I don't know what proof MessageLabs has, but they report that spammers are breaking into home PCs of unsuspecting users to send junk mail. http://www.vnunet.com/News/1141610 Spammers are increasingly hijacking home PCs to send junk mail, according to MessageLabs. The managed email service provider claims to have proof of spammers using viruses to plant Trojan malware on PCs to provide remote access.
Hi, Sean. ] I don't know what proof MessageLabs has, but they report that spammers ] are breaking into home PCs of unsuspecting users to send junk mail. What proof? Old proof. :) There are numerous bots, including the now venerable SDbot, that have this capability. This doesn't count the plethora of other malware that can also forward spam. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
RT> Date: Mon, 16 Jun 2003 00:27:23 -0500 (CDT) RT> From: Rob Thomas RT> ] I don't know what proof MessageLabs has, but they report RT> ] that spammers are breaking into home PCs of unsuspecting s/home/home, business, colo, and most any other/ RT> ] users to send junk mail. RT> RT> What proof? Old proof. :) There are numerous bots, RT> including the now venerable SDbot, that have this capability. RT> This doesn't count the plethora of other malware that can RT> also forward spam. ...and not only spam, but Joe job spam. Those of us at the edge have heard "why am I getting bounces for mail I didn't send?" a time or two. :-( MessageLabs just now realized this? AFAIK, this and open proxies are pretty much _the_ standard vectors nowadays for spamming. Has ML also "discovered" it's pretty much up to service providers to combat this, and that it is far from the most pressing issue law enforcement has on their proverbial plates? Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.
On Mon, 16 Jun 2003, E.B. Dreger wrote:
Has ML also "discovered" it's pretty much up to service providers to combat this, and that it is far from the most pressing issue law enforcement has on their proverbial plates?
law enforcement seems to be much more interested in prosecuting hard to trace underage script kiddies, that it does prosecuting easily traceable adult porn spammers who trojan 1000's of peoples machines. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Dan Hollis wrote:
law enforcement seems to be much more interested in prosecuting hard to trace underage script kiddies, that it does prosecuting easily traceable adult porn spammers who trojan 1000's of peoples machines.
I suspect that the latter can pay for 'lobbying' better. Cough. Peter
It should be easy enough to 'follow the money' by seeing who's doing the selling - Whoever's paying for the advertising should be held accountable for the spam generated - even by subcontractors. - Lars -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Dan Hollis Sent: Monday, June 16, 2003 12:39 PM To: E.B. Dreger Cc: NANOG Subject: Re: Spammers use Trojans On Mon, 16 Jun 2003, E.B. Dreger wrote:
Has ML also "discovered" it's pretty much up to service providers to combat this, and that it is far from the most pressing issue law enforcement has on their proverbial plates?
law enforcement seems to be much more interested in prosecuting hard to trace underage script kiddies, that it does prosecuting easily traceable adult porn spammers who trojan 1000's of peoples machines. -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Speaking on Deep Background, the Press Secretary whispered:
It should be easy enough to 'follow the money' by seeing who's doing the selling -
Whoever's paying for the advertising should be held accountable for the spam generated - even by subcontractors.
That's exactly the point the attny made during the FTC conference. There are mighty few spammers that don't want your money. That's your gotcha. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
On Tue, 17 Jun 2003, David Lesher wrote:
That's exactly the point the attny made during the FTC conference. There are mighty few spammers that don't want your money. That's your gotcha.
The FTC need to run some sting operations and nab these clowns trojaning everyones computers. Should be pretty easy as theyre all over the place... -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
I'd suggest a two pronged approach - 1) Technical, tracing the source/destination of such 2) Financial, going after whoever is paying the spammers You'd need (1) to prosecute (2) - -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Dan Hollis Sent: Tuesday, June 17, 2003 11:04 AM To: David Lesher Cc: nanog list Subject: Re: Spammers use Trojans On Tue, 17 Jun 2003, David Lesher wrote:
That's exactly the point the attny made during the FTC conference. There are mighty few spammers that don't want your money. That's your gotcha.
The FTC need to run some sting operations and nab these clowns trojaning everyones computers. Should be pretty easy as theyre all over the place... -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Speaking on Deep Background, the Press Secretary whispered:
That's exactly the point the attny made during the FTC conference. There are mighty few spammers that don't want your money. That's your gotcha.
The FTC need to run some sting operations and nab these clowns trojaning everyones computers. Should be pretty easy as theyre all over the place...
I was not clear. This was the private practice atty who did some work for Earthlink; I don't recall his name. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
On Mon, Jun 16, 2003 at 05:46:07AM +0000, E.B. Dreger wrote:
MessageLabs just now realized this? AFAIK, this and open proxies are pretty much _the_ standard vectors nowadays for spamming. Has ML also "discovered" it's pretty much up to service providers to combat this, and that it is far from the most pressing issue law enforcement has on their proverbial plates?
Heck I've had a steady stream of SOCK Proxy attempts against my own home DSL network from AS28706 IP space over the last month alone... The occurances have done nothing but increase... Regards, Jeremy T. Bouse
: I don't know what proof MessageLabs has, but they report that spammers : are breaking into home PCs of unsuspecting users to send junk mail. I see quite a bit of this; mostly from DSL customers. What few spam complaints we get are by far sent by this method. The users have no idea their boxes are spamming. James Edwards jamesh@cybermesa.com Routing and Security
On Mon, 16 Jun 2003, Sean Donelan wrote:
I don't know what proof MessageLabs has, but they report that spammers are breaking into home PCs of unsuspecting users to send junk mail.
http://www.vnunet.com/News/1141610 Spammers are increasingly hijacking home PCs to send junk mail, according to MessageLabs. The managed email service provider claims to have proof of spammers using viruses to plant Trojan malware on PCs to provide remote access.
Yes this is the latest in evolution from open relay, formmail vulns and now to worm/trojans I think this is the source of the joe job stuff i posted about a couple weeks back Steve
participants (10)
-
Dan Hollis -
David Lesher -
E.B. Dreger -
james -
Jeremy T. Bouse -
Lars Higham -
Peter Galbavy -
Rob Thomas -
Sean Donelan -
Stephen J. Wilcox