Seth Breidbart says:
If you steal the bandwidth from owned machines (the same way spam
sending and some web hosting is stolen now), your costs are even less.
Jon Kyme responds:
This is all getting silly.
Numbers?
Actual exploit?
I say:
Does anyone still seriously doubt that spamming miscreants are using third
party computers as their web, mail and DNS hosts? Jon? This is not a new
phenomenon anymore.
June 2003: ZDNet report on Sobig virus strain, which is a spam relay.
http://reviews-zdnet.com.com/4520-7297_16-4208055.html
July 2003: BBC report on "Superzonda" spamhaus, who compromised a British
Airways computer (among others) to host their stuff.
http://news.bbc.co.uk/1/hi/technology/3036092.stm
New York Times (annoying registration required): Hackers Hijack PCs for Sex
Sites. (I don't have a registration, so I haven't checked this one recently.)
http://www.nytimes.com/2003/07/11/technology/11HACK.html?ex=1058500800&en=dfe68a99bce4317d&ei=5062
July 2003: Analysis of "migmaf" malware, a reverse-proxy tool for third party
hosting.
http://www.lurhq.com/migmaf.html
July 2003: The Register report on "webber" malware (more of the same).
http://www.theregister.co.uk/content/56/31801.html
September 2003: SecurityFocus forensics on a compromise in which machines are
used as spam servers.
http://www.securityfocus.com/guest/24043
January 2004: SecurityFocus analysis of legal issues associated with "the
Trojan did it" cases (as reprinted in The Register).
http://www.theregister.co.uk/content/56/34985.html
I hope that this is sufficient evidence to persuade the sceptic that spammers
and other miscreants are ROUTINELY using compromised third party computers to
do their dirty work. Any anti-spam proposal (particularly those that propose
a cost-burden to the sender) should take this fact into consideration.
Regards,
TFBW
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg