[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Asrg] [IP] do-not-email list canned
>>I'm curious to know how a zombie machine will have a legitimate SPF, CallerID, or
Domain Key. Are you suggesting each worm/virus infected zombie will somehow register
it's own legitimate domain and authoritative DNS server?
I've thought this over and the only possibility is that worms will start to crack the
cached SMTP AUTH credentials on the system and send through the ISP account. This is
possible although not easy. Whatever ISPs are left that don't require SMTP AUTH will
need to, but that's common sense.
Two points about this scenario: all the zombied mail will come from the actual addfress
of the user with the infected system, so they and their ISP will find out about it very
fast. Also, authentication will wipe out the existing endemic population of mass-mailer
worms.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer at ziffdavis.com
_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg