[Mimedefang] ZDnet article on new Zombie Trick

Ben Kamen bkamen at benjammin.net
Thu Feb 3 11:44:31 EST 2005

Paul Murphy wrote:
> Ben wrote:
>>I would think ISP's would want a greylisting filter on their 
>>inbound-outbound ports...
> If the spam is coming from their legitimate customers, and is indistinguishable
> from normal mail, this will add nothing and annoy their customers, especially
> when those using Outlook Express (i.e. most of them) see what looks  like a
> server error.

Sorry - I spaced.. I keep thinking EVERYONE has a sendmail server in their 
home that retries... heheh. Oops!

> On the other hand, applying quotas on outbound mail will make a big difference,
> especially if the quota system is rate-based rather than volume-based, so for
> example sending out 1000 messages per day from a home system might be OK if they
> are at the rate of 100 per hour for 10 hours, but not OK if they are all seen in
> a single hour.

I agree there. I think the ISP's will be able to tag suspicious activity more 
easily (since their servers will be crashing) and possibly begin a wave of 
suits against spammers..

Wait.. I must be dreaming... the (big) ISP's doing something PROACTIVE!?!? 
What was I thinking.

>>I do know SBC now blocks port 25 from dynamic DSL customers. With the trojan 
>>mentioned, however, that won't matter much.
> And in any case, how long will it be before the trojan stuffs keypresses or VB
> script into Windows to start Outlook or Outlook Express in a hidden window if it
> finds it, and then plug away sending messages with the correct client settings,
> including client authentication?

That's a scary thought.

> Since any SPAM generated through this will be coming via ISP mail servers, which
> are guaranteed to try again as they are legitimate mailers rather than bulk
> sending programs, greylisting will make no difference.  The ISPs will of course
> see a massive increase in e-mail volumes, but a quota system would soon sort
> this out.

True... I should stop typing stuff like this 1st thing when I get to work. I'm 
not awake yet.


To a large extend, this is an interesting argument for those who might sue gun 
or weapon makers because the crook does the harm with the weapon. While I 
truly believe that if guns didn't exist, a crook would just find another tool 
to do the job... in this case, it's MS and their bad practices given crooks 
the tools to do the job. You can't make a gun do anything different than what 
it does... it propels little objects at high speed. Could be used for food, 
protection, robbing convenient stores..... there was a guy running around 
Denver CO whacking people with a 2x4 at bus stops and robbing them. What do we 
do next? outlaw 2x4's?? no. But in MS's case, the email client or OS could be 
made to operate the same but minus the features that are being so easily 
exploited... thus the concept of being responsible (in some part) for the 
mess. Could MS be sued to take out these functions which seem to be causing 
all this mess?? it's an interesting topic to ponder I leave open for debate.


More information about the MIMEDefang mailing list