IETF Logo Mail Archive

Re: [Asrg] Spam Ecomomics

"Hannigan, Martin" <hannigan@verisign.com> Fri, 31 December 2004 16:50 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA10666 for <asrg-web-archive@ietf.org>; Fri, 31 Dec 2004 11:50:20 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CkQAN-0004cH-QR for asrg-web-archive@ietf.org; Fri, 31 Dec 2004 12:02:21 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CkPrU-0004fq-GU; Fri, 31 Dec 2004 11:42:48 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CkPlm-00033N-4A for asrg@megatron.ietf.org; Fri, 31 Dec 2004 11:36:54 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA09867 for <asrg@ietf.org>; Fri, 31 Dec 2004 11:36:51 -0500 (EST)
Received: from falcon.verisign.com ([216.168.239.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CkPxL-0004Hc-E2 for asrg@ietf.org; Fri, 31 Dec 2004 11:48:51 -0500
Received: from VSVAPOSTALGW1.vcorp.ad.vrsn.com (vsvapostalgw1.vcorp.ad.vrsn.com [10.170.12.38]) by falcon.verisign.com (8.12.10/8.12.10) with ESMTP id iBVGW0op002365; Fri, 31 Dec 2004 11:32:00 -0500 (EST)
Received: by vsvapostalgw1.vcorp.ad.vrsn.com with Internet Mail Service (5.5.2657.72) id <Y05Q5RM4>; Fri, 31 Dec 2004 11:36:22 -0500
Message-ID: <A206819EF47CBE4F84B5CB4A303CEB7A14A477@dul1wnexmb01.vcorp.ad.vrsn.com>
From: "Hannigan, Martin" <hannigan@verisign.com>
To: "'ge@linuxbox.org'" <ge@linuxbox.org>
Subject: Re: [Asrg] Spam Ecomomics
Date: Fri, 31 Dec 2004 11:36:18 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
Cc: "'asrg@ietf.org'" <asrg@ietf.org>
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69

To be honest with you, I don't know the answer to that.

My personal experience has been far more text spam than app spam. As you
know, trojans are shipped over port 80 as well. I'm hit here more often than
not. The reinfection mechanisms are usually not smtp but ms exploits on
445/139 etc and are scanned and found using a variety of techniques
including http, icmp, and rpc.

That's a hard, but worthy, question.

-M
 
---
Martin Hannigan
hannigan@verisign.com
Verisign, Inc.


-----Original Message-----
From: Gadi Evron <ge@linuxbox.org>
To: Hannigan, Martin <hannigan@verisign.com>
CC: asrg@ietf.org <asrg@ietf.org>
Sent: Fri Dec 31 08:29:51 2004
Subject: Re: [Asrg] Spam Ecomomics

Hannigan, Martin wrote:
> Sorry - Gadi, possible, but you're doing a good job explaining. I'm only
on
> my second cup of 4 coffees this morning. 
> 
> If a trojan is shipped in a spam, its still classically defined spam.

Nahh, martin, it is probably my cold effecting my mind. :)

What I meant by that is, that ther traffic that worms generate on SMTP 
along with spam, would consist of most of the SMTP traffic about. Would 
you disagree?

	Gadi.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email