RE: [ISN] Spammers exploit high-speed connections, careless users

From: InfoSec News (isn@private)
Date: Thu Feb 19 2004 - 02:17:14 PST

  • Next message: InfoSec News: "Re: [ISN] Microsoft to Hackers: Drop That Code! (Two messages)"

    Forwarded from: Chad W. Didier <cdidier@private>
    
    So they have antivirus and firewalls running. Big deal. Do you know
    how many people I run into that have both but the antivirus is out of
    date by a matter of 6 months? Or the firewall isn't configured
    properly because frankly the end user has no clue what should have
    access to the internet and what should not? 99% of the people I do
    freelance tech. support for fall into this category. I preach, but do
    they listen? Hell no! I'm not talking about only the single end user
    at home. I'm also talking about multi-million dollar small businesses
    who gawk at the cost of protecting all their systems and the cost
    involved in maintaining that protection not to mention the
    "inconvenience" factor. You can lead a horse to water but, I'll be
    damned if you can make him drink.
    
    No what needs to be done is since the big ISP's are so nosey to begin
    with they can also scan their customers for indications of infections.
    Once found that user or entire network should be blocked from
    accessing anything other than a proxy that displays a single page
    explaining why their access has been denied and offering a means to
    clean/patch their system to regain access to the rest of the world.
    Infections should be quarantined. It won't prevent initial infection
    but it would severely curb continued infection. Forcing the customers
    to clean and patch their systems would kill two birds with one stone.
    Because ISP's fear they'd lose business over the issue it'll never
    happen unless it is legislated.
    
    
    Short of denying them access or a virus with a devastating payload
    there will be no change in attitudes.
    
    -----Original Message-----
    From: owner-isn@private [mailto:owner-isn@private] On Behalf
    Of InfoSec News
    Sent: Wednesday, February 18, 2004 4:56 AM
    To: isn@private
    Subject: [ISN] Spammers exploit high-speed connections, careless users 
    
    
    http://www.usatoday.com/tech/news/computersecurity/2004-02-16-zombie-men
    ace_x.htm
    
    [I've said it once, I'll say it again, the home and small business 
    users of high-speed broadband internet services need a financial 
    incentive to use firewalls and anti-virus. 
    
    The only way that's going to happen, is to tell the users, if you use an
    authorized firewall and A/V solution, you will pay less on your monthly
    internet service than if you just plugged your cable modem into the back
    of your computer.
    
    Joe Sixpack doesn't care about internet security, he's too busy looking
    for the latest version of Paris Hilton's movie to learn about the latest
    worm clogging things up, I'm willing to bet people would be more willing
    to save few bucks in the long run over having to teach them why you
    really need a firewall and A/V software.  - WK]
    
    -=-
    
    By Anick Jesdanun
    Associated Press
    2/16/2004
    
    NEW YORK - Next time you're looking for a culprit for all that junk mail
    flooding your inbox, have a glance in the mirror. Spammers are
    increasingly exploiting home computers with high-speed Internet
    connections into which they've cleverly burrowed.
    
    E-mail security companies estimate that between one-third and two-thirds
    of unwanted messages are relayed unwittingly by PC owners who set up
    software incorrectly or fail to secure their machines.
    
    David Lawrence, 43, owns such a computer, which turned into a "spam
    zombie" when a virus infected it in October. Five or six spammers were
    using his cable modem to remotely send pitches for products like Viagra
    and boosters for cell phone signals.
    
    "Spammers and the people who write these viruses ... is their life so
    void that they feel they have to mess up other people?" said Lawrence.  
    "To me, it's criminal."
    
    The self-employed businessman from Tifton, Ga., said he learned of his
    computer's culpability when his Internet service got suspended. "I
    called to find out what was going on because I knew I had the bill
    paid," he said.
    
    Lawrence is by no means alone.
    
    Hundreds of thousands of computers worldwide have been infected by SoBig
    and other viruses that are programmed to spawn gateways, known
    technically as proxies, to relay spam. Though Lawrence had antivirus
    software, he hadn't kept it updated.
    
    It's ironic to the president of the security Web site myNetWatchman.com,
    Lawrence Baldwin, that those afflicted by spam are also often its
    couriers.
    
    "That's further encouragement, justification for taking responsibility
    for your own system," said Baldwin. "If you don't, you can be part of
    the very problem you're complaining about."
    
    Any Internet-connected computer could be running a proxy spam relay, but
    most of the malicious programs are written specifically for PCs that run
    Windows.
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Feb 19 2004 - 06:31:44 PST