Infected Windows PCs Now Source Of 80% Of Spam 778
twitter writes "The Register is reporting a study by Sandvine.com that blames Microsoft Zombies for 80% of all spam. The study goes on to claim that 90% filtering is not effective given the unprecedented volume and that sophisticated trojans are able to drop spam directly on end user's computers despite current efforts. Just another cost of supporting Microsoft, I suppose."
Re:Symptom of the (near) mono-culture (Score:2, Informative)
Fight Zombies with DShield (Score:1, Informative)
(Plus, the dshield mailing list is right now talking about using all that data to setup a DNS blacklist).
Re:An Idea (Score:4, Informative)
Filter SMTP based on OS type (Score:2, Informative)
Imagine if ISPs all started implementing this. This could make a huge difference to the amount of virus/worm generated spam.
Re:Is this suprising? (Score:3, Informative)
Fortunately, this will not help, because most (bigger) ISPs have separate servers for incoming and outgoing mail, and there are no DNS entries for outgoing mail!
Re:Once again, I'll have to disagree with this. (Score:4, Informative)
> viruses that Windows95 was?
Hate to say it, but it's because Windows XP-generation and its apps still have the same objective as Windows 95 and its apps did.
Functionality first, security second, internet be damned
Win95 was a pre-internet age OS. yes, the internet was around, but the vast majority of machines with 95 installed were not connected, or were connected on crappy slow modems at best. Windows XP's ethos has simply failed to keep up with the progress in internet connectivity.
Now, some users have kept up - I could run a 95 machine as securely as an XP machine right now, but the market has grown out of proportion to the average computing knowledge of the market, partly as a result of the simplicity and availability of windows. Unfortunately, the default configuration, until Windows Server 2003, has not had internet security in mind.
A non-net connected, or well firewalled, XP machine is pretty safe, just as a 95 machine is.
Resist to use heavy firepower! (Score:2, Informative)
My current (modified) strategy is: Only greylist IPs which are
This keeps the number of false-positives low and is really effective, as only suspicious hosts (dialup, dnsbled) are checked.
I am very satisfied by the results. The number of mails in the deferred queue dropped from ~15k to ~600, the system-load dropped from 2 to 0.5 despite the additional checking and database-lookups done. My system sends ~ 3-5 mails/second and rejects/deferrs 10-15 mails/second.
Greylisting implementations for your favourite MTA [puremagic.com] are allready available. You only have to use them.
Re:Once again, I'll have to disagree with this. (Score:4, Informative)
Going from a non-networked, single-user OS to the hyperconnected Internet client that Win 95 was supposed to be in just a few months must have been difficult... Probably not a lot of time for all those paradigms to be re-thought...
Re:Unprecedented rates of infection (Score:3, Informative)
I'm seeing nothing but and I'm making damned fine cash on the side taking care of friends and strangers alike who come to me with their computer problems. Install Adaware, Spybot S&D, Spywareblaster, Mozilla, ClamWinAV, OpenOffice, set the home page in IE to http://windowsupdate.microsoft.com (as it's the only relatively safe website accessible by Internet Exploder, and move the user's email to Mozilla mail. If it weren't for Active-Exploit scripting, we wouldn't have these problems.
Re:SPAM Masquerading as Me? (Score:3, Informative)
Re:Not really (Score:1, Informative)
Sure you can. Go check Microsoft's web page and download the "network" install copy of the service pack. It'll be well over 100 megs and contains everything you need to install a service pack without internet access.
Re:On behalf of all responsible MS admins.... (Score:1, Informative)
Politically IT here is just a sub-group of one of the bigger groups, not one of the major players. This 3000 employee organization does some of the most 'interesting' stuff as a result of this setup that I've ever seen.
Ironically other, far more draconian, efforts at stamping out viruses, spam, and whatnot get support from on high
Re:Yes and (Score:3, Informative)
Re:An Idea (Score:2, Informative)
OR
2) Route your email through your ISP's mail server
One of my customers had this problem. We went through the steps on aol's postmaster.info site. They can now send email to AOL.
Another customer of mine had this problem, we ended up having to forward their mail through their ISP's mail server.
I don't see the problem.
Re:Is this suprising? (Score:2, Informative)
Alternatives to mailing huge files (Score:3, Informative)
It isn't THAT hard to avoid spam/adware etc. (Score:3, Informative)
For example back at home my dad and sister both have their own computers. Both of these computers are constantly just clogged with so much ad/spyware that they are a chore to use. After formatting them both and reinstalling Windows XP I decided to install Firefox for them to use as their browser. It's been several months since then and both computers are FAIRLY free of all malware. There is still some but it is a major improvement.
Anybody on a Windows machine plagued with stuff needs to drop Internet Explorer unless they can manage to avoid going to sites that are notorious for infecting your computer with stuff.
Yes, spam is up, but filtering actually does work. (Score:3, Informative)
Of course, that doesn't do anything about all the bandwidth and server resources that are wasted handling all of that spam.
TMDA (Score:3, Informative)
Of course, TMDA is probably not what you want to use for a business, but for personal use it is great!
Did you read the story? (Score:4, Informative)
As an ISP our biggest OS problem is Linux. Proportionally it causes far more problems than Microsoft. Why? Because Linux users sit around saying "poor MS user" and don't even know they've been hacked. And the majority have been hacked. If you say "Oh, that can't be" then you've just joined the crowd
Use Postfix 2.1 and header_checks (Score:1, Informative)
See This Postfix HOWTO [postfix.org] for more info.
Re:Unprecedented rates of infection (Score:3, Informative)
Except I no longer use 192.168.*.* since that seems to be built in to every virus on the planet.
I believe this! (Score:1, Informative)
My stats are slightly different (Score:3, Informative)
Based on my own statistics, which I've begun compiling over the last year, the source of spam and amount has remained fairly consistent. In terms of the number of spam messages, the lion's share of spam continues to originate from APNIC address space (China, Korea, Etc.) -- now whether or not these systems are zombies, I don't know but I am more inclined to believe that they're not. There are spammers who have made arrangements with some ISPs overseas who seem to be able to rotate their source IP in a very large chunk of address space.
I see at least 40% of spam coming from APNIC blocks and other assorted International spam havens. The second largest chunk of spam sources seem to be: Southwest Bell, TDE, SBC and others -- these likely include a combination of zombie PCs and ISP deals.
Now I'd buy the 80% figure IF you cut out the Chinese and Korean sources, and maybe most ISPs these days are now blocking big chunks of class B space in lieu of the signal-to-noise ratio they're generating. Then it makes sense, but this "study" is no "study" - it's more like a press release without any substance.
It doesn't take a rocket scientist to recognize that zombie PCs are becoming more of a force in the spam industry. And why is that? It's because ISPs are starting to blacklist IP space -- it has NOTHING to do with content-based filtering (which I keep saying is a waste of time). So yea, we can expect more DUL PCs to be compromised, but based on my analysis of my own logs, there has not been the radical shift in spam sources that the article implies.
Re:That does it! (Score:1, Informative)
I use Sneakemail [sneakemail.com]. I keep my real e-mail secret and make up "fake" addresses to give out. If I start getting spam, I know where it comes from and I can delete that address and re-issue a new one.
Irony, thy name is Overly Critical Guy (Score:1, Informative)
Re:You don't have to open anythign to get a virus (Score:2, Informative)