Full Disclosure mailing list archives
RE: Backdoor not recognized by Kaspersky
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 04 Mar 2004 16:18:07 +1300
Thor Larholm wrote:
SMTP authentication will not do much to stop viruses from spreading. Some viruses are already moving away from just implementing their own SMTP server to reusing whatever SMTP credentials you have on your machine. Having your own SMTP engine is a nice fallback solution just in case, but if you can read the users login credentials to his corporate mailserver you are far better off. Imagine us all implementing SPF, Caller ID or Domain Keys - what would happen? We would all have to use a mail server that has implemented one of these 'solutions'. Naturally, virus writers would then just reuse your SMTP login credentials to spew their virus through that same MTA. Another quick workaround to SPF, Caller ID and Domain Keys has alredy been implemented by spammers for a year or so. The only premise behind S/C/D is that you are trusted if you have access to a DNS server. Spammers are using compromised machines not only as SMTP servers, but also web servers and DNS servers. The end result is that spammers have already completely circumvented all three solutions way before they were ever implemented.
Absolutely.
Add the vast army of machines that are already "under the spell" of one
or more bot-net agents, spam-bots and various other common backdoors
and remote control agents, and the situation is not just "already
circumvented" as Thor suggests, but completely lost. There is no hope
of "fixing" the current situation. Anyone who tries to tell you SPF,
etc is a solution to anything significant (such as "the spam problem"
or "the Email worm problem") is not only worryingly short of
understanding the "problem" they claim (or hint) their preferred
"solution" will fix, but almost certainly stands to gain something
(monetarily, polictically, carnally (?), etc) by furthering their
preferred line of BS.
Thus, it's easy to understand MS pushing something ("Caller-ID for
E-Mail") but the others leave me a bit gob-smacked (other than that
they seem to be yet further evidence that in general, the lunatics run
the asylums and/or that for certain folk, when faced with choosing
between admitting their pet project is fundamentally flawed and racing
on for some chance of fame and glory, readily dropping any notions they
once had of technical or any other excellence and chasing the glory is
the far preferable choice.)
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Email legislation does not exist, (continued)
- Email legislation does not exist Thor Larholm (Mar 04)
- RE: Email legislation does not exist Bill Royds (Mar 04)
- RE: Email legislation does not exist Ron DuFresne (Mar 05)
- Re: Email legislation does not exist Oliver Schneider (Mar 04)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 04)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 04)
- ProFtp bufferoverflow. Frederic Charpentier (Mar 04)
- Re: ProFtp bufferoverflow. Andreas Gietl (Mar 04)
- RE: ProFtp bufferoverflow. Epic (Mar 04)
- Re: ProFtp bufferoverflow. Andreas Gietl (Mar 04)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)