-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0405240510200(_dot_)14027-100000(_at_)sokol(_dot_)elan(_dot_)net>,
william(at)elan.net <william(_at_)elan(_dot_)net> writes
While I agree with you that "owned" machines is a security problem due
to the fact that it gives ability to fully impersonate that user, its also
that fact that makes it easy to tell which machine is "owned" and likely
embarasses user enough to clean it up quickly (rather then current zombie
emails coming from unknown joe user on dynamic ip).
addressing proof-of-work schemes specifically -- one must note very
carefully that if the main use of zombies becomes the performing of
calculations and not the sending of email, then it will become much
harder than today to tell which machines are 0wned -- because they will
not be creating lots of spurious email traffic
Spammers actually already started using user settings setup in outlook
or mozilla on zombie computer to relay authenticated spam emails from
zombie infected machines though ISP mail server,
yes, there have been reports of this for several years, but there was a
step change in activity last September when one particular spammer
started doing this on an industrial scale....
but that does not seem
to provide good results because number of emails they can send is often
limited as ISPs would notice if thousands emails started showing up
... as the figures in the paper show, ISPs already have numerous
customers who are already sending thousands of emails a day [assuming of
course that the email passes through the ISP and does not go direct].
At present, ISPs can detect spamming activity through their smarthosts
fairly effectively (though in fact I suspect few do more than examine
the "top 50" details from their daily mail summaries); see my slides
from a relevant talk:
http://www.cl.cam.ac.uk/~rnc1/talks/040203-Extrusion.pdf
The related academic paper is currently in "to appear" state.
and authenticated emails often lead to showing up identify of zombie user
and that leads to quicker repair or disconnection of the infected pc.
yes -- though the authentication issue can be complex to repair if no-
one realises that that is the mechanism. Certainly last September it
took several iterations to get the customer properly locked down because
other things (update all the patches, fix config issues [there are
always out-of-date patches, there are always config issues]) were done
before the actual mechanism was detected
So current use of zombies is primarily based on the notion that you can
send 10,000 - 100,000 emails from that zombie pc in only few minutes and
then move on to another computer
some spammers send considerably less and considerably more slowly. Their
mental model seems to be that this reduces their risk of detection.
Since they don't write academic papers about their tactics, it is hard
to assess or critique their analysis :(
- --
richard Richard Clayton
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBQLHwNBfnRQV/feRLEQIVkwCfRTks81BlvWkde3p2gWEBXXfFdmEAoIXC
Jl/LR9rZ56aPEZnyGIsUtOdU
=X9R+
-----END PGP SIGNATURE-----
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg