Yakov Shafranovich said:
At 11:02 PM 5/20/2003 -0400, Eric D. Williams wrote:
Has anyone done a forensic examination of 'spamware' and/or developed a
taxonomy of its internals? Will knowing the 'weapons' - to co-opt an
analogy being proposed by some - aid in defeating the 'enemy'? Are
there any other 'artifacts' not directly related to the 'spam' problem,
that can aid in determining methods to defeat 'it'?
If you remember that article from the Oregonian about a spammer talking
about his business, he mentioned that spammers operate all kinds of
clubs and chatrooms where such software is discussed and developed. The
only way to obtain this software, is for someone to find a cooperating
spammer (like that's going to happen!) or "infiltrate" these clubs
acting as a spammer. That requires time and effort, and all of us are
working people with not much of that going around. The spammer discussed
in the article was unemployed I believe, and had plenty of free time.
Nevertheless, if anyone possesses or has any type of spam software,
please come forward.
I have heard from "white hat" people with some in their possession --
usually obtained from cracked or trojaned boxes, where the spamware is
running (and relaying spam!) when discovered.
In addition, I hear that some of the tools can be downloaded quite simply
from the web! Search google for "bulk mail stealth download" and there
should be a few hits.
Unfortunately I do not have access to any code myself.
BTW, it would be instructive if someone who has access to one, and the
know-how to decompile it, could examine its sending code and indicate
whether it uses randomly-generated addresses, or a static list of existing
ones loaded from a config file, for the addresses used in the MAIL FROM
SMTP command and From: header.
--j.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg