On June 20, 2003 at 18:10 research(_at_)solidmatrix(_dot_)com (Yakov
Shafranovich) wrote:
So your bottom line is that the spam problem is based on "how spammers
amplify their distribution channels while keeping costs nearly at zero."
I propose that if that is removed (or seriously diminished) the
problem will become mostly inconsequential and can then be dealt with
more in the manner of "consenting communications" via various methods,
mostly MUA, routinely mentioned here.
Legally pursuing spammers is not something we can affect or do in this
group. But what we CAN do, is look at these aspects closer and see if any
technical solutions are possible.
There are several approaches that have been mentioned that might have
relevance to this. First of all, making sure email is not untraceble allows
for LEA to catch the spammers. This would involve either changing SMTP,
implementing C/R, or some other system that would allow for traceability.
Domain names being owned by spammers is a problem too. Solutions must be
made to deal with that as well. Foreign ISPs, allowing for spam are also a
problem. And as you have mentioned many times before computers infected
with viruses and other similar junk are a problem as well, although I do
not see any possible solutions for that as well, not even any avenues of
research.
Many years ago I had a professor who ran an 800-student lecture like a
discussion group taking questions at any time.
His only admonition, when a hand went up, would be ``are you SURE the
other 799 people in the room are interested in what you are about to
ask? Or can it wait until after class?''
It worked pretty well.
On that note, I won't try to address your telling us of your personal
inability to think of any possible solutions...[or]...avenues of
research...
Let's start easy.
We've seen various blacklists. I consider them a mostly bad idea,
perhaps of some use to individuals, but it's something we should all
be familiar with.
Some of the more notorious black lists actively scanned the net with
software for systems which fit their notion of "open relays" and would
add these to the net as a hazard.
Now, would it be possible to scan similarly for systems infected with
Jeem or one of the other spammer slave bugs?
What would we do with that information?
That's probably not necessary to answer, unless someone doubts
anything good could be done. But, for example, inform the owner, an
ISP might quarantine or mail rate-limit a known infected computer
until it's fixed, block it entirely (from mail, from everything), etc.
Also, could these viruses be used as honeypots to gather information
about who is using them for both evidence and to just get those perps
shut down and/or blocked?
Anyhow, this all starts with whether it's possible to write a piece of
software which begins to scan the net for infected systems? I don't
know enough about these specific viruses right now to answer that
question: Do they use hard to guess passwords? Do they give failure
indications on use of a bad passwd which identifies the infection, or
listen on a specific port, etc?
Maybe we should also issue an RFC that simply says that the days of
computer, including personal and desktop computer, operating systems
being vulnerable to viruses (within some problem definition) should
have been over years ago via widely distributed and well-known
techniques utilized in highly successful and comparable operating
systems software.
As such, any operating system which does not meet a minimum standard
of being viral resistant (obviously some detail is needed here) and is
connected to the internet is non-conformant to RFC XYZZY or however
that's usually worded and is a potential hazard to the net at large.
For the love of money, XP and Windows/ME (and all earlier MS windows)
are both vulnerable to Jeem, sobig.a, and Proxy-Guzu, some of the more
cited viruses used in this sort of spamming.
And, in all cases, according to Symantec's database:
Systems Not Affected: Macintosh, OS/2, UNIX, Linux
I rest my case.
I think we know who's handing out the free whiskey and loaded shotguns
in the bad part of town. Make them stop doing that.
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg