Researchers have taken a peek inside the recently refurbished Waledac botnet, and what they've found isn't pretty. Waledac, a successor to the once-formidable Storm botnet, has passwords for almost 500,000 Pop3 email accounts, allowing spam to be sent through SMTP servers, according to findings published on Tuesday by security …
I hope they notified all the people involved, and not just wrote a fancy paper and called it a day.
That's 500,000 email accounts to disable, and only re-enable when their owners have been told why, and have changed their password.
I thought TheReg was a techie website ?
I quote :
"has passwords for almost 500,000 Pop3 email accounts, allowing spam to be sent through SMTP servers"
Surely even The Reg know that POP3 = inbound, SMTP = outbound. Therefore a POP3 password does not automatically ensure you can send email outbound.
Some ISPs even authenticate SMTP based on source host being on their network rather than other forms of authentication, which makes your statement even more null and void.
Case "Lewis Page": Return "Quality Article"
Case (Merkin): Return "Utter Rubbish"
Case Default: Return "Might be worth reading"
>> Therefore a POP3 password does not automatically ensure you can send email outbound.
True, but in a very large proportion of them, the same credentials are used. So having the POP3 credentials means being able to send mail in a significant proportion of cases.
Only yesterday I had to block a customer who's supposed "IT support" company configured their mail server as an open relay and were punting huge amounts of spam through our outbound relay. When we phoned then, the supposed technical people said "That shouldn't have happened, we have spam filtering set up" :-/
For just that sort of reason, we (at work) are migrating users to a server with rate limiting built in. It won't stop the spam, but it will constrain the amount a customer can send before we block them.
what point trying to help?
I have tried a few times now to pass on to banks etc mails which may be useful to backtrack spam sources and have yet to find anyone that cares. My favourite was one 'anti-phishing support' techie who listened to me explain I had an html file which I could see included all the details to build a copy of their web page plus some other details. He then told me that I had to delete the mail and the file, then reboot my system and run anti-virus and may even need to rebuild it.
Makes you wonder whose side some of these people are on as I only phoned him to check the file would be received OK since they ask you to forward all such emails to them.
I've forwarded dozens of those types of phishing emails to banks and never hear anything beyond the 'this is an automated reply.
On a similar note, I got a bunch of spam from my ex's email account, and started forwarding them, with full headers, to her provider. My provider only let me forward two of them before forcing me to go go through a Captcha for the 3rd one, and blocked me completely on the 4th one. Surely email addresses like email@example.com and firstname.lastname@example.org should not be blocked (no matter the content) by other providers. The best thing for the rest of us is for a spam reporting mailbox to get spammed.