On 10/20/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > They are currently out of fashion. > > Yep, I just checked my junk email folder and there are only a few messages > with attached files containing malware. The situation has changed in the > last 6 to 12 months. I was amazed the last time I checked how many > malware-laden messages I had. It was as if the bad guys hadn't heard > about the Outlook executable blocker.
Just a point in evolution... The thing that I think separates SMTP from HTTP where malware is concerned is that everyone does HTTP as part of their business and pleasure. Only businesses, bots and very few technical broadband users do SMTP to arbitrary destinations legitimately. Look at storm. They don't deliver malware in email, but they trick users into getting clicking on malware via SMTP. HTTP is just the malware transport. You just cant ignore this from the largest, longest sustaining botnet ever thusfar. Take away SMTP from the non-business IP address and storm would have to have a completely different business model for existing. Assuming ISP's took away arbitrary SMTP and malware writers were able to compensate by figuring out how to relay mail via the ISP, I think if ISP's would be a little more proactive if their mail servers started getting blacklisted from all the P&D spam they were spewing. Some ISP's like SBC(nets prior to ATT) already do this(deny residential SMTP to arbitrary places) and you definitely see less of these networks in sender IPs. Just a different point of view from the field. Dennis
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
