RE: Comcast censors the Bible

[Nick FitzGerald <nick () virus-l demon co uk>]

rms () computerbytesman com to me:

> > Well, most malware is transmitted via HTTP, so let's start with
> > disrupting arbitrary/all HTTP conversations...
> Isn't SMTP more popular for spreading malware than HTTP?

No.

There are still occasional bursts of direct mailing of malware and self-
mailing malware, but SMTP's major role in malware seeding and 
distribution is now (in fact, has been for two or more years) primarily 
to transport messages _linking to_ malicious code, be that drive-by 
installer URIs or directly to malicious binaries.

This has several advantages for the bad guys (and disadvantages for 
"us").  It evades the (corporate) "block all .EXEs at the mail server" 
filtering rule which only took about eight years to move from 
"obviously needed" to widely implemented.  In turn, it moves the 
malware transport into a channel _much_ less commonly scanned/filtered 
_en route_.  It also means that the bad guys botnets can be used as 
(possibly fast-flux) proxies protecting the actual location of the 
malware from takedown yet leaving single/few points of update meaning 
they can very quickly and efficiently change, replace, etc the malware 
binaries.


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.