[EMAIL PROTECTED] to me: > > Well, most malware is transmitted via HTTP, so let's start with > > disrupting arbitrary/all HTTP conversations... > > > Isn't SMTP more popular for spreading malware than HTTP?
No. There are still occasional bursts of direct mailing of malware and self- mailing malware, but SMTP's major role in malware seeding and distribution is now (in fact, has been for two or more years) primarily to transport messages _linking to_ malicious code, be that drive-by installer URIs or directly to malicious binaries. This has several advantages for the bad guys (and disadvantages for "us"). It evades the (corporate) "block all .EXEs at the mail server" filtering rule which only took about eight years to move from "obviously needed" to widely implemented. In turn, it moves the malware transport into a channel _much_ less commonly scanned/filtered _en route_. It also means that the bad guys botnets can be used as (possibly fast-flux) proxies protecting the actual location of the malware from takedown yet leaving single/few points of update meaning they can very quickly and efficiently change, replace, etc the malware binaries. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
