Hi,
Not really this.
What I'd like to say is that a significant number of connections sending
spam to us come from end users of domains client.attbi.net, or
verizon.net, rr.com, mindspring.net, interbusiness.it, .br, and so...
At the same time, a significative number of virus are coming from
endusers from the same domains.
As a french education/research institution, we have very few reasons (in
fact, no reason) to receive connections directly from end-users of these
domains.
What I was trying to figure out is : are most spammers infected by
virus, or virus are being sent conciously...
This amazes me.
At the same time, as our filtering does dynamic blacklisting, we receive
spam coming from many, many clients. The same spam comes from many
clients, and each client does very few connections a day (one or two).
The very most spam we receive comes from end-users of these domains, not
from open-relays.
I suspect some spam proposing you to work at home are, in fact,
proposals to let your computer available to distribute spam. Some sort
of a "network of workers". The same kind of structure such as
Tupperware, or others...
"Peter J. Holzer" wrote:
On 2003-09-22 10:40:53 +0200, Jose Marcio Martins da Cruz wrote:
Less than four hours later, we begun to receive spam on the honeypot.
Now, there are 2067 messages inside. I've just looked to it and I noted
that there are two kind of messages in : spams and virus. I've not
really counted, but it seems to me that 1/4 or something like that are
virus. Amusing ! What does this means ?
Some Viruses and Worms scan pages in the browser cache for email
adresses. So they would find your honeypot adress if somebody who
happens to be infected views your page.
Also, if I compare, for some time period, which gateways are sending
spam to and and which gateways are sending virus to us, the intersection
is allways not empty, but has many common entries (sometimes more than
half one set)...
Two possible explanations:
1) People who are infected by viruses and worms are careless. Thus, they
are much more likely to install proxies, mail-relays, formmailers and
other programs without considering the consequences or even bothering to
configure them correctly.
2) Some viruses install trojans which act as open proxies.
hp
--
_ | Peter J. Holzer | We have failed our own creation and given
|_|_) | Sysadmin WSR | birth something truly awful. We're just too
| | | hjp(_at_)hjp(_dot_)at | busy cooing over the pram to notice.
__/ | http://www.hjp.at/ | -- http://www.internetisshit.org
------------------------------------------------------------------------
Part 1.2Type: application/pgp-signature
--
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41
Ecole des Mines de Paris http://j-chkmail.ensmp.fr
60, bd Saint Michel http://www.ensmp.fr/~martins
75272 - PARIS CEDEX 06
mailto:Jose-Marcio(_dot_)Martins(_at_)ensmp(_dot_)fr
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg