AOL’s Mayrides says he’s seen bots instructed to send out only one e-mail per day.
Apparently the spam bots are going to merge and become SkyNet before the Google computers can get it together.
But anyway, with this massive spam bot army, any kind of computational approach to limiting spam isn't going to work.
I find it amazing that with 10s of millions of spam bot computers identified that nobody can get an automated system together to phone up these people and tell them that their computers are infected. (Actually most of them are outside the United States.) Google, Yahoo and Hotmail, who must see nearly every piece of spam pass through their servers, surely could compile a list of machines sending this crap out.
According to Steve Gibson on Security Now it is illegal to tap into someone else's computer even for the purposes of helping them. But surely it isn't illegal to phone them up and tell them they are probably infected with a spam bot. Between IP address databases and automated phone systems and massive spam analysis at the big email providers ... I think some kind of anti-spam-bot mashup would be possible.
It wouldn't do any good to call people. Most of the people wouldn't even know what a spam bot was or what to do about it. So long as their computer boots and appears to work, they don't want to mess with it. And even if you sent somebody to their house and fixed their computer for free, it would be reinfected again within a very short time. The only solution to botnets will come when computers evolve to a higher level of security that doesn't require end users to understand it.
ReplyDelete- Vincent