Spamming Trojan "Proxy Guzu"
squiggleslash writes "El Reg has the scoop on a trojan that actually turns your machine into a spam sending proxy. Called "Proxy Guzu", the proxy arrives in your mailbox in the usual "Outlook virus" way (ie disguised as something else so you'll run it.) It then sends an email to a Hotmail email account reporting the IP address of the infected machine and port it's running on. The spammer then merely transmits spam to the infected machine which in turn forwards it on. There's a bright side to all this: Spammers are doing this because they're desperate, with fewer and fewer spam friendly havens. And what they're doing is illegal and opens them up for prosecution."
Hotmail disables said account. Case closed...?
Are there any AV vendors out there with fixes for this yet? I didn't see any in the article.
Moderation Total: -1 Troll, +3 Goat
Great. First we have the trojan that downloads kiddie porn (has anyone else ever heard of this one?) and now this.
Let's face it: SMTP is broken and it needs to be fixed. There has to be some way of authenticating senders and attachments to messages?
I'm not talking about some of the (innovative) kludges that people have come up with for SMTP, I'm talking about a bare-metal rebuild of the entire system. Sure it will be a pain, but when you move to a new place, you have to give your friends the new phone number and address -- giving a new e-mail address (on the new e-mail system) won't be all that bad will it?
If you are running a network, it behooves you to filter outgoing port 25.
Why? So that I can't test to see if the spam I received came from an open relay? So that I am forced to answer confidential e-mail from client A through client Y's SMTP server when I am at client's Y's site?
I agree that port 25 should be, by default, locked down on residential dial-up accounts (which spammers use as throwaway accounts), but don't lock it down everywhere. It breaks too many things.
Only allow initial mail submission by authorized and authenticated clients, and only allow such subissions on a port other than 25.
At the HELO/EHLO, an SMTP server doesn't know if the mail coming into it is "an initial mail submission" or just a message destined for an address served by that user.
If you set up an SMTP server on a non-standard port, then no one's mail gets there. AOL is not going to talk to your server on port 20025.
What happens when lots of mail servers are available on non-standard ports? Suddenly your port 25 block does not work any longer. Then the spammers will look for open relays on non-standard ports. You know that there will be a lot of them because there will be the "security through obscurity" crowd who believes that, because their SMTP server is running on port 31172, they can safely leave it open.
You're headed in the right direction, but leave port 25 alone. My SMTP server is configured to require identification and authentication to send e-mail outside of my domain. All mail servers should be configured that way. This crap of allowing anyone to send e-mail without a username and password is ridiculous.
Every Spam is selling something. Someone is paying to have it sent out. Don't trace the spammers. Hit the advertisers. Subpoena for who they are paying to send out the stuff, and then go after them criminally.
The people that actually have their capitol tied up in penis and breast enlargers, sure as heck don't want it seized.
No. The antispam crowd believes that it boils down to consent. It is fine for companies to send me newsletters... only if I have given them the permission to do so. If I have not given them permission, then it's UCE.
There is a difference between CE and UCE, and only the latter is bad.
Don't mix Stallman's ideas about commercial interests with the antispam crowd. None of us are as rabid as he is.
--etrnl
Why don't you have your attorney sue the proprietors of the 'extreme rape' sites, as well as parties unknown who act as their mass-mailing advertisers?
Then, you can force the site admins to turn over their records during discovery, find out who exactly the spammers are, and go after them directly as well.
ABW
All employees must wash hands before seeking equitable relief.