When Zombies Get Stealthy
from the ruh-roh dept
Rather than really deal with the issue of computers taken over by zombies/trojans, many ISPs have simply chosen to block port 25 for their customers, meaning that they can’t use any kind of 3rd party mail server. One way around this has been to just use a VPN of some kind to encrypt the traffic, and then the ISP has no clue if the traffic going over the network is email or something entirely different. Of course, it’s not all that hard to predict the obvious next step: zombie botnets get encrypted themselves in order to hide the malicious traffic from peeping ISP eyes. This could make it a lot more difficult to spot — and probably leads to the next step as well: ISPs blocking off even more, such as any kind of VPN setup. Won’t that be fun?
Comments on “When Zombies Get Stealthy”
Blocking port 25 doesn't stop use of third-party m
Anyone using such a service should be using port 587
(and SMTP AUTH to authenticate themselves.
huh?
What you are writing does not make any sense. For VPN-tunnelling you need a peer system. And when you have such a peer, why don’t you send your spam from that peer, instead of just routing over the peer?
No Subject Given
Somehow I think people and businesses wouldn’t stand for not being able to VPN into their corporate networks.
I’m sure the VPN software and even the botnets could just as easily begin switching their connections over to non-standard ports anyways.
This cat and mouse game can keep going until there are no ports left open, save for maybe port 80…
You would think
That someone would be able to make a decent business out of hunting down zombie PCs and offering their owners a service to clean up their computer. People may not care if their computer is sending out spam, but I bet they’d sure be interested to know that there is a good chance their PC has a keylogger on it and that all their information is compromised. Is there a legal way for a business to work with ISPs to contact these zombie owners?
Re: You would think
A little extortion, eh?
No Subject Given
The only way to get rid of this traffic is to complain to the source’s ISP. This is NOT necessarily your own ISP either. Sending a complaint to your ISP about spam you received from another service will probably get ignored.
To find the source you need to look at the headers (http://www.stopspam.org/email/headers.html) or use a service like http://www.spamcop.com and copy/paste it all into there.
If you complain to the proper ISP, that ISP gets tired of receiving complaints and should take action against their customer. One bot down, and therefore 10-100K email messages of spam are shot down.
Unless you want M$ to start charging for outgoing messages….