Re: Hijacked Zombie boxes

From: Phil Weldon (notdisclosed_at_example.com)
Date: 05/31/04

• Next message: Kevin: "Re: Try to get online"
• Previous message: Caring1945 \(Carlton\): "VIRUS called TROJ_REVOP.A"
• In reply to: Ray McCormick: "Re: Hijacked Zombie boxes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 31 May 2004 14:53:34 GMT

Henry Baker's tirade does not take into account address spoofing nor does he
seem to have thought through the consequences of "publishing the IP
addresses of infected computers that are currently spamming and attempting
to contaminate other computers. If you see yours (assuming you even know
what an IP address is) you better turn that box off."

A. He has no way of knowing the user account connected with the messages
when all he has is a dynamically assigned IP address; only the ISP has the
ability to make that connection, and the ISP is not going to tell him the
results.

B. WHERE is he going to "publish"? Who would read it? What effect would
that have anyway?

C. What about all the uninfected users who are from time to time assigned
the dynamic IP addresses "published".

Sound and fury, signifying nothing but someone understandably fed up with
spam, like the rest of us.

-- 
Phil Weldon, pweldonatmindjumpdotcom
For communication,
replace "at" with the 'at sign'
replace "mindjump" with "mindspring."
replace "dot" with "."
"Ray McCormick" <raymond.mccormick(at)ntlworld(dot)com> wrote in message
news:OEz5qaxREHA.3140@tk2msftngp13.phx.gbl...
> Hi
>
> I have received very many copies of Swen_A and have now taken the
> steps recently advised by this group.
> Henry's attitude is interesting, though does it take account of
> bogus 'From' details?
> Is it correct that the first-mentioned ISP in the File >
> Properties > Details box is the correct ISP?
> If this is so to whom at that ISP should reports be directed?
>
> Ray
>
>
> "Derek" <FredFlintstone@bedrock.com> wrote in message
> news:#VLilvuREHA.3988@tk2msftngp13.phx.gbl...
> > Henry,
> > I tracked one of these persistent pests and tracked the ISP in
> the message
> > header (located in Singapore).  When I complained, I was
> informed that the
> > message was not from one of their clients.  I haven't received
> further
> > messages from this particular spammer but probably he/she just
> opened a new
> > account elsewhere.
> > Derek Nicholson
> >
> > "henry baker" <holmes@sherlock.buz> wrote in message
> > news:pan.2004.05.31.04.32.26.14000@sherlock.buz...
> > > Many people here who have been infected by virms that take
> control of
> > > their boxes may not realize that they are the ones sending me
> spam and
> > > viruses because they have been electronically raped and their
> computers
> > > are being used by people in other countries to send
> pornographic and other
> > > spam, selling illegal drugs and other products and also
> sending out
> > > viruses and worms to other computers.
> > > If your computer has been raped, your immediate concern is to
> get it
> > > offline and then fix it.
> > > I deal in spam elimination and report the IP address of each
> and every
> > > computer that sends me spam and virii to their host IP
> demanding that that
> > > computer be taken off line immediately.
> > > There is absolutely no excuse for gettting infected except
> for stupidity
> > > or worse, by buying a "million address" CD and hoping to get
> rich by
> > > spamming, or by illegally downloading copyrighted files from
> a service
> > > such as kaaza and others and getting zombified.
> > > I will start publishing the IP addresses of infected
> computers that are
> > > currently spamming and attempting to contaminate other
> computers.
> > > If you see yours (assuming you even know what an IP address
> is) you better
> > > turn that box off.
> > > Well over 60% of the spam and virus attacks are made by
> "innocent" owners
> > > of hijacked (raped ) boxes, most running XP.
> > > Time for action is now. Update your security patches and be
> sure you are
> > > running a up-to-date AV program or expect to be reported to
> your ISP
> > > immediately. Many ISPs are already taking action about these
> zombies and
> > > it's about time.
> > >
> > >
> >
> >
> >
> >
> >
> >
>
>

---

• Next message: Kevin: "Re: Try to get online"
• Previous message: Caring1945 \(Carlton\): "VIRUS called TROJ_REVOP.A"
• In reply to: Ray McCormick: "Re: Hijacked Zombie boxes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Help, ntlers ... Account is with) will always get spam eMails like that (some Mail ... the ISP won't usually do much about it!!! ... Use more efficient Filtering. ... (uk.people.silversurfers) Re: Gradual move to own mail server - strategy for noob ... account at your ISP, at yahoo, gmail, etc. provided they have IMAP, ... and try retreiving emails from that account. ... I never used fetchmail, ... Spam is touchy question, no one like spam, but every one may have a ... (freebsd-questions) Re: Why cant ISPs stop spam/virus ?! ... I don't doubt that a small load of well designed spam can pass through. ... You need to get a decent ISP. ... The method of distribution is now thousands of Windows computers, ... You cannot filter by place of origin. ... (comp.os.linux.misc) Re: IP address spoofing ... >>Could this be US election spam? ... >>I am sending reports to the ISP requesting that they be stopped. ... >>months with a routing instruction to send emails to my new email address. ... >>The old dial up account had spam filtering in place so all I got were ... (comp.security.firewalls) Re: Spam ... Accepting mail sent to "mail@" is bound to attract lots of spam, ... Some people hand out addresseds like: ... I don't by any means trust all my friends to make sure their computers are ... the ISP who host that (ie the company whose computer ... (comp.sys.acorn.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)