LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Zombie trick expected to send spam sky-high (News.com)

Zombie trick expected to send spam sky-high (News.com)

Posted Feb 4, 2005 8:11 UTC (Fri) by Wol (guest, #4433)
In reply to: Zombie trick expected to send spam sky-high (News.com) by piman
Parent article: Zombie trick expected to send spam sky-high (News.com)

It's NOT different. As the OP said, worms that hijack Outlook use the same method of sending email that Outlook does - ie forward it to the ISP.

And then you get ISP's that routinely hijack port 25 (hello Wanadoo) so all mail is *forced* via the ISP's server so they can filter it.

Anybody who thinks this is a new attack simply doesn't understand the way certain mass mailers, and certain ISPs, work. It's just a new variation on an old theme ...

Cheers,
Wol

(Log in to post comments)

Zombie trick expected to send spam sky-high (News.com)

Posted Feb 4, 2005 9:09 UTC (Fri) by chohman (guest, #5519) [Link]

Yes, this isn't a new attack. On the other hand, most of the new worm/virus emailers I've seen warnings for for the last year plus have carried their own SMTP engine, which implies they weren't relaying through the ISP, but going direct when they could. The direct route has obvious scaleability benefits for the spammers.

The point of the article is that a group who monitors such things is seeing (or perhaps predicting) a traffic surge from spam zombies relaying via the ISP instead as the spammers act to circumvent the prevention measure of filtering by mail source address.

Indeed, ISPs who don't want to lose their servers under the load will have to take action, as a serious zombie infection among their users will dDOS them. I can't shake the feeling this is going to get messy. Hey, my ISP's mail server was down yesterday morning ...

port 25 should only be for local ISP relayed mail

Posted Feb 4, 2005 17:29 UTC (Fri) by copsewood (subscriber, #199) [Link]

> And then you get ISP's that routinely hijack port 25
> (hello Wanadoo) so all mail is *forced* via the ISP's
> server so they can filter it.

This approach doesn't force all mail to go via the ISP's server. Other legitimate outgoing mail should go out through webmail or through port 587 to an authenticating MTA not under the ISPs control.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds