Slashdot Mirror
NYT Reports Porn Spam Hijacking Network
twitter writes "This NYT story describes how thousands of PCs have been used as porn spambots and reverse proxy servers, and mentions that they could be used for kiddie porn. Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables."
Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables."
Umm, no they won't. First of all, very few people would notice the article in the first place. Second, people who did notice wouldn't know what to do to protect themselves (not supporting MS isn't an option for 90% of the computer users in the world). Third, was the comment necessary?
Finally, though Microsoft is not mentioned,
Oh, but we'll take care of that.
The coolest voice ever.
Translation:
In my experience, end-users who are not tech-savvy have little real understanding of online security practices: they tend to ignore basic things such as updating antivirus dat files because they don't know or don't understand. And from my own experience, I know that broadband providers are more interested in pitching all their cool features than they are in educating users how to be safe. Seriously, how hard would it have been for my ISP to have included a Sygate or ZoneAlarm trial on the install CD they had to send out anyway?
What kills me is that it's in the ISP's best interests to encourage safe computer habits, and they don't really emphasize that.
----------
Something cleverHere's the thing though, with StarBand, they have an auto-imposed limit of around 500mb/week upload, and if you go over it, you are automagically shut off for a few days. The problem with this, and I have seen it happen, is that the Spam/Pornbots can infect a Starband Customers computer, and easilly make them go over their weekly 500mb upload limit. Thus causing them to lose their internet connection.
This poses a real problem, not only for the end user (The people I deal with are all in the far reaches of Northern Minnesota where Satellite Internet is the ONLY broadband option) but also for the ISP's. Its viruses/bots like this that make it even more necessary for legislation to fight spam.
The writers of the Bots would be the spammers, not the owners of the infected systems. Just because I borrow your car to deliver the paper, does that mean that in reality, you delivered the paper because it was YOUR car?
-I may not me amish, but I am a geek!-
To many people, a computer is like a screwdriver. They could care less about it, they just want to pick it up, make it work, and toss it aside when they are done with it. It's unfortunate, yes, but that's just the way it is.
Why is this unfortunate? Do you want to know every nuance of the car you drive, just to get to work? How about when you watch TV? Do you really need to know about NTSC vs PAL? No, you want to watch TV.
Computers should be no different. People just want to send grandma some pictures, surf the web, type a paper, whatever... Not spend forever updating their AV package, SP updates, etc.
A computer is a tool. It is merely a means to an end.
I agree with you: if 90% of the world were running UNIX instead of Windows, we'd still have heaps of insecure, obsolete old RedHat 6.2 boxen sitting around on the Net because users just do not take security seriously and it doesn't matter what the underlying OS is.
I've pointed out before that the rise in popularity of Linux will not make the Internet more secure; it will merely result in poorly-configured Windows boxes being replaced with equally poorly-configured Linux boxes.
So you're saying all I have to do is install one of those screensavers shrouded in four web-site redirections and I can sit back and wait for some pirate in The Phillipines to jack all the 1337 w4r3z and pr0n for me?
Dude! This is better than PointCast **AND** Kazaa -- The stuff just shows up! It's like subscribing to the FBI files-you-shouldn't-have mailing list!
Spyware and viruses r0ck!
"Lawyers are for sucks."
- Doug McKenzie
This is terrible.
They put all that porn on my computer, and I don't even get to see it?
Ooh, a sarcasm detector. Oh, that's a real useful invention.
- It's pretty much all pornographic or for "enhancement" products.
- The content is very similar - it's clearly the same small set of spams run through a hack to "randomise" the sender and basic subject/content details.
- The originating IPs are *all* assigned to Windows boxes where I could sufficiently NMAP them.
- WHOIS records almost always point to home/SOHO networks; I only found one corporate IP block in around 100 IP lookups.
- There are no SMTP smarthosts being used - it's going direct from a Windows box to my SMTP gateways. Outlook *cannot* do this, so it's coming from malware with a dedicated SMTP engine.
- I've also been seeing a huge increase in the amount of macro viruses inbound - just a guess, but it's probably the bot trying to propogate itself.
Couple this with the 500Mb/s DDoS attack on SpamCop over the last few days and the picture is fairly clear. Someone is thumbing their nose at the US/EU attempts to legislate against spam and sending a message loud and clear. If the antispam community cannot find and nail the person or persons responsible for this, then the eventual legislation is going to have no effect what-so-ever.So. We have 500Mb/s+ of bandwidth being used in a DDoS, anyone's guess going on the actual spam, kids undoubtably seeing hardcore porn and computers being deliberately compromised and abused. Tell me again that spammers have a right to free speech and it's a victimless crime that doesn't cost anyone anything? They have a right to be force fed Hormel products until they explode like the Glutton in Seven if you ask me.
UNIX? They're not even circumcised! Savages!
[Fade in on dim interior of grimy trailer packed with disused computer equipment and swimsuit calendars. Greasy-looking SPAMMER puts down a half-eaten slice of cold pizza and starts dialing the phone.]
SPAMMER: Hello, is this Ms. Smith? I was wondering, would you mind if I used your computer to put some pirated pornography on the Web? [click, dial tone in background] Hello? Ms. Smith?
[Cut among views of SPAMMER on the phone, sleazy as ever.]
SPAMMER: Could I borrow your computer to send millions of spam emails? [click]
SPAMMER: ... just want to use it to run a quick scam -- [click]
SPAMMER: Uh, Mr. Jones, could I steal passwords -- [click]
SPAMMER: ... I want to crack into eBay and rip people off, could I use your computer for that? [click]
[SPAMMER looks sweatier and nervous, impatient and guilty.]
SPAMMER: [click] Hello? Hello?
[SPAMMER puts the phone down and starts typing, face illuminated by the screen.]
JAMES EARL JONES VOICEOVER: In the real world, spammers and Internet criminals don't ask your permission. They use viruses and insecure computers world-wide to steal from people. To find out what you can do to protect yourself and your family from crime on the Internet, log on to computer security dot gov.
[Fade out to black screen:]
http://computersecurity.gov/
Take a byte out of crime.
JAMES EARL JONES VOICEOVER: Brought to you by the FBI and the SANS Institute.