From Across the Pond, courtesy of Chris Hunter over at Spamfo:
A new trojan compromises machines with the intention of using them for spamming directly to recipients, but this time sends spam upstream to the ISP.
What are now known as zombies have been around for a long time in some shape or form, and can be controlled in several ways, one being Internet relay chat where triggers are issued to perform mass operations such as denial of service or spam.
Previously the compromised machines were generally used to spam recipients directly hence lots of dynamically assigned IP blocks behind banned on blacklists. The new trojan will cause spam mail to go upstream to the ISP’s mailserver from the zombie machine.
This is obviously a problem as its often hard to block mail originating from large ISPs.  Hopefully this will force ISPs to be proactive which must be a good thing, some providers are now blocking outgoing SMTP directly on port 25 but they need to let their own clients relay out through them. Â
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
Could this be a blessing in disguise and cause providers to make a genuine attempt to stop spam content even leaving their network?
ISPs may have to start properly checking mail for spam as it goes outbound through their servers, rather than just incoming which seems to be all most have done currently.
So how much of a problem is this potentially going to be, well Linford of SpamHaus is saying “It’s the beginning of the email meltdown.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
It’s weird, I wrote a post on my own blog just last week about escalation in source-based spam blocking. With SBC and others blocking outgoing direct-to-MX connections, the logical response seemed to be to start routing through the zombie’s ISP.
I know the idea has been around for a while, it’s just odd to see it leaping across the news sites, blogs and mailing lists I read just a week later.