Infected Windows PCs Now Source Of 80% Of Spam

twitter writes "The Register is reporting a study by Sandvine.com that blames Microsoft Zombies for 80% of all spam. The study goes on to claim that 90% filtering is not effective given the unprecedented volume and that sophisticated trojans are able to drop spam directly on end user's computers despite current efforts. Just another cost of supporting Microsoft, I suppose."

Unprecedented rates of infection

[div_2n]

I can't speak for all geeks out there (we are usually on the front line), but I have seen so many computers running Windows XP out there just getting raped by adware/spyware/worms/trojans lately. One of the primary culprits? Internet Explorer.

The reason I believe it is Internet Explorer is that I have seen a machine that is behind 2 different firewalls (one of which is a very well configured PIX) get molested. It wasn't used for e-mail, no P2P programs for downloading and nothing else was used except the browser. I am SURE some people were browsing dodgy websites on that machine. So far, it is the only PC on that IP segment that has been infected so it wasn't from another machine.

Anyone else see this out there?

Re:An Idea

[BiggerIsBetter]

Seems like a good idea at first look, but it's not. Here's why: lots of small businesses run their systems on static IPs which ISPs allocate within their dynamic residential netblocks. Without *very* thorough checking it's a bad idea... but who cares right, I mean, you'll just be blocking some small time companies... nobody who matters, right?

I can't send email to *anyone* at AOL now, despite running an OpenBSD firewalled Linux server for our business. It's doesn't even bounce, just disappears into the void. There are *no* Windows worms or spam coming out of my network, but some ass at AOL decided to block the whole ADSL subnet anyway. Nice way to break the Internet guys. And THANKS AOL for replying to my question about it - NOT! The arrogance of IT geeks and uninformed management strikes again. How about thinking a little harder about it, and implementing reverse host checks based on sender address, or rate limiting with temporary blocking - a real email server can cope with that just fine. There's lots of alternatives other than just shutting yourself off from a chunk of the Internet.

On behalf of all responsible MS admins....

[Atrax]

... I apologise for the percentage of MS users who are beyond help, and for the admins who allow them to be so.

We keep our corporate networks nice and clean, we stomp on infections fast, we try to educate our users, we run filters and firewalls, we put in place policies and we try our damndest to prevent this stuff.

But if those users go home to an infected PC, then we've failed. failed badly. We don't get paid to keep home machines clean, but how much harder would it be to really educate our users? really?

What can we do? Well, we can impress on our users, as I'm trying to do, that thay can suffer real, genuine harm if they don't practice safe computing.

I have this idea. A user doesn't give a crap if they're not harmed directly by a virus. OK, they have a spamming trojan on their machine, do they notice? no, they don't.

So I make sure I tell my users that there are viruses out there which can log their keystrokes and, by inference, steal their credit card number or online banking details or any other personal information.

That makes them wake up. Once there's a chance they might be directly affected in ways other than a slightly slowed down machine, then they start to take notice.

I'd urge every other techie on a windows network to inform your users in the same way. make sure they know that viruses aren't just something that affects other people. then they'll wake up, and everyone else will be better off. really.

It's not 80% _OF_ spam

[jokkebk]

As far as I can figure from the statement in the article:

"After comparing those data points with the total volume of legitimate messages passing through the service provider's mail system, we are able to arrive at our percentage of 80 per cent", ..it seems to me that the article should say 80% of the service provider's mail traffic was generated by zombies. This is completely different from the statement made in the topic.

It's like you'd go to a bar and observe that 80% of women leave with drunken idiots, and thus proclaim that drunken idiots are able to hit 80% of women.

There may be some causality and statistical significance, but it definitely isn't as clear as the article suggests.

Re:That does it!

[phazethru]

There's only so much you can really do with "being smart with your email address"

My point is that you do what you can by...
1) Not giving out real email address in forms
2) Not posting un-obfuscated email address to the web
3) Securely running your OS

But if I follow point 4...
4) Don't give your friends your email address

Then really why do I have an email addy in the first place?

Most of my spam I get are actually those annoying bounce-back messages you get from anti-virus filters. "The email you sent had the virus W32.Blaster" etc etc. The problem is that I run a solely Linux household, so it's probably coming from a virus on someone else's computer.

And for my 2c, Thunderbird's spam filter isn't half bad, if you don't mind the spam hitting your box prior to filtering.