Spamming Trojan "Proxy Guzu" 251
A user writes "El Reg has the scoop on a trojan that actually turns your machine into a spam sending proxy. Called "Proxy Guzu", the proxy arrives in your mailbox in the usual "Outlook virus" way (ie disguised as something else so you'll run it.) It then sends an email to a Hotmail email account reporting the IP address of the infected machine and port it's running on. The spammer then merely transmits spam to the infected machine which in turn forwards it on. There's a bright side to all this: Spammers are doing this because they're desperate, with fewer and fewer spam friendly havens. And what they're doing is illegal and opens them up for prosecution."
Uhh (Score:4, Insightful)
Re:Uhh (Score:4, Insightful)
Re:Uhh (Score:2)
Re:Uhh (Score:2)
Assume some of those billions of dollars of homeland security money is actually being spent at the FBI, instead of squandered on kickbacks, the spammers will hopefully be rounded up in the next bunch of scans and executed.
When the direct marketing industry resorts to cracking computers, these people need to be taken out of contact with the internet. If only the FBI spent as
Re:Uhh (Score:2, Interesting)
Re:Uhh (Score:2, Funny)
Re:Uhh (Score:5, Insightful)
More clever thought behind things like these would make them much more devistating.
Re:Uhh (Score:5, Funny)
Other Methods (Score:5, Interesting)
1. Just opened up outlook and looked in the "sent" folder to re-read an email i sent to a friend.
2. I find 4-5 emails that were mailed to addresses I never heard of, with the messages saying something to the effect of: "please remove me from your mailing list." (The messages were all identical to each other).
3. This has only happened twice, and then stopped.
I haven't found any more suspicious sent email in my "sent" folder.
FYI: This is a personal computer, no one else uses it but me.
Now, i don't send alot of email, and when I do I know who i sent it to. I also know not to write emails back to spammers even with a "remove from list" message enclosed, because it just sends the spammers the signal that my email account exists and is active, which results in even more spam. (so i've heard at least)
Any idea what caused this?
I've also heard that the main reasons one gets an email trojan is by clicking on a link in a email, or downloading/running an email attachment.
I also know about "drive-by downloading" that happens while visiting websites. The next thing you know you got spyware coming out the ass because of this. (and of course certian programs sneakily install them as well.)
My second question is, could it be possible for a website to install this trojan on your computer without you knowing it? I mean, they do it with spyware, I don't see why they couldn't do this with email trojans as well.
Re:Uhh (Score:3, Insightful)
If the spammer had two braincells to rub together to figure that one out, would they be in the spam business to begin with?
Re:Uhh (Score:5, Insightful)
The way to stop spam is to remove the profit motive. PEOPLE NEED TO STOP BUYING STUFF THAT THEY GET SPAMMED ABOUT! Once they stop, people will stop paying spammers to advertise their wares, and the spammers will then stop spamming.
Yes, most spammers do seem pretty stupid. But if it makes money, and it's not illegal, many people, even smart people, have no problems with doing it even if it's morally reprehensible.
Re:Uhh (Score:2)
Correct. That is the reasom I have cancelled all Amex accounts in my household, do not buy anymore from play.com, etc. But IMO what I have done is an exemption, not the rule. After all there are still people who believe in Nigerian SCAMs out there ;-)
Re:Uhh (Score:2)
Possibly. Spammers do seem to make money, don't they?
Unclear. People participate enthusiastically in pyramid schemes that will never make money, even if the participants don't realize it. I would guess that at least some spammers make money. But I would also guess that a lot of spammers are people with free or very-low-cost internet access and lots of free time (e.g., unive
Re:Uhh (Score:4, Interesting)
I suspect that it's pretty easy to make money spamming if you've got half a brain and some programming experience. You could write your own simple address-collection and spam-blasting programs in under a day, and then all you need is to find some customers -- and apparantly they're out there.
If you're clueless and you spend a few hundred on somebody's CD of email addresses, and a few more hundred on a CD of spam software and don't know anything more about your computer than how to click on things, then you're right -- you're just going to make other spammers rich and not yourself -- and it's obvious that spammers are perfectly happy to prey upon other would-be spammers.
There's definately a lot of `spam MLM' (MLM = Multi Level Marketing) going on -- but unlike your traditional MLM, there is money to be made outside of the MLM. Kind of like Amway -- yes, it's a MLM but they do sell a real product.
Re:Uhh (Score:3, Insightful)
Sometimes I wonder if the companies who finally benefit from the spam even know just how scummy their sources are. If you read this chat log [freewebsites.com], you will see a guy, Jeff, is gathering leads for mortgage loans from a "very professional company".
In situations like this, I wonder how effective it would be to subvert the spam network by using decoy identities to make contact with these companies and hold them liable for their source
Re:Uhh (Score:2)
Re:Uhh (Score:3)
Re:Uhh (Score:2)
Your proposed solution would be like making Microsoft Office stop working with Microsoft Windows... hardly good for business!
Virus...? (Score:3, Insightful)
Re:Virus...? (Score:2, Informative)
Spammers doing something illegal?! (Score:3, Funny)
Re:Spammers doing something illegal?! (Score:2)
Proxies & broken e-mail (Score:5, Insightful)
Let's face it: SMTP is broken and it needs to be fixed. There has to be some way of authenticating senders and attachments to messages?
I'm not talking about some of the (innovative) kludges that people have come up with for SMTP, I'm talking about a bare-metal rebuild of the entire system. Sure it will be a pain, but when you move to a new place, you have to give your friends the new phone number and address -- giving a new e-mail address (on the new e-mail system) won't be all that bad will it?
Re:Proxies & broken e-mail (Score:4, Insightful)
There is - it's called PGP. SMTP is only intended to transport mail, not to authenticate it. It's the client's job to determine if it should be accepted.
Re:Proxies & broken e-mail (Score:2)
Re:Proxies & broken e-mail (Score:2)
Hell no, it's easier. I will just set up a script to send thousands of emails with my new address to everyone. I might even include a few pointers on male enhancement products at the same time so I don't clog up the system with a second mail.
Re:Proxies & broken e-mail (Score:5, Insightful)
SMTP is broken? Maybe, but lets look at this logic.
Now lets look at this with $SMTP+1 (With spiffy authentication).
Yep, that sure fixed the problem.
Actually, it does fix the problem (Score:2)
Spammer uses email software on that machine to spam other machines. Since we have email authentication now, the other users either get "from a trusted source" (if they already knew the person) or "from a new source (Key matches Joe Outlook Idiot)".
One of the key things to fix if you redo SMTP is fakemail. In other words, you'll not be able to send email unless you a) either have a real domain that you can send email from (like with MX server
Re:Proxies & broken e-mail (Score:3, Interesting)
SMTP is not broken and does not need to be fixed. For example, this virus would never succeed on my windows system. First, my IP address, 10.0.0.11, would not be of much use to the spammer. (And if you know anything about networks, you know why, and why I can post it and not worry.)
Second, in between my windows machine and the rest of the internet I have a firewall.
Re:Proxies & broken e-mail (Score:3, Informative)
Second, in between my windows machine and the rest of the internet I have a firewall. THAT'S what really renders the virus moot. Nobody connects to any machine I have from the outside, period, ever. (Now of course there's ways t
Re:Proxies & broken e-mail (Score:4, Informative)
You are right, the spam-virus can try to initiate a connection to something on the other side. Of course, I don't forward smtp traffic, so a spam virus would find little happiness running on any of my computers, because it will find itself in a little jail -- and the discussion was a spamming SMTP zombie.
No host behind my firewall is "trusted". One of the beauties of my firewall implementation is that perimeter protection is both ways: protect my computers from bad-boy Internet packets, and protect the Internet from any nastiness that might creep into my computer.
That's the power provided by IPTABLES under Linux. I can filter traffic independently in both directions, using the stateful capabilities of IPTABLES, so that my sieve can handle in-bound SMTP separately from out-bound SMTP, passing one and blocking the other. And I do, because I can.
(N.B.: that's not to take anything away from firewall products for Windows, Macintosh, BeOS, and other systems that implement stateful filtering. There are $50 software packages that afford the same protection, if you elect to use it. The problem, of course, is that a computer virus may be able to "sneak around" a same-system firewall implementation. That's why I like separate firewall computers, and firewall appliances such as the SonicWall. A virus would have to work very hard indeed then to get past the protection.)
In short, my firewall does protect other machines on the Internet from a stupid user opening a virus on a local machine.
Re:Proxies & broken e-mail (Score:2, Informative)
The executable might report your inside IP address, but the routable source IP would be visible within the headers the smtp server it connects to prepends to the message. Knowing this wouldn't get them thru your firewall, but they'd be one step closer.
Re:Proxies & broken e-mail (Score:2)
Turn off HTML, turn off references to external files, turn off scripting, and don't click on suspicious-looking files. Much easier than trying to redefine SMTP if you ask me...
Re:Proxies & broken e-mail (Score:2)
I suspect that we weren't given the whole story.
What seems much more likely is that some trojan was installed on this person's computer that allowed an attacker to take control -- nothing more (and there's a lot of such trojans out there.) Then the attacker took control and put the porn onto the computer, perhaps so it could be distributed, or perhaps just to see if he could get this guy in trouble,
Re:Proxies & broken e-mail (Score:2)
That could quite possibly be the case. The more porn volume on your HDD, the more chances you could have 2-3+ `kiddie porn' pictures on you're system as wel
Filter egress port 25!! (Score:4, Informative)
If you are running a network, it behooves you to filter outgoing port 25. SMTP is a lousy protocol, and there is no successor to replace it (anytime soon).
E-mail server admins: Please lock down your servers! Only allow initial mail submission by authorized and authenticated clients, and only allow such subissions on a port other than 25. It's not that tough, and it's your job. Do it.
There, no excuses.
Re:Filter egress port 25!! (Score:3, Insightful)
I can see why you'd want to block port 25 outgoing on your firewall so no one can bypass your SMTP server, but configuring your SMTP server to accept mail on port 8025 or something... what's the point?
Re:Filter egress port 25!! (Score:3)
And not all of us using third-party email servers have any control how the admins of those servers set them up. The one I use--because my ISP server has been known to lose messages entirely--happens to operate on port 25. I am not able t
Re:Filter egress port 25!! (Score:2)
BTW, I would love to find a stat that shows which systems (hardware, OS, server) is allowing the bulk to occur. I routinely check where my spam comes from and I routinely find exchange as the entry point (not always). I would much rather focus on getting the bulk done as opposed to simply shutting down everyt
Comment removed (Score:5, Insightful)
Re:No, don't limit the Internet! (Score:2, Insightful)
My suggestion is to leave port 25 open, but only to allow incoming mail from other SMTP servers-- and only for your local users (by definition, it will not relay mail). So how does a user relay mail (i.e. initial mail submission)? The responsible admin of the user's SMTP server has set up SMTP + AUTH + SSL on that server (or perhaps a different server altogether-- an even better idea). Now this user can send mail (i.e. relay mail, or use the server for initial mail submission-- different terms for the same
Re:No, don't limit the Internet! (Score:2)
UNLESS you are a dedicated customer with a rented fixed IP -- those are left to the customer to maintain. I have purposely _always_ gone for a static IP knowing this is how it will ultimately be.
Now, if the ISP won't allow said traffic on a static IP then yes, it's time to find another provider. The ability for spammers to quickly/easily change providers and get anothe
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:No, don't limit the Internet! (Score:2)
They rarely spam directly from dialups because it's slow. What they will do is exploit open proxies on cable or DSL lines. It might be an insecure Wingate proxy, one of these Trojan zombies, or they'l
Comment removed (Score:4, Informative)
Re: (Score:2)
No! Don't filter port 25! (Score:2)
NAT and proxy-only access are already threatening that. Don't give up the non-centralized nature advantage of IP or the future looks bleak!
Sending email through my ISPs relay has several important disadvantages. First and foremost, I cannot see whether the mail was already delivered to the recipient's SMTP server or whether it still
Re:No! Don't filter port 25! (Score:2)
You also have no idea how big a queue your ISP's third party relay or if someone has just uploaded some spam to that relay. Even if an ISP restricts their relay to the IPs of their customers this isn't much good unles
Re:Filter egress port 25!! (Score:2)
The basic problem is that many SMTP implimentations supported third party relaying. If would be a lot more difficult for send spam if the only way of doing it was to perform DNS lookups and make a TCP connection for every recipient. As opposed to being able to send a list of recipients and the body of a message to someone elses relay. However what really makes things bad is the amount of software now out there which requires a third party relay to work at all. Combined some
Re:Filter egress port 25!! (Score:2)
But SMTP+AUTH doesn't require that the "From:" field be correct, does it? So it may help those who are prepared to trace IP addresses and proxy logs, but it doesn't help those people who send me hundreds of bounce messages per day because I appear in the From: address.
Why not (Score:2, Interesting)
Re:Why not (Score:2)
But like a previous reply said, reporting to the FBI might also be a good idea.
This isnt desperation... (Score:5, Funny)
Seriously, has anyone actually *seen* one?
Re:This isnt desperation... (Score:4, Funny)
Now, you have problems.
Gimmie your addy (Score:2)
Re:This isnt desperation... (Score:2)
What? You haven't seen Austin Powers [192.41.19.35]?
Re:This isnt desperation... (Score:5, Funny)
I think I've seen something like this... (Score:5, Interesting)
See, almost any time we've had people spam before, it's been someone who has signed up for an unlimited dialup account, then goes and spams right away before they get cut off. It got to the point where I was able to guess that someone was going to do this when I was taking down their details for an account; this happened with someone signing up for this guy [google.ca], and I locked the account before it was even active. This person, like every other spammer I'd dealt with, never called back: they knew exactly what they were doing, and what I would tell them. But this customer did.
Furthermore, she was extremely convincing when she told me she knew nothing about spam. To all appearances she was nearly clueless about computers (no offense to her -- I'm sure I couldn't do her job), could not believe her computer had done anything wrong, and was offended by the spam her computer had sent when she saw the complaint from SpamCop. She didn't argue that it wasn't really spam, or say that she didn't know that it was wrong, or that everyone had opted in, or that it was just an experiment, or anything: she didn't know what she had done, and was confused and astounded when I told her. I ended up letting her back on, against my better judgement, with a warning that if it happened again I'd close her account and that would be that. We changed her password just to be sure that no one else was using her account; unfortunately, the modem she'd dialed in on didn't have caller ID, but she swore blind that no one else knew her password or used her computer.
So a month goes by and I get another complaint from SpamCop -- and it turns out to be the same customer. "Teach me to be nice," I thought, and locked her account. Caller-ID was recorded this time, and it was her number. I told the guy at the branch office where she lived that I'd locked this customer's account -- he had dealt with her the last time -- and he gave her a call. Again, he was convinced that she couldn't be spamming, and he convinced me that we should at least look at her computer. We brought it in to the branch office for a look.
Unfortunately, neither one of us really knew what to do beyond the obvious. It was running Windows 98, no updates; the guy at the office knew Windows, and I know Unix, but neither one of us had experience with this sort of thing. I did a portscan and found one port open (1234), but it the banner said "Express Search"; eventually found this link, which didn't seem to offer much. Meanwhile, the guy in the office ran Trend Micro's HouseCall and Panda's online virus scanner, and didn't find much of interest.
He ended up reinstalling Windows on her computer, adding a firewall, doing all the updates, and letting her back on; we didn't know what else to do. We kept looking around for some mention of a virus or trojan with an SMTP engine (beyond something like Klez, I mean), but couldn't really find anything -- just lots of "This is weird, anyone seen anything like this?".
Sorry to be so vague on the details, but like I said, I really don't know Windows and I'm really not a security guy. But I'm still fairly sure that either she was a wonderful actress, or some 133t haX0r had rooted her box to send spam. Needless to say, this is going to wreak havoc with anyone who has to be the abuse guy -- "Innocent victim of a virus or spammer scum? Hm..."
ObRant: Fucking goddamned spammers anyway. Fuckwads.
Re:I think I've seen something like this... (Score:3, Informative)
http://archives.neohapsis.com/archives/bugtraq/199 9-q4/0317.html
[neohapsis.com]
And I meant to mention that the first incident was at the beginning of March this year, and the second at the beginning of April.
Re:I think I've seen something like this... (Score:5, Informative)
1234 seems appallingly close to one of the ports sub-7 uses (1243). I would suspect some sort of back-door root-shell, and BEHOLD (through the power of Google):
http://www.itsecurity.com/asktecs/jun1901.htm
There are MANY trojans which use this port. "Ultors Trojan", is perhaps best known. There's also "SubSevenJavaclient". Nasty, nasty.
UDP traffic on port 1234 is indicative of "Infoseek Search Agent", which is the legit use for this port. The trojans do not produce UDP traffic.
Check out http://www.neohapsis.com/neolabs/neo-ports/
I would think that your experience predates the current round of spammer-specific trojans. This is, however, only the tip of the iceberg. Spammers are now creating entire zombie IP address allocations from abandoned or otherwise unused network space. A spammer with his own ASN and spammer-controlled BGP can create ENDLESS havok.
Zombies on the Register of Known Spam Operations:
http://www.spamhaus.org/rokso/search.lasso?evid
Below are the lists of DIRECT ASNs owned or pirated by spammers, including many of the zombie netblocks:
APNIC zombies
http://spamhaus.org/sbl/listings.lasso?i
ARIN zombies and spammer allocations
http://spamhaus.org/sbl/listings.las
RIPE zombies and spammer allocations
http://spamhaus.org/sbl/listings.las
--Og
It opens them up to.... (Score:3, Funny)
Untraceable? (Score:5, Informative)
So, if I'm running a sniffer while they are sending email through my PC I won't be able to find the source? I musta missed something in IP 101.
Re:Untraceable? (Score:2)
rOD.
Re:Untraceable? (Score:4, Informative)
So, if I'm running a sniffer while they are sending email through my PC I won't be able to find the source?
They could put a proxy function in. The spammer contacts one computer, and that computer contacts another. Thus the second computer couldn't locate the spammer, but any e-mail messages would only have the second computer's IP address.
If they were really crafty, they could have a web-like feature. Each infecteed system could scrape web pages for, say, 15 e-mail addresses (Could use IE's cache), and port scan computers for 5 different computers with the virus. The spammer injects one message into the network, and the infected computer forwards it to all 5 on the list, which forward it to all the systems on it's list, and so on. One day later, the network switches to 'send' mode, and each node sends out the message to it's 15 e-mail addresses.
A sort of Gnutella network + Code red port scanning + web page scraper + mail program virus.
Of course, such a program would get zapped by port blockers and virus scanners pretty fast.
Just my $0.02,
Michael
Re:Untraceable? (Score:2)
Unfortunately, that does precisely what the anti-spam crowd wants.
Huh? The anti-spam crowd wants to make email useless? That's nonsense. For one thing, "the anti-spam crowd" is meaningless: *everybody* is anti-spam. Even spammers are anti-spam: they just claim that their spam isn't spam.
If you're talking about anti-spam activists, then you're right t
Re:Activists vs. anti-spam crowd (Score:3, Insightful)
There is a difference between CE and UCE, and only the latter is bad.
Don't mix Stallman's ideas about commercial interests with the antispam crowd. None of us are as rabid as he is.
--etrnl
Re:Activists vs. anti-spam crowd (Score:2)
Taking completely unrelated cheap shots at rms is probably not a good way to argue your point about spam.
Re:Activists vs. anti-spam crowd (Score:2)
Where's the "-1: Propaganda That Baghdad Bob Couldn't Deliver With A Straight Face" option?
Re:Activists vs. anti-spam crowd (Score:2)
I believe that there are people like that, but calling them the "anti-spam crowd" is bizarre. Look on the anti-spam websites listed on Spamlinks [geocities.com]. I haven't looked at all of them, but I still doubt you'll find *anyone* there espousing the view above.
Duncan Murdoch
an ounce of prevention... (Score:3, Informative)
...beats a pound of medication (or something like that - I'm not to good at english proverbs).
Don't run attachments from mails if you don't trust the sender. Do get a firewall that lets you block both ways (ZoneAlarm [zonelabs.com] from ZoneLabs [zonelabs.com] is my free favorite).The result? You won't get caught by this trojan, and if you should break the first rule of thumb, the second won't turn your PC into a spam-factory.
Re:an ounce of prevention... (Score:2)
Don't run attachments from mails if you don't trust the sender...
And don't run strange attachments from emails if you DO trust the sender. After all, unless you're both using gpg (I've got only one person I talk with that does), the email address could be faked. Then there are the trojans...
Re:an ounce of prevention... (Score:2)
Cheap, mass-market software firewalls will not protect you.
Only common sense and not opening mails/attachments and downloading files from untrusted sources will.
Unfortunately, far too many users are lacking in the common sense part.
Now where have I seen this before? (Score:2)
Untraceable Really ?? (Score:5, Insightful)
The people that actually have their capitol tied up in penis and breast enlargers, sure as heck don't want it seized.
Re:Untraceable Really ?? (Score:2)
Re:Untraceable Really ?? (Score:5, Insightful)
hardware firewall? (Score:4, Interesting)
I personally always use Pine to check e-mail, but my fiancee uses Outlook (Express I think). She is of the type (as is my mom and 90% of the people I've ever worked with) that no matter how many times I tell her not to open random attachments - she still does.
So were she to get this thing in her computer - in this case, the firewall that blocks all incoming attempts would block it (doesn't do much to stop her computer from tranmitting out though if I don't know what port it is doing it on).
On a side note, I don't have a huge problem with Windows - I have it on this laptop that I'm typing on and it is fine for me. But one of my biggest pet peeves with it is that it comes as a default setting to have no file extensions show up on files.
So if I sent you an attachment that was called "CuteBunnies.jpg.exe" - the last ".exe" part wouldn't show up - and people don't tend to notice the
This happened at a company I used to work at and it was annoying as hell to keep seeing the viruses spreading.
Re:hardware firewall? (nope; software firewall) (Score:4, Insightful)
Her computer will be connecting out via port 25, whether she's trying to send a message, or the virus is. (This is why firewalls need to be part of a layered defense; once a hostile agent is inside the firewall, you're in trouble.)
A software firewall, on the other hand, hooks into the OS, and can tell which programs are acting as IP clients and servers. You're not blocking ports or addresses; you're blocking programs, which is what you want. Even that's not perfect. If your e-mail client or web browser runs a rougue script, the software firewall won't be able to distinguish between good and bad requests.
Having said all that, run don't walk to Zone Labs [zonelabs.com] and download ZoneAlarm. The free version may do all you need.
Re:hardware firewall? (nope; software firewall) (Score:2, Informative)
However, I think the point the original poster was trying to make is that, with a hardware firewall, the spammer's software won't be able to connect (incoming) to his wife's machine to tell it to forward spam messages. Sure, outgoing port 25 is open from his network, so they can send emails on the way out, but if nothing incoming is routed to her machine, the relay is effectively closed.
I'm not saying that it's a perfect solution (software firewall
Spammers doing something iillegal? (Score:4, Insightful)
Spamming is illegal per se in most states. Using deception in the headers is illegal in the entire USA and many places in the world. Using open proxies is also illegal (in most cases).
Lots of this (Score:2, Interesting)
Several of the sites that produce these servers have warnings that they have received notification about trojan installs of their software. I suppose it could be other software mimicing the signatures, but that would be a lot of effort I would not think the spammer would want to go thru if it can b edone with off the net software.
FWIW a lot of the spa
No, actually.. (Score:3, Insightful)
Prove me wrong.
Re:No, actually.. (Score:2)
Re:No, actually.. (Score:2)
No. Anyone who gets infected by a Spam Trojan deserves to be blocked, until they clean up their PC. You are a threat to your fellow internet users, in much the same way that people infected with SARS should be quarantined.
A simular program used by spammers... (Score:2, Informative)
As for the not traceable, well I wouldn't count that out. What if someone really knew what was happening, deiced to download, and isolate the program with the intent of finding them?
Yes I know they could use anon proxys, but then there is the chance that the anon proxy is not an anon proxy. I wouldn't be surprised if just like honeypots fake anon proxys start popping up with the intent of catching their real ip.
Only problem I see is that the spamme
This spammer uses proxies (Score:5, Interesting)
Those are all from a sequential block of spam bounces that we received. Look at the locations: Spain, Greece, the Netherlands, Maylasia, Turkey. That has to be some kind of distributed attack.
They're using our name. I operate Downside [downside.com], a respected financial information site, and own "Downside" as a registered US trademark. I want to find out who's behind this. They're making us look bad. I get hate mail, because this spammer is advertising "extreme rape" sites.
Insights on how they're doing this would be appreciated. If this spammer can be clearly tied to felony computer intrusions, that would give me something solid to give my attorney.
Re:This spammer uses proxies (Score:2, Informative)
Linux Online has this problem (Score:2)
Re:This spammer uses proxies (Score:2)
However, I would be surprised if these people only had a single layer of indirection...
Have your attorney attack indirectly (Score:5, Insightful)
Then, you can force the site admins to turn over their records during discovery, find out who exactly the spammers are, and go after them directly as well.
ABW
Does this virus affect Evolution? (Score:2, Funny)
Meh. (Score:2)
How about outgoing spam filtering? (Score:3, Insightful)
Basically having a router that intercepts anything going out to port 25 from any port and pre-check it before allowing it to continue on?
N.
Untraceable (Score:2, Informative)
If the spammer uses the proxy/trojan installed by Sobig.a which listens on port 1180 (socks) and 1182 (http), it's very traceable. You need only the password to the proxy management station (it's "zaq123") and you can watch the traffic or shut it down altogether.
See this analysis of Sobig and Spam [lurhq.com] for more details.
Of course, this MBIWYL (may be illegal where you live)
This IS traceable (Score:2, Insightful)
2. Someone is paying them; paying them to advertise a product and contact the payer (somehow) to sell a product.
3. The person paying them knows who they paid to email this crap.
4. If the email was sent via this trojan, just follow the trail from the email sent to the payer and, from there, to the spammer.
Even if the spammer claims that someone else (riiiight) must have sent the trojans on their way, he got paid for it and should be levied with f
Re:OE Question. (Score:3, Informative)
Re:I don't get The Register (Score:3, Informative)
Re:Are they really that desperate? (Score:2)
Actually it's the hijacking of a non-consenting third party's computer that's the illegal part. How they got into it and what they did with it can increase the sentence, but it's the breaking-in part that's criminal.