Comments on: From proxies to zombies http://spamhuntress.com/2005/10/23/from-proxies-to-zombies/ Just another WordPress weblog Fri, 25 Jul 2008 17:50:52 +0000 http://wordpress.org/?v=2.0.7 by: Olliver http://spamhuntress.com/2005/10/23/from-proxies-to-zombies/#comment-1630 Sun, 23 Oct 2005 12:21:37 +0000 http://spamhuntress.com/2005/10/23/from-proxies-to-zombies/#comment-1630 I've made exactly the same observation on the sites I administer and this turn towards zombies seems quite reasonable to me (from a spammer's perspective): Proxies have the disadvantage of keeping the same ip address in most cases, becoming unusable pretty quick (=> lots of time has to be spent with updating proxy server lists) and appearing on black lists almost immediately after discovery (=> spam doesn't reach target). The zombies in the logs I got access to are almost exclusively from dialup ranges and Windows machines. But as you write, scanning them with Nmap often doesn't reveal any prominent proxy ports, just ranges where the router or "desktop firewall" chooses to reply with "deny" or "reject". I’ve made exactly the same observation on the sites I administer and this turn towards zombies seems quite reasonable to me (from a spammer’s perspective): Proxies have the disadvantage of keeping the same ip address in most cases, becoming unusable pretty quick (=> lots of time has to be spent with updating proxy server lists) and appearing on black lists almost immediately after discovery (=> spam doesn’t reach target).

The zombies in the logs I got access to are almost exclusively from dialup ranges and Windows machines. But as you write, scanning them with Nmap often doesn’t reveal any prominent proxy ports, just ranges where the router or “desktop firewall” chooses to reply with “deny” or “reject”.

]]>