Re: [Asrg] Spammer proxies using legitamate mail relays

Laird Breyer <laird@lbreyer.com> Wed, 16 February 2005 01:54 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12785 for <asrg-web-archive@ietf.org>; Tue, 15 Feb 2005 20:54:20 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D1Ejd-000105-KO for asrg-web-archive@ietf.org; Tue, 15 Feb 2005 21:16:13 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1EMa-0001Ab-0s; Tue, 15 Feb 2005 20:52:24 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D1ELS-0000so-H7 for asrg@megatron.ietf.org; Tue, 15 Feb 2005 20:51:14 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA12557 for <asrg@ietf.org>; Tue, 15 Feb 2005 20:51:11 -0500 (EST)
Received: from gizmo10bw.bigpond.com ([144.140.70.20]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1D1EgX-0000tM-FK for asrg@ietf.org; Tue, 15 Feb 2005 21:13:04 -0500
Received: (qmail 24249 invoked from network); 16 Feb 2005 01:50:26 -0000
Received: from unknown (HELO bwmam11.bigpond.com) (144.135.24.100) by gizmo10bw.bigpond.com with SMTP; 16 Feb 2005 01:50:26 -0000
Received: from cpe-60-226-87-158.qld.bigpond.net.au ([60.226.87.158]) by bwmam11.bigpond.com(MAM REL_3_4_2a 180/79761993) with SMTP id 79761993; Wed, 16 Feb 2005 11:50:26 +1000
Received: from ender (ender.scoobynet [192.168.0.3]) by scooby (Postfix) with ESMTP id 9B35028FF for <asrg@ietf.org>; Wed, 16 Feb 2005 11:52:28 +1000
Received: by ender (Postfix, from userid 1000) id 2E6D6C4EE; Wed, 16 Feb 2005 11:33:32 +1000
Date: Wed, 16 Feb 2005 11:33:32 +1000
From: Laird Breyer <laird@lbreyer.com>
To: asrg@ietf.org
Subject: Re: [Asrg] Spammer proxies using legitamate mail relays
Message-ID: <20050216013331.GA11673@ender>
Mail-Followup-To: asrg@ietf.org
References: <59342.202.54.11.72.1108376038.squirrel@webmail.persistent.co.in> <200502160113.RAA22610@minerva.amdahl.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <200502160113.RAA22610@minerva.amdahl.com>
User-Agent: Mutt/1.5.6+20040523i
X-Spam-Score: 0.1 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: laird@lbreyer.com
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
X-Spam-Score: 0.1 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228

On Feb 15 2005, George Ou wrote:
> According to this article http://www.spamhaus.org/news.lasso?article=156,
> spamware has improved it's capability to avoid black listing by using the
> legitimate outbound SMTP servers of it's infected victim.  As a result, an
> increasing amount of spam is coming from legitimate mail gateways.
> 
> Does anyone have more detailed information on spamware and how it manages to
> do this?  Does it steal SMTP server configuration information from the

If a trojan or spyware/spamware is installed on a user's Windows
computer, then it can do everything a user can do. The actual details
of how it's done don't matter, because you can never fully protect
against that sort of abuse.

All a program has to do is to move the mouse and simulate keyboard
typing and then it has all the privileges of a user. If a password
needs to be typed repeatedly, it can be intercepted and saved. Or the
program can just wait for the user to type in credentials, and then
hijack the mouse and keyboard. Other methods are simply programming
shortcuts.

The only limit is how smart the black hats are, and that depends on how
much they are getting paid to write the spamware.

-- 
Laird Breyer.

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg