_____________________________________________________________________ Scott Fosseen - Systems Engineer -Prairie Lakes AEA http://fosseen.us/scott _____________________________________________________________________ Judge: You say you're innocent, yet five people swore they saw you steal a watch. Defendant: Your Honor, I can produce 500 people who didn't see me steal it. - actual courtroom testimony _____________________________________________________________________
----- Original Message ----- From: "Dan Patnode" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 16, 2004 1:59 PM Subject: [Declude.JunkMail] Zombies 101 > > > > http://australianit.news.com.au/articles/0,7204,8901975%5e15388%5e%5enbv%5e, > 00.html > > > > > > > > Spam zombies on the rise > Anick Jesdanun > > MARCH 08, 2004 > > NEXT time you're looking for a culprit for all that junk mail flooding your > inbox, have a glance in the mirror. > > > > Spammers are increasingly exploiting home computers with high-speed internet > connections into which they've cleverly burrowed. > > Email security companies estimate that between one-third and two-thirds of > unwanted messages are relayed unwittingly by PC owners who set up software > incorrectly or fail to secure their machines. > > David Lawrence, 43, owns such a computer, which turned into a "spam zombie" > when a virus infected it in October. Five or six spammers were using his > cable modem to remotely send pitches for products like Viagra and boosters > for mobile phone signals. > > "Spammers and the people who write these viruses ... is their life so void > that they feel they have to mess up other people?" said Lawrence. "To me, > it's criminal." > > The self-employed American businessman from Georgia said he learned of his > computer's culpability when his internet service got suspended. "I called to > find out what was going on because I knew I had the bill paid," he said. > > Lawrence is by no means alone. > > Hundreds of thousands of computers worldwide have been infected by SoBig > and other viruses that are programmed to spawn gateways, known technically > as proxies, to relay spam. Though Lawrence had antivirus software, he hadn't > kept it updated. > > It's ironic to the president of the security website myNetWatchman.com, > Lawrence Baldwin, that those afflicted by spam are also often its couriers. > > "That's further encouragement, justification for taking responsibility for > your own system," said Baldwin. "If you don't, you can be part of the very > problem you're complaining about." > > Any internet-connected computer could be running a proxy spam relay, but > most of the malicious programs are written specifically for PCs that run > Windows. > > In the past, some spammers had sought out and exploited internet-connected > computers with misconfigured networking software. The latest and growing > threat is code purposely written to create spam relay proxies as it is > spread by malicious viruses. > > "It's just going to get worse," said Ken Schneider, chief technology > officer at spam-filtering company Brightmail. "Traditionally, virus writers > were driven more by reputation and trying to impress each other. Now there's > an economic motive." > > In February, a proxy program called Mitglieder began installing itself on > computers infected by January's Mydoom outbreak, said Mikko Hypponen, > manager of antivirus research at F-Secure Corp in Finland. He said such > programs can also sneak in if computer owners fail to install patches to fix > known Windows flaws. > > The shift in spamming methods even prompted the US Federal Trade Commission > to issue a consumer alert in January. The advisory encouraged consumers to > use antivirus and firewall programs and to check "sent mail" folders for > suspicious messages. > > Others say home Windows users should also keep their operating systems up > to date by visiting windowsupdate.microsoft.com. > > "If your computer has been taken over by a spammer, you could face serious > problems," the FTC advisory wrote. "Your Internet Service Provider (ISP) may > prevent you from sending any email at all until the virus is treated, and > treatment could be a complicated, time-consuming process." > > In the early days, spammers sent out junk messages directly from their > machines. ISPs easily found them and closed their accounts. > > Spammers then looked for so-called open relays. > > These are typically mail servers at ISPs, often in Asia or South America, > carelessly configured so that anyone on the internet can send mail through > them without needing a password. The relays make messages appear to have > come from an ISP, not the spammer. > > But ISPs and anti-spam activists soon identified many of the open-relay > machines and either pressured their owners to stop or blocked messages from > them. > > Stymied by a more concerted effort by ISPs to lock down their internet mail > servers, the spammers turned to the less vigorously protected home machines. > > They are abundant and simple to find. Spammers can cover their tracks and > become virtually untraceable. > > "It pains me to say it, but it's very clever of the spammer to have thought > of this, getting legitimate PCs to send spam on their behalf," said Andrew > Lochart, director of product marketing at email security company Postini > Inc. > > Steve Atkins, chief technology officer at the anti-spam consultancy Word to > the Wise LLC, said some ISPs continue to be plagued by open-relay > techniques, but spammers generally don't bother with them anymore because > it's so much easier to have success with home machines. > > Where much of the spam previously flowed through China, South Korea, Brazil > and other countries whose ISPs left many relays open, it's now being > hastened by a North American trend: more high-speed cable and DSL > connections at home. > > Such proxies are especially frustrating for ISPs to identify and block, > said Mary Youngblood, abuse team manager at EarthLink Inc. She said some > stay open only for a few hours and disappear by the time ISPs catch on, > while newer ones reconfigure themselves constantly like chameleons on a > single machine. > > The more versatile the open proxy, the longer it takes to isolate. > > John Levine, co-author of Fighting Spam for Dummies, said the proliferation > of proxies could force ISPs to take such measures as limiting how many > messages a customer can send in a given time period. > > In the meantime, ISPs are often being forced to cut off their own > customers. > > "As a customer, to have someone just arbitrarily shut me off, that would > more than mildly displease me," said Walt Wyndroski, network operations > manager for CityNet, which had shut down Lawrence. "We try to think from the > customer's standpoint, but we also have to look at the larger view of the > health of the network itself." > > The Associated Press > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] > > --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] --------------------------------------------------------- Archived messages from this list can be found at: http://www.mail-archive.com/[EMAIL PROTECTED]/ ---------------------------------------------------------