Kibbles
Premium
join:1999-07-31
Mission Viejo, CA | reply to Jameson
Re: Uhm..
It maybe nothing new...but as to why we still have so many compromized PC's in the US is odd...and yes I have been receiving a lot more spam lately..with a spam filter off 14-20 a day...with a spam filter on...2-3 a day. |
|
Jameson
10-8
Premium
join:2004-05-28
Fallbrook, CA
clubs: 
 ·HughesNet Satellit..
 ·Time Warner Cable
| said by Kibbles  :It maybe nothing new...but as to why we still have so many compromized PC's in the US is odd...and yes I have been receiving a lot more spam lately..with a spam filter off 14-20 a day...with a spam filter on...2-3 a day. Man thats nothing, my gmail accounts junk folder got emptied the two days ago and is now at 500 messages..
--
DirecWay | DW6000-CE |SM5, 117 West, 970 MHz |3.2GHZ Intel|BFG GF 6800 OC |Win XP Pro SP2/98SE/ Macbook Pro OSX Tiger |PCs connected via Linksys WRT54G | DD-WRT firmware: dd-wrt.v23 SP1 |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| reply to Kibbles
said by Kibbles :...but as to why we still have so many compromized PC's in the US is odd... Notice the graphic about which operating systems are infected. It's literally 99.95% Windows. |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
 ·Speakeasy
| reply to Kibbles
said by Kibbles :It maybe nothing new...but as to why we still have so many compromized PC's in the US is odd...and yes I have been receiving a lot more spam lately..with a spam filter off 14-20 a day...with a spam filter on...2-3 a day. Meh... With spam filters off, I'd be at several thousand a day; with them on, still getting a few dozen of the "Hi, It's Stan" (and the like) emails.
They post a message that's about 80% "real" text, and then the stock pump is a single JPEG or GIF image in the message. So, most of the Bayesian filters just give it a pass. If it weren't for all of the MS mail users, I'd simply reject HTML email altogether.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis |
|
jsouth
Jsouth
join:2000-12-12
Wichita, KS | reply to swhx7
So what? All that proves is that there is more windows machines out there.
--
Bush bashing is old. How about more solutions instead? |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| reply to nixen
said by nixen :They post a message that's about 80% "real" text, and then the stock pump is a single JPEG or GIF image in the message. So, most of the Bayesian filters just give it a pass. If it weren't for all of the MS mail users, I'd simply reject HTML email altogether. SpamAssassin is getting pretty good at catching the quirks that seperate these messages from real mail.
One thing that really helps is automating "sa-update" to grab the latest rules from the SpamAss folks. I didn't even no about that until a few weeks ago - previously they released new rules with each version of spamass, but now the rules are continuously updated.
I would imagine if you greylist and use spamass, you don't see too much of this crap.
I wonder how long it will be until they have botnet clients that are compliant enough to make their way through greylisting (ie: include a queue)? I mean if they can generate a unique image for each email, queueing sounds pretty darn simple in comparison. |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| said by sporkme :SpamAssassin is getting pretty good at catching the quirks that seperate these messages from real mail. One thing that really helps is automating "sa-update" to grab the latest rules from the SpamAss folks. I didn't even no about that until a few weeks ago - previously they released new rules with each version of spamass, but now the rules are continuously updated. Hmm... perhaps it would be helpful if I read the Release Notes to see these new tools? Just ran it in debug mode. Nifty tool. I got it croned now.
said by sporkme :I would imagine if you greylist and use spamass, you don't see too much of this crap. Yeah, I use a greylist daemon. However, the bot-nets are getting a bit more sophisticated. They aren't just attempting single delivery any more.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis |
|
DebianDog
join:2003-08-13
Chester, VA | reply to jsouth
No there is only about 10,00 copies of Vista out there (legally) and they are already infected. Once you start really using another OS you will see the faults of Windows. All windows has on the competition is currently "marketshare". |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
1 edit | reply to jsouth
said by jsouth :So what? All that proves is that there is more windows machines out there. Consumer and business desktops are about 90% Windows, something like 7% Macintosh, and most of the rest Linux. Internet-facing servers are about 70% Unix or Linux and are much better for sending spam or viruses or other malware.
The compromises on Windows are much higher than in proportion to its share in every one of those segements (servers, business desktops, consumer desktops). It's just easier to hack, harder to secure and tends to be maintained by less competent administrators. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to Kibbles
Whether my filter is off, or on, I am seeing about 30-35 spam email messages per day in two 'pacbell.net' accounts. The difference is whether the messages reach the Inbox (filter off), or the "Bulk" folder (filter on).
I am seeing nowhere near that level of spam to my personal domain; but not for lack of trying by the spammers. I see a lot of this in my mail server logs:
T 20061119 035025 455fb8df Connection from 81.50.67.217
T 20061119 035025 455fb8df HELO APoitiers-155-1-148-217.w81-50.abo.wanadoo.fr
T 20061119 035026 455fb8df MAIL FROM: <miat@dawsontechnology.co.uk>
E 20061119 035026 455fb8df Host 81.50.67.217 blocked by NJABL - message rejected.
T 20061119 035027 455fb8df QUIT
T 20061119 035027 455fb8df Connection closed with 81.50.67.217, 2 sec. elapsed.
T 20061119 035028 455fb8e0 Connection from 81.50.67.217
T 20061119 035028 455fb8e0 HELO APoitiers-155-1-148-217.w81-50.abo.wanadoo.fr
T 20061119 035029 455fb8e0 MAIL FROM: <miat@dawsontechnology.co.uk>
E 20061119 035029 455fb8e0 Host 81.50.67.217 blocked by NJABL - message rejected.
T 20061119 035029 455fb8e0 QUIT
T 20061119 035029 455fb8e0 Connection closed with 81.50.67.217, 1 sec. elapsed.
E 20061119 035347 0 Connection from 125.142.206.225 refused because of restriction.
T 20061119 035706 455fb8e1 Connection from 71.17.24.217
T 20061119 035707 455fb8e1 EHLO ahie.apu0eyra.rr.com
T 20061119 035707 455fb8e1 MAIL FROM: <circumventioncomplaisant@xr23.com>
T 20061119 035707 455fb8e1 RCPT TO: <%User_ID%@aosake.net>
E 20061119 035707 455fb8e1 554 This email address was disabled because it was harvested from a web page.
T 20061119 035708 455fb8e1 Connection closed with 71.17.24.217, 2 sec. elapsed.
T 20061119 040844 455fb8e3 Connection from 88.233.142.244
T 20061119 040847 455fb8e3 HELO dsl88-233-36596.ttnet.net.tr
T 20061119 040848 455fb8e3 MAIL FROM: <fdqloe@huntjewellers.ie>
E 20061119 040848 455fb8e3 Host 88.233.142.244 blocked by NJABL - message rejected.
T 20061119 040848 455fb8e3 QUIT
T 20061119 040848 455fb8e3 Connection closed with 88.233.142.244, 4 sec. elapsed.
T 20061119 040849 455fb8e4 Connection from 88.233.142.244
T 20061119 040850 455fb8e4 HELO dsl88-233-36596.ttnet.net.tr
T 20061119 040850 455fb8e4 MAIL FROM: <fdqloe@huntjewellers.ie>
E 20061119 040850 455fb8e4 Host 88.233.142.244 blocked by NJABL - message rejected.
T 20061119 040851 455fb8e4 QUIT
T 20061119 040851 455fb8e4 Connection closed with 88.233.142.244, 2 sec. elapsed.
T 20061119 041543 455fb8e5 Connection from 59.95.162.84
T 20061119 041543 455fb8e5 HELO aosake.net
E 20061119 041543 455fb8e5 554 Forged host name - message rejected; see: HTTP://antispam.aosake.net.
T 20061119 041544 455fb8e5 Connection closed with 59.95.162.84, 1 sec. elapsed.
T 20061119 042329 455fb8e6 Connection from 81.37.29.194
T 20061119 042330 455fb8e6 helo localhost
E 20061119 042330 455fb8e6 554 Forged host name - message rejected; see: HTTP://antispam.aosake.net.
T 20061119 042330 455fb8e6 Connection closed with 81.37.29.194, 1 sec. elapsed.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
