Re: Why can't ISPs stop spam/virus ?!
From: Paul Lutus (nospam_at_nosite.zzz)
Date: 09/22/03
- Next message: Paul Lutus: "Re: A Question on RPM."
- Previous message: Grant Edwards: "Re: Why can't ISPs stop spam/virus ?!"
- In reply to: easy-lab_at_absamail.co.za: "Why can't ISPs stop spam/virus ?!"
- Next in thread: Jim: "Re: Why can't ISPs stop spam/virus ?!"
- Reply: Jim: "Re: Why can't ISPs stop spam/virus ?!"
- Reply: Ed Murphy: "Re: Why can't ISPs stop spam/virus ?!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 21 Sep 2003 21:11:33 -0700
easy-lab@absamail.co.za wrote:
> Am I unreasonable to give my ISP 2 days to fix my spam/virus email
> of > 10Mb/hr ? Why can't they route my (and other reporting victims)
> mail, through a filter . There are several possible criteria for such a
> filter (if the ISP can't see then I can provide the filtering parameters)
> which would remove most of the recent disasterous spam/virus
> which fills up our mailboxes in one hour, and blocks most valid
> posts.
Apart from the fact that all your suggestions are naive nonsense, there are
some issues here you (and most people) do not understand. It has to do with
the connection between virus writers and spammers.
In the early days of spam, spammers would acquire an Internet account and
spam until they were thrown off the site. Some would get a 30-day trial
account under an assumed name (without paying for it), and spam until they
were thrown out.
As spammers became more powerful, they would find ISPs that would tolerate
their presence, but this meant that the entire site would eventually be
blacklisted. As a result, fewer and fewer sites allowed spam. The spammers
had to think of some new way to distribute their crap. Call this "problem
1".
Turning now to virus and worm writers. They started out as amateurs of
limited cleverness and sense of ethics. Some were inexperienced copycats
that just downloaded scripts created by others and ran them, hence the term
"script kiddies."
Also, since I was a commercial programmer in the early 1980s the business of
programming has changed totally. It was once possible for an individual to
become a millionaire by designing and writing software (as I did). Now most
commercial software is written by large, anonymous (underpaid) teams who
work for corporations. Many programming jobs have been exported to places
like India, where there are many very skilled, diligent, hardworking
programmers willing to work for small fees. Call this "problem 2".
Problem 1: desperate spammers. Problem 2: desperate programmers. Are you
getting this? They've formed an alliance and are now creating virii and
worms of unprecedented sophistication. The purpose? To take over as many
*individual* Windows machines as possible, where they silently await a
signal to begin spamming. The present crop of virii and worms are written
very cleverly and are regularly updated to evade the filtering methods used
by the anti-virus companies. This means that existing virus filtering
methods *cannot* *possibly* *succeed*.
That takes care of the origin of the messages -- for all practical purposes
there isn't one that can be identified and controlled. As to the content of
spam messages including reply addressed and place of origin, it is trivial
to vary the language in an e-mail so that existing e-mail filtering methods
*cannot* *possibly* *succeed*.
Here is a list of reasons spam cannot be stopped:
1. The method of distribution is now thousands of Windows computers,
everywhere in the world, that are sending spam without the knowledge or
consent of their owners. Result? You cannot filter by place of origin.
2. The content is constantly varying, to avoid filtering methods. Result?
You cannot filter by content.
Because of the above points, you cannot stop spam, you cannot easily trace
it, and if someone goes to the trouble to locate a particular spamming
computer, it is *by* *design* a single, expendable cell in a worldwide
distributed network of the smallest possible cells -- end-user computers
running Windows.
Now think. What do Al Quaida and spammers have in common? Simple -- Al
Quaida relies on small, distributed cells of undercover loyal operatives,
ready to act when they receive a prearranged signal. In the same way, the
computers taken over by the new crop of viruses and worms are the computer
equivalent of terrorist cells and operatives -- they are hidden but deadly,
and they await a signal to begin spamming. The computers are the
footsoldiers of cyber-terrorists: the virus writers and spammers.
The new virus programs have a huge internal list of Internet addresses they
regularly poll for a message. The list is long obviously to make it more
difificult to shut down all the sending sites, and perhaps to disguise the
true trigger addresses. In the same way, an Al Quaida operative will have a
phone book with a long list of phone numbers -- I mean, assuming the
operative doesn't use encrypted e-mails for communication with his
controllers.
Make no mistake. In both cases, for both the concealed Al Quaida operative
and the infected computer, we are talking about terrorist cells.
According to a story I read yesterday, on Friday afternoon a teacher in a
large public school in the southern US received one of the spam/virus
e-mails disguised to seem to be a security alert from Microsoft, and,
impressed by the thoughtfulness of MS, gratefully clicked the attachment.
Fifteen minutes later the school was closed and the staff were gone for the
weekend. It turns out the school's machines have fulltime, fast Internet
access. This combination of factors has made the school a primary
distribution center for the virus, issuing tens of thousands of copies per
hour (using the large address books teachers are famous for compiling). Did
I add that no one seems have a key to the building?
Now, let's return to the first line in your message:
> Am I unreasonable to give my ISP 2 days to fix my spam/virus email
> of > 10Mb/hr ?
Don't you understand this is not a nuisance, it is a war? It will not stop
until the spammers begin to take heavy casualties.
Wake up and smell the capuccino. Once there is a death penalty for spammers
and virus writers, the problem will begin to abate, *BUT* *NOT* *BEFORE*.
Go ahead and laugh. Then start counting the days until such a seemingly
ludicrous, off-the-wall suggestion begins to seem reasonable.
As I write this, over half of the Internet's bandwidth is taken up
distributing either viruses or spam messages. And in the new twist
described here, once they take over some hapless user's machine, the
viruses are designed to emit spam as well as copies of themselves.
-- Paul Lutus http://www.arachnoid.com
- Next message: Paul Lutus: "Re: A Question on RPM."
- Previous message: Grant Edwards: "Re: Why can't ISPs stop spam/virus ?!"
- In reply to: easy-lab_at_absamail.co.za: "Why can't ISPs stop spam/virus ?!"
- Next in thread: Jim: "Re: Why can't ISPs stop spam/virus ?!"
- Reply: Jim: "Re: Why can't ISPs stop spam/virus ?!"
- Reply: Ed Murphy: "Re: Why can't ISPs stop spam/virus ?!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
