Slashdot Mirror
P2P Spam?
Sgt York writes "In a NYT article (republished in the Houston Chronicle, no subscription required) experts at CERT, F-secure, Trusecure, and the Hall of Justice (see article) think that SoBig.F is a spam scheme in the making. They say that SoBig.F is the 6th variant in an ongoing experiment with the possible goal of setting up a distributed spam network, to be rented out to the highest bidder. If that is their goal, they are well on their way. Another disturbing note in the article is that "In the case of four of the six programs, a new version was launched immediately after the self-timed expiration date of the preceding one". SoBig.F expires in two weeks. "
I think the superheroes involved in the SOBIG fight miss the entire point.
The authors are probably testing the feasibility of sending out a virus (which
given the number of copies I receive) will happily be opened by people and
then simultaneously sending out spam messages to the same group of people.
There's no need for the SOBIG authors to control the machines after SOBIG has
been executed. They just need to include the spam message in the virus
itself.
That would make it truly P2P spam. Unsuspecting user X who opens SOBIG would
transmit the mechansim for sending more spam and his portion of the spam
deluge. Of course there could be a downside to all this, once the blacklist
people start cutting off EVERY ISP in the world because of spam messages SOBIG
would defeat itself because no one would be getting mail.
John.
So someones business plan is to admit to writing/distributing the worm and then rent out the affected boxes?
I must be missing something because it seems to me that such a business would be immediately sues into oblivion.
They who would give up an essential liberty for temporary security, deserve neither liberty nor security
OK, so some company decides to buy. Wouldn't they now be liable for unauthorized use of the computers. Why would a company take the risk? I think this is a red herring, and that it's just another way for worm/virus writers to justify themselves to the world (and themselves).
Couldn't we then find out who wrote the virus just by interrogating the companies who benefit from the advertising?
Is this truly the only Earth I can live on?
We need to have serios penalties for hackers, crackers, and script kiddies. Jail time should be manditory. We also need a better email protocol which would make it difficult to fake headers.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
"Now, liken me to Sinestro and you're the Green Lantern..." *shiver*
"Understand you're having a little Jimmy Page trouble."
Its not the spammers!
It's probably someone out to eventually make every computer a 'trusted computer'
The last thing spammers want to do is lose their ability to spam. If this virus is really intended to help spammers, then it will be in short order that we will al be oredered to use a trusted computer platform( cough* microsoft*cough) and that will be pretty be the end to any sort of freedomes that the net enjoyed in its early and its glory years.
Would like to hear some discussion thanks!
Sigs are dangerous coy things
What if the purpose of these viruses is something much more vast and daring then we all really think? What if it is a deranged person that thinks that by taking over thousands of computers he can somehow create world domination?
[img]http://www.danasoft.com/sig/Digerati.jpg[/im
Doesn't it seeem like the more viruses this person/group releases, the easier it will be for them to get caught? Doesn't it seem like if companies use this network to spam, it will be easy to pin down the culprit? Although it sounds like a good story, I don't believe that anyone would be stupid enough to try.
We really need to come up with a decentralized way of reliably telling whether an email was sent by the person with the address which is listed in the "From" header or not. PGP or GPG should be able to provide this, but how are users going to learn about the advantages of authenticated mail and do these systems scale?
Back when I used ICQ, I used to like getting spammed:
HotSxzzGrl says: Can we talk?
Or something like that. It's been awhile. God I miss her, though.
My sig sucks.
I don't think many businesses would want to be associated with a virus spam scheme. Even if most people wouldn't know it came from spam, the truth would come out eventually, and that company would be investigated, and then whoever wrote the virus would be found (and jailed). This would be a horrible plan for any business.
So I'm not sure I buy that explanation.
if(!cool) exit(-1);
... that Sobig.F expires on September 10th, and the next one will probably come out on September 11th.
libertarianswag.com
I would have assumed that this was a six degrees attack on sensitive structures, given the back doors. Flood the network with viruses, and some moron will eventually lead you to the computer you've been actually targetting.
meh
I've d/led movies and when I play them, it says "this movie has been illegally copied. You must purchase the original movie at your local store.". Damn Hollywood studios, we didn't get that marketting crap with bootleg VHS tapes in the ole days ...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
"You can liken this guy to Lex Luthor and we're all supermen," said Russ Cooper, a security expert at Trusecure in Herndon, Va.
If stupid fsck'n end users would stop openning and running attached files with no good reason to.
Example: Joe Blow expects file "abc.pdf" from Jim Bob-Blowme. Joe Blow gets file "abc.exe" from Joe Bob-Blowme and runs the file.
Outcome: Joe Blow gets shot in the face.
this is my sig, there are many like it, but this one is mine.
I have been noticing a lot of my hosting customers are being restricted to using only their ISPs SMTP server to send e-mail. They will not be able to connect to their colocated/hosted e-mail servers to send e-mail. I believe this is to prevent SOBIG and other types of works from sending out e-mail, but this is making my job quiet hard. I have to configure webmail for all these customers who would rather use Outlook.
Spam is becoming such a huge business that they need to resort to crime to grow. The stretches of Spam have become so extensive and intrusive that they can't even legally think of anything else. My suggestion, like millions of annoyed consumers, would be to just stop spamming. It is a waste of resources both for the spammer and the spamm-e (what the hell, that doesn't look like a word). Furthermore, all the evidence I can gather suggests that it is entirely ineffective.
So why resort to a series of virusus that rip through international networks? Then again, why climb Mt. Everest? Because it was there.
(Note: Obviously the reaches of SoBig and spam in general reach well outside the United States and in all likelyhood, originated elsewhere. Don't think that I am som egocentric American who thinks that the U.S.A. is the only place on Earth. I was just using it as a frame of reference because it is what I am most familiar with.)
The New Root Council, kickin' ass sinc
...don't go outside without your tin-foil hat!
*sigh*
execution is pisspoor. reference the previous article about viruses/worms being good for us. massive attacks like melissa/iloveyou/sobig/whatever the latest one is gives us another chance to educate our users and friend about not doing things like opening PIFs and EXEs, even from people you know. plus it gets the vulnerability plugged (theoretically anyway).
creating a network THIS way is counterproductive.
turn up the jukebox and tell me a lie
If the entire internet were absolutely smashed with spam, at leats one good thing might emerge - the will to actually combat it realistically!
With all the techno-dweebs on this site and all the fasntastic opinions about whitelists and blacklists and graylists and modifying SMTP and replacing SMTP and handshakes and authentication and a million other solutions, perhaps someone, somewhere, will finally being to make a dent in actually dealing with the spam problem.
I mean, if 2.8 billion people receive the same spam for item X, won't it be obviouos that the makers/sellers/promoters of item X are to blame. When push comes to shove, they will, of course, name names.
Somebody will go down, hard.
This protocol allows anonymous delivery of data within your networks. I predict death of feasibility within 1-2 years. No amount of legislation or threat of legal action can stop the flow from a vast supply of potential "dumb" drones.
Welcome to the Internet, 2003.
Next up, authenticated delivery, whitelisting, and the death of the mail server as we know it.
Nah, just what I needed. After spending days patching all those Windows PCs from my friends, family and even coworkers I feel kind of tired. I love to come home to my Slackware-Box where everything is just the way I left it and wonder why, oh why, they won't listen to my words? I mean, I told them I would hold their hands while switching. I can't see how someone with a modem connection can honestly stick with something that makes himt download hundreds of MB from http.windowsupdate.com (sorry, i meant http://windowsupdate.microsoft.com, say it one more time and I will scream! ;-).
Can't wait til they fire up their distributed Spam-Network, that will show them. Wonder who will be left to hold their hands? Muahaha!!
Sorry for beeing offtopic but I had to say it.
Cu,
Lispy
and it also needs to DDoS microsoft
and make sure they select the right target
Spam merchants and virus/worm writers are collaborating and will collaborate, and build networks that make spam filters entirely useless.
Of course Sobig is about spam. Why else does some mysterious but well-financed entity want to control half the desktops of the world?
How about this spam technique, which I predict will occur in 6-9 months' time:
Tampering with real emails, inserting the spam message mixed with the real email.
Does that scare anyone? It makes a mockery of current technology for fighting spam.
Ceci n'est pas une signature
Will the authors of Sobig.G get it right next time?
Tarsnap: Online backups for the truly paranoid
how is this a troll? stupid moderators!
Sure they can build this network but it seems to me that any company then using this network to send spam would be easily traceable and easy to prosecute? Traceable because they need to put some sort of contact info in their to sell their product and prosecutable because they are using a network of compromised machines to send their spam?
here is the actual article
That's when encryption will be publically adopted.
Maybe its just that the virus writer is actually starting to follow the kinds of ideas that geeks often toss out. "Oh yeah, if I was making a virus I'd have it..."
.doc files, or something similarly nasty. And he'll only share the key if we put deposit money in a Swiss bank account! ... hey, that's not a bad idea.
Granted, it still exploits the most obvious problem in computing: the people who use Outlook in its "Automatically Run Attachments" mode, but it would be foolish to ignore the largest and most potentially devastating venue.
Once the guy figures out exactly the heuristic to hit the most targets in the shortest amount of time, he can put a real payload in it, like a file encrypter for
skye
geek
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I suspect that the 20 hardcoded download sites in the current variant are a proof-of-concept, not a future strategy. Every time a virus is exposed that tries to download from some fixed location, I've wondered why virus writers would even try such a thing, when it's obvious that white hats will reverse-engineer their code?
What if the next version uses something more flexible... like a Google search on some particular string? Spend a few months sprinkling links to the download on servers around the world, with pages containing some unique string (call it "foo123"). When the next virus activates, it does a Google search for "foo123", and downloads its replacement. As fast as hosts are removed, more can be created and indexed.
For even better effect, use a moderately common word or phrase that Google couldn't remove from its index without causing big problems.
On the non-technical side... I was struck by the post in a previous SoBig discussion that noted that this variant expires on 9/10, and if the F-Secure expert is right, that's not a good sign:
"I think the motivation is clear. It's money," said Mikko Hypponen, director of anti-virus research at F-Secure, an antivirus firm based in Finland that is decoding the illicit program. "Behind Sobig we have a group of hackers who have a budget and money."
If there's a budget and money, then there's organization, and I'm concerned about the organizations that might see 9/11 as a good day to launch a distributed attack.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Wonderful, I have gotten 5237 of these things and counting as I type this. If the next one is any better than this version I can expect to see greater volumes of this crap and that is not really a pleasing thought for a Mac user. Yeah, this time we are suffering too.
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
Set up machines to block all ports except what's requested.
Firewall: incoming/outgoing.
no attachments except compressed files!!
executables have to be AUTHORIZED! to be downloaded and once saved, ONLY THEN, you have ot manually navigate to the folder to execute it.
chmod -R -x c:\
Spammers are making money hand over fist selling placebos, which means that there is an incredible amount of stupid people that currently populate the internet. If you really want to stop spam, kill the stupids.
Fat, drunk and stupid is no way to go through life, son.
What if the goal (or effect, either way) was to get things to the point where nearly everything was blacklisted for spam? The virus wouldn't have to send real spam, just fake spam in a way that would cause the person's ISP to be put on the blacklists. Once that happened, people would shut off the spam blocking software, and spam would reign supreme.
This would be a case of me talking out of my ass. Is this posssible, or is it readily detectable?
It is now official - Netcraft has confirmed: SMTP is dying
Yet another crippling bombshell hit the beleaguered SMTP community when recently IDC confirmed that SMTP accounts for less than a fraction of 1 percent of all servers. Coming on the heels of the latest Netcraft survey which plainly states that SMTP has lost more market share, this news serves to reinforce what we've known all along. SMTP is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] [samag.com] in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin [amazingkreskin.com] [amazingkreskin.com] to predict SMTP's future. The hand writing is on the wall: SMTP faces a bleak future. In fact there won't be any future at all for SMTP because SMTP is dying. Things are looking very bad for SMTP. As many of us are already aware, SMTP continues to lose market share. Red ink flows like a river of blood. SMTP is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time SMTP developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: SMTP is dying.
Let's keep to the facts and look at the numbers.
SMTP leader Theo states that there are 7000 users of SMTP. How many users of SMTP are there? Let's see. The number of SMTP versus SMTP posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 SMTP users. SMTP/OS posts on Usenet are about half of the volume of SMTP posts. Therefore there are about 700 users of SMTP/OS. A recent article put FreeBSD at about 80 percent of the SMTP market. Therefore there are (7000+1400+700)*4 = 36400 SMTP users. This is consistent with the number of SMTP Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, SMTP went out of business and was taken over by SMTPI who sell another troubled OS. Now SMTPI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that SMTP has steadily declined in market share. SMTP is very sick and its long term survival prospects are very dim. If SMTP is to survive at all it will be among OS hobbyist dabblers. SMTP continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, SMTP is dead.
Fact: SMTP is dead
expect stuff like this to happen. as long as 2 or 3 jackfucks in alabama are gonna buy whatever arrives in their inbox spam will be profitable since there's no cost to it.
Stupid people make stupid things profitable.
They could be hunting spam relays. They could be looking to anonymously bounce kiddy porn. They could be looking for thousands of boxes to keep their warez .torrent files alive and kicking.
Hey, I just thought of that. That'd rock, be much easier and more effective than hunting for pubs. You even have one of your drones host the tracker in the first place.
Anyways, who cares. Patch your machines and shut up. We're seeing as many sobig stories as we are SCO, and it really isnt that big of a deal.
I don't need no instructions to know how to rock!!!!
I'd rather not be a doomsayer, but seriously: If all the spam and viruses continue, people will get so sick of it that they'll take serious action. Since the anti-spam laws are both ineffective and draconian, and very few spammers have been successfully shut down, and worms, trojans, and viruses run rampant despite the availability of patches and better OSes: Everyone will be using a strict whitelist, ISPs will remove the ability to send and receive attachments, and HTML email will be disabled because of the scripting risk. The spammers and malware writers will have forced us to cripple our own communications. Just my 2c.
End wild prognostications.
Gets me if you can'
that's 'Catch me if you can' about Frank W Abagnale with tom hanks and leona...
oh, just forget it.
I dont know about you but ever since SOBIG has come into picture, my mail box has been full of antivirus alerts from companies whosupposedly got infected mails from my mail ID. Looking at the smtp headers of the infected messages attached in the response, I can see that the mails were never sent from my computer or from any person I know (I dont know any one in Russia for once), but still somehow someone got my address and used it to spread the virus. Which makes me believe that somehow someone who knows me got infected by the virus and the whole address hook was sent to someone somehow.
What's under yellowstone?
"You can liken this guy to Lex Luthor and we're all supermen," said Russ Cooper
Actually I liken that guy to Rock Hudson and you're all the Christian Values Alliance.
Makes sense, you're a bunch of annoying wankers who take themselves way too seriously, and he's a pain in the ass.
Happy Troll Tuesday!
I don't need no instructions to know how to rock!!!!
Don't be fucking stupid, the worm spoofs the From address with random entries in the infected computer's contact list. It's random and it wasn't written specifically to fuck ~you~ over.
Spammers are making money hand over fist selling placebos, which means that there is an incredible amount of stupid people that currently populate the internet. If you really want to stop spam, kill the stupids.
You've just hit on the solution! All we have to do is convince the spammers to replace their sugar pill V1a6ara with a slightly more reactive compound. Something like this, perhaps?
Problem is, the spammers are probably stupid enough to try their own product. Darn it.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Would it be possible that the creators of SoBig took a page from the DirecTV playbook and are slowly building up a software program on each infected computer?
1 8&mode=nested&tid=129
From
http://slashdot.org/article.pl?sid=01/01/25/13432
We get:
Four months ago, however, DirecTV began sending several updates at a time, breaking their pattern. While the hacking community was able to bypass these batches, they did not understand the reasoning behind them. Never before had DirecTV sent 4 and 5 updates at a time, yet alone send these batches every week. Many postulated they were simply trying to annoy the community into submission. The updates contained useless pieces of computer code that were then required to be present on the card in order to receive the transmission. The hacking community accommodated this in their software, applying these updates in their hacking software. Not until the final batch of updates were sent through the stream did the hacking community understand DirecTV. Like a final piece of a puzzle allowing the entire picture, the final updates made all the useless bits of computer code join into a dynamic program, existing on the card itself. This dynamic program changed the entire way the older technology worked. In a masterful, planned, and orchestrated manner, DirecTV had updated the old and ailing technology. The hacking community responded, but cautiously, understanding that this new ability for DirecTV to apply more advanced logic in the receiver was a dangerous new weapon. It was still possible to bypass the protections and receive the programming, but DirecTV had not pulled the trigger of this new weapon.
"Last Sunday night, at 8:30 pm est, DirecTV fired their new gun. One week before the Super Bowl, DirecTV launched a series of attacks against the hackers of their product. DirecTV sent programmatic code in the stream, using their new dynamic code ally
Could it be that SoBig is doing the same thing? With each new infection a bit of the code is added to the master?
Don't touch the keyboard.
It's all fun and games until someone loses the key to the handcuffs.
It's SCO...
The virus will install their code on every machine that is infected. Then they will sue EVERYONE for infringement.
Stream : SoBIG.main : /. poll)
Revision : 6.0
Code to be released : Pending Approval
Target Release Date : Sept 9, 2003
Proposed fixes
1. Enhance subject line generator.
(Incorporate statistics from
2. Enhance performance.
3. Incorporate "increase penis length" email.
4. Fix critical product change requests
5. Add string confirming soBIG refers to
average penis size of development team.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Well, I don't know about p2p spam this way, but I do know the RIAA spams me on Kazaa...
Half (okay, exaggaration) the songs I download are clips for their anti-piracy campaign, which I could careless about. I equate this to spam for penis-enlargement pills. I don't need either of them.
Sobig always makes me think of the film Independence Day. You know how the aliens positioned their ships at strategic points around the globe and then waited for the countdown to strike simultaneously?
It makes Sobig seem more 'sinister' when I think of it in these terms. Sure it's annoying, sure it's a drain on time and resources, but what's going to happen when all the ships are in position and the countdown hits zero?
5, 4, 3...
This statement is mistyped. The actual statement was:
"You can liken this gay to Lex Luthor and we're all men in tights," said Russ Cooper, a security expert at Trusecure in Herndon, Va.
When are we going to start playing core wars on the net ? (Worm killers and worms killers killers and ...;)
Seems to me that the companies protocols are all out of wack, there should be certain steps a person has to go through to determine if the attachment is valid. Use special Extentions, or name the files in a particular way that is unique to your company so that you know what files are valid, and what aren't.
What is slashdot?
This sounds like a win-win situation, better get started.
mats
One man's ceiling is another man's floor.
HAHAHAHA
Sobig scans the address book, cached webpages, text files on the harddrive, etc., for email addresses. Has it occurred to anyone that the rapid reproduction and spreading may just be a side effect of a spammer trying to gather the largest email list on earth? Imagine what they could do with a list that size? Even people who are careful with their personal email addresses could lose them to the spammer by their parents getting infected.
... and it's NEARLY untraceable back to you.**
.scr and .pif extensions and curled in a fetal position under my deskand took a nap.
Now, add this on top of how the sobig already spoofs emails and you get other people doing your spam for you
-Ab
** I know they can be traced, at least to the last computer, but getting back to the source is tough cause people tend to delete the original virrused email. I know I traced several attacks and helped notify the host companies/universities and got them cleaned up, but after my 7th track, I got fed up and gave up, adjusted my MTA to block all mails with the
Nothing fails quite like prayer.
Spoil my superfriends memories for ever and ever, you insensitive clod.
But nobody can cheapen what Wonder-woman and I had together... mmmmm... that golden lasso...
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Politically-motivated makes more sense. The current version expires on September 10, so a reasonable assumption is that the big attack comes on September 11.
I suggest we use this one.
Mmmmm...days like today where I'm grateful that the Mac's market share is small enough not to attract the attention of spamwhores like the SoBig.X inventor.
Of course, I'm also armed with ps and kill -9.
blog |
. . . and let Homeland Security take care of them.
I mean, dang, wouldn't it satisfying to think of the wankers behind this stuck in a cell down in Guantanamo?
And just think: The hour of exercise they'd get each day would probably more than they're getting now!
Here's a suggestion: When the Exchange servers and clients are updated to work around this, block whatever port they're using again. For the good of the net. Continue doing this until the irresponsible vendor of this malware can demonstrate (with source code!) that their app is not opening the door to this torrent of filth.
Help stamp out iliturcy.
There is ALREADY evidence of people leaving the US - voting wiht their feet - because of the insane US corporate-centric regulations. If "we" were "all ordered" to use "trusted" platforms you would see this amplify a hundred fold. All such regulation would do is quicken the loss of technical leadership the US is ALREADY experiencing in the world.
These things have a way of self balancing. Always did, always will. It's just a question of who suffers most, when.
IMHO, the only way for SMTP to be replaced by something secure & authenticated (a la whitelists) is if the current system goes belly up in the most insane, painful and costly way imaginable. I wish it wasn't so, but reasoning, debate and research have proven useless to convince the powers that be that something needs to be done. MASSIVE, huge spamming, unstoppable is a way that will costs billions without doing any physical harm. If that doesnt trigger change, nothing will.
When will I end this grieving ? When will my future begin ?
If this theory were true, then the "test" virii would be much more benign. Since they have been quite noticable, people have been compelled to take steps to close the holes. I would suspect that the next variant will be much less of a nuisance than its predecessors simply because the target market has been substantially reduced.
No, if I was looking for a fun conspiracy theory, I would enjoy suspecting that Microsoft has decided that this is a good time have all their customers tighten up their security.
What if this isn't a scam for spammers, but a way of Symantec and Mcafee to boost sales?
That possibility was never considered
Learn something new.
it's so easy to stop, you just charge the people who have paid spammers to spam their companie's products.
it's so f'ing easy.
It doesn't just scan the address book; it scans the mail folders (which means that if you post to a mailing list or usenet, it can get your address). I wouldn't be too surprised if it scans IE's cache for addresses on web pages that have been visited.
What would the downside be??
It's logical for spamware writers to turn to viruses, but not necessarily to propagate spam, but as a way to cull addresses and acceptable headers for spams to those addresses. This will enable them to penetrate whitelists, and even Bayesian filters which use headers as fodder for analysis.
My personal email address, which I reveal to almost no one, has now been spread across the world because it was in the address book of someone who opened SoBig.
Windows usage is demonstrated to be part of a worldwide Evil Plot(tm).
So, at what point am I justified in shooting Windows users on sight, in the name of protecting humankind?
who are those slashdot people? they swept over like Mongol-Tartars.
I tried to check an old Kernelnote message. But this site seems to be hacked. I know Slashdot is not the place to report it, but where is the best place for a hacked site?!
*Shakes head sadly*
*Stares in utter disbelief*
*Shakes head some more*
etc... etc... etc... etc...
And that, I mean look at it THAT got modded up? And interesting at that? Calling it moderators on crack isn't enough anymore, these moderators has suffered severe brain damage, repeatedly, and on purpose, probably by their mothers since quite a bit before they were born.
God damn it, that was the stupidest comment EVER!
Not that many will read this so far after the news release, but for myself, I'd be willing to filter incoming smtp based on host OS. OpenBSD 3.4 pf will do this.
Does everything include nothing?
"Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
But now they think we think they'll act in any other manner, so they'll attack 9.11 to fool us...
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
I for one welcome our new SoBig overlords...
Sorry, I should have defined the problem more clearly:
Problem is, the spammers are probably stupid enough to try their own product before shipping it. Darn it.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
It's not the addresses that are for sale. It's the network that does the mailing - a distributed spam-house, one that can not be shut down at the source.
Or, in slashdotterese: Imagine a Beowulf cluster of spam servers...
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
I was gone for an hour and had a ton of new spam in my inbox when I returned...and I found the most horrifying thing. You all remember the spam e-mails that were from a dude in Zimbabwe that had a couple mil for anyone interested? Well, I just got 2 pieces of spam that are from - err - his daughter. So the answer to all of our spam troubles is this: > rm -Rf /bin/Zimbabwe!
CNN has a similar article that I tried to submit to Slashdot. It got rejected(a copy is in my journal, if you have any idea why it was rejected, comment there) and two days later, they turn around and post this article. Perhaps the editors should post the reason for a rejection...
OH NOES!!! IT APPEARS YUO DO NOT HAVE ENOUGH MONEY TO PAY FOR DIS HERE PIZZA! WAHT EVER ARE YOU GOING TO DO!?!?
My understanding is it expires on September 10th. This probably doesn't mean anything though
"Or something like that. It's been awhile. God I miss her, though."
should be:
"Or something like that. It's been awhile. God I miss him, though."
The Kruger Dunning explains most post on
Calm down! He's suggesting it was written to fuck us all over, not him specifically. Or do you know more about this than the rest of us?
Pyramid schemes, child pornography and counterfeit prescription drugs are also illegal, whether promoted through spam or not, and my inbox is full of offers for those.
Think of all the things you could do with 1000s of slaves getting instructions from systems on the internet.
- DOS attacks on
.gov or .mil sites, as well as all the .coms.
- Blackmail or they get DOSed.
- Solve complex mathematical problems grid-like - maybe for cracking passwords or something.
Spam seems to be the mildest thing they can mention to the public - the possibilites for much worse things is there.(S+C) x (B+F)/T = V
Finally this is our chance to liken spammers to cyber-terrorists, and for a reason politicians know well enough to do something about it: "Now some of the spammers are even building a network of worm-ridden computers, possibly at the fingertips of a madman who is willing to do anything for money, and may only be waiting to turn them into Weapons of Mass Disruption, wreaking havoc to the Nation, the Internet, and e-mail as we know it..." (spooky, huh? ;-))
Outlaw spammers, put an end to spam. Sometimes it's as simple as that.
Just be "Mr. Concerned Citizen" for once and send the NYT article to your congresscritter now. Let them know what spammers have already done "to your kids" (omit the "to your p...s" part) "and to your computer".
Then the spammers behind it are definitely felons, Big Time.
Hopefully, all this damage could finally get the FBI to do something about those bastards.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Havn't you people heard of subliminal messages? 25th frame and all that stuff?
Of course I can speak only for myself, but when I saw this virus appear my first though was "ok, maybe I should enlarge it after all..."
I think it doesn't get any more obvious than that. I'm sure we'll see can.you.hear.me.now.F and got.milk.win32.F in the near future.
I passed the Turing test.
A virus as spam?
I hear something about spam almost every day (not counting the garbage in my in-box). Why don't we just stop all the spam by making it illegal? Does that sound naive?
If so, then someone please educate me. It seems to me that as soon as spamming becomes illegal, it's a simple matter of "follow the money" to catch and punish these guys. Why is this so hard to do?
I acutally met a spammer once. I was contacted by someone I had worked with years earlier in a now-failed dot-com. He had a "friend" who needed help with some programming. I needed work, called, and met him at his house. It was the guy who sent out all those "fix your credit" spams, right there in my own neighborhood! I complained to him that I was getting about 8 to 10 of those messages a day. He took me off the list right there, and I didn't get any more of that spam.
I also did NOT do any work for him, and gave him the very useful advice that the programming automation he wanted was simply impossible (it wasn't. I could have done in in an hour or two tops.) back to the point...
I chatted him up for info... He was sending out around 200,000 emails per day. Each day he would get about 20 checks in the mail at his PO box ($30 each) for his booklet. Actually it was a 4 page phamplet. Then he would mail the "booklet" back out to the customer using the same post office. Does anone out there have a PO box? You have to give the post office your real address to get one. A clue...
So, the email messages are untrackable because it's done through multitudes of temporary dial-up accounts (he had about 12 phone lines going 24 hours/day). The accounts get shut down after a while, but that doesn't even slow this guy down.
But each of those accounts requires a credit card or some billing method to open. That's clue no. 2.
If the spam message sends the user to a web page, that's clue no 3. (who hosts the web page and what account is it tied to?)
If the spam contains a phone no., address or ANY other means of contact, bingo again.
Lastly, where is the money being deposited? Have the FBI send the guy a check for $30 and see where it goes.
It shouldn't be so hard for real law enforcement types to catch these guys, and if they use a virulent method for spreading their message, that's an even bigger offence and prize for the feds.
International? Shouldn't be a problem. Child pronography is already against the law world wide, in every form. Can't we do the same for spammers?
My business can't survive without email. It's like trying to give up the telephone. Spammers cost me money by wasting time and productivity, not to mention bandwidth and lost messages due to having to filter the spam, or just losing them in the noise. (probably 7 of very 10 messages I get is spam. That's the problem of having an email address that is published and hasn't changed in 10 years. - a necessary situation for my business.)
The only difficulty I see is the definition of the word "spam". We don't need any new technology, just good laws and proper enforcement.
Isn't fax solicitation illegal due to incurred costs at the recieving end? Isn't excessive phone solicitation illegal- especially when you've asked to be removed from their lists? Why not spam?
So, what am I missing?
Oh, the spammer's house? I shared his address with a few people I "know". He doesn't live there anymore. And when was the last time you got a "fix your credit" email? These guys are only human you know. They do break under pressure.
Controlling e-mail better does not necessarily have to kill it: Firstly, you would have one protocol for server-to-server communications and another for client-to-server.
Since the server-to-server protocol would require registering with some kind of mail-server authority, you can use Kerberos, for instance, without requiring a third-party certificate vendor.
Your own ISP could manage their mail server in a similar manner, but even if the new protocol for mail clients required a cert, that cert could be issued by the mail server software itself. After all, you already have a relationship with your ISP and there is nothing more a third-party certification provider could do to verify your existence than your ISP does to insure they will get paid.
If these new protocols include spam-reporting tools built into clients and servers, it would be simple for an ISP's mail server software to identify potential spammers by the incoming complaints and alert the mail administrator who could examine the evidence and dump you if you are spamming. As long as they know who you are, third-party certification is unnecessary.
Incidentally, automated spam complaint tools would be the basis for a server-registering authority to enforce spam policies on registered servers. They wouldn't need to review every complaint, just mail originators that generate a certain critical mass of complaints. If you are legitimately managing an opt-in list ("sign up here for our newsletter"), any complainer would get removed automatically by your ISP's list software and the spam tools the registering authorities use could highlight repeat complaints or remove requests to uncover non-legitimate lists (without requiring list managers to register with anybody).
As far as server managers paying fees to be registered, I would oppose that and it's really unnecessary. All of this could be paid for and managed by bandwidth providers, for instance. After all, reducing spam is in their own best interest. Or legislated fines for abuse could fund it. There are a lot of ways to do this without requiring server fees. Yes, fees for registering servers would severely stymie a lot of legitimate uses of e-mail: e-mail serving should be free, even if it is more managed.
The problem of cutover could be managed by getting the updated clients out first and include the option to treat the two e-mail streams as entirely separate inboxes. Eventually users would be able to turn off non-secure e-mail reception at their server. Though standard SMTP should always be supported as a kind of semi-anonymous e-mail option. In fact, it could be turned into a deliberate anonymous e-mail service through regulated restriction of header attachment.
Governments, also interested in reducing spam, could offer grants to support development of new protocol updates for "orphaned" server software or mail server versions that are running on outdated OSes or hardware-limited machines or grants that allow small-volume or low-income server owners to upgrade cost-effectively.
There are other interesting things you could add while designing a new protocol. How about transparent client-to-server, server-to-server encryption? With accompanying legislation, you could build in a system that allows ISPs to comply with wire-tap warrants for specific individual mailboxes without giving authorities (or anybody with a packet-sniffer) the ability to read all the e-mail they want Carnivore-style. Ideally, the legislation would compel mail server vendors to include the ability to provide legitimate warranted e-mail monitoring while making illegal non-warranted "cooperation" by ISPs. Nothing about this would (or should) interfere with your right (or ability) to encrypt your private communications, it just means that if you do that, your e-mail would be encrypted twice.
Anyway, fixing an old insecure protocal does not have to increase anyone's costs for using e-mail and ultimately will greatly reduce the cost of e-mail.
-Robert
Why not? Self hosting and mail are already pretty much dead as user hosted services.
The combination of comcast, verizon, qwest, and other "last mile" providers replacing the ISP (and disallowing servers) and large ISPs (esp AOL) refusing to accept SMTP originated from the indie ISPs ip blocks that remain has pretty much killed off the mail server as it existed until 2001.
Might as well start budgeting for a cert of some variety right now if you plan to run a mail server in the future.
[Set Cain on fire and steal his lute.]
This is what the internet is made of, illegal schemes that seem to piss off some majority or another.
Think about it. So what, someone has willingly sent a worm around that will one day cause an explosion of spam. Do you really think anything is going to be done about it?
How long have P2P networks been around. I don't see anyone being trodded off to jail as a result. Kazaa is still up.. there are a few others that are still central server based, or at least run by an organisation with full liability.
Yet, with all the whining and screaming from the RIAA, nothing has been done.
You think some company is actually going to go to Jail as a result of this?
There would be no need to pay for a personal cert. You'd just get the cert when you request the email. When you sign up for slashdot, slashdot sends you its public key. When you give someone your email address, they give you their fingerprint. There's no need for a centralized system.
Yes, this would eliminate all unsolicited email. But I wouldn't consider that "destroying email completely."
Set your calendar to remind you that 4 November will mark 15 years to the day since the 1988 RTM worm. Lets hope that this (or a) virus/worm writer is not preparating for a "celebration".
You mean Keyser SoBig?
i'll probably get modded down for saying this, but i think these worms are good on the long run.
Why? If it is preparing a p2p spam grid, it helps pushing forward the ideia that we need to change the email system (new SMTP RFCs that ARE IMPLEMENTED instead of staying as just ideias, secure email (signed/user confirmed [sending the email back to the sender with a code asking for manual confirmation etc])
*AND*
shows that we need more secure servers/networks by either showing M$ admins that they REALLY need to keep patching up, or show them that they can migrate to a more trusted platform (and HELL NO I DON'T MEAN PALADIUM)...
just my 2 euros...
I for one, welcome our new hot grits... PROFIT!
Sobig.a and the Spam You Received Today,
Sobig.e - Evolution of the Worm,
and Sobig.f Examined
We simple don't know whether our government, or more specifically our intelligence and military agencies, do such things. In fact, we have no way whatsoever of knowing.
We have great reason to believe that these agencies have in the past done many many things which we have never heard about, and which we probably will never hear about until the government is turned back over to the people.
This is absolutely disgusting, revolting, and yet it is true.
We are the play-things of a few powerful elite. Look even at the past 50 years of classified (and largely "blacked out") documents if you do not believe me. Look at those few we do know about, and consider how many more there are that have been destroyed or remain in a locked cellar somewhere.
Our government has done many many truly dispicable things to us and to this world. It makes me sick. I makes me want to break down and cry.
.sig Realistic fines for copyright in
...I am reminded of The Big Hit . Specifically, there was a device known as a 'Trace-Buster', and another - by the same company - called 'Trace-Buster Buster'. Hmmm...
- White Knight of the Order of Mihoshi Enthusiasts
Easiest arrest / lawsuit ever. The first piece of spam sent over the network, just click on where it's going and see whats for sale. Contact said company and follow the money - the trial will always end at the spammer. Gotcha. Now sue the living daylights out of them, not to mention arresting them for the millions of dollars caused in damages all over the world caused by the virii.
more irony...
Keep in mind that writing and releasing a virus/worm/trojan requires a bit of skill and time and has the nasty side-effect of carrying significant jail time. Spammers don't have skill (or they'd be engineers), spammers don't have time (they have to work around filters all the time) and several years of jail time might not be too appealing to spammers either. Piggybacking on SoBig's backdoor for the purpose of spamming is guaranteed to have some nice FBI folks knocking on your door, confiscating all your equipment and looking for evidence of virus creation. Just a matter of time until you're read your rights from there on.
I know people make a lot out of the fact that SoBig carries its own SMTP client engine. So what though? That feature enables SoBig to also use non-Outlook machines as staging areas. Simple.
Use Occam's Razor and some common sense and see SoBig as what it is: a plain old worm somebody wrote to show off to his friends that has nothing to do with spam. Somebody as skilled as the worm writer probably hates spam as much as the rest of us. Not that I'm justifying SoBig in any way, I just removed 570 copies of SoBig.F from my inbox. :-(
The worm needs to have *some* method of receiving the SPAM it is to forward. That could be a port, or even via normal email...
The SoBig worm does not need to provide a SMTP server (and would be stupid to do so as freeloaders would start using it).
How it forwards the SPAM email is another issue...
Am I the only one who thinks that iteration after iteration of virus to fine tune the mechanics has its next and possibly most significant launch date on September 11?
Maybe it's just that paranoia again...
Subscribe for free to my show!
You know the one. Big house, room full of computers, says if he can't do it one way, he's working on another way to carry out his nefarious plans.
Spammer have no shame, as evidenced by all of the pinile enlargement adds. Nor any dignity, since they have no problem with filling up little kids email with tons of porno.
By building a network of P2P machines infected with a spamming worm, this peice of trash will create an even more hazardous environment.
Time to build better mail servers, with full authentication. Time to catch a spammer and go happy with a glue gun too...
Fast machines, powerfull AI, impulsive invention,... All I lack is a good espresso machine!
plural of virus, 'tard.
I think those experts read my post on /. the other day and are finally catching on.
Saskboy's blog is good. 9 out of 10 dentists agree.
"You can liken this guy to Lex Luthor and we're all supermen," said Russ Cooper, a security expert at Trusecure in Herndon, Va. "Luckily we've been able to get the kryptonite from around our necks each time so far."
At least we can be glad that these guys spend all their intellectual energy on security instead of wasting a synapse on coming up analogies that make sense :)
Well, not really. But if a SoBig distributed network of worm nodes acting as SMTP servers gets up and running, it could bring email client Inboxes to their knees (couldn't it?)
Time to upgrade those mail servers and mail clients. Let's use only the more advanced versions of SMTP that have lots of security/accountability features added.
Furry cows moo and decompress.
1. A spam virus could work if the customer doesn't know about the mechanism a spammer is using to distribute their advertsing (easy), and if there is no way of associating a virus to being a vehicle to deliver spam (much more difficult, but perhaps not impossible). The secret would be to try and keep as much of the mechanism hidden from public view - this would mean a stealth virus/worm rather than the door-smashing varieties we've seen of late. This would require talent, subtlety and intelligence by the programmers.
2. A P2P file-sharing virus/worm. It's getting risky to distribute P2P files, why not use hosts that don't know or care. Separate the clients from the servers, and create an autonomous server network that takes over computers as needed using a virus or worm. If enough systems were compromised, it may be possible to hide some of the traffic flow. Imagine if the servers moved files around every few hours, even if the servers themselves flicked on and off occasionally. How the hell would rights holders go about shutting that network down?
Now moderators: this (where i am replying to)is a troll.
you can tell it by:
-The CAPS.
-"death of feasibilti" without explaing why it is so.
-Conclusion without reasoning why that conclusion was reached.
-AC
-Solely written to get flames back of people trying to explain it to him/her
by the way: this is no troll, this is just offtopic. So if the post i am replying to is at -1 you mod this as -1 offtopic.
Mmmmm, I guess we should start writing Curious Blue, then, and have it ready to fight the Kazaa nodes... :-)
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Comment removed based on user account deletion
Loading arbItrary code from somewhere is a great way to leave flexibility in the system and also demonstrate destructive capability without actually having to resort to it. What does that have to do with spam?
The worm does definItely not create open relays - it can be used to create them through the backdoor it presents. The same backdoor can be used to run seti (hmm, there's a thought), delete files or any other annoying activity.
Yes, the payload download feature could be used for anything, including spam, but I find that hardly likely that a spammer is behind this for the reasons listed in the grandparent.
Occam's Razor is telling me that this article and the ones referenced by it are most likely unintentional FUD written by people that benefit from it (symantec et al sell anti-virus protection, while journalists sell papers, magazines or page impressions). While I wouldn't put it past Symantec and peers to intentionally spread FUD, I don't see journalists doing anything other than repeating what Symantec is publicising. Don't ascribe to malice what you can explain with incompetence. :-)
Occam's Razor also indicates that you'll have better chances in life if you brush up on your spelling. :-)
Comment removed based on user account deletion
The original article from the NYTimes is more complete. You can read it here