IBM to offer service to bounce unwanted e-mail back to the computers that sent them

Andreas_Ott · March 22, 2005, 6:24pm

http://money.cnn.com/2005/03/22/technology/ibm_spam/

And I thought they knew better by now that a hijacked windows pc won't
accept mail. I still consider it silly to absorb the sender's bandwidth
like this (and all transits' bandwidth until someone is smart enough to
put a filter up). -andreas

Florian_Weimer · March 22, 2005, 6:59pm

* Andreas Ott:

http://money.cnn.com/2005/03/22/technology/ibm_spam/

And I thought they knew better by now that a hijacked windows pc won't
accept mail. [...]

The CNN article tries to describe IBM's proposed system, but fails
badly. IBM's description is available at:

<http://www.alphaworks.ibm.com/tech/fairuce>

It doesn't seem too bad, as long as you don't use it for blocking
email. The C/R part is, of course, an unfortunate mistake.

Colin_Johnston1 · March 22, 2005, 7:22pm

The better idea would be fingerprint the spam to match the bot used to match
the exploit used to run the bot to then reverse exploit back to the
exploited machine patching in the process.
I managed to setup such a system a while ago with nimda traffic however I
could not a find a software tool which exploited a nimda exploited machine
which could then patch it and remove the virus
(Ie a remote doctor without you knowing

Colin Johnston

Florian_Weimer · March 22, 2005, 7:25pm

* Colin Johnston:

The better idea would be fingerprint the spam to match the bot used to match
the exploit used to run the bot to then reverse exploit back to the
exploited machine patching in the process.

Doesn't work reliably. A lot of bots close the attack vector they
used, to prevent infection by just another bot. There's also a lot of
cross-infection behind packet filters, which stop the same attack from
the Internet.

Vicky · March 22, 2005, 7:52pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Why even bother responding. Just imagine frontbridge (using them an
example, I have no affiliation with them) responding to each and every
spam they block..something like 7 terrabytes of data per week or so. I
guess this is one way to justify for more bandwidth

regards,
/virendra

Colin Johnston wrote:

The better idea would be fingerprint the spam to match the bot used to

match

Rich_Kulawiec · March 22, 2005, 9:06pm

If this write-up is accurate, then this is incredibly stupid
in multiple ways and on multiple levels. I *hope* that this
is just a misperception based on poor writing and that nobody
at IBM is actually seriously contemplating something that's
simultaneously useless and abusive.

---Rsk