When I started looking at spam seriously 24 months ago I wrote an internal
report which predicted that spammers would start to use trojan horse
techniques. So the virus problem would quickly become a problem of large
numbers of zombie machines captured by spammers that are then used to
propagate themselves through the spammer sender list instead of the local
address book.
Actually the situation is a bit more complicated than that. We have
a large number of "backdoor" Trojans floating around, which are being
distributed in different ways - some are posted as binaries to Usenet
groups, others are mailed, spam-style and yet others are distributed
from web sites.
When someone runs one of those backdoors, it will open up the machine,
and then various things can happen. For example a different worm or
backdoor may use the established backdoor to gain entry to the
machine. Also, a spammer may take over the machine - and use it to
send spam or to participate in a DDoS attack on one of a RTBL site,
for example.
We do not have any hard proof of a financial connection between the
spammers and the backdoor programmers, but I would not be terribly
surprised if there was one.
Viruses are dead, they no longer use the address book to replicate, the
replication list is external and has millions of victims listed.
No. Worms use different ways to determine the addresses they send
copies of themselves too, but no worms, or at least none that fall in the
"real threat" category rely on a single external list. Typically they
will search the infected machine for anything resembling a valid
mail address, or harvest addresses from Usenet posts.
--
Fridrik Skulason Frisk Software International phone: +354-540-7400
Author of F-PROT E-mail: frisk(_at_)f-prot(_dot_)com fax:
+354-540-7401
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg