Re: [Asrg] Spammer proxies using legitamate mail relays
Laird Breyer <laird@lbreyer.com> Wed, 16 February 2005 01:54 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12785 for <asrg-web-archive@ietf.org>; Tue, 15 Feb 2005 20:54:20 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D1Ejd-000105-KO for asrg-web-archive@ietf.org; Tue, 15 Feb 2005 21:16:13 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1EMa-0001Ab-0s; Tue, 15 Feb 2005 20:52:24 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1ELS-0000so-H7 for asrg@megatron.ietf.org; Tue, 15 Feb 2005 20:51:14 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12557 for <asrg@ietf.org>; Tue, 15 Feb 2005 20:51:11 -0500 (EST)
Received: from gizmo10bw.bigpond.com ([144.140.70.20]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1D1EgX-0000tM-FK for asrg@ietf.org; Tue, 15 Feb 2005 21:13:04 -0500
Received: (qmail 24249 invoked from network); 16 Feb 2005 01:50:26 -0000
Received: from unknown (HELO bwmam11.bigpond.com) (144.135.24.100) by gizmo10bw.bigpond.com with SMTP; 16 Feb 2005 01:50:26 -0000
Received: from cpe-60-226-87-158.qld.bigpond.net.au ([60.226.87.158]) by bwmam11.bigpond.com(MAM REL_3_4_2a 180/79761993) with SMTP id 79761993; Wed, 16 Feb 2005 11:50:26 +1000
Received: from ender (ender.scoobynet [192.168.0.3]) by scooby (Postfix) with ESMTP id 9B35028FF for <asrg@ietf.org>; Wed, 16 Feb 2005 11:52:28 +1000
Received: by ender (Postfix, from userid 1000) id 2E6D6C4EE; Wed, 16 Feb 2005 11:33:32 +1000
Date: Wed, 16 Feb 2005 11:33:32 +1000
From: Laird Breyer <laird@lbreyer.com>
To: asrg@ietf.org
Subject: Re: [Asrg] Spammer proxies using legitamate mail relays
Message-ID: <20050216013331.GA11673@ender>
Mail-Followup-To: asrg@ietf.org
References: <59342.202.54.11.72.1108376038.squirrel@webmail.persistent.co.in> <200502160113.RAA22610@minerva.amdahl.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <200502160113.RAA22610@minerva.amdahl.com>
User-Agent: Mutt/1.5.6+20040523i
X-Spam-Score: 0.1 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: laird@lbreyer.com
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
X-Spam-Score: 0.1 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228
On Feb 15 2005, George Ou wrote: > According to this article http://www.spamhaus.org/news.lasso?article=156, > spamware has improved it's capability to avoid black listing by using the > legitimate outbound SMTP servers of it's infected victim. As a result, an > increasing amount of spam is coming from legitimate mail gateways. > > Does anyone have more detailed information on spamware and how it manages to > do this? Does it steal SMTP server configuration information from the If a trojan or spyware/spamware is installed on a user's Windows computer, then it can do everything a user can do. The actual details of how it's done don't matter, because you can never fully protect against that sort of abuse. All a program has to do is to move the mouse and simulate keyboard typing and then it has all the privileges of a user. If a password needs to be typed repeatedly, it can be intercepted and saved. Or the program can just wait for the user to type in credentials, and then hijack the mouse and keyboard. Other methods are simply programming shortcuts. The only limit is how smart the black hats are, and that depends on how much they are getting paid to write the spamware. -- Laird Breyer. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] AntiSpit Info. aseem_jakhar
- Re: [Asrg] AntiSpit Info. Jim Fenton
- [Asrg] Spammer proxies using legitamate mail rela… George Ou
- Re: [Asrg] Spammer proxies using legitamate mail … Laird Breyer
- RE: [Asrg] Spammer proxies using legitamate mail … George Ou
- Re: [Asrg] Spammer proxies using legitamate mail … Laird Breyer
- Re: [Asrg] Spammer proxies using legitamate mail … Jonathan Morton
- RE: [Asrg] Spammer proxies using legitamate mail … George Ou
- Re: [Asrg] Spammer proxies using legitamate mail … Jonathan Morton
- Re: [Asrg] Spammer proxies using legitamate mail … Gadi Evron
- Re: [Asrg] Spammer proxies using legitamate mail … James Lick
- RE: [Asrg] Spammer proxies using legitamate mail … George Ou
- Re: [Asrg] Spammer proxies using legitamate mail … Tony Finch