[Asrg] Solving spam == Solving zombies/botnets
Walter Dnes
waltdnes at waltdnes.org
Mon Dec 1 21:25:37 PST 2008
On Sat, Nov 29, 2008 at 09:50:55PM -0600, mathew wrote
> On Sat, Nov 29, 2008 at 18:29, Rich Kulawiec <rsk at gsp.org> wrote:
>
> > Yes. I have spam-in-hand from multiple incidents. And it is of course
> > not necessary for them to guess, since they could (a) subscribe to those
> > lists and harvest part of the subscriber list (b) grab the archives of
> > [some] lists and harvest part of the subscriber list (c) go through the
> > "address books" and stored mail on any zombied system and note any mailing
> > list which any mail address in use on that system is subscribed to
> > (d) go through any zombie which happens to be a mailing list server (e)
> > etc.
> >
> > So why don't we see more of it? I suspect because it's not worth
> > their trouble -- yet.
>
>
> Then perhaps we should consider a side-discussion of ways to combat the
> problem?
Here's an opportunity to discuss the FUSSP-killer. Email is really
machine-to-machine, which is assumed to be a "reasonable facsimile" of
person-to-person. If a machine can be zombied, then, with the aid of a
key-logger, any certificate/password/jumping-through-flaming-hoops that
a person can supply can also be supplied by his machine. This is what's
known in crime-fighting circles as "an inside job".
Botnets have evolved. Instead of trying to send a million emails a
night through one zombied machine, botnets now send 4 emails a night
through each of 250,000 machines. The latter is almost impossible to
detect, versus the former.
What it boils down to is that to majorly reduce spam, we have to
majorly reduce botnets/zombies.
--
Walter Dnes <waltdnes at waltdnes.org>
More information about the Asrg
mailing list