Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Spam Operating Systems Software The Internet Windows Your Rights Online

Infected Windows PCs Now Source Of 80% Of Spam 778

twitter writes "The Register is reporting a study by that blames Microsoft Zombies for 80% of all spam. The study goes on to claim that 90% filtering is not effective given the unprecedented volume and that sophisticated trojans are able to drop spam directly on end user's computers despite current efforts. Just another cost of supporting Microsoft, I suppose."
This discussion has been archived. No new comments can be posted.

Infected Windows PCs Now Source Of 80% Of Spam

Comments Filter:
  • by ChadAmberg ( 460099 ) on Tuesday June 08, 2004 @07:42AM (#9364193) Homepage
    OK, I'm turning SpamAssassin down to .01 points and letting it all get rejected. I just give up!!!
    • by autolycos ( 720587 ) on Tuesday June 08, 2004 @07:47AM (#9364226)
      No, just wait til the newest version of Windows, Microsoft Fence Knotholes. Really, that'll stop spam.......
      • "Just another cost of supporting Microsoft, I suppose."

        Uh, no--how do trojan attachments and viruses that moron users open have anything at all to do with Microsoft?

        I forgot, we needed an article that specifically made sure to say "Windows PCs" in the headline as though it being Windows has anything to do with it. If everyone used Macs today, it would be Macs, and if everyone used Linux, it would be Linux boxes. Uninformed users are uninformed users, and short of Microsoft showing up at your house and
        • by Psymunn ( 778581 ) on Tuesday June 08, 2004 @01:03PM (#9367712)
          Well, that's the beauty of Windows. You don't even have to be a idiot user no more. You see, an unpatched copy of XP and a high speed internet connection can get you a backdoor trojan faster then dropping the soap down at the local penitentary.
          You see, unpatched windows has exploits and all the script kiddies with porn sites know this. The most common viruses now scan computers on an IP range, find a computer prone to an exploit, and open up shop on your computer.
          'What you say!' They could do that just as easily on Linux or a mac. Not quite true. OS X and Linux are both based on Unix which is considerably more stable and secure then windows (for oen thing they handle file premissions a lot better and more securly). Most importantly though, primarily where linux is concerned, there are constantly people updating and improving the linux kernel. These are often the same kinds of people who would take advantages of exploits back in high school and are now turning their knack for finding system weaknesses towards a constructive goal. Open source finds bugs faster (or so time seems to be telling us)
          Last and not least, yes most people use Windows. Therefore most viruses are constructed for Windows and most computer illiterate users (many of whom don't even know what spyware or the like is) use it too. So there is saftey in obscurity.
          But i beleive enough of the blame can be pinned on what a mess security in windows is and someone pointing that out isn't just a tinfoil hat wearing commie shouting witch at the Big Guy.
          'Course in longhorn security is giong to be better. And everything is going to be fully integrated. Some how those two have never gone hand in hand. Only time will tell. But for now I prefer the Unix ideom of 'do one thing, do it well.'
          (It also reaks less of monopoly then do everything and do it noticably)
        • If everyone used Macs today, it would be Macs, and if everyone used Linux, it would be Linux boxes.

          This is a widespread misconception, akin to saying that if everyone drove Volvos, just as many people would die in traffic accidents as they do now. Millions of Americans have purchased large SUVs that tend to roll over [] three times more frequently than other automobiles. Volvos, on the other hand, are built with safety [] as a primary goal.

          By the same token, would you expect an OpenBSD server to have the same level of default security protection as a Windows 2000 server? OpenBSD is built with the primary intention of being the world's most secure OS []. Nowhere on the Windows 2000 product page do we see anything at all [] relating to security.

          You can't assign positive characteristics to an OS on one hand (Windows XP doesn't crash as often as Windows 98) and then dismiss negative comparisons (Windows is less secure by default than Mac OS X or Linux).

          Blame users all you want, but there are millions of uninformed Mac users out there. Believe it or not, in spite of their uninformed nature, they don't have to deal with anything like the litany of security and stability issues that confront Windows users.

          It's hard to believe when you've been struggling with Windows for years and have grown accustomed to it, but while Linux and Macintosh aren't immune to security problems, the trojan horses and viruses that plague Windows users are a direct result of Microsoft's development philosophy, which emphasizes market dominance over quality.

        • by sjames ( 1099 ) on Tuesday June 08, 2004 @09:09PM (#9372846) Homepage Journal

          Uninformed users are uninformed users, and short of Microsoft showing up at your house and forcing you at gunpoint not to open attachments or enable viruses, what do you expect them to do?

          MS has spent a great deal of time and money making sure everyone believes that they don't have to be informed to use Windows. Apparently they were wrong.

          I racall around the time MS decided to implement macros in various documents including email, MANY people stated in no uncertain terms that making email and Word documents executable was one of the dumber ideas they had ever heard.

          MS could have asked itself why so much of the industry thought they'd lost their minds, but instead, they decided they were infallible and we were all too stupid to understand their brilliance.

          Had they reconsidered way back then, the world could have been saved many billions of dollars in lost productivity. And they wouldn't have had to hold a gun to anyone's head to do it.

          Instead they plowed ahead with their half-baked idea, and it has had exactly the result predicted by nearly everyone but MS.

          I'm not saying the doubters are always right, but when they can name specific objections (documents often come from untrusted people) it is a good idea to consider carefully.

  • Obligatory (Score:3, Insightful)

    by Mz6 ( 741941 ) * on Tuesday June 08, 2004 @07:44AM (#9364204) Journal
    Was this really actually a surprise to anyone or was this just confirming the obvious?
  • Yes and (Score:4, Funny)

    by Anonymous Coward on Tuesday June 08, 2004 @07:45AM (#9364212)
    90% of all statistics are invented. Especially when they bash Microsoft, but certainly not any ones that indicate anything good about Microsoft.
    • Re:Yes and (Score:3, Informative)

      by etymxris ( 121288 )
      Is it really so hard to believe that spammers would prefer hiding behind infected machines? There certainly isn't a lack of infected machines to use. Just look at shady sites like this [] if you need some convincing.
  • by foidulus ( 743482 ) * on Tuesday June 08, 2004 @07:46AM (#9364215)
    in filter research, maybe we should be spending it on educating users in basic protections....or converting the unwashed masses. I like the 2nd one better :P
    Please note the sarcasm in the "unwashed masses" comment before modding me as a troll :P
  • by FedeTXF ( 456407 ) on Tuesday June 08, 2004 @07:46AM (#9364220)
    If computers are going to be a tool used by anybody, I think along with securing OS's real user education must be encouraged.
    Today you have to have a license to drive so why not learn how to play safe if your PC is connected to a public network.
  • by larien ( 5608 ) on Tuesday June 08, 2004 @07:48AM (#9364232) Homepage Journal
    The fact that Windows is everywhere is why it's such a tempting target; a hit rate of 1% on virus infection of Windows PCs is a good number, so it's worth going after. If linux had a good market share, it would be running the spam zombies.

    Yes, linux can be more secure than Windows, but the fact is that over 90% of these zombie PCs could have prevented infection by simply having (a) their firewalls enabled and/or (b) having intelligent users. By default, most linux distros don't come with firewalls enabled either (at least, the last time I checked; I think it's becoming more common for firewalling to be enabled though, as with XP SP2) and as for (b), well, we'll always have stupid users.

    • by bwalling ( 195998 ) on Tuesday June 08, 2004 @08:01AM (#9364324) Homepage
      the fact is that over 90% of these zombie PCs could have prevented infection by simply having (a) their firewalls enabled and/or (b) having intelligent users

      It's more than that. Why do you need a firewall? Because your computer is sitting there listening for a bunch of crap that it doesn't need to be listening for. Install Windows XP, and then run Microsoft's Baseline Security Analyzer []. It will tell you that you are about to be fried. Why is that? Why should the user have to be constantly vigilant against threats?

      I've yet to see what XP SP2 does, and hopefully it does more than just turn on a firewall. Hopefully, it starts to take things more seriously. Hopefully, Linux starts to as well. It's nice than it can be made to be secure, but it's not exactly simple to do so.

      Quit blaming the users for the shortcomings of the developers. You're putting the burden in the wrong place.
      • by larien ( 5608 ) on Tuesday June 08, 2004 @08:46AM (#9364655) Homepage Journal
        The users often are the problem; give a user 10 steps to perform to possibly view some naughty pictures of a celebrity and chances are, a significant proportion of them will do so and infect their computer in the process. Heck, some of them would probably run it as root/admin if you asked them to...
      • by Heisenbug ( 122836 ) on Tuesday June 08, 2004 @09:49AM (#9365248)
        From the MBSA site:

        "MBSA Version 1.2 includes a graphical and command line interface that can perform local or remote scans of Windows systems."

        So Microsoft releases a GUI tool to remotely scan Windows installations for security vulnerabilities, and yet it includes virtually *no way* to automatically exploit those vulnerabilities to provide a remote login?

        Typical of them to rush an inferior product out the door and rely on marketing muscle to sell it over superior third party alternatives.
    • by syphax ( 189065 ) on Tuesday June 08, 2004 @08:01AM (#9364327) Journal
      the fact is that over 90% of these zombie PCs could have prevented infection by simply having (a) their firewalls enabled and/or (b) having intelligent users

      Can we change (b) to 'informed' users? It is possible to be intelligent about non-computer matters and still be running a zombie. It's about ignorance, not (necessarily) stupidity.

      I continue to skeptical of the apparently widely held opinion on this site that (knowledge about computers/programming/security/[insert specific topic here]) == intelligence.
    • by ycochard ( 547371 ) on Tuesday June 08, 2004 @08:51AM (#9364699) Homepage
      The fact that Windows is everywhere is why it's such a tempting target; a hit rate of 1% on virus infection of Windows PCs is a good number, so it's worth going after. If linux had a good market share, it would be running the spam zombies.

      No. This is not true, and a counter-example is enough to invalidate this very common theory. Actually, I have 2 here, but other /. readers may have more :
      1. Web servers : Apache has twice the market share of microsoft IIS. but is far less taken as target.
      2. Databases : microsoft SQL server has only around 16% of market share, less than Oracle, db2 and probably MySQL, but it is the most common target.

      Targets are first chosen regarding the facility to compromise them. Popularity will come as a second point to consider. Of course this is true when the potentitial of targets is high enough, which is the case in my examples.

  • by MajorG17 ( 676534 ) <> on Tuesday June 08, 2004 @07:49AM (#9364234) Homepage
    Which translates into Geekish as "PC's Infected with Windows."
  • training (Score:5, Interesting)

    by millahtime ( 710421 ) on Tuesday June 08, 2004 @07:51AM (#9364257) Homepage Journal
    Schools need to start teaching security. Just the idea and what you do. Kids will go home and teach thier parents. And slowly more people will become educated. How else can you educate the masses?
  • by Eggplant62 ( 120514 ) on Tuesday June 08, 2004 @08:02AM (#9364335)
    Weather today will be periods of widespread brightness, followed later this evening by periods of widespread darkness. Also, Bill Gates is still in the list of top 10 richest people in the universe.
  • by div_2n ( 525075 ) on Tuesday June 08, 2004 @08:03AM (#9364340)
    I can't speak for all geeks out there (we are usually on the front line), but I have seen so many computers running Windows XP out there just getting raped by adware/spyware/worms/trojans lately. One of the primary culprits? Internet Explorer.

    The reason I believe it is Internet Explorer is that I have seen a machine that is behind 2 different firewalls (one of which is a very well configured PIX) get molested. It wasn't used for e-mail, no P2P programs for downloading and nothing else was used except the browser. I am SURE some people were browsing dodgy websites on that machine. So far, it is the only PC on that IP segment that has been infected so it wasn't from another machine.

    Anyone else see this out there?
    • The reason I believe it is Internet Explorer is that I have seen a machine that is behind 2 different firewalls (one of which is a very well configured PIX) get molested. It wasn't used for e-mail, no P2P programs for downloading and nothing else was used except the browser. I am SURE some people were browsing dodgy websites on that machine. So far, it is the only PC on that IP segment that has been infected so it wasn't from another machine.

      I'm seeing nothing but and I'm making damned fine cash on the

    • by throwaway18 ( 521472 ) on Tuesday June 08, 2004 @08:55AM (#9364725) Journal
      Anyone else see this out there?

      Yes, the majority of inexpert computer owners I'v run into for the last few months have been wondering why their machines are running slow, showing lots of pop-ups and dialing premium rate or international numbers on their own. Small companys as well as home users.

      I'v given up trying to educate people. They won't switch from IE and outlook. I don't want to get into a discussion about who used the
      family computer to look at a porn site. They lack the basic understanding of what the computer is doing required to make a decision when personal firewall software asks if a connection should be allowed.

    • by thogard ( 43403 ) on Tuesday June 08, 2004 @09:02AM (#9364788) Homepage
      I had a NT4 box get owned from inside our test network. It appears that a users home box got owned and when he VPNed internal machine, a virus rode along for the ride and then started scanning iternal machines and found the NT sitting duck on the test network. The NT box then procedded to try to open some odd connections so I let it. It then downloaded something that would open up a smart proxy and then it tried to send out something in the order of a billion messages which my free bsd firewall/cluestick box accepted and most of them were addressed to AOL.

      So what we have here is someone writing a virus that can get into a recent windows box that then looks for remote control connections and knows how to exploit them. Then it installs a different program that can scan and install a spam proxy on machines that can access the net and only machines that have net access.

      That was about a year ago. MS came out with the pach many months after the box had been owned. After that, I've got a new rule, no pc can talk to anything else except the samba server by defautl. No PC has any access to the net except through squid. I don't set up default gateways now either. Default PC installs can't even ping anything but the samba/squid box. Too bad SAP Business one is forcing me to break some of this for some clients. Maybe they will port it to solaris like they said they would.

      Oh, our new dev machines are made by apple.
  • by Effugas ( 2378 ) on Tuesday June 08, 2004 @08:12AM (#9364398) Homepage
    Step Two: Follow the money.
    Step Three: Follow the money.
    Step Four: Take a wild guess.

    I'm just going to keep on saying this, year after year, as it becomes more and more clear that those engaging in spam are operating outrageously criminal enterprises: If you want to stop spam, FOLLOW THE MONEY.

    Find some Viagra spam. Buy some Viagra. Trace the shipment to you, trace the cash transfer from you, arrest. It's not that hard. It's just not very geeky. People, there's no magic technical solution to this -- there's increasingly illegal stunts being pulled, and the only people out there with the IP-layer mechanisms for tracing the attackers really can't afford to release that data as it would compromise rather more important investigations. But -- we've got a very mature infrastructure for tracing financial and mail fraud. We just need the political will to use it against Spam.

    It's just not that hard.

    • by Michael Hunt ( 585391 ) on Tuesday June 08, 2004 @09:13AM (#9364893) Homepage
      Speaking from experience, I can tell you that it's not as easy as it seems...

      Various jurisdiction's spam laws vary, but at least in .au where I'm located, the Spam Act 2003 only provides for civil penalty provisions against the spammers (in essence, the .au government will sue you for violating the spam act in civil court.)

      Even though the evidential burden in a civil case is much less (balance of probabilities/preponderance of the evidence) than in a criminal case (beyond reasonable doubt,) it still proves difficult to tie a spam purporting to advertise, for example, penis pills, to a purveyor of penis pills.

      Penis pill guy sends his spam through a few thousand of 'fresh proxies' (spam guy terminology for freshly rooted or virused machines garnered from crackers or vx people), penis spam ends up in inbox with penis pill guy's contact details.

      So far so good, but there's no causal link between A and B of any forensic value whatsofuckingever. Correlation is not causation.

      I'd be more inclined to see a system which plugs into the MTA somewhere between RCPT TO and DATA, which performs a basic open proxy scan on the originating MTA (similar to what many EFnet servers are doing ATM,) and if the originating MTA fails the test, mail is refused (preferably with a '550 5.1.1 no such user' error as this may help get you off certain lists) and the originating IP is added to some form of distributed blacklist for X hours (i'd suggest 48... long enough to allow ample time for the machine's owner to find out that they have a virus or spam problem and fix it, not really long enough to cause a major problem.)

      I'm actually working on building such a system at the moment... Details will be posted to my website when I have some half decent code that runs (instead of making postfix' smtpd dump core.)
  • by Atrax ( 249401 ) on Tuesday June 08, 2004 @08:12AM (#9364400) Homepage Journal
    ... I apologise for the percentage of MS users who are beyond help, and for the admins who allow them to be so.

    We keep our corporate networks nice and clean, we stomp on infections fast, we try to educate our users, we run filters and firewalls, we put in place policies and we try our damndest to prevent this stuff.

    But if those users go home to an infected PC, then we've failed. failed badly. We don't get paid to keep home machines clean, but how much harder would it be to really educate our users? really?

    What can we do? Well, we can impress on our users, as I'm trying to do, that thay can suffer real, genuine harm if they don't practice safe computing.

    I have this idea. A user doesn't give a crap if they're not harmed directly by a virus. OK, they have a spamming trojan on their machine, do they notice? no, they don't.

    So I make sure I tell my users that there are viruses out there which can log their keystrokes and, by inference, steal their credit card number or online banking details or any other personal information.

    That makes them wake up. Once there's a chance they might be directly affected in ways other than a slightly slowed down machine, then they start to take notice.

    I'd urge every other techie on a windows network to inform your users in the same way. make sure they know that viruses aren't just something that affects other people. then they'll wake up, and everyone else will be better off. really.

  • Sounds low to me (Score:5, Interesting)

    by alhaz ( 11039 ) on Tuesday June 08, 2004 @08:17AM (#9364434) Homepage
    For the next two weeks until i start a non-crappy job at a linux based company, I still work graveyards at one of the larger aggregate dialup resellers in the US (no, my email address, whois records, etc, are not indicative) and this means i mainly handle abuse complaints.

    We get the occasional hit & run spammer who signs up for one of the $9.95/mo services with a prepaid credit card (so we can't effectively fine them) and then spams the heck out of the connection until we cut them off, but 99% of spammer complaints (that aren't due to spamcop being fooled by well crafted headers from brazil, or confused by unpublished relay hosts in our spam filtering cluster) are traced to users who have been with us for some time, who have never given us any trouble, and who have called customer service frequently for fairly basic help with simple internet setup tasks -- usually an account shared by a family with several children, or used by an old lady who just wants to look at pictures of the grandkids on the intarweb gadget. Pretty unlikely spammers.

    The accounting department doesn't like it, would prefer to shoot first with a $100 fine and let customers beg for forgiveness later, but i argue constantly that we should give them at least one chance to disinfect their computer. We go ahead and fine 'em if they don't fix their issue within a few days, though, and then accounting makes them prove they are disinfected before giving them their money back.

    It's poor customer service, ultimately, but wtf is an isp to do? If we just pestered them with email they'd assume we didn't really mean it, and would never fix their systems.
  • by Serious Simon ( 701084 ) on Tuesday June 08, 2004 @08:19AM (#9364449)
    Since this study was published, whenever I receive spam that (according to the Received: headers) appears to have been sent via a broadband IP address, I refer to it in my spam complaints to ISP's. I also suggest closing outgoing port 25 per default, and only opening it for customers who explicitly indicate wanting to run a mail server.
    I keep a text file with this message for easy pasting into the spam complaint.
  • by pandrijeczko ( 588093 ) on Tuesday June 08, 2004 @08:26AM (#9364496)
    It's easy to bash Microsoft about insecurities and bugs and, yes, MS do have a lot to answer for when it comes to security holes in Windows.

    But the fact is that it's the *majority* of Windows users, without a clue about the mechanics of their PCs and the Internet that create the problems for those of us who take the time to understand how IP networks & OSes work - whether that's Windows, Linux, UNIX, OS X, etc. etc.

    Now is the time for ISPs to start coming down hard on their subscribers and not handing out Internet access to people until they have proven a degree of computer proficiency first - even to have to present a "License to use a computer on the public Intenet". I'm sure ISPs could make some money out of providing training for those licenses also.

    I am tired of hearing the same old Windows v Linux arguments - they're *irrelevant* in this case, it's just about the people who don't know what they're doing (yes, 99.9% of them do use Windows) making it bad for those of that do know what we are doing.

    The only defence Linux has is that Joe Bloke users who just want to play games and check email have no reason to not use the OS that came with their PC, namely Windows. Those of us that do use Linux do so out of choice and have gone through a high learning curve while using it - therefore, the average Linux user probably knows a lot more about how OSes & networks function than the average Windows user.

  • by JollyFinn ( 267972 ) on Tuesday June 08, 2004 @08:27AM (#9364499)
    Now that we know top spammers / email marketing firms....
    How long would it take for geek population to find the PHYSICAL sites where they are located. And no we wouldn't be interested proofing that they send THE spam we recieved, only fact that they send spam lots of it. Now get AK47 in large quantities, and some explosives and timing based detonators. If 50 or more email marketing sites are attacked at same time all-around the world. With those offices destroyed, and top spammers sleeping with the fishes, how many would think that the email marketing is easy and safe money making business. The punishment maybe on a hard side compared to the crime, but it would simply eliminate Spammers.
  • That is a study? (Score:4, Insightful)

    by Monoman ( 8745 ) on Tuesday June 08, 2004 @08:54AM (#9364723) Homepage
    Did I miss the actual study with actual data? I only saw the one page executive report.

    Pretty flimsy but probably true.

  • ...if Windows users would start using Firefox or something with some real protection on it.

    For example back at home my dad and sister both have their own computers. Both of these computers are constantly just clogged with so much ad/spyware that they are a chore to use. After formatting them both and reinstalling Windows XP I decided to install Firefox for them to use as their browser. It's been several months since then and both computers are FAIRLY free of all malware. There is still some but it is a major improvement.

    Anybody on a Windows machine plagued with stuff needs to drop Internet Explorer unless they can manage to avoid going to sites that are notorious for infecting your computer with stuff.
  • by Trolling4Dollars ( 627073 ) on Tuesday June 08, 2004 @09:48AM (#9365233) Journal
    Where I work, we've been using a Barracuda Networks Spam Firewall. Just out of the box it worked pretty well, but I've been very busy with other projects and never bothered to train it. So... within the past two or three months, more spam has been slipping through. Last week, I finally got a small break from the other projects and decided to spend the week training the system. The first thing I learned was that you want to have at least twice the number of messages marked "not spam" as you do the messages marked "spam". Right about now, I have 3000 marked as "not spam" and about 1400 marked as "spam". The change in the amount of messages being blocked increased dramatically after just a few days of training the system. The system provides a graph displaying the number of messages allowed, blocked, tagged (as possible bulkmail), infected, containing an invalid recipient, or just a high rate of messages from one host. Just looking at the blocked portion of the graph, it appears that training the unit has given me almost a multiple of ten times the number of messages blocked. Add to that, the fact that it appears to be very accurate, and I am one happy camper.

    With all of that said, I will also say that from what I've seen of the Barracuda, it's probably about 80% customized Linux and other OSS projects and 20% proprietary code. So, I think you can probably achieve this level of accuracy in your own custom built system using Linux and OSS. The main reason we went with the Barracuda is that I've just been too busy to research building our own custom solution. But... if you have the time, inclination and knowledge, it shouldn't be too hard.

    The greatest benefit of bayesian filtering combined with whitelists, RBLs and antivirus (as in the Barracuda) at the network level is that you don't have to worry much about your user's PCs. That, and forcing them to use a web based client make for a pretty decent mail environment.
  • by Cytotoxic ( 245301 ) on Tuesday June 08, 2004 @09:53AM (#9365282)
    I can offer confirming evidence of the unprecedented volume of spam. Last summer my spam had reached levels of 6,000 per month. During the fall and winter the spam activity dropped by over 50%, but the respite ended about 60 days ago. I am currently looking at just shy of 9,000 spam messages per month in my inbox. Yikes! Fortunately, I have spambayes... so I only have to touch 5-10 messages in my "possible spam" folder each day. It's not as onerous as it sounds, since I only see about 1 non-spam per week in my possible spam folder, so it only takes a couple of seconds to look for something I recognize and nuke the rest.

    Of course, that doesn't do anything about all the bandwidth and server resources that are wasted handling all of that spam.
  • TMDA (Score:3, Informative)

    by TheSync ( 5291 ) on Tuesday June 08, 2004 @09:56AM (#9365302) Journal
    For personal use, I am still a big fan of Tagged Message Delivery Agent [] which I use mainly for its challenge-response and auto-whitelisting functionality. I don't get any spam, and this on an email address that has been on a popular public website for years.

    Of course, TMDA is probably not what you want to use for a business, but for personal use it is great!
  • by tonyray ( 215820 ) on Tuesday June 08, 2004 @10:28AM (#9365705)
    Two points: (1) the story never mentions Microsoft and (2) it says filters are 90% effective, not ineffective.

    As an ISP our biggest OS problem is Linux. Proportionally it causes far more problems than Microsoft. Why? Because Linux users sit around saying "poor MS user" and don't even know they've been hacked. And the majority have been hacked. If you say "Oh, that can't be" then you've just joined the crowd :P
  • by Animats ( 122034 ) on Tuesday June 08, 2004 @01:01PM (#9367687) Homepage
    There are law firms [] that handle class actions for negligence. That firm has already won against Microsoft in another case. They're currently sueing AOL, AT&T, Nextel, and Lucent over various consumer-related claims. So they clearly handle cases like this.

    So if you're a victim of Microsoft's negligence in making systems that can easily be converted to attack zombies, click here [] to contact that law firm. The most effective victims would be those who run Linux, because they're not subject to Microsoft's EULA. For them, it's a pure negligence issue. A Linux-based ISP or hosting service would be the poster child for such an action. They're being hammered on, they didn't sign any Microsoft EULA, and they're clearly suffering sizable damages due to Microsoft's negligence.

    It's time for this to become a major legal issue.

  • Take them now (Score:4, Insightful)

    by detritus. ( 46421 ) * on Tuesday June 08, 2004 @01:48PM (#9368232)
    If 80% of all spam is coming from HACKED PC's, there clearly is criminal hacking charges on a federal and/or international level that could be brought against these guys, at some degree, conspiracy to say the least. I'm pessimistic of the DOJ's "promise" to bring the "top 50" spammers to justice this year. Why isn't that alone fueling the relentless takedowns of these guys while they pursue 15 year old virus writers that don't do much beyond pranks? Just because these zombied pc's are probably 99% home computers and not business computers where dollar amounts of damages can be easily calculated. It seems that's always the playing factor in how much the FBI "cares" about computer crimes.

Each new user of a new system uncovers a new class of bugs. -- Kernighan