays these
days. A lot of the stuff I look at has come direct from the spammer
themselves, or from dynamic space, or university resnets.

I can't give accurate statistics though, because we're rejecting mail
at our MXs using sbl-xbl.spamhaus.org, which is specifically designed
to stop this kind of thing in the first place. (Last time I checked,
XBL was a composite of CBL, http://cbl.abuseat.org/ and OPM, an open
proxy list - see http://www.spamhaus.org/xbl )

James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]