Slashdot Mirror
P2P Spam?
Sgt York writes "In a NYT article (republished in the Houston Chronicle, no subscription required) experts at CERT, F-secure, Trusecure, and the Hall of Justice (see article) think that SoBig.F is a spam scheme in the making. They say that SoBig.F is the 6th variant in an ongoing experiment with the possible goal of setting up a distributed spam network, to be rented out to the highest bidder. If that is their goal, they are well on their way. Another disturbing note in the article is that "In the case of four of the six programs, a new version was launched immediately after the self-timed expiration date of the preceding one". SoBig.F expires in two weeks. "
I think the superheroes involved in the SOBIG fight miss the entire point.
The authors are probably testing the feasibility of sending out a virus (which
given the number of copies I receive) will happily be opened by people and
then simultaneously sending out spam messages to the same group of people.
There's no need for the SOBIG authors to control the machines after SOBIG has
been executed. They just need to include the spam message in the virus
itself.
That would make it truly P2P spam. Unsuspecting user X who opens SOBIG would
transmit the mechansim for sending more spam and his portion of the spam
deluge. Of course there could be a downside to all this, once the blacklist
people start cutting off EVERY ISP in the world because of spam messages SOBIG
would defeat itself because no one would be getting mail.
John.
So someones business plan is to admit to writing/distributing the worm and then rent out the affected boxes?
I must be missing something because it seems to me that such a business would be immediately sues into oblivion.
They who would give up an essential liberty for temporary security, deserve neither liberty nor security
OK, so some company decides to buy. Wouldn't they now be liable for unauthorized use of the computers. Why would a company take the risk? I think this is a red herring, and that it's just another way for worm/virus writers to justify themselves to the world (and themselves).
Couldn't we then find out who wrote the virus just by interrogating the companies who benefit from the advertising?
Is this truly the only Earth I can live on?
"Now, liken me to Sinestro and you're the Green Lantern..." *shiver*
"Understand you're having a little Jimmy Page trouble."
Its not the spammers!
It's probably someone out to eventually make every computer a 'trusted computer'
The last thing spammers want to do is lose their ability to spam. If this virus is really intended to help spammers, then it will be in short order that we will al be oredered to use a trusted computer platform( cough* microsoft*cough) and that will be pretty be the end to any sort of freedomes that the net enjoyed in its early and its glory years.
Would like to hear some discussion thanks!
Sigs are dangerous coy things
Back when I used ICQ, I used to like getting spammed:
HotSxzzGrl says: Can we talk?
Or something like that. It's been awhile. God I miss her, though.
My sig sucks.
I don't think many businesses would want to be associated with a virus spam scheme. Even if most people wouldn't know it came from spam, the truth would come out eventually, and that company would be investigated, and then whoever wrote the virus would be found (and jailed). This would be a horrible plan for any business.
So I'm not sure I buy that explanation.
if(!cool) exit(-1);
... that Sobig.F expires on September 10th, and the next one will probably come out on September 11th.
libertarianswag.com
I would have assumed that this was a six degrees attack on sensitive structures, given the back doors. Flood the network with viruses, and some moron will eventually lead you to the computer you've been actually targetting.
meh
I have been noticing a lot of my hosting customers are being restricted to using only their ISPs SMTP server to send e-mail. They will not be able to connect to their colocated/hosted e-mail servers to send e-mail. I believe this is to prevent SOBIG and other types of works from sending out e-mail, but this is making my job quiet hard. I have to configure webmail for all these customers who would rather use Outlook.
Spam is becoming such a huge business that they need to resort to crime to grow. The stretches of Spam have become so extensive and intrusive that they can't even legally think of anything else. My suggestion, like millions of annoyed consumers, would be to just stop spamming. It is a waste of resources both for the spammer and the spamm-e (what the hell, that doesn't look like a word). Furthermore, all the evidence I can gather suggests that it is entirely ineffective.
So why resort to a series of virusus that rip through international networks? Then again, why climb Mt. Everest? Because it was there.
(Note: Obviously the reaches of SoBig and spam in general reach well outside the United States and in all likelyhood, originated elsewhere. Don't think that I am som egocentric American who thinks that the U.S.A. is the only place on Earth. I was just using it as a frame of reference because it is what I am most familiar with.)
The New Root Council, kickin' ass sinc
execution is pisspoor. reference the previous article about viruses/worms being good for us. massive attacks like melissa/iloveyou/sobig/whatever the latest one is gives us another chance to educate our users and friend about not doing things like opening PIFs and EXEs, even from people you know. plus it gets the vulnerability plugged (theoretically anyway).
creating a network THIS way is counterproductive.
turn up the jukebox and tell me a lie
If the entire internet were absolutely smashed with spam, at leats one good thing might emerge - the will to actually combat it realistically!
With all the techno-dweebs on this site and all the fasntastic opinions about whitelists and blacklists and graylists and modifying SMTP and replacing SMTP and handshakes and authentication and a million other solutions, perhaps someone, somewhere, will finally being to make a dent in actually dealing with the spam problem.
This protocol allows anonymous delivery of data within your networks. I predict death of feasibility within 1-2 years. No amount of legislation or threat of legal action can stop the flow from a vast supply of potential "dumb" drones.
Welcome to the Internet, 2003.
Next up, authenticated delivery, whitelisting, and the death of the mail server as we know it.
Nah, just what I needed. After spending days patching all those Windows PCs from my friends, family and even coworkers I feel kind of tired. I love to come home to my Slackware-Box where everything is just the way I left it and wonder why, oh why, they won't listen to my words? I mean, I told them I would hold their hands while switching. I can't see how someone with a modem connection can honestly stick with something that makes himt download hundreds of MB from http.windowsupdate.com (sorry, i meant http://windowsupdate.microsoft.com, say it one more time and I will scream! ;-).
Can't wait til they fire up their distributed Spam-Network, that will show them. Wonder who will be left to hold their hands? Muahaha!!
Sorry for beeing offtopic but I had to say it.
Cu,
Lispy
Spam merchants and virus/worm writers are collaborating and will collaborate, and build networks that make spam filters entirely useless.
Of course Sobig is about spam. Why else does some mysterious but well-financed entity want to control half the desktops of the world?
How about this spam technique, which I predict will occur in 6-9 months' time:
Tampering with real emails, inserting the spam message mixed with the real email.
Does that scare anyone? It makes a mockery of current technology for fighting spam.
Ceci n'est pas une signature
here is the actual article
That's when encryption will be publically adopted.
Maybe its just that the virus writer is actually starting to follow the kinds of ideas that geeks often toss out. "Oh yeah, if I was making a virus I'd have it..."
.doc files, or something similarly nasty. And he'll only share the key if we put deposit money in a Swiss bank account! ... hey, that's not a bad idea.
Granted, it still exploits the most obvious problem in computing: the people who use Outlook in its "Automatically Run Attachments" mode, but it would be foolish to ignore the largest and most potentially devastating venue.
Once the guy figures out exactly the heuristic to hit the most targets in the shortest amount of time, he can put a real payload in it, like a file encrypter for
skye
I suspect that the 20 hardcoded download sites in the current variant are a proof-of-concept, not a future strategy. Every time a virus is exposed that tries to download from some fixed location, I've wondered why virus writers would even try such a thing, when it's obvious that white hats will reverse-engineer their code?
What if the next version uses something more flexible... like a Google search on some particular string? Spend a few months sprinkling links to the download on servers around the world, with pages containing some unique string (call it "foo123"). When the next virus activates, it does a Google search for "foo123", and downloads its replacement. As fast as hosts are removed, more can be created and indexed.
For even better effect, use a moderately common word or phrase that Google couldn't remove from its index without causing big problems.
On the non-technical side... I was struck by the post in a previous SoBig discussion that noted that this variant expires on 9/10, and if the F-Secure expert is right, that's not a good sign:
"I think the motivation is clear. It's money," said Mikko Hypponen, director of anti-virus research at F-Secure, an antivirus firm based in Finland that is decoding the illicit program. "Behind Sobig we have a group of hackers who have a budget and money."
If there's a budget and money, then there's organization, and I'm concerned about the organizations that might see 9/11 as a good day to launch a distributed attack.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Wonderful, I have gotten 5237 of these things and counting as I type this. If the next one is any better than this version I can expect to see greater volumes of this crap and that is not really a pleasing thought for a Mac user. Yeah, this time we are suffering too.
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
What if the goal (or effect, either way) was to get things to the point where nearly everything was blacklisted for spam? The virus wouldn't have to send real spam, just fake spam in a way that would cause the person's ISP to be put on the blacklists. Once that happened, people would shut off the spam blocking software, and spam would reign supreme.
It is now official - Netcraft has confirmed: SMTP is dying
Yet another crippling bombshell hit the beleaguered SMTP community when recently IDC confirmed that SMTP accounts for less than a fraction of 1 percent of all servers. Coming on the heels of the latest Netcraft survey which plainly states that SMTP has lost more market share, this news serves to reinforce what we've known all along. SMTP is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] [samag.com] in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin [amazingkreskin.com] [amazingkreskin.com] to predict SMTP's future. The hand writing is on the wall: SMTP faces a bleak future. In fact there won't be any future at all for SMTP because SMTP is dying. Things are looking very bad for SMTP. As many of us are already aware, SMTP continues to lose market share. Red ink flows like a river of blood. SMTP is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time SMTP developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: SMTP is dying.
Let's keep to the facts and look at the numbers.
SMTP leader Theo states that there are 7000 users of SMTP. How many users of SMTP are there? Let's see. The number of SMTP versus SMTP posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 SMTP users. SMTP/OS posts on Usenet are about half of the volume of SMTP posts. Therefore there are about 700 users of SMTP/OS. A recent article put FreeBSD at about 80 percent of the SMTP market. Therefore there are (7000+1400+700)*4 = 36400 SMTP users. This is consistent with the number of SMTP Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, SMTP went out of business and was taken over by SMTPI who sell another troubled OS. Now SMTPI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that SMTP has steadily declined in market share. SMTP is very sick and its long term survival prospects are very dim. If SMTP is to survive at all it will be among OS hobbyist dabblers. SMTP continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, SMTP is dead.
Fact: SMTP is dead
They could be hunting spam relays. They could be looking to anonymously bounce kiddy porn. They could be looking for thousands of boxes to keep their warez .torrent files alive and kicking.
Hey, I just thought of that. That'd rock, be much easier and more effective than hunting for pubs. You even have one of your drones host the tracker in the first place.
Anyways, who cares. Patch your machines and shut up. We're seeing as many sobig stories as we are SCO, and it really isnt that big of a deal.
I don't need no instructions to know how to rock!!!!
I'd rather not be a doomsayer, but seriously: If all the spam and viruses continue, people will get so sick of it that they'll take serious action. Since the anti-spam laws are both ineffective and draconian, and very few spammers have been successfully shut down, and worms, trojans, and viruses run rampant despite the availability of patches and better OSes: Everyone will be using a strict whitelist, ISPs will remove the ability to send and receive attachments, and HTML email will be disabled because of the scripting risk. The spammers and malware writers will have forced us to cripple our own communications. Just my 2c.
End wild prognostications.
I dont know about you but ever since SOBIG has come into picture, my mail box has been full of antivirus alerts from companies whosupposedly got infected mails from my mail ID. Looking at the smtp headers of the infected messages attached in the response, I can see that the mails were never sent from my computer or from any person I know (I dont know any one in Russia for once), but still somehow someone got my address and used it to spread the virus. Which makes me believe that somehow someone who knows me got infected by the virus and the whole address hook was sent to someone somehow.
What's under yellowstone?
Spammers are making money hand over fist selling placebos, which means that there is an incredible amount of stupid people that currently populate the internet. If you really want to stop spam, kill the stupids.
You've just hit on the solution! All we have to do is convince the spammers to replace their sugar pill V1a6ara with a slightly more reactive compound. Something like this, perhaps?
Problem is, the spammers are probably stupid enough to try their own product. Darn it.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Don't touch the keyboard.
It's all fun and games until someone loses the key to the handcuffs.
Stream : SoBIG.main : /. poll)
Revision : 6.0
Code to be released : Pending Approval
Target Release Date : Sept 9, 2003
Proposed fixes
1. Enhance subject line generator.
(Incorporate statistics from
2. Enhance performance.
3. Incorporate "increase penis length" email.
4. Fix critical product change requests
5. Add string confirming soBIG refers to
average penis size of development team.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Well, I don't know about p2p spam this way, but I do know the RIAA spams me on Kazaa...
Half (okay, exaggaration) the songs I download are clips for their anti-piracy campaign, which I could careless about. I equate this to spam for penis-enlargement pills. I don't need either of them.
Sobig always makes me think of the film Independence Day. You know how the aliens positioned their ships at strategic points around the globe and then waited for the countdown to strike simultaneously?
It makes Sobig seem more 'sinister' when I think of it in these terms. Sure it's annoying, sure it's a drain on time and resources, but what's going to happen when all the ships are in position and the countdown hits zero?
5, 4, 3...
Seems to me that the companies protocols are all out of wack, there should be certain steps a person has to go through to determine if the attachment is valid. Use special Extentions, or name the files in a particular way that is unique to your company so that you know what files are valid, and what aren't.
What is slashdot?
Yeah, right. You do know that more jails and more jail time doesn't lead to less crime?
I dont know if that's the point, jail should be punishment for breaking the rules, and not worry about being a deterrent.
Save a Life. Donate Blood. Please.
This sounds like a win-win situation, better get started.
mats
One man's ceiling is another man's floor.
Sobig scans the address book, cached webpages, text files on the harddrive, etc., for email addresses. Has it occurred to anyone that the rapid reproduction and spreading may just be a side effect of a spammer trying to gather the largest email list on earth? Imagine what they could do with a list that size? Even people who are careful with their personal email addresses could lose them to the spammer by their parents getting infected.
... and it's NEARLY untraceable back to you.**
.scr and .pif extensions and curled in a fetal position under my deskand took a nap.
Now, add this on top of how the sobig already spoofs emails and you get other people doing your spam for you
-Ab
** I know they can be traced, at least to the last computer, but getting back to the source is tough cause people tend to delete the original virrused email. I know I traced several attacks and helped notify the host companies/universities and got them cleaned up, but after my 7th track, I got fed up and gave up, adjusted my MTA to block all mails with the
Nothing fails quite like prayer.
Spoil my superfriends memories for ever and ever, you insensitive clod.
But nobody can cheapen what Wonder-woman and I had together... mmmmm... that golden lasso...
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Politically-motivated makes more sense. The current version expires on September 10, so a reasonable assumption is that the big attack comes on September 11.
. . . and let Homeland Security take care of them.
I mean, dang, wouldn't it satisfying to think of the wankers behind this stuck in a cell down in Guantanamo?
And just think: The hour of exercise they'd get each day would probably more than they're getting now!
IMHO, the only way for SMTP to be replaced by something secure & authenticated (a la whitelists) is if the current system goes belly up in the most insane, painful and costly way imaginable. I wish it wasn't so, but reasoning, debate and research have proven useless to convince the powers that be that something needs to be done. MASSIVE, huge spamming, unstoppable is a way that will costs billions without doing any physical harm. If that doesnt trigger change, nothing will.
When will I end this grieving ? When will my future begin ?
If this theory were true, then the "test" virii would be much more benign. Since they have been quite noticable, people have been compelled to take steps to close the holes. I would suspect that the next variant will be much less of a nuisance than its predecessors simply because the target market has been substantially reduced.
No, if I was looking for a fun conspiracy theory, I would enjoy suspecting that Microsoft has decided that this is a good time have all their customers tighten up their security.
It's logical for spamware writers to turn to viruses, but not necessarily to propagate spam, but as a way to cull addresses and acceptable headers for spams to those addresses. This will enable them to penetrate whitelists, and even Bayesian filters which use headers as fodder for analysis.
My personal email address, which I reveal to almost no one, has now been spread across the world because it was in the address book of someone who opened SoBig.
It's 2003...
SpamGrid
Intelligent Life on Earth
Think of all the things you could do with 1000s of slaves getting instructions from systems on the internet.
- DOS attacks on
.gov or .mil sites, as well as all the .coms.
- Blackmail or they get DOSed.
- Solve complex mathematical problems grid-like - maybe for cracking passwords or something.
Spam seems to be the mildest thing they can mention to the public - the possibilites for much worse things is there.(S+C) x (B+F)/T = V
Suppose the network is what they're planning to use, instead of selling the email addresses. If I get a penis/breast enlargement pill ad from my co-worker in the next cube over (you know - the person who likes to play with their Bonzai Buddy and watch their comet cursors) it would seem safe to assume that it was spam sent through the worm network. In order for that piece of spam to generate any profit for the spammer, the message needs to have a link to a website with a payment system plus a mailing address, i.e. the ability to charge a credit card and then send me my magic pills. This generates a traceability link to the spammer who paid for this service - if the cops look up who is generating the credit card charge and what account the money is going to, you've identified the spammer. Then, if the cops cross-check the bank account of several such spammers, a very short list would be generated of locations that each spammer on the worm network had paid money to. This short list would have to include the person who controls the worm - book 'em Danno. Because of this, I'd guess that the system isn't designed to deliver spam from a bunch of infected zombie machines. I don't know what the worm is supposed to do, but a spam-delivery system seems to be bustable in short order.
Keep in mind that writing and releasing a virus/worm/trojan requires a bit of skill and time and has the nasty side-effect of carrying significant jail time. Spammers don't have skill (or they'd be engineers), spammers don't have time (they have to work around filters all the time) and several years of jail time might not be too appealing to spammers either. Piggybacking on SoBig's backdoor for the purpose of spamming is guaranteed to have some nice FBI folks knocking on your door, confiscating all your equipment and looking for evidence of virus creation. Just a matter of time until you're read your rights from there on.
I know people make a lot out of the fact that SoBig carries its own SMTP client engine. So what though? That feature enables SoBig to also use non-Outlook machines as staging areas. Simple.
Use Occam's Razor and some common sense and see SoBig as what it is: a plain old worm somebody wrote to show off to his friends that has nothing to do with spam. Somebody as skilled as the worm writer probably hates spam as much as the rest of us. Not that I'm justifying SoBig in any way, I just removed 570 copies of SoBig.F from my inbox. :-(