[PSA] 80% of Windows PCs zombied for spam purposes

  • Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.

Fluid

Zen fascists will control you
Aug 2, 2000
2,766
0
0
38
Maastricht, the Netherlands
Zombie PCs spew out 80% of spam
By John Leyden
Published Friday 4th June 2004 13:08 GMT

Four-fifths of spam now emanates from computers contaminated with Trojan horse infections, according to a study by network management firm Sandvine out this week. Trojans and worms with backdoor components such as Migmaf and SoBig have turned infected Windows PCs into drones in vast networks of compromised zombie PCs.

Sandvine reckons junk mails created and routed by "spam Trojans" are clogging ISP mail servers, forcing unplanned network upgrades and stoking antagonism between large and small ISPs.
Newsletter

Using its own technology, Sandvine was able to identify subscribers bypassing their home mail servers and contacting many mail servers within a short period of time - a sure sign of spam Trojan activity - over sustained periods. It also looked at SMTP error messages returned, which helps to clarify the total volume of spam within the service provider network. "After comparing those data points with the total volume of legitimate messages passing through the service provider's mail system, we are able to arrive at our percentage of 80 per cent," explained Sandvine spokesman Mark De Wolf.

Sandvine's analysis, cross referenced with data from SORBS, to determine what IP space is assigned to residential subscriber pools of global service providers, shows most spam now originating from residential broadband networks.
Viral marketing

Instead of using open mail relays or unscrupulous hosts (so-called 'bullet-proof' hosting - in reality, ISPs in developing countries who pull the plug on spammers when enough complaints are received by their upstream provider), spammers are using compromised machines to get their junk mail out. Many security firms reckons many of the most well-publicized worm attacks in recent months (such as MyDoom and Bagle) were launched expressly to install spam Trojans on unsuspecting end users' machines - waiting to be utilized later as a spam delivery relay. This expanding network of infected, zombie PCs can also be used as platforms for DDoS attacks, such as those that many online bookies have suffered in recent months.

Sandvine's preliminary analysis has shown that the most active Trojans for spamming purposes are the Migmaf and SoBig variants. Its work on this area of the problem is still at an early stage.

The behaviour of spam Trojans on the network taxes ISP infrastructure and, in the case of smaller ISPs, creates the perception that some networks are generating more than their fair share of spam and other types of malicious traffic. The mounting scope of the problem means ISP need to begin filtering traffic - rather than leaving the problem up to end users - if spam is to be contained, Sandvine argues.

"While spam filters can provide an effective treatment, the scale & scope of the spam problem means additional remedies are needed", said Marc Morin, co-founder and chief technology officer of Sandvine. "As a complement to existing mail server and client based tools, service providers need to arm themselves with network-based anti-spam defences and combat this growing form of malicious traffic." ®


http://www.theregister.co.uk/2004/06/04/trojan_spam_study/]Source

Dammit people, do your part and patch your boxes. Mine is secured like a stronghold, now the other 80% needs to unscrew their PCs.
 

Hadmar

Queen Bitch of the Universe
Jan 29, 2001
5,557
42
48
Nerdpole
Unless I read over something it's 80% of the mail traffic, not 80% of the Windows PCs.
 

[UM]theswarm

Spork of the Apocalypse!
Sep 30, 2001
1,058
0
0
35
Everywhere
www.sporkoftheapocalypse.tk
I've always been weary to install a firewall over S&D/Teatimer+Ad-Aware+ScriptSentry+HijackThis+Norton+Common Sense 6.0 ;) due to what I've heard about problems connecting to game servers and such. How much of a hassle is it really?
 

ZenPirate

Living Legend (and moderator)
Nov 21, 2000
7,516
9
38
51
New York
Spyware guard, and Spyware blaster are two very nice free programs to keep your pc junk free.
 

Zarkazm

<img src="http://forums.beyondunreal.com/images/sm
Jan 29, 2002
4,683
0
0
Agony
Everyone should use a router with integrated hardware firewall. It may not be the Alpha and Omega of IT security, but it helps, especially for the average clueless user.

I regularly check my pc for viruses, trojans etc. but I never find anything (except some spyware in the temp files) even in times when some oh-so-horrid worm infects thousands of pcs worldwide.
 

Kaligraphic

Charles leChaud is my hero
Oct 22, 2002
2,504
0
0
42
Everywhere.
www.google.com
Heck, my Windows laptop has been connected long enough, but I've never gotten a single virus on it (aside from stupid ie exploit pages that don't even work in my browser(Remember that bit about putting a (IIRC) 0x01 in a username and ie doesn't show the location? Well, McAfee cleaned that out of my cache. And, I can tell you that Opera doesn't have that problem)) Oh, and I've never got spyware or adware or any of that on this machine.
 

[UM]theswarm

Spork of the Apocalypse!
Sep 30, 2001
1,058
0
0
35
Everywhere
www.sporkoftheapocalypse.tk
Zarkazm said:
Everyone should use a router with integrated hardware firewall. It may not be the Alpha and Omega of IT security, but it helps, especially for the average clueless user.

I regularly check my pc for viruses, trojans etc. but I never find anything (except some spyware in the temp files) even in times when some oh-so-horrid worm infects thousands of pcs worldwide.

Ditto, which is why I haven't bothered with a firewall.
 

JaFO

bugs are features too ...
Nov 5, 2000
8,408
0
0
Trust no one and keep your virus-scannner up to date ;)
Or if you want to be really really safe .... get of the internet.
 

Clayeth

Classic
Apr 10, 2000
5,602
0
0
41
Kentucky
[UM]theswarm said:
I've always been weary to install a firewall over S&D/Teatimer+Ad-Aware+ScriptSentry+HijackThis+Norton+Common Sense 6.0 ;) due to what I've heard about problems connecting to game servers and such. How much of a hassle is it really?
zero with zone alarm.

When you first have a game that tries to connect to the internet (seperately for sending and recieving info) a window will popup and you click to allow that program access. The only problem can be if the game doesn't let you alt+tab to get to the window, becuase sometimes it's hard to add the .exe yourself because it may launch a secondary file to handle network traffic other than what you would expect.
 

TomWithTheWeather

Die Paper Robots!
May 8, 2001
2,898
0
0
43
Dallas TX
tomwiththeweather.blogspot.com
I update/patch Windows and all my software on a regular basis. I virus scan, defrag, use Ad-Aware, Spybot, and SpywareBlaster constantly. I have a 500kb hosts file. My computer is also firewalled with my router. I haven't had a virus or any serious problems in years. :)
 

Kaligraphic

Charles leChaud is my hero
Oct 22, 2002
2,504
0
0
42
Everywhere.
www.google.com
Clayeth said:
zero with zone alarm.

When you first have a game that tries to connect to the internet (seperately for sending and recieving info) a window will popup and you click to allow that program access. The only problem can be if the game doesn't let you alt+tab to get to the window, becuase sometimes it's hard to add the .exe yourself because it may launch a secondary file to handle network traffic other than what you would expect.
I which case you check what you're allowing, set it to learning mode, launch the game, connect, quit, and set it back. At which point, it'll allow the program. (oh, and just in case, see what's now being allowed.)
 

Clayeth

Classic
Apr 10, 2000
5,602
0
0
41
Kentucky
don't remember seeing learning mode before, is that just in pro? if not, how do I get to it? that would come in handy sometimes.
 

Papapishu

我是康
Jun 18, 2001
2,043
0
0
42
void
www.vovoid.com
Fluid said:
Mine is secured like a stronghold.

Until about this time tomorrow, when approximately 30 new viruses have been released. (>900 last month)

Windows is secure like a stronghold in the same way that a sandcastle is a good real estate investment.
 
Last edited: