I am not talking about email spreading virues. A number of viruses appear
to send spam. (not spreading). Sometimes this is autonymous. Sometime it
is under control via IRC channel back to the virus operator. Further, it
seems that many open proxies are installed by virus. Once the virus has
control of the computer, it has or will obtain keys to private keychains,
etc. It can do whatever the infected users can do.
The number of 40-50 emails per IP figure comes from analysis of spam
messages that get by filters, by reviewing how many messages came from the
same source. A lot of spam that gets by filters is of this very low volume
type.
--Dean
On Tue, 9 Sep 2003, Shelby Moore wrote:
Indeed, it seems most of the spam isn't commercial:
Most of the spam seems to come from viruses, and isn't really selling
anything. The viruses can use the credentials of the infected user.
That is "legitimate", until someone reading the email realizes its not and
complains. These send 40-50 messages per IP, and is hard to detect as
bulk.
This is pseudo-off topic because I already stated below that a viral
signal can be detected differently than a spam signal, unless it
contains no viral data (which would be pointless afaik). I am curious
about your data. Are you refering to emails spreading a virus that
contain viral attachments??
It occurs to me that a virus can not spread very fast or effectively if
each infected computer only sends 50 emails, because the infection rate
is probably similar to spam, i.e. < 0.005%. So you would only get 1 new
infection for each 20,000 emails sent, or thus for each 400 infected
computers. It seems the virus would likely die (anti-virus actions) at
that rate of spread. So I must assume you were looking at a very small
sample on internet email and you did not extrapolate???
Your answers might be somewhat helpful to me in my work.
Thanks,
Shelby Moore
http://AntiViotic.com