IETF Logo Mail Archive

Re: [Asrg] Spam Ecomomics

Gadi Evron <ge@linuxbox.org> Fri, 31 December 2004 17:19 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA12071 for <asrg-web-archive@ietf.org>; Fri, 31 Dec 2004 12:19:03 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CkQc8-0005DW-MI for asrg-web-archive@ietf.org; Fri, 31 Dec 2004 12:31:03 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CkQBC-0000AN-C8; Fri, 31 Dec 2004 12:03:10 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CkPxR-0005VP-Ak for asrg@megatron.ietf.org; Fri, 31 Dec 2004 11:48:57 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA10619 for <asrg@ietf.org>; Fri, 31 Dec 2004 11:48:54 -0500 (EST)
Received: from linuxbox.org ([24.155.83.21] ident=root) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CkQ90-0004ab-PM for asrg@ietf.org; Fri, 31 Dec 2004 12:00:55 -0500
Received: from [192.115.22.106] (prometheus.solaris.org.il [192.115.22.106]) (authenticated bits=0) by linuxbox.org (8.12.11/8.12.11/Debian-3) with ESMTP id iBVGq6hM025545 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 31 Dec 2004 10:52:08 -0600
Message-ID: <41D584E7.7060403@linuxbox.org>
Date: Fri, 31 Dec 2004 18:57:11 +0200
From: Gadi Evron <ge@linuxbox.org>
User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Hannigan, Martin" <hannigan@verisign.com>
Subject: Re: [Asrg] Spam Ecomomics
References: <A206819EF47CBE4F84B5CB4A303CEB7A14A477@dul1wnexmb01.vcorp.ad.vrsn.com>
In-Reply-To: <A206819EF47CBE4F84B5CB4A303CEB7A14A477@dul1wnexmb01.vcorp.ad.vrsn.com>
X-Enigmail-Version: 0.86.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham version=2.64
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on linuxbox.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Content-Transfer-Encoding: 7bit
Cc: "'asrg@ietf.org'" <asrg@ietf.org>
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
Content-Transfer-Encoding: 7bit

Hannigan, Martin wrote:
> To be honest with you, I don't know the answer to that.
> 
> My personal experience has been far more text spam than app spam. As you
> know, trojans are shipped over port 80 as well. I'm hit here more often than
> not. The reinfection mechanisms are usually not smtp but ms exploits on
> 445/139 etc and are scanned and found using a variety of techniques
> including http, icmp, and rpc.
> 
> That's a hard, but worthy, question.

Indeed. The problem is not just port 25, as a nice guy wrote here about 
a month ago.

It varies, but in my *personal* experience (so don't take my word on it, 
check yoru own data) the combination of spyware, worms (and other 
malware) and spam consists of between 50 and 80 per cent of an ISP's 
traffic.

This is an epidemic. Not "viruses". Someone needs to go out and say it.

	Gadi.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email