On 03, 2005 at 09:45:26AM -0800, Professional Software
Engineering wrote:
At 18:16 2005-02-03 +0100, Dallman Ross did say:
http://news.zdnet.com/2100-1009_22-5560664.html
Precis: Spam levels expected to rise with suddenness
soon, as blacklists become less effective.
Er, spammers have been using trojans for a while now already. Yes,
traditionally, the user's own PC is converted into a mail server and
it delivers mail directly.
Yes, and that's a crucial difference.
However, viruses have for some time used the user's own ISP mail
server (or at least that of the forged address snarfed from their
saved email) to deliver messages, thereby lending some apparent
legitimacy to the message (for instance, you can't block them using a
dial-up list type DNSBL, because the machine passing the message to
your host is an actual ISP mailserver, not the user's own machine).
The forgeries are a good tip for Virus Snaggers(tm), for example. It
looks for them.
But, look: if a worm or zombie spam now gets sent by the virtual
server coded into the Trojan/zombie/worm program itself, it's one
thing. The mail typically arrives at the recipient's server with
a fake server name and very few Received headers. (Vsnag looks for
that kind of thing too.) But if the mail is going to go out via
the ISP's usual channels, then the heuristic for identifying it
gets a bit tougher. That's what caught my interest.
--
dman
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail