Slashdot Mirror
Infected Windows PCs Now Source Of 80% Of Spam
twitter writes "The Register is reporting a study by Sandvine.com that blames Microsoft Zombies for 80% of all spam. The study goes on to claim that 90% filtering is not effective given the unprecedented volume and that sophisticated trojans are able to drop spam directly on end user's computers despite current efforts. Just another cost of supporting Microsoft, I suppose."
OK, I'm turning SpamAssassin down to .01 points and letting it all get rejected. I just give up!!!
If computers are going to be a tool used by anybody, I think along with securing OS's real user education must be encouraged.
Today you have to have a license to drive so why not learn how to play safe if your PC is connected to a public network.
Even if Linux or Mac was 80% the of desktops, you would still have people not bothering to patch their computers, and have the same problem. It might be as easy to infect the computers, but the problems would still be there. Stupid users will exist no matter what operating system you give them.
All the ISPs are going to start filtering outbound port 25. If you want to run your own mail server you'll have to route it through their mail server, or use non-standard port number to route thru a 3rd party mail server.
Seems fairly obvious to me.
Yes, but the other 20% aren't coming from compromised non-windows systems, they're being sent by spammers who know they're sending it. If the other 20% were coming from trojan'ed *nix boxes, then I'd say you're on to something.
Fact is, 4 out of 5 emails that end up in my spam bin are there because (a) some sleaseball wrote a trojan to deliver them, and (b) someone else wrote a trojan-friendly OS to enable it in the first place.
I understand that some ISPs are now cutting off infected folks until they can show they've patched. I think that we'll be seeing more of this, and I can't say I disagree (as long as they understand what a Unix, Linux, or MacOS box is).
If somebody is naive enough to allow their PC to be used as a zombie, I can't really see them rushing out and installing service pack 2. MS should introduce some commercials or something to tell Joe Average that he should patch his windows.
By "spammers" I mean those people who knowingly and deliberatly distribute spam, and usually make money by doing so.
The hosts and the networks they were connected to became discovered and mail coming from those hosts and networks was treated suspicious by black-list-based filters.
So the spammers use more and more infected zombie PCs. Microsoft Windows is on 80% or more of the desktops. And now these Microsoft Windows-based infected zombie PCs are sending 80% of spam, according to the article
However, this does not mean (which would contradict your "this is obvious" logic) that the x% MacOS X-based, Linux-based and *BSD-based PCs are as easily infected and effectively sending x% of the spam.
This is always the solution that comes up. There are a couple reasons why Microsoft is always picked on for virus/worms.
1. They are the single most popular operating system to date. Therefore they have the most users and giving the spammer/cracker more chances to get personal info or crack their system.
2. Most Microsft users are users that do not always keep up with patches or updates to their system. Most really don't understand why they would have to do it. Not only that, because most new users start with Windows, it's easy for them to fall for most of the phishing attacks as well.
Now, will all of that said above if, hypothetically, everyone switched over to Linux or Mac OS I'm not sure it would change much. You can talk about how secure Linux and Mac are, but they STILL are only as secure as the user wants it to be. I could still see many new users run as root all the time, open unknown files and the rest of the tips that they teach you NOT to do on Windows. Just because you don't see any Linux viruses doesn't mean they don't exist. The fact is that most people who are USING those OSs are a bit smarter and care more about security than your average Windows user that these worms/viruses/spams are being sent to.
Hmmm.
the fact is that over 90% of these zombie PCs could have prevented infection by simply having (a) their firewalls enabled and/or (b) having intelligent users
It's more than that. Why do you need a firewall? Because your computer is sitting there listening for a bunch of crap that it doesn't need to be listening for. Install Windows XP, and then run Microsoft's Baseline Security Analyzer. It will tell you that you are about to be fried. Why is that? Why should the user have to be constantly vigilant against threats?
I've yet to see what XP SP2 does, and hopefully it does more than just turn on a firewall. Hopefully, it starts to take things more seriously. Hopefully, Linux starts to as well. It's nice than it can be made to be secure, but it's not exactly simple to do so.
Quit blaming the users for the shortcomings of the developers. You're putting the burden in the wrong place.
the fact is that over 90% of these zombie PCs could have prevented infection by simply having (a) their firewalls enabled and/or (b) having intelligent users
Can we change (b) to 'informed' users? It is possible to be intelligent about non-computer matters and still be running a zombie. It's about ignorance, not (necessarily) stupidity.
I continue to skeptical of the apparently widely held opinion on this site that (knowledge about computers/programming/security/[insert specific topic here]) == intelligence.
Simple Unexpected Concrete Credible Emotional Stories
Well, I tend to agree in some ways an disagree in some. If the problems with Windows security holes and such would only affect the computer in question then I would be all for not allowing the updates to be loaded on a pirated machine but with the current system the legimate users of Windows (and other internet users as well) suffer from the neglicence of the users of pirated software. It doesn't only limit to spam, but also network worms which can be a nuisance with the amount of network traffic they create. I think Microsoft would do a favor to all of the internet with allowing patches to be applied to non-licenses (pirated) versions of Windows.
<bad-analogy> I would compare it to stolen cars. For example, if a car would have a really really serious design flaw that would make it blow up during rush hour taking along with two blocks, would you want the car manufacturer to fix the car even though it was stolen? </bad-analogy>
I can't speak for all geeks out there (we are usually on the front line), but I have seen so many computers running Windows XP out there just getting raped by adware/spyware/worms/trojans lately. One of the primary culprits? Internet Explorer.
The reason I believe it is Internet Explorer is that I have seen a machine that is behind 2 different firewalls (one of which is a very well configured PIX) get molested. It wasn't used for e-mail, no P2P programs for downloading and nothing else was used except the browser. I am SURE some people were browsing dodgy websites on that machine. So far, it is the only PC on that IP segment that has been infected so it wasn't from another machine.
Anyone else see this out there?
Many ISP's don't allow you to run a mail "server".
But you're talking about blocking _outbound_ STMP traffic. That has nothing to do with servers.
Outbound SMTP traffic can be generated by any mail server that only listens on internal interfaces, or directly by your favorite mail client.
What you're talking about is breaking the Internet even more than it already is now, turning it into a big client-server network where the servers are operated by the big media companies.
It is also, coincidentally, the lazy sysadmin approach.
Don't do it, don't go blocking big swipes of IP just because some of them do something wrong.
Be smarter, find a way to only block those that do something wrong!
- Erwin
Just another cost of supporting Microsoft, I suppose.
Just another cost of supporting users who install the software. Most of these hijacked Windows boxes are a result of a user wanting to see Britney Spears naked.
CLICK HERE--ALL NEW PICTURES OF BRITNEY SPEARS NAKED
This has nothing to do with Windows security other than running an ignorant user as an administrator.
Seems like a good idea at first look, but it's not. Here's why: lots of small businesses run their systems on static IPs which ISPs allocate within their dynamic residential netblocks. Without *very* thorough checking it's a bad idea... but who cares right, I mean, you'll just be blocking some small time companies... nobody who matters, right?
I can't send email to *anyone* at AOL now, despite running an OpenBSD firewalled Linux server for our business. It's doesn't even bounce, just disappears into the void. There are *no* Windows worms or spam coming out of my network, but some ass at AOL decided to block the whole ADSL subnet anyway. Nice way to break the Internet guys. And THANKS AOL for replying to my question about it - NOT! The arrogance of IT geeks and uninformed management strikes again. How about thinking a little harder about it, and implementing reverse host checks based on sender address, or rate limiting with temporary blocking - a real email server can cope with that just fine. There's lots of alternatives other than just shutting yourself off from a chunk of the Internet.
Forget thrust, drag, lift and weight. Airplanes fly because of money.
... I apologise for the percentage of MS users who are beyond help, and for the admins who allow them to be so.
We keep our corporate networks nice and clean, we stomp on infections fast, we try to educate our users, we run filters and firewalls, we put in place policies and we try our damndest to prevent this stuff.
But if those users go home to an infected PC, then we've failed. failed badly. We don't get paid to keep home machines clean, but how much harder would it be to really educate our users? really?
What can we do? Well, we can impress on our users, as I'm trying to do, that thay can suffer real, genuine harm if they don't practice safe computing.
I have this idea. A user doesn't give a crap if they're not harmed directly by a virus. OK, they have a spamming trojan on their machine, do they notice? no, they don't.
So I make sure I tell my users that there are viruses out there which can log their keystrokes and, by inference, steal their credit card number or online banking details or any other personal information.
That makes them wake up. Once there's a chance they might be directly affected in ways other than a slightly slowed down machine, then they start to take notice.
I'd urge every other techie on a windows network to inform your users in the same way. make sure they know that viruses aren't just something that affects other people. then they'll wake up, and everyone else will be better off. really.
Screw you all! I'm off to the pub
And the next generation of zombie programs will do a simple DNS lookup for the mailserver of the current domain and start sending spam through the ISP's mailserver.
With the side effect that in no time no single customer of that ISP can send mail because the mail server is on every blacklist you can imagine.
Avantslash: low-bandwidth mobile slashdot.
With the side effect that in no time no single customer of that ISP can send mail because the mail server is on every blacklist you can imagine.
And guess what --- that's exactly what must happen. It'll serve to teach that ISP that they have to spam-scan outbound mail, too, to avoid being blacklisted by everybody else. Actually, that's the whole point of forcing all their customers' mail through the ISP's outbound mail server in the first place: to be able to scan for spam and worms before they unload them onto the general public.
As far as I can figure from the statement in the article:
..it seems to me that the article should say 80% of the service provider's mail traffic was generated by zombies. This is completely different from the statement made in the topic.
"After comparing those data points with the total volume of legitimate messages passing through the service provider's mail system, we are able to arrive at our percentage of 80 per cent",
It's like you'd go to a bar and observe that 80% of women leave with drunken idiots, and thus proclaim that drunken idiots are able to hit 80% of women.
There may be some causality and statistical significance, but it definitely isn't as clear as the article suggests.
http://codeandlife.com
The fact that Windows is everywhere is why it's such a tempting target; a hit rate of 1% on virus infection of Windows PCs is a good number, so it's worth going after. If linux had a good market share, it would be running the spam zombies.
/. readers may have more :
No. This is not true, and a counter-example is enough to invalidate this very common theory. Actually, I have 2 here, but other
1. Web servers : Apache has twice the market share of microsoft IIS. but is far less taken as target.
2. Databases : microsoft SQL server has only around 16% of market share, less than Oracle, db2 and probably MySQL, but it is the most common target.
Targets are first chosen regarding the facility to compromise them. Popularity will come as a second point to consider. Of course this is true when the potentitial of targets is high enough, which is the case in my examples.
Yann
Well, that's the beauty of Windows. You don't even have to be a idiot user no more. You see, an unpatched copy of XP and a high speed internet connection can get you a backdoor trojan faster then dropping the soap down at the local penitentary.
You see, unpatched windows has exploits and all the script kiddies with porn sites know this. The most common viruses now scan computers on an IP range, find a computer prone to an exploit, and open up shop on your computer.
'What you say!' They could do that just as easily on Linux or a mac. Not quite true. OS X and Linux are both based on Unix which is considerably more stable and secure then windows (for oen thing they handle file premissions a lot better and more securly). Most importantly though, primarily where linux is concerned, there are constantly people updating and improving the linux kernel. These are often the same kinds of people who would take advantages of exploits back in high school and are now turning their knack for finding system weaknesses towards a constructive goal. Open source finds bugs faster (or so time seems to be telling us)
Last and not least, yes most people use Windows. Therefore most viruses are constructed for Windows and most computer illiterate users (many of whom don't even know what spyware or the like is) use it too. So there is saftey in obscurity.
But i beleive enough of the blame can be pinned on what a mess security in windows is and someone pointing that out isn't just a tinfoil hat wearing commie shouting witch at the Big Guy.
'Course in longhorn security is giong to be better. And everything is going to be fully integrated. Some how those two have never gone hand in hand. Only time will tell. But for now I prefer the Unix ideom of 'do one thing, do it well.'
(It also reaks less of monopoly then do everything and do it noticably)
The Neo-Bohemian Techno-Socialist