Sony's Copy Protection Uninstaller Opens Up A NEW Security Hole
Sony BMG And The Art Of Too Little, Too Late: Finally Agrees To Pull Rootkit CDs

When Zombies Get Stealthy

Scams

from the ruh-roh dept

Mon, Nov 14th 2005 10:55pmMike Masnick
Rather than really deal with the issue of computers taken over by zombies/trojans, many ISPs have simply chosen to block port 25 for their customers, meaning that they can't use any kind of 3rd party mail server. One way around this has been to just use a VPN of some kind to encrypt the traffic, and then the ISP has no clue if the traffic going over the network is email or something entirely different. Of course, it's not all that hard to predict the obvious next step: zombie botnets get encrypted themselves in order to hide the malicious traffic from peeping ISP eyes. This could make it a lot more difficult to spot -- and probably leads to the next step as well: ISPs blocking off even more, such as any kind of VPN setup. Won't that be fun?
6 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 14 Nov 2005 @ 11:45pm

    Blocking port 25 doesn't stop use of third-party m

    Anyone using such a service should be using port 587
    (and SMTP AUTH to authenticate themselves.

    link to this | view in chronology ]

  • identicon
    AC, 15 Nov 2005 @ 2:13am

    huh?

    What you are writing does not make any sense. For VPN-tunnelling you need a peer system. And when you have such a peer, why don't you send your spam from that peer, instead of just routing over the peer?

    link to this | view in chronology ]

  • identicon
    Nathan, 15 Nov 2005 @ 6:49am

    No Subject Given

    Somehow I think people and businesses wouldn't stand for not being able to VPN into their corporate networks.

    I'm sure the VPN software and even the botnets could just as easily begin switching their connections over to non-standard ports anyways.

    This cat and mouse game can keep going until there are no ports left open, save for maybe port 80...

    link to this | view in chronology ]

  • identicon
    Riley, 15 Nov 2005 @ 7:41am

    You would think

    That someone would be able to make a decent business out of hunting down zombie PCs and offering their owners a service to clean up their computer. People may not care if their computer is sending out spam, but I bet they'd sure be interested to know that there is a good chance their PC has a keylogger on it and that all their information is compromised. Is there a legal way for a business to work with ISPs to contact these zombie owners?

    link to this | view in chronology ]

  • identicon
    Matthew, 15 Nov 2005 @ 10:10am

    No Subject Given

    The only way to get rid of this traffic is to complain to the source's ISP. This is NOT necessarily your own ISP either. Sending a complaint to your ISP about spam you received from another service will probably get ignored.

    To find the source you need to look at the headers (http://www.stopspam.org/email/headers.html) or use a service like www.spamcop.com and copy/paste it all into there.

    If you complain to the proper ISP, that ISP gets tired of receiving complaints and should take action against their customer. One bot down, and therefore 10-100K email messages of spam are shot down.

    Unless you want M$ to start charging for outgoing messages....

    link to this | view in chronology ]


Sony's Copy Protection Uninstaller Opens Up A NEW Security Hole
Sony BMG And The Art Of Too Little, Too Late: Finally Agrees To Pull Rootkit CDs
Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

Friday

19:39 Important Announcement: Techdirt Is Migrating To A New Platform (0)
More arrow

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.