When Zombies Get Stealthy

from the ruh-roh dept

Rather than really deal with the issue of computers taken over by zombies/trojans, many ISPs have simply chosen to block port 25 for their customers, meaning that they can’t use any kind of 3rd party mail server. One way around this has been to just use a VPN of some kind to encrypt the traffic, and then the ISP has no clue if the traffic going over the network is email or something entirely different. Of course, it’s not all that hard to predict the obvious next step: zombie botnets get encrypted themselves in order to hide the malicious traffic from peeping ISP eyes. This could make it a lot more difficult to spot — and probably leads to the next step as well: ISPs blocking off even more, such as any kind of VPN setup. Won’t that be fun?

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “When Zombies Get Stealthy”

Subscribe: RSS Leave a comment
Nathan says:

No Subject Given

Somehow I think people and businesses wouldn’t stand for not being able to VPN into their corporate networks.

I’m sure the VPN software and even the botnets could just as easily begin switching their connections over to non-standard ports anyways.

This cat and mouse game can keep going until there are no ports left open, save for maybe port 80…

Riley says:

You would think

That someone would be able to make a decent business out of hunting down zombie PCs and offering their owners a service to clean up their computer. People may not care if their computer is sending out spam, but I bet they’d sure be interested to know that there is a good chance their PC has a keylogger on it and that all their information is compromised. Is there a legal way for a business to work with ISPs to contact these zombie owners?

Matthew says:

No Subject Given

The only way to get rid of this traffic is to complain to the source’s ISP. This is NOT necessarily your own ISP either. Sending a complaint to your ISP about spam you received from another service will probably get ignored.

To find the source you need to look at the headers (http://www.stopspam.org/email/headers.html) or use a service like http://www.spamcop.com and copy/paste it all into there.

If you complain to the proper ISP, that ISP gets tired of receiving complaints and should take action against their customer. One bot down, and therefore 10-100K email messages of spam are shot down.

Unless you want M$ to start charging for outgoing messages….

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...