I am not talking about email spreading virues. A number of viruses appear to send spam. (not spreading). Sometimes this is autonymous. Sometime it is under control via IRC channel back to the virus operator. Further, it seems that many open proxies are installed by virus. Once the virus has control of the computer, it has or will obtain keys to private keychains, etc. It can do whatever the infected users can do. The number of 40-50 emails per IP figure comes from analysis of spam messages that get by filters, by reviewing how many messages came from the same source. A lot of spam that gets by filters is of this very low volume type. --Dean On Tue, 9 Sep 2003, Shelby Moore wrote: > > Indeed, it seems most of the spam isn't commercial: > >Most of the spam seems to come from viruses, and isn't really selling > >anything. The viruses can use the credentials of the infected user. > >That is "legitimate", until someone reading the email realizes its not and > >complains. These send 40-50 messages per IP, and is hard to detect as > >bulk. > > > This is pseudo-off topic because I already stated below that a viral > signal can be detected differently than a spam signal, unless it > contains no viral data (which would be pointless afaik). I am curious > about your data. Are you refering to emails spreading a virus that > contain viral attachments?? > > It occurs to me that a virus can not spread very fast or effectively if > each infected computer only sends 50 emails, because the infection rate > is probably similar to spam, i.e. < 0.005%. So you would only get 1 new > infection for each 20,000 emails sent, or thus for each 400 infected > computers. It seems the virus would likely die (anti-virus actions) at > that rate of spread. So I must assume you were looking at a very small > sample on internet email and you did not extrapolate??? > > Your answers might be somewhat helpful to me in my work. > > Thanks, > Shelby Moore > http://AntiViotic.com > > >