80% of SPAM is now from Windows Zombie PCs....

Discussion in 'NZ Computing' started by steve, Jun 9, 2004.

  1. steve

    steve Guest

    Thanks, Windows users.



    Zombie PCs spew out 80% of spam

    By John Leyden
    Published Friday 4th June 2004 13:08 GMT

    Four-fifths of spam now emanates from computers contaminated with Trojan
    horse infections, according to a study by network management firm
    Sandvine out this week. Trojans and worms with backdoor components such
    as Migmaf and SoBig have turned infected Windows PCs into drones in vast
    networks of compromised zombie PCs.

    Sandvine reckons junk mails created and routed by "spam Trojans" are
    clogging ISP mail servers, forcing unplanned network upgrades and
    stoking antagonism between large and small ISPs.

    Using its own technology, Sandvine was able to identify subscribers
    bypassing their home mail servers and contacting many mail servers
    within a short period of time - a sure sign of spam Trojan activity -
    over sustained periods. It also looked at SMTP error messages returned,
    which helps to clarify the total volume of spam within the service
    provider network. "After comparing those data points with the total
    volume of legitimate messages passing through the service provider's
    mail system, we are able to arrive at our percentage of 80 per cent,"
    explained Sandvine spokesman Mark De Wolf.

    Sandvine's analysis, cross referenced with data from SORBS, to determine
    what IP space is assigned to residential subscriber pools of global
    service providers, shows most spam now originating from residential
    broadband networks.

    Viral marketing

    Instead of using open mail relays or unscrupulous hosts (so-called
    'bullet-proof' hosting - in reality, ISPs in developing countries who
    pull the plug on spammers when enough complaints are received by their
    upstream provider), spammers are using compromised machines to get their
    junk mail out. Many security firms reckons many of the most
    well-publicized worm attacks in recent months (such as MyDoom and Bagle)
    were launched expressly to install spam Trojans on unsuspecting end
    users' machines - waiting to be utilized later as a spam delivery relay.
    This expanding network of infected, zombie PCs can also be used as
    platforms for DDoS attacks, such as those that many online bookies have
    suffered in recent months.

    Sandvine's preliminary analysis has shown that the most active Trojans
    for spamming purposes are the Migmaf and SoBig variants. Its work on
    this area of the problem is still at an early stage.

    The behaviour of spam Trojans on the network taxes ISP infrastructure
    and, in the case of smaller ISPs, creates the perception that some
    networks are generating more than their fair share of spam and other
    types of malicious traffic. The mounting scope of the problem means ISP
    need to begin filtering traffic - rather than leaving the problem up to
    end users - if spam is to be contained, Sandvine argues.

    "While spam filters can provide an effective treatment, the scale &
    scope of the spam problem means additional remedies are needed", said
    Marc Morin, co-founder and chief technology officer of Sandvine. "As a
    complement to existing mail server and client based tools, service
    providers need to arm themselves with network-based anti-spam defences
    and combat this growing form of malicious traffic." ®
    steve, Jun 9, 2004
  2. steve

    Ralph Fox Guest

    On Wed, 09 Jun 2004 18:02:44 +1200, in article

    This does not surprise me.

    I regularly see identical spam messages, only a few seconds apart,
    from two different IP addresses on two different ISPs.

    My guess is two different PCs running the same spamhaus's trojan.

    I got two such pairs yesterday.
    One pair were less than a second apart and absolutely
    identical (except for the 'Received' header added by
    my ISP to show the sender's IP and HELO name).

    I wonder whether and when my ISP will start refusing to
    accept email from external cable and adsl IP address ranges.
    Ralph Fox, Jun 9, 2004
  3. steve

    steve Guest

    You'll notice a lot of them are comcast and verizon.

    These two ISPs have been doing nothing about the zombie PCs among their
    customer base.

    As each item arrives, I block that IP address on my own mailserver so it
    can never send to me again. If I get enough addresses in a Class C, I
    block the whole class C.

    I do this because I do not want to even receive the incoming
    item....rather than receive it and filter it out then.
    steve, Jun 9, 2004
  4. Yeah, thank to MS for creating the OS that is the choice of 95% of PC
    Patrick Dunford, Jun 9, 2004
  5. steve

    Invisible Guest

    I don't know if "choice" is the right word. Your average Leeming HP buyer
    wouldn't have a bloody clue what an operating system is, let alone how many are
    Invisible, Jun 9, 2004
  6. steve

    steve Guest


    Go buy a desktop PC without Windows pre-loaded from Dell, HP, Hewlett

    Just try.

    Don't lie about "choice", Patrick.
    steve, Jun 9, 2004
  7. steve

    steve Guest

    And they won't find out at Leeming's either.

    They aren't given any choice.
    steve, Jun 9, 2004
  8. They know that everyone uses Windows. Do you really think there would be
    the same response if they started selling Macs?
    Patrick Dunford, Jun 9, 2004
  9. Not lying, but you are close to the wind, aren't you.

    Some retailers sell only Macs, why aren't more Macs sold?

    People are more intelligent than some of these greenies like to make out.
    Patrick Dunford, Jun 9, 2004
  10. steve

    whoisthis Guest

    if linux is free then you can choose to remove it at zero cost and put
    linux on it. So you DO have choice, and peoploe choose to leave it on.
    whoisthis, Jun 9, 2004
  11. steve

    whoisthis Guest

    I thought I saw a linux install in one somewhere, so there is choice
    whoisthis, Jun 9, 2004
  12. In Steve's world everyone who challenges his worldview is a liar.

    There's always been choice in the marketplace. Why doesn't apple sell
    more iMacs? When it was the Apple ][ vs all the other interesting little
    computers out there, the Apple ][ was the king. Then the IBM PC came out
    and people made their own choices again.
    Patrick Dunford, Jun 9, 2004
  13. steve

    SNOman Guest


    Such is popularity!

    If windows didn't exist then we'd all be blaming Linux users, or Mac
    users or what ever was the most popular product.
    SNOman, Jun 10, 2004
  14. steve

    whoisthis Guest

    Well I beleive that Microsoft has abused its position to kill of
    competition, and still do so. I believe that what they have done is to
    stifle inovation, and as such I choose not to use MS products where I
    can avoid it. However I do not see the linux camp as being highly
    inovative either, they are very good at implementing other peoples ideas
    but not so good at true inovation.
    whoisthis, Jun 10, 2004
  15. steve

    Barg Guest

    You got your heading wrong. Should've been;

    80% of SPAM is now from Windows Zombies....

    Linux (and lovin' it)
    Barg, Jun 10, 2004
  16. steve

    Invisible Guest

    And ask Lemmings for a refund & give them back the XP sticker & CD
    Invisible, Jun 10, 2004
  17. steve

    brundlefly Guest

    Quite so, and if they were BROKEN they would deserve the blame for being
    BROKEN every bit as much as Windows does now
    brundlefly, Jun 10, 2004
  18. steve

    Divine Guest

    I dunno about that.

    The clock on my desktop reads "half past seven" in the font of my choice -
    not "7:30".

    I also have a programmable tea timer sitting in my system tray. I also
    have a transparent task bar.

    Someone in the Open Source community innovated those ideas - certainly not

    Divine, Jun 10, 2004
  19. steve

    Peter Guest

    MS hasn't even caught up with tabbed browsing yet.

    Peter, Jun 10, 2004
  20. steve

    steve Guest

    Sure you are. You're saying people choose Windows. The reality is that
    they don't really have a choice if they buy retail....unless they go to
    one of the small vendors and buy an empty PC.
    It's just another proprietary platform like Windows. Only with a much
    smaller user base.
    "Green" has nothing to do with this.....but your dishonesty is again noted.
    steve, Jun 10, 2004
