botted hosts

• Previous message (by thread): RIPE50: Peering BoF
• Next message (by thread): botted hosts
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 4 Apr 2005 Valdis.Kletnieks at vt.edu wrote:

> The problem arises when you are trying to push signal (spam) to a
> non-cooperating recipient. I've seen spam that's so obfuscated that it's
> unclear whether it's trying to sell me a R00leckss or medications.  At
> that point, it may be able to pass under the effective-bandwidth filter
> of your covert channel.

You are making the assumption that spam means to sell something. Spam 
includes mailbombing, in which the purpose is not commercial at all, but 
rather purely for annoyance. (there may be secondary commercial purposes, 
ie, to annoy users at a certain ISP to harm its business, but we can't 
discover that purpose by looking a single message.

The terribly obfuscated spams never seem to be genuinely commercial. But 
its hard to count*.

The confluence of CAN-SPAM and rapid early genuine spammer adoption of SPF
records has revealed some interesting things about how much spam is
genuinely commercial and how much is annoyance. It gave us a way to label
commercial spam in an easily countable way.  The numbers suggested that
only about 6% of spam was genuinely commercial. And so leaving the other
94% as non-commercial garbage of one kind or another*.

[See Malicious Cryptography: Exposing Cryptovirology by Adam Young et al.  
Unintelligible spam-like messages may be parts of an encrypted message
sent to a "mix-net"]

> If you hide the spam in a steganographic message inside a .JPG of a giraffe,
> it will almost certainly make it to the mailbox.  But at that point, the
> user is left looking at a picture of a giraffe......

And on the girafe, the spots spell out a message that is immediately
recognizable to a human. Sort of just like those crawler-thwarting "image"  
authenticators do now.  Partly, this example is a deviation from info
theory. The girafe example is just reliant on the fact that machines
aren't as good a human at these sort of recognition tasks. If machines
were, we'd have other problems, but unwanted messages would still be one
of them. Info theory is much deeper.

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   

• Previous message (by thread): RIPE50: Peering BoF
• Next message (by thread): botted hosts
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]