ietf-asrg
[Top] [All Lists]

Re: [Asrg] In case anyone thought Barry was exaggerating

2003-06-26 16:31:45

On June 26, 2003 at 11:13 research(_at_)solidmatrix(_dot_)com (Yakov 
Shafranovich) wrote:
Well, this raises an interesting issue that I mentioned before - if a virus 
takes over someone's email client, lets say Outlook, and starts sending 
spam from that person's account which is legit, there isn't much we can do. 

Wait a minute, let's restate that a little more accurately:

If we can conclude that MILLIONS of PCs are PURPOSELY being infected
by viruses designed to turn them into spam delivery robots...then
there's nothing we can do?

Sure we can, for starters we can alert all interested parties that
this is underlying the spam problem and more importantly agree that
this is the real problem.

It's not the message, it's the amplification.

And the amplification is being obtained criminally and massively.

And it's only through this illegally obtained amplification is spam
the problem we see.

You've all got to stop thinking like end-users who can only see the
message on your screen and start thinking like network engineers and
ask questions like how the heck did some two-bit punk just send 100M
get rich quick spams from hundreds of different IP addresses?

And, further, would this really be much of a problem if they couldn't
do exactly that? Could Joe Chickenboner and his 386 on a 56k dialup
really send out 100M msgs from that one machine before being shut down
or at least blocked by 95% of the net? I don't think so.

If every phone in NYC suddenly rang at the same time (or as many as is
possible) and the voice on the line said "BUY BLAMMO COLA!" would you
say the problem was that you and 8 million others received an ad for
Blammo Cola you didn't want or that SOMEONE HAS MANAGED TO RING 8
MILLION PHONES SIMULTANEOUSLY and what sort of breach of the phone
system does that represent?

This is a RESEARCH group.

Let's start by trying to get to the truth of the matter, rather than
trying to define the underlying cause only in terms of the
implementation problem we find attractive or easy.



-- 
        -Barry Shein

Software Tool & Die    | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg