Slashdot Mirror
Writing Viruses for Fun and Profit
JMPrice writes "There's a short
article over at zdnet that explores a future synergy between viruses and spam, i.e. international crackdown on spam and open relays makes spammers opt to use infected computers instead as relays, and speculates a relationship between the virus writers and spammers."
...why is this news? Nobody ever thought they were using secured, well-administered machines in the first place for all their UCE needs.
Has it really become harder for spammers to remain anonymous ? Anyways, if it was really for spamming purposes the virus would just start open relaying.
future synergy between viruses and spam
Sounds like something out of Dilbert... time load up the Bullfighter.
Are you local? There's nothing for you here!
Any spammer using this technique will be entering the realms of cyber-terrorism, and will be liable for a big prison sentence and dedicated criminal investigations. Given that spam is advertising, it probably wouldn't be very hard to track the perpetrators down once the appropriate warrants are issued. I predict that either this report is overblown, or a few spammers will end up getting the buggering they deserve in prison.
If I seem short sighted, it is because I stand on the shoulders of midgets
Seriously, how many spammers make enough money to be able to pay virus writers any decent sum for their work?
Article: "The virus many suspect to be sending spam is called Sobig"
.sig
Random email: "Please see the attached zip file for details."
Should I expect to find "herbal remedies" in this zip file?
Like _I_ can be more sarcastic!
Any biologist will tell you that in an environment where there is only one type of organism, any infection that they are susceptable to that comes along will have catastrophic effects. To avoid this you need diversity. In computing the problem with having windows/intel as the vast majority is that any attack that targets that is going to cause a lot of trouble. Standards that have been implemented on many platforms and architectures are what is needed but that goes against Microsoft's desire for control of everything. However, that desire is doomed to fail because if they fail to take control they fail and if they win complete control they fail because of the lack of diversity.
it is good to have lots of operating systems and processors out there, anything else would be suicide. With proper diversity we could control both the virus and spam problems.
"I have the attention span of a strobe lit goldfish, please get to the point quickly!"
So if virus writers and spammers are the same folks (or even just partners), that makes life so much easier. Only one group of people to have publically drawn and quartered. Saves time and money (and cleanup costs).
--GrouchoMarx
Card-carrying member of the EFF, FSF, and ACLU. Are you?
I see that the Senoir Associate Editor wrote this piece. That may explain the embarrasingly outdated technology quotes, like One reason for this success is that the latest variants include Zip files, but with reference to the foolproof quote, what I'm inclined to believe is that the makers of ZoneAlarm paid for this sort of tripe (advert on the article). Brown Envelope journalism at it's best !
"I am not bound to please thee with my answers" [William Shakespeare]
The problem is that we are trying to catch spammers, instead of people who sell the very advertised products and services. Just follow the money, people. That way it won't matter how well spammers hide their identity. It all works because someone gets the money, which is absolutely trivial to track. If few CEOs went to jail because their companies' products were in spam, I'm sure other CEOs would at the very least stop to think about it. It is really that simple.
Karma: Positive (probably because of superiour intellect)
The spam was being generated from multiple locations simultaneously, and from IP addresses that looked like standard ISP subscribers, mostly in the US and Western Europe. It looks suspiciously like the spam was being sent from Trojanised PCs.
Bearing in mind that the people most likely to want to force Doxdesk.com off the web were browser parasite writers, it seems to me that there is a definite link now between these parasites, certain viruses/trojans/worms and spammers. Just another bit of proof that these people have no respect for the law.
Never email donotemail@WeAreSpammers.com
It's difficult to see how spammers could remain annonymous. At the moment, they're an annoyance, but if they enter the realm of law-breaking to this extent, it is likely that there will be a major crackdown. And this shall not be difficult, because of the very nature of spam -- to get you to buy a product. Therefore, there must be a link to the spammer.
It won't work.
((lambda x ((x))) (lambda x ((x))))
What do you expect to do to suicide bombers ?
A real suicide bomber is dead, and doesn't care anymore about how you treat him.
Votez ecolo : Chiez dans l'urne !
This has been the consensus at SPAM-L for quite some time. You might want to subscribe.
Google for SPAM-L's FAQ
So, Sobig is a worm that infects your machine and sends spam ? Let me rephrase this : Sobig is a worm that infects your *Windows* machine and sends spam.
Since Microsoft has started a crusade against Spam (to free-up bandwidth for their own humongous patches and service packs no doubt, they never do anything without a reason), shouldn't they start by fixing the very platform that makes it possible for worms to send spam ?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Please note, in order for Outlook 20X6 to operate properly, you must first place this workstation on your DMZ for no less than 15 minutes, in order for it to receive IMAP7NukeViagraHGH.D@MM
This will allow you to have a high speed, reliable, DRM'd Microsoft Email eXPerience! (tm)
"Draco dormiens nunquam titillandus."
That would be great. Suppose my market is being threatened by Megasoft's new Office XYZ product that beats the pants off of mine. All I would need to do is send out spams _advertising_ Office XYZ, and the cops would run over and arrest their CEO and put them out of business. Bwahaha!
Some Spammers=Some Hackers
Today's court ruling in favor of the ISP Earthlink vs Spam Ring Leader Howard Carmack got me to thinking.
Are ALL Spammers doing it for a profit? I find that many to most SPAM emails I receive in my inbox have unresolved links. Meaning; you can't "take advantage of the DEALS you are getting". (not that you'd necessarily want to) What would be the purpose of sending out emails such as this in great quantity, and using the man hours, hardware, etc to do it?
I think it may have to do partially with "the hacker mentality" Not all hackers do things for the common mythical reasons we like to think they do. (Revenge on the corporate world, profit, fame) - they do it because they can and a lot do it because they are mentally obsessed with it.
This was the attitude of a former colleague of mine that was hacker. He came from a rich family, was very well known in the community, and had a 1000 easier ways to get what he was wanting accomplished. He was obsessed first of all with hacking, second doing it with a Macintosh, and 3rd just because he could.
I'm not alluding to hackers having a mental problem, nor really comparing hackers to spammers.
This ruling, just made me think of motivation. Maybe if we can tap the motivation for Spammers, then maybe we can come up with the solution.
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
If that is the case, the popular ./ meme holds good for both spammers and antivirus people:
1. Release viruses/worms.
2. Use compromised computers as relays.
3. Send lots of spam.
4. ???
5. Profit
6. Sell antivirus software.
7. ???
8. Even more profit.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Seeing as how spammers are paid for the messages that they send out, how is it possible to track the messages that have been sent using this type of method? If you've got millions of nodes around the world sending messages on your behalf, how do you tell how many you've sent so that you can bill your clients?
I'm really a good natured person 99% of the time. But, the easiest solution to this is not to fine the spammers we catch. Rather, a few violent and gory executions, broadcast on PPV Friday prime time, and I can imagine that you'd find a lot less spam in your mail box on Monday.
The same type of solution would work with auto accidents. If you want to reduce the number of accidents, remove the seat belts, air bags and ABS brakes. Line the dash with 6" steel spikes and I can bet you'll find the number of accidents drops to next to nothing over night because we all become the world's safest drivers.
It's all about incentive.
Good judgment comes from experience, and a lot of that comes from bad judgment.
Simply institute a fine of $1000.00 per ad to the company in the virus-transmitted spam. They are easy to find as they give you the website/telephone numbers in the spam it's self.
To hell with the spammers, target the companies in the content.
Do not look at laser with remaining good eye.
While being anonymous for anonymity's sake isn't very hard to do, it is hard for a spammer to remain anonymous and be effective at the same time. These people are selling products, at the very least they can be traced to the guy who paid them to send the spam.
Buy our new penis enlargement pills!
Available at... errr... go figure
While ISPs are not to blame for this problem, ISPs are in the position to correct this problem. This is not about fixing blame, it is about fixing the problem. Keep that in mind.
Now, as I've said in previous posts about this sort of thing, it all boils down to preventing the spread of infection - mathematically, if the expected value of the number of hosts infected by any given host is greater than one, then the infection will be much like a supercritical mass of fissionable material. So the trick is to reduce the expected value to less than one.
Now, there are plenty of ways to do this, most of which involve the ISP taking some action.
In short, take responsiblity for FIXING the problem, and force your downstream customers to do the same.
I have been receiving a steady stream of virus laden emails from udw.ac.za (a university in South Africa). I have repeatedly contacted them as well as their up stream provider (saix.com). All SAIX does is send a nastygram to UDW. All UDW does is experiment in topological auto-proctology. Were SAIX to say "Alright - we've had five complaints this past week. You obviously are not doing anything to solve the problem, so until you do, we are blocking port 25 outbound from you" then UDW would be HIGHLY motivated to correct the problem.
But right now, most ISPs have the attitude of Mind Over Matter - "We don't mind, so it don't matter. Over and out." As such, the problem persists and grows. ISPs mail servers handle a steadily increasing stream of viruses and spam, for which they complain bitterly about having to buy new equipment (while raising their fees), but they don't actually try to SOLVE the problem.
If ISPs were to say, "The line must be drawn here. Here, and no further." - if they were to start blocking viruses and spam, disconnecting users that spread them, and requiring their downstream to do the same, then the expected value of the number of hosts any one host can infect would drop to a tiny fraction of 1, and the reaction would damp out. Viruses would not longer spread like wildfire, the news would no longer report upon them, and the virus writers would no longer get egobo from writing them.
However, as long as ISPs continue to do their best Sgt. Schultz of Stalag 13 ("I SEE NOTHING! NOTHING!") impersonation, as long as ISPs say "It's not our fault - we are not to blame, why should we do anything about it!" then the problem will only grow.
(/me sits back and waits for the inevitable flames from ISPs wishing to do exactly that...)
www.eFax.com are spammers
Or for those not so keen on abverbiations, Problem Exist Between Keyboard And Chair.
Make sure you got the latest anti-virus program. Do not open attachments from prople you don't know. Be wary about opening attachement from people you do know. Avoid HTML-enchanted (ha!) mail like the plauge. If possible, run another e-mail client than Outlook and Outlook Express. Set up and maintain a firewall that can block traffic that goes out as well as in. Use common sence - you wouldn't enter a house of ill repute in real life in fear of a STD, so you shouldn't visit a website of ill repute in fear of getting a virus or worse.
Seriously... if more people used their heads to think with and was a little more suspious about things, this would not be a problem.
Everything in the world is controlled by a small, evil group to which, unfortunately, no one you know belongs.
I think real news here is not that people are writing viri for profit, but that ZDnet is still operating. Seriously, I thought that they went out of business years ago.
when everytime you had to release a game you had to hardcode stuff for every single sound and video card out there because there were no standard routines.
what you're asking for is a world where every person ought to write all of his own software... incompatibility and anarchy everywhere.
on the other hand, i do commend you for being a thermodynamically obedient person.
1. Write devastating super-virus
2. Release it
3. Destroy unsuspecting internet
4. ???
5. Profit!
ObSlashdotJoke aside, I always wondered where step 4 came in. Clearly, from the number of viruses doing the rounds now, bragging rights alone is enough of a draw for many; equally clearly, from the vast weight of bugs in viruses, it primarly draws teenage l33t hax0rs with more testosterone than talent.
All the devestation of every trojan and virus in history has been without a clear step 4. The addition of a step 4 worries me a lot, and as has been said before even non-Windows people like me can't feel smug and safe forever.
You win again, gravity!
1) Write viruses
2) Fun
3) PROFIT!
So I'm a pervert. Welcome to the Internet.
1)Pay a spammer
;)
2)Spammer spams about the competition
3)???
4)Profit!
Obviously 3 is to sue the competition for spamming, but don't tell anyone
viral marketing! ;)
Calling people like this "hackers" is like calling punks who spray paint graffiti on railroad cars "painters" and "artists".
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
In one of the first of these that I saw back in May, the spammer apparently hadn't yet learned the art of using the Bcc: header, and all the addresses it was being sent to were clearly harvested from one newsgroup that I regularly read (and post in). That's how I knew it was spammed, and not just an "address book dipper" virus. And for some time, people have been spamming binaries pictures newsgroups with .exe attachments.
I'm glad to do my part in creating a diverse computing environment by running OS X instead of the leading virus-ridden OS. Is there any truth to the rumor that Microsoft is going to rename Outlook Express as ActiveVirus[tm]? :-)
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Obviously, you shouldn't treat a suicide bomber or a person who flies planes into buildings the same way you should treat a spammer. Being staked to a red ant hill under a desert sun would have no real effect on (the remaining itty bitty pieces of) the former.
/. If the government wants us to respect the law, it should set a better example.
Moderators! Please mod this known troll down. Thank you. He NEVER posts anything useful or even on-topic, just like this time. THE PARENT POST SHOULD BE -1:OFF TOPIC! Why is it still Score:1?????
Simply, those writing spam e-mails are trying to sell something. Spam is (for the most part, before more than now) legal. Taking over drone computers (hacking / virii) to send your spam e-mail is not. You have to make money from your business somehow. If you send spam from infected / hacked computers sending people to your website that obviously collects money for something... well, you have to have a name behind money collection. Someone has to own the paypal account or the charge vendor account... They will find you simply enough. In my mind this whole concept is bogus, as you can't hack or infect and send advertisments. That's like advertising Giant Eagle by spraypainting your daily sales on the front of buildings.
I haven't posted in so long, my sig is out of date.
Now, if they're using hacked computers, they're on the wrong side of the law. Period. We're not talking civil damages any longer. The discussion point is how long they'll be in "Federal pound-me-in-the-ass Prison".
This is the dumbest idea from a spammers viewpoint I've ever read. However, I'm not under the impression many of these guys are intelligent. The only reason they've been able to defeat filters and other mechanisms is either stupid admins or half-hearted implementations.
I personally hope they do it! I'd love to see a few spend some time in our lovely Federal Corrections Facilities.
Computer Science is Applied Philosophy
I run honeypots and work in security and I can tell you firsthand that this is definitely an accurate conclusion to draw. People exploit Windows boxes all the time and the only things I ever see them do with them are opening up spam relays or hooking it up as a bot to a warez IRC channel. There's absolutely no skill involved, it's just script kiddies with automated tools taking advantage of lazy Windozers who forget to set SQL passwords or ever patch their system with the latest updates. It's pathetic, and it really makes me think that spam can never be stopped no matter how much legislation gets passed.
" they will almost certainly end up mandating use of some (commercial, windows only) antivirus package."
No, that is exactly why I phrased it as I did - "require the user to keep his machine virus free."
If a machine is sending virus laden emails, then it is not virus free. Otherwise, innocent until proven guilty.
As for the attachements - I am sorry, but your right to swing your arm ends where my nose begins, your right to play your stereo ends where it enters my house. Society can quite legitimately ask its members to curtail dangerous behaviors. I can think of no circumstance in which sending an executable program as-is is needed or even wise. Not only will zipping the program reduce the size of the program (and thus the load on the mail server) it will add CRC protection to the program so that an error in transmission has a higher chance of being detected and corrected.
"my company already does such checks on internal mail, and it drives me mad, but it's their network so they can do as they please."
Guess what - Your ISP's networks is THEIR network, so by your own arguement THEY can do as THEY please.
www.eFax.com are spammers
UPS can't ship Cocaine. It's illegal to do so. Regardless weather the dealer told them it was powdered sugar or not, UPS is either responsible for being part of the transaction or they can plea bargain out and tattle on the dealer himself.
The advertising companies first of all can't use virii to send spam. Secondarily, and in direct response to your objection, they can't claim they thought their illegal practice is legal because of what they heard from the company they are advertising for. Ignorance is no excuse (to do something illegal).
I haven't posted in so long, my sig is out of date.
Then they'll try to sue the anti-virus companies for blocking their advertising.
1) Joe shmuck signs up for one of those guaranteed-business turn-key seminars and gets shafted for $100 to learn how to take their catalogues and hawk their stuff on some fly-by-night webhost.
2) Joe Shmuch tries to do something to increase sales of his shitty product, so he pays some lead-generating site which gets him into contact with a bulk-email provider.
3) Joe Shmucky pays the spammer to hawk his product, spammer complies, Joe Shmucky is still not getting enough hits.
4) Joe Shmucky has paid everyone to sell something no one wants, doesn't have enough cash to continue, and spammer, seminar guy, and crap distributor all walk away with his cash.
But you already knew all this.
Fuck Beta. Fuck Dice
Spammers DO HACK my mailbox= hackers
Graffitti IS urban art - something I'm sure you aren't as talented with a spray can as they are!!!
Who modded you? You apparently didn't read fr comprehension. I ststed that I wasn't really comparing the two; more contrasting the two. Back up your statement that a spammer is NOT a hacker. I gave a specific example.
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
it's still more profitable to attack a country and take thier oil
It's obvious you don't contribute anything to the world. Your country probably doesn't either, unless you're a traitor the U.S. and are posting from within its borders. If so, why don't you move to france so you can get buggered by other smelly people that think like you? Also, it's "their" not "thier"
Just because the U.S. is the greatest country in the world doesn't mean we're superior...oh wait, yes it does.
Everytime I see an article about spam, it always seems to be trying to stop spam after the fact (closing relays, using spamassassin, etc). Why not go after the source instead? If you do get spam, don't bother trying to hunt through email headers and all that, look for contact numbers/emails in the spam that are listed for the 'product' in question. Call them and complain. Sometimes, the company selling the product may not know their promotion is being carried out via spamming, and won't pay that company to spam again. If enough companies realize they are pissing off their potential customers, they just might stop paying the spammers. Once there is no money left in spamming, it will naturally stop on its own.
Of course, this doesn't address those who don't care or already know they are getting their message out via spam, but at least it would make a good start to reducing my inbox total.
http://bike.stu.ph/rides - free GPS routes available for Garmin, Magellan, GPX and Google Earth
Same thing. It takes a spammer talent, the same kind of talent and thinking as a hacker, to spoof my mail filters. I have over 100 now and STILL get 50-120 a day!
I think you just need a P.E.N.I.s EN.large.ment! :)
Buy Steampunk Clothing Online!
You're missing the point. By requiring the virus writers to be much more specific, you make the effectiveness of that virus much less. The appeal of writing a virus for Windows is watching the whole world fear that virus because ~80% of the world's computers run Windows. If you had smaller market shares, say at max 20%, then a virus (which usually only exploits unpatched computers) would only affect 25% of that OS, so a total of 5% would be vulnerable. We're not even talking about OSes here -- if you don't run Outlook you're safe from most of these new viruses. Try Opera's M2. Or Mozilla's e-mail client.
I will concede that this will then make it much harder for antivirus companies to keep track of, and support, a multitude of OSes, but it would only spur growth within that market, as companies would specialize to a specific OS.
This is my digital signature. 10011011001
Straight off their FAQ. I almost signed up for it, but that's more spam than I get now in 3 boxes combined!
This is my digital signature. 10011011001
My boss checked his e-mail sent over the weekend and discovered that over 2/3 of it was caught by the ISP's spam filter. A very large percentage of what wasn't captured was also spam, so there was time wasted in disposing of that. I believe that spam will eventually be outlawed, but the service providers need to do more on their end to prevent the spread of spam by restricting access to SMTP servers and ports. The idea of scanning attachments is good, but you also run the risk of deleting something that is legitimate. The same is true with junking spam (remember those with Yahoo addresses having their donotcall.gov e-mails trashed by the Yahoo mail server?). It may sound like a hard task, but give it some time, and the technology and algorithms needed for maximum effect and efficiency will be available.
step 1: write uber virus
step 2: get caught upon takeing credit
step 3: go to maximum ultra security prison for 16 consecutive life sentences
step 4: become someone's bitch
step 5: ???
step 6: Profit!!
couldn't leave this alone:)
the synergy between virus writers and anti-virus companies?
Seriously, WHY do you suppose MS hasn't made their product more secure from viruses? Probably getting kickbacks from McAfee.
I've always thought there just had to be some connection. After all, consider the sheer numbers of new viruses, and the fact that 99.999% of 'hackers' (and by that I mean people bent on causing online trouble) are script-kiddies, that doesn't leave a lot of people out there talented enough to write the code. Also, it seems the quickest way to detect and repair a virus is to have written the code in the first place and already know how it works.
One wonders if the major antivirus companies have some sort of information-exchange to share projected rollout dates "Yeah, we're planning a biggie to increase our sales next quarter, here's a floppy with the signature and payload. We'll trade ya for the fix on your latest NIMDA variant."
Hey, can an antivirus company really say they're doing EVERYTHING to protect their customers unless they're sharing info? Hmmmm.
These people looked deep into my soul and assigned me a number based on the order in which I joined.
It's obvious you don't contribute anything to the world. Your country probably doesn't either, unless you're a traitor the U.S. and are posting from within its borders. If so, why don't you move to france so you can get buggered by other smelly people that think like you?
He can move to any other country in the world, really. They feel the same everywhere now. France was just the one with the balls to speak up.
I'm going to a conference there in two months. If you give me the money, I'll buy a bottle of French wine and pour it down the gutter for you.
Perhaps laws making the creation and distribution of viruses aren't enough. Perhaps we need laws that also outlaw the exploitation for profit of viruses. While we are at it, we can outlaw exploitation of other people's internet connections.
Call it "virtual trespass" if you will. Maybe it could be used againt those applications that hijack your browser as well!
The brutalrape spammer did more. His virus infected computers to install a tiny web server and a few pages. Victims had graphic rape images on their machines. The virus "phoned home" when the victim went online. The spammer took the victim's IP address and added it to his nameserver as (one of the) IP address(es) for his spamvertized hostname.
Those getting the spam would complain about the graphic images and spam site - on a victim's computer. The tiny web site would have a few pages including one which would be a (possibly JavaScript encrypted) redirector to the actual signup page (usually a signup page rather than the actual site - one would have to pay before finding the location of that).
France was just the one with the balls...
Hahahhah!! that's funny. individual frenchies might have backbone, but the nation itself is more yellow than tweety bird. The only reason France "spoke up" was to protect their cheap oil supply....and yet the U.S. is the one accused of going to war for oil. How much concern did the Frenchies show for Iraqi citizens when they were giving money to saddam for oil, knowing full damn well that none of that money was going to the citizens? Oh, wait, I'm not supposed to talk about that because it's not anti-U.S. nor is it pro-left wing.
So, in essence, you are saying that whatever product or service being advertised is the cause of spam and the subjective advertisement's beneficiary should be stomped to death... Hey, I hope you're right!
:-)
:-)
Advertisments to take-down a website you don't agree with...
Have you been feeling you aren't satisfying your partner? Ask CMDRTACO.NET's ROB MALDA! He's a man, he's married, he will answer your love questions for $4.99 per minute as well as ad-less access to the mothership of assho*^H^H^H^H^H^HEditors providing keen advice and counsel on SLASHDOT.ORG!
Goodbye cmdrtaco.net...Goodbye slashdot.org
It was nice seeing you the other day...
BARELY NUDE FAT MANLY TEENS!! ALL LIVE!! ALL PARTIALY CLOTHED!! ALL UNDER THEIR DESKS!! ALL AT COWBOYNEAL.ORG!! SAY YOU READ THIS ON SLASHDOT.ORG AND RECEIVE 13.37% DISCOUNT FROM $5.99 SUBSCRIPTION TO THE BARELY NUDE GALLERY!
Goodbye cowboyneal.org
I think this will work...verry well >:-)
There's a really nice technical writeup of the mechanics and evolution of the SoBig worm here. Fairly scary stuff.
If the sobig virus sends specific spam emails then you should be able to examine the packets output by an infected machine to discover the content of those mail messages. Once you find out the content, then you know who is sending the mails since any useful spam would have to include some way to get in contact with the spammer. ( Maybe not negative ads tho such as 'Tide Sucks' being sent out by All detergent without any reference to itself. ) If I were a spammer looking to send spam via a virus I wrote I would just have the virus act as an open relay. Then I would scan the net at large for open relays to use just as any other spammer would. Writing such a virus would benefit the whole 'Spammer community' to the detriment of everyone else, but the virus writer could remain anonymous since many spammer are likely to find and use infected machines without knowing why the machines are running an open relay.
Eat at Joe's.
All that's required to create a spamming network is to create a DDOS trojan that will send out spam instead of hits to random sites. Then you could have the control servers accept huge mailing lists and spam forms. The list would be broken down into small "jobs" and sent to the trojaned machines along with the spam message. The infected machines then dutifully send it to every address on the list and wait for further instructions. If the network is diverse enough, it could be difficult to block effectively if the same recipients aren't mailed from the same IP ranges.
Also, consider the bandwidth that will be available. If an average cable modem uploads at about 100kbps (the max is supposed to 128 but this is a simplification), then just 15 infected machines will form an equivalent of a T1 line. About 500 will upload as much data as a T3 line. Of course, this just assumes that all 500 are on castrated residential lines, which isn't always the case in real life. Any such trojan with robust propagation and upgrading capabilities will be able to grow to far larger propotions, and if the propagation mechanism can be updated quickly and reliably, a steady flow of new hosts is assured. With enough funds, it's not impossible to imagine something like this happening soon (especially with zdnet editors giving ideas to the masses).
As far as tracing is concerned, it's not very easy to prove that the owner of a product willfully contracted someone to spam the net with it. The attempts to trace the person controlling the network will likely end up with some proxy server in china, korea, or whathaveyou.
Not-So-Anonymous Coward.
Okay, you have a firewall and a virus scanner. But all of this is for naught if you yourself push the button or your software pushes the button. In either case, your system gets hosed and you have hours of work ahead of you to fix things.
Most virii are currently Windows based. The gut feeling would be to avoid that platform and choose something more resistant like Linux or MacOSX.
If you can't step away from Windows, then step away from the applications on Windows which can make your life suck: Outlook/Outlook Express, MS Office, Auto-downloaders, Auto-executors, etc.
If you have the good sense to avoid opening those files, but your software doesn't, then you are still screwed. you need to configure your OS to not be so impulsive. Tell it to save off those attachments and place them somewhere safe for scanning. Don't let it automatically process images/etc.
Finally, if you can't avoid Windows or the applications which can lead to computer ruin, then at least make good backups and such...
I use WinXPpro, Mac OSX, GNU/Linux 2.4.20(Debian) and have yet to have a virii incursion. Though that is probably due to the use of Pine, Mail, and OpenOffice. :)
Thumbs up to OpenSource/FSF and the community.
Winged Power Photography
He's back. The brutalrape spammer using trojaned machines for his webservers.
With one added attaction. It used to be that one could get at him by having his nameservers taken down. Guess what? While it takes a day to get new nameservers listed in the root servers, suppose one found some DSL/Cable machines on which one had installed the trojan which were left on 24/7? Why, use the trojaned machines for the nameservers as well!
Check out the nameservers listed in the root servers for the domain nomorebullshitsite.com. Check out how quickly the IP address for nomorebullshitsite.com itself changes. Check what it resolves to. Damn.