More compliant spammers

By
EKR
on February 2, 2005 7:07 PM | Comments (4) | TrackBacks (24) |
CNET reports that spam zombies have started to send mail through ISP mail servers rather than sending it directly. Many ISPs block direct outgoing port 25 connections, so this ought to circumvent that kind of block. I'm no expert on how spammers operate but I'm actually kind of surprised to hear that zombies haven't always done this.

24 TrackBacks

Listed below are links to blogs that reference this entry: More compliant spammers.

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/122

survivor sucks from ceixnoirs.dyndns.org on July 18, 2005 10:51 AM

boys suck cock won't you come and suck my dick motherfucker boys who suck cock lue sucks she wanted to suck my dick suck my own dick suck my balls, mr. garrison suck it bitch deep throat learning to suck my own cock why frontpage sucks i let her suck m... Read More

truly amateur sex from amateur sex free on July 25, 2005 1:47 AM

college amateur sex true amateur sex amateur sex couples glasgow amateur sex videos amateur sex freeware amateur sex exhibitionist amateur sex films free amateur sex profile japanese amateur sex video married amateur sex amateur sex girls amateur sex f... Read More

filipino weddings from thailand shemales on August 25, 2005 5:56 PM

asain boys vietnamese centipede asian girl galleries asian lesbos sexy taiwanese porn taiwanese supermodels vietnamese websites japanese video sex jp18 korean hottie japan sports famous filipino americans tokyo night Read More

phentermine from phentermine on September 5, 2005 11:39 PM

phentermine A bad cause will ever be supported by bad means and bad men. Read More

free online texas holdem and fold poker from free online texas holdem and fold poker on September 6, 2005 5:28 PM

You can also check some relevant pages in the field of free poker strip online with men online poker for macintosh Read More

literature review and research question with hypothesis from types of point of view in literature on September 23, 2005 6:52 PM

literature scavenger hunt index of all persian literature georgian literature free porn literature literature indian literature childrens literature humor stories children literature english literature literature circles critique of the literature on c... Read More

naturalism in literature from my side of the mountain literature guides on September 24, 2005 5:41 PM

imagery in literature gothic literature literature units free childrens literature activities for teaching british literature review of literature society of biblical literature british literature gender roles in childrens literature analyzing literatu... Read More

literature search from 19th century literature on September 24, 2005 7:42 PM

gangster disciple nation literature math literature list mexican literature online literature great characters in literature how to write a literature review independent study masters literature on line literature units literature displays types of poi... Read More

literature during the renaissance period from literature epic on September 26, 2005 7:18 PM

great characters in literature free adult stories free erotic literature edwardian literature middle age literature writing an apa literature review erotic literature for women cardboard literature holder genres of literature faxon auto literature grah... Read More

popular diet pills from popular diet pills on October 4, 2005 4:53 AM

You are invited to visit some information dedicated to Diet Pill Online Prescription consult Read More

paypal deposit online casinos from paypal deposit online casinos on October 8, 2005 5:13 AM

You are invited to take a look at some helpful info dedicated to online casinos betting casino online betting-casinos.com Read More

forced wife bondage from Penatonlon Leindgvist on October 14, 2005 6:57 AM

More compliant spammers Read More

forex brokerage firms from forex brokerage firms on October 30, 2005 9:12 PM

You may find it interesting to check out some relevant pages about forex resources Read More

phentermine from phentermine on November 1, 2005 8:47 AM

In your free time, visit the pages dedicated to phentermine weight loss pills Read More

Kellys hardcore gallery from Incest six pics on December 29, 2005 3:22 AM

Gay prisoner sex Free gay fuck vids galleries Nun and sex Free rape india Read More

hoodia from pure hoodia on January 3, 2006 4:58 PM

TITLE: hoodia URL: http://www.free-space.at/hoodia/ IP: 203.177.50.98 BLOG NAME: pure hoodia DATE: 01/03/2006 04:58:16 PM Read More

replica watch from rolex replica watch on January 11, 2006 8:15 PM

TITLE: replica watch URL: http://replica.gratis-webspace.de/ IP: 193.61.234.16 BLOG NAME: rolex replica watch DATE: 01/11/2006 08:15:56 PM Read More

pearl necklace from pearl necklace on January 23, 2006 10:56 AM

TITLE: pearl necklace URL: http://necklace.mappibiz.com/pearl.htm IP: 213.216.196.114 BLOG NAME: pearl necklace DATE: 01/23/2006 10:56:42 AM Read More

breitling watches from breitling watches on January 26, 2006 5:31 PM

TITLE: breitling watches URL: http://www.free-hoster.cc/users/watches/breitling-watches.htm IP: 68.167.86.91 BLOG NAME: breitling watches DATE: 01/26/2006 05:31:36 PM Read More

ham radio amateur from local swingers free on March 15, 2006 11:29 PM

lesotho religion christian websites Read More

4 Comments

By Justin Mason on February 2, 2005 7:21 PM

that's spammers for you ;)

consider it -- there's no records in DNS indicating that a given IP address is the outbound-SMTP relay for another given IP. it's not as simple as looking up an MX.

A spammer doesn't have full control over the zombie -- typically they just have control of it as a proxy ("connect to this address:port", "relay this data", "close the connection").

By EKR on February 2, 2005 7:27 PM

Can't the spammers just look in the registry or whatever to see what outlook uses?

By Justin Mason on February 2, 2005 10:46 PM

They aren't doing it yet -- but the Swen virus did, IIRC, and I'm expecting it to start happening with compromised machines soon...

It'll take a new version of the trojan/proxy software that the worms are installing; and getting that written and deployed across enough machines takes a lot of work, as far as I can tell. I've heard no signs of it showing up yet.

By Florian Weimer on February 3, 2005 6:47 AM

Actually, this is a good thing, but I doubt that much spam will be sent this way. When spam sent by your customers is clogging their mail servers, it's much harder for the ISPs to look the other way.

Most ISPs have deployed the technology that enables them to detect outgoing direct-to-MX spam these days, but they deliberately choose not to act upon this data because they would lose too much money.

Leave a comment