Re: Bots was Re: [Asrg] Email service assumptions and making system-wide changes
Barry Shein <bzs@world.std.com> Tue, 17 January 2006 18:39 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EyvjT-0000nO-N7; Tue, 17 Jan 2006 13:39:03 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EyvjR-0000me-Vk for asrg@megatron.ietf.org; Tue, 17 Jan 2006 13:39:02 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA07658 for <asrg@ietf.org>; Tue, 17 Jan 2006 13:37:36 -0500 (EST)
Received: from pcls1.std.com ([192.74.137.141] helo=TheWorld.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Eyvrc-00022c-Ux for asrg@ietf.org; Tue, 17 Jan 2006 13:47:29 -0500
Received: from world.std.com (world.std.com [192.74.137.5]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id k0HIZC9m029523; Tue, 17 Jan 2006 13:35:12 -0500
Received: (from bzs@localhost) by world.std.com (8.12.8p1/8.12.8) id k0HIXiIc004665; Tue, 17 Jan 2006 13:33:44 -0500 (EST)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <17357.14471.781702.895067@world.std.com>
Date: Tue, 17 Jan 2006 13:33:43 -0500
To: Tom Petch <nwnetworks@dial.pipex.com>
Subject: Re: Bots was Re: [Asrg] Email service assumptions and making system-wide changes
In-Reply-To: <014a01c61b5a$5369ff60$0601a8c0@pc6>
References: <OF4768D65E.ECA3CB39-ON802570F8.004A9BA8-802570F8.004AA408@slc.co.uk> <43CBF4CD.30708@dcrocker.net> <17355.64568.706837.635025@world.std.com> <014a01c61b5a$5369ff60$0601a8c0@pc6>
X-Mailer: VM 7.07 under Emacs 21.2.2
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 22bbb45ef41b733eb2d03ee71ece8243
Content-Transfer-Encoding: 7bit
Cc: asrg@ietf.org, Barry Shein <bzs@world.std.com>
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
On January 17, 2006 at 12:07 nwnetworks@dial.pipex.com (Tom Petch) wrote: >What I do see is a lack of evidence in the form of articles > written on technology in serious newspapers, particularly those advising on the > use of technology. The concept of bots does not figure, so either these > professional journalists are ignorant or our view is skewed or ... I think you're beginning to see a reaction from those involved in this field that you must not be paying attention. But I'll admit that's unsatisfying so here are some significant and recent articles for your edification. I tried hard to favor major and popular news sources: 1. Study: Nearly a Quarter Million PCs Turned Into 'Zombies' Daily http://www.technewsworld.com/story/Zyd9zlwZK6bxGL/Study-Nearly-a-Quarter-Million-PCs-Turned-Into-Zombies-Daily.xhtml 2. Shut down Sober-infected PCs, ISPs urged http://software.silicon.com/malware/0,3800003100,39155484,00.htm 3. Spam Slayer: FTC's CAN-SPAM Report Card http://abcnews.go.com/Technology/PCWorld/story?id=1424942 Tip of the Month Don't let your PC become a zombie: Industry experts estimate 60 percent of all spam is sent from zombie PCs whose owners have no idea their PCs are being used for such purposes... 4. Don't ignore newly found booby trap in Windows http://www.baltimoresun.com/technology/bal-bz.himowitz05jan05,1,4817689.column?track=mostemailedlink ...The flaw allows programmers to execute malicious code on your computer when you view a booby-trapped graphic known as a Windows Metafile. Once you've done that, the hacker can literally take over your PC. He can steal critical information, download additional spyware or turn the machine into a "zombie" that attacks other systems and delivers millions of spam e-mails... 5. Spammer faces up to two years in jail http://news.zdnet.com/2100-1009_22-6026708.html Daniel Lin, of West Bloomfield, along with three other men from West Bloomfield, was charged in April 2004 with sending spam over compromised computers belonging to the likes of Ford, Unisys and the U.S. Army Information Center... 6. Detroit spammer faces slammer http://www.channelregister.co.uk/2006/01/13/detroit_spam_case/ A US spammer likely faces at least two years in jail next week after he admitted using networks of compromised PCs to distribute junk mail messages... The group made in excess of $100K, according to reports... (bzs: that last sentence is interesting...only $100K?! Now think about the economics of spamming and why these guys have to steal resources.) 7. Dutch extortion botnet http://p2pnet.net/story/7394 ...The botnet comprised some 100,000 computers, according to the authorities, he says, but, "The actual number was 1.5 million computers" and, "I've heard reports from reputable sources that the actual number was 'significantly higher' " and may still be growing... ..."The bots continually scan the network and try to infect other machines," states Schneier... 8. Virus disguises itself as MSN Messenger http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2005/12/28/BUG18GDQSJ1.DTL&type=business ..."It also connects your machine to a botnet server," F-Secure warned, meaning that a person's computer can be controlled remotely to attack other machines or send spam... 9. eBay hacker pleads guilty http://www.tgdaily.com/2005/12/28/ebay_hacker_pleadsguilty/ ...Anthony Clark, the hacker who launched a massive Denial of Service Attack on eBay in 2003, has pleaded guilty. Clark had taken control of 20,000 computers and formed a "botnet". He redirected traffic coming from the controlled computers to eBay and temporarily made the popular Internet auction house unreachable. The twenty-one year old Oregon man could face up to ten years in prison. (bzs: ok, this botnet was used in a DoS attack but I think it underscores the general theme that they exist, are dangerous, numbers of PCs involved (20,000 in this case), and becoming legally dangerous to their operators.) 10. TECH NOTES http://www.timesdispatch.com/servlet/Satellite?pagename=RTD%2FMGArticle%2FRTD_BasicArticle&c=MGArticle&cid=1128769030716&path=!business&s=1045855934855 ...Spam-detection experts say these pitches are emerging as scam rings become more savvy at using "zombie" PCs -- regular people's computers surreptitiously compromised by viruses and other vulnerabilities. I hope that begins to make the point. > By comparison, suggestions that most spam came from a small number of people or > that there was an increase in spam from former communist states has been backed > up by statistics, by reference to web sites etc. These two observations are not in any way incompatible. A) The spammers' exploit of choice are massive armies of virus infected zombie pcs numbering from the tens of thousands to probably something over a million in number. B) The number of individuals/gangs using these exploits effectively is probably somewhat low. ROKSO (www.spamhaus.org) maintains that less than 200 individuals (and that includes multiple members of the same gangs) are responsible for the vast majority of spam, and at some cut-off it's probably signficantly less than that, perhaps dozens. But A doesn't in any way contradict B, it's merely the description of the situation. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide Software Tool & Die | Public Access Internet | SINCE 1989 *oo* _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Re: Bots Frank Ellermann
- [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? der Mouse
- Re: [Asrg] Spam, why is it still a problem? Tom Petch
- Re: [Asrg] Spam, why is it still a problem? Danny Angus
- Re: [Asrg] Spam, why is it still a problem? Andrew W. Donoho
- Re: [Asrg] Spam, why is it still a problem? Dave Crocker
- [Asrg] Re: Spam, why is it still a problem? Frank Ellermann
- Re: [Asrg] Spam, why is it still a problem? Barry Shein
- RE: [Asrg] Spam, why is it still a problem? Hallam-Baker, Phillip
- Re: [Asrg] Spam, why is it still a problem? Seth Breidbart
- [Asrg] Email service assumptions and making syste… Dave Crocker
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- [Asrg] Re: Email service assumptions and making s… Frank Ellermann
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- Re: [Asrg] Email service assumptions and making s… Douglas Otis
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- [Asrg] Re: Spam, why is it still a problem? Stephane Bortzmeyer
- Re: [Asrg] Re: Spam, why is it still a problem? Gadi Evron
- [Asrg] Re: Spam, why is it still a problem? Stephane Bortzmeyer
- Re: [Asrg] Re: Spam, why is it still a problem? Tom Petch
- Bots was Re: [Asrg] Email service assumptions and… Tom Petch
- Re: [Asrg] Email service assumptions and making s… John Levine
- Re: Bots was Re: [Asrg] Email service assumptions… John Levine
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Douglas Otis
- Re: Bots was Re: [Asrg] Email service assumptions… Barry Shein
- [Asrg] Re: Bots Frank Ellermann
- RE: [Asrg] Re: Bots Larry Seltzer
- Re: [Asrg] Re: Bots Douglas Otis
- Re: [Asrg] Re: Bots Seth Breidbart
- [Asrg] Re: Bots Frank Ellermann
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- [Asrg] Re: Bots Frank Ellermann
- Re: [Asrg] Re: Spam, why is it still a problem? Craig Cockburn
- RE: [Asrg] Re: Bots Larry Seltzer
- Re: [Asrg] Re: Bots Gadi Evron
- Re: [Asrg] Re: Spam, why is it still a problem? Douglas Otis
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Re: Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? Danny Angus
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Email service assumptions and making s… Seth Breidbart
- Re: [Asrg] Spam, why is it still a problem? Craig Cockburn
- Re: [Asrg] Spam, why is it still a problem? Bill Cole
- Re: [Asrg] Spam, why is it still a problem? John Levine
- Re: [Asrg] Spam, why is it still a problem? Barry Shein
- Re: [Asrg] Email service assumptions and making s… Barry Shein
- Re: [Asrg] Email service assumptions and making s… Laird Breyer
- [Asrg] Re: Email service assumptions and making s… Frank Ellermann
- Re: [Asrg] Email service assumptions and making s… Danny Angus
- Re: [Asrg] Spam, why is it still a problem? John Levine
- RE: [Asrg] Re: Spam, why is it still a problem? Wesley Peters
- Re: [Asrg] Spam, why is it still a problem? Dave Crocker
- Re: [Asrg] Email service assumptions and making s… Dave Crocker
- Re: [Asrg] Spam, why is it still a problem? Danny Angus