Previous Politech message: http://www.politechbot.com/p-04194.html --- Date: Tue, 26 Nov 2002 08:24:38 -0500 To: declanat_private From: Jon Zittrain <zittrainat_private> Subject: Re: FC: Spam king lives large off others' email troubles The "stealth technology" exploits the fact that many default Windows setups have a form of popup messaging enabled, completely apart from traditional instant messaging clients -- see <http://www.jmu.edu/computing/security/info/winmsg.shtml>. --- Date: Tue, 26 Nov 2002 14:41:53 +0100 From: Tomas Fjetland <tomasat_private> To: declanat_private Subject: Re: FC: Spam king lives large off others' email troubles Declan, You most likely already know, but what the article probably describes and that Thomas Leavitt describes as "laughable", is probably the new wave of advertising using the Windows Messaging service. It does depend on machines that are on the internet but not properly secured, but everyone know that's not uncommon. All such a spam system needs to do is check for if the normal netbios ports respond, and if they do, chances are the machine will receive and display such an ad. http://www.ciac.org/ciac/techbull/CIACTech03-001.shtml Makers of AdSubtract ad-blocking software, Intermute, have already released a blocking tool, but using a good firewall would probably be the better option. http://www.messagesubtract.com/help.html (I'm not affiliated with Intermute beyond being a satisfied customer of AdSubtract) Regards, Tomas Fjetland --- Date: Tue, 26 Nov 2002 08:20:01 -0500 To: declanat_private From: "James M. Ray" <jrayat_private> Subject: Re: FC: Spam king lives large off others' email troubles Cc: <thomasleavittat_private> >[This is really somewhat vile. --Declan] ... >... the last bit about the "stealth spam" technology is pretty laughable; I >find it hard to understand how a "tech" reporter could be ignorant enough of >basic Internet architecture to swallow the idea that somehow, a spammer >could shove stuff onto your computer (short of a massive OS security flaw, >etc.). > >... more likely, he's talking about some kind of rather prosaic adware... I may be wrong, but I think he's hinting about expanding into AIM-spam there. :( I won't welcome the first spam instant message I get, but even though my AIM id is widely known, I haven't gotten one...yet... JMR -- "e-gold is to money what email is to letters." -- JP May -- Regards, James M. Ray <jrayat_private> PGP = 0xAE141134 http://www.e-gold.com/e-gold.asp?cid=101574 --- Date: Tue, 26 Nov 2002 07:44:48 -0500 From: Rich Kulawiec <rskat_private> To: Thomas Leavitt <thomasleavittat_private> Cc: Declan McCullagh <declanat_private> Subject: Re: FC: Spam king lives large off others' email troubles > ... the last bit about the "stealth spam" technology is pretty laughable; I > find it hard to understand how a "tech" reporter could be ignorant enough of > basic Internet architecture to swallow the idea that somehow, a spammer > could shove stuff onto your computer (short of a massive OS security flaw, > etc.). > > ... more likely, he's talking about some kind of rather prosaic adware... Actually, some of the ratware out there is surprisingly sophisticated. Spammers have moved on from simple header forgery and open SMTP relay hijacking to widespread, coordinated use of thousands of open proxies, with traffic spread across them and using "hashbusters" in the text to mitigate the accuracy of some anti-spam software. They use all kinds of other tricks as well: HTTP references to hosts are often expressed as IP addresesses or in hex; HTML markup is obfuscated to make it difficult to do string comparisons, e.g. <a href="http://www.<!-- blah -->sp<!-- blah-->amsite.com"</a> and similar things; they're frequently switching domain names; at least one that I know of constructed a VPN between two different ISPs and was tunneling traffic in an attempt to evade detection. And so on. Now granted, the overwhelming majority of spammers aren't capable of crafting these kinds of tools and may even struggle to just use them. But there are clearly at least a few very sharp brains at work out there and the tools they're creating are clearly designed to (1) maximize throughput (2) maximize actual delivery rate (3) minimize chances of detection (4) minimize compute/network load on the spammer's own systems. Combine this with the limited technical resources at some ISPs and the willingness of others to allow spammers on their networks and it's a major problem. ---Rsk --- Date: Tue, 26 Nov 2002 10:56:10 +0000 From: Matt Collins <mattat_private> To: Declan McCullagh <declanat_private> Subject: Re: FC: Spam king lives large off others' email troubles On Mon, Nov 25, 2002 at 11:18:18PM -0500, Declan McCullagh wrote: > [This is really somewhat vile. --Declan] > Laughable as Thomas may find it or not the massive OS security flaw in question is windows messenger service, affecting at least w2k and XP, and the cause of many many unfirewalled windows users receive random popup messages on their systems advertising porn, etc. Thomas presumably finds the idea laughable, because he cant imagine any vendor providing the ability for random 3rd parties on a distant network to connect and pop up requestors on your box, stealing focus from whatever you may be doing. Microsoft, gloriously, have provided this ability, to the extent that many associates who have an application that crashes if focus is stolen from it regularly , well, crash, until they disable this 'feature'. Some discussion here: http://www.mircscripts.org/viewImage.php?cid=5099&v=b Matt n.b. this is the OS's messaging service, not the instant message client similar to ICQ. --- From: "Thomas Leavitt" <thomasleavittat_private> To: "Ed Allen Smith" <easmithat_private> Cc: "Declan McCullagh" <declanat_private>, <andrewat_private> Subject: Re: FC: Spam king lives large off others' email troubles Date: Tue, 26 Nov 2002 00:39:23 -0800 Stunning... once again, Microsoft has shown that it is incapable of designing an operating system which can both function normally, and be secure, in a networked environment. Boy am I glad that I'm sitting behind a NAT device (one of four or five computers sharing my 56k connection). I feel a hell of a lot more secure knowing my systems are sitting on the open Internet. All I can say is, if I were a firewall/anti-virus software company or a NAT device manufacturer, I'd be revving up the marketing machine... because once this stuff becomes freely available, it will be impossible to run NT/2000/XP without something of the sort - my guess is that it will take less than 10 pop ups in a single hour to piss people off badly enough to do something. Whether that involves lynching Ralsky, Gates, or something more moderate is unknown. :) Regards, Thomas Leavitt --- From: Ed Allen Smith <easmithat_private> Date: Tue, 26 Nov 2002 03:05:18 -0500 To: thomasleavittat_private Cc: declanat_private In message <5.1.1.6.0.20021125181352.02ab9c40at_private> (on 25 November 2002 23:18:18 -0500), declanat_private (Declan McCullagh) wrote: >[This is really somewhat vile. --Declan] Yes. Hopefully, someone will do the same Oakland County real estate record search that this reporter did and make Ralsky's address available to the public again. Given his lack of concern for the privacy of anyone else, I see no reason why he should have any. --- Date: Mon, 25 Nov 2002 23:30:13 +0000 (UTC) From: Bill Nash <billnat_private> To: Declan McCullagh <declanat_private> cc: politechat_private Subject: Re: FC: Spam king lives large off others' email troubles On Mon, 25 Nov 2002, Declan McCullagh wrote: > [This is really somewhat vile. --Declan] > > --- > > From: "Thomas Leavitt" <thomasleavittat_private> > To: "Declan McCullagh" <declanat_private> > Subject: Fw: More on the Spam Kings > Date: Mon, 25 Nov 2002 14:43:16 -0800 > > ... more likely, he's talking about some kind of rather prosaic adware... > Or how about something as simple as a return reciept? This functionality is bred into most e-mail software. Most people either don't know, don't care, or can't be bothered to learn. Sad but true, I miss the DOS days when you had to have a clue to operate a PC. The legacy Bill Gates is a species of idiot. - billn ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ Recent CNET News.com articles: http://news.search.com/search?q=declan -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Nov 26 2002 - 06:14:43 PST