Slashdot Mirror
P2P Spam?
Sgt York writes "In a NYT article (republished in the Houston Chronicle, no subscription required) experts at CERT, F-secure, Trusecure, and the Hall of Justice (see article) think that SoBig.F is a spam scheme in the making. They say that SoBig.F is the 6th variant in an ongoing experiment with the possible goal of setting up a distributed spam network, to be rented out to the highest bidder. If that is their goal, they are well on their way. Another disturbing note in the article is that "In the case of four of the six programs, a new version was launched immediately after the self-timed expiration date of the preceding one". SoBig.F expires in two weeks. "
here is the actual article
If you get spam that appears to be willingly sent from China, report it to the Ministry of Commerce. Hopefully if enough reports are received the Chinese Government will do something about the problem. I don't know what the equivalent organizations in Russia and the Baltic States are, I'd expect more action from the Baltic States, but given enough pressure Russia might be swayed too.
A better solution to port 25 blocking:
http://www.ietf.org/rfc/rfc2476.txt
(Summary - have your SMTP listen on port 587 as well, which this RFC specifically designates as a port for end-users submitting messages to for delivery)
But be DAMN sure that your port 587 requires SMTP AUTH before it allows anyone to relay thru you.
This virus has it's own built in SMTP engine. I believe the thought is that it's going to be used as a worldwide network of open relays rather than collecting the e-mail addresses from the infected machines.
Although hey, free e-mail addresses.
I suspect that the 20 hardcoded download sites in the current variant are a proof-of-concept, not a future strategy.
This weren't download sites, just name servers (so to speak). And it's not clear if there were only 20 of them.
The only patch for this is hitting the stupid users upside the head with a clue by four for running the virus. SoBig.F is a virus, not the MS Blaster worm you are thinking of. I'm sure there are a number of unpatched versions of outlook that automatically ran the virus, but I would be willing to bet the majority were the same old stupid users that have been resonsible for running every other big virus we've seen.
- In the comic strip her main weakness is that if a man ties her up, he can make her do anything.
- Some of the early comics had her tied up and being spanked.
- The creator had two wives, one of which always wore metal bracelets.
Saw it on the History channel of all places.Show me on the doll where his noodly appendage touched you.
Suppose the network is what they're planning to use, instead of selling the email addresses. If I get a penis/breast enlargement pill ad from my co-worker in the next cube over (you know - the person who likes to play with their Bonzai Buddy and watch their comet cursors) it would seem safe to assume that it was spam sent through the worm network. In order for that piece of spam to generate any profit for the spammer, the message needs to have a link to a website with a payment system plus a mailing address, i.e. the ability to charge a credit card and then send me my magic pills. This generates a traceability link to the spammer who paid for this service - if the cops look up who is generating the credit card charge and what account the money is going to, you've identified the spammer. Then, if the cops cross-check the bank account of several such spammers, a very short list would be generated of locations that each spammer on the worm network had paid money to. This short list would have to include the person who controls the worm - book 'em Danno. Because of this, I'd guess that the system isn't designed to deliver spam from a bunch of infected zombie machines. I don't know what the worm is supposed to do, but a spam-delivery system seems to be bustable in short order.