[72444] in North American Network Operators' Group
RE: Spyware becomes increasingly malicious
daemon@ATHENA.MIT.EDU (David Schwartz)
Mon Jul 12 14:18:52 2004
From: "David Schwartz" <davids@webmaster.com>
To: "Michel Py" <michel@arneill-py.sacramento.ca.us>,
"Paul Vixie" <vixie@vix.com>, <nanog@merit.edu>
Date: Mon, 12 Jul 2004 11:16:15 -0700
In-Reply-To: <BD184401.2808%dgolding@burtongroup.com>
X-MDaemon-Deliver-To: nanog@merit.edu
Reply-To: davids@webmaster.com
Errors-To: owner-nanog-outgoing@merit.edu
> On 7/12/04 12:33 PM, "Michel Py"
> <michel@arneill-py.sacramento.ca.us> wrote:
> Some peering contracts specify that behaviors that endanger a
> network or its
> users allow for immediate disconnection. Its a bit of a stretch to invoke
> this for a spyware site.
I think you could find a few experts that could argue that malware in
general, and CWS in specific, has no reached the point where it is entirely
reasonable to classify it as endangering the users of the network. Anyone
who has dealt with a variant of CWS for which a remover was not available
will tell you how much trouble it causes, rendering systems unusable until
you find the magic combination, reimage the system, or wait until someone
else figures out the variant. One wrong turn probing it can render a machine
unusable until it's reloaded.
In the meantime, let's at least blackhole all their IPs on our networks.
One way to reduce malware is to reduce the benefits of creating and
distributing it. Another way is to find the people benefiting and stringing
them up in the town square.
DS
