When Zombies Get Stealthy

from the ruh-roh dept

Rather than really deal with the issue of computers taken over by zombies/trojans, many ISPs have simply chosen to block port 25 for their customers, meaning that they can't use any kind of 3rd party mail server. One way around this has been to just use a VPN of some kind to encrypt the traffic, and then the ISP has no clue if the traffic going over the network is email or something entirely different. Of course, it's not all that hard to predict the obvious next step: zombie botnets get encrypted themselves in order to hide the malicious traffic from peeping ISP eyes. This could make it a lot more difficult to spot -- and probably leads to the next step as well: ISPs blocking off even more, such as any kind of VPN setup. Won't that be fun?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 14 Nov 2005 @ 11:45pm

    Blocking port 25 doesn't stop use of third-party m

    Anyone using such a service should be using port 587
    (and SMTP AUTH to authenticate themselves.

    link to this | view in chronology ]

  • identicon
    AC, 15 Nov 2005 @ 2:13am

    huh?

    What you are writing does not make any sense. For VPN-tunnelling you need a peer system. And when you have such a peer, why don't you send your spam from that peer, instead of just routing over the peer?

    link to this | view in chronology ]

  • identicon
    Nathan, 15 Nov 2005 @ 6:49am

    No Subject Given

    Somehow I think people and businesses wouldn't stand for not being able to VPN into their corporate networks.

    I'm sure the VPN software and even the botnets could just as easily begin switching their connections over to non-standard ports anyways.

    This cat and mouse game can keep going until there are no ports left open, save for maybe port 80...

    link to this | view in chronology ]

  • identicon
    Riley, 15 Nov 2005 @ 7:41am

    You would think

    That someone would be able to make a decent business out of hunting down zombie PCs and offering their owners a service to clean up their computer. People may not care if their computer is sending out spam, but I bet they'd sure be interested to know that there is a good chance their PC has a keylogger on it and that all their information is compromised. Is there a legal way for a business to work with ISPs to contact these zombie owners?

    link to this | view in chronology ]

  • identicon
    Matthew, 15 Nov 2005 @ 10:10am

    No Subject Given

    The only way to get rid of this traffic is to complain to the source's ISP. This is NOT necessarily your own ISP either. Sending a complaint to your ISP about spam you received from another service will probably get ignored.

    To find the source you need to look at the headers (http://www.stopspam.org/email/headers.html) or use a service like www.spamcop.com and copy/paste it all into there.

    If you complain to the proper ISP, that ISP gets tired of receiving complaints and should take action against their customer. One bot down, and therefore 10-100K email messages of spam are shot down.

    Unless you want M$ to start charging for outgoing messages....

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.