Re: [Full-Disclosure] Spam sent via spambots?

Nick FitzGerald <nick@virus-l.demon.co.uk> writes:

> J.A. Terranson wrote:
>
> <<snip>>
> > > And further, does anyone have any idea how to pick apart how much of
> > > that is simply relaying type activity vs.dedicated spam-bot activity?
> >
> > Does it matter?
>
> Yes, as many of the former are simply due to (legitimate user) 
> misconfiguration and do not provide any form of backdooring to the 
> system, whereas the spammers are much more actively involved in 
> "managing" the latter and can actively update/replace/supplement the 
> code running on them.  Thus the latter are much more likely able to 
> avoid (or perhaps "survive") "fixing".

Very little spam seems to come from traditional open mail relays these
days. A lot of the stuff I look at has come direct from the spammer
themselves, or from dynamic space, or university resnets.

I can't give accurate statistics though, because we're rejecting mail
at our MXs using sbl-xbl.spamhaus.org, which is specifically designed
to stop this kind of thing in the first place. (Last time I checked,
XBL was a composite of CBL, http://cbl.abuseat.org/ and OPM, an open
proxy list - see http://www.spamhaus.org/xbl )

cheers,
 Jamie
-- 
James Riden / j.riden@massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html