Name and shame spambot owners?
Its been some that has been said to me a few times lately.
My own networks have been hammered with a lot of employment spam lately, and the vast majority of it is being sent via servers that have likely been compromised by bad guys taking advantage of the MS06-04 vulnerability, and desktops that have been compromised by various trojans and backdoors.
I do believe we have a basic responsibility when we purchase a server to take responsiblity for its care and maintenance, and ensure that it is not used to cause harm (or cost) to others.
Because of the industry in which I work, no incoming emails can be authomatically deleted. This means that all of that incoming spam must be checked to ensure it is not a false positive before being deleted. It takes up a lot of my time to do this. But, as irritating as this is, I don't know if naming and shaming people and corporations that are responsible for compromised machines is the way to go. So what do we do? Should their ISPs be forced to cut them off the moment that trojan/virus/spam traffic is detected? Should owners of servers have to certify that they have a minimum level of technical support on site or available to them at all times, and that they are patching as they should? Should patching be made compulsory?
I'm wondering what my small audience thinks...