Slashdot Mirror
P2P Spam?
Sgt York writes "In a NYT article (republished in the Houston Chronicle, no subscription required) experts at CERT, F-secure, Trusecure, and the Hall of Justice (see article) think that SoBig.F is a spam scheme in the making. They say that SoBig.F is the 6th variant in an ongoing experiment with the possible goal of setting up a distributed spam network, to be rented out to the highest bidder. If that is their goal, they are well on their way. Another disturbing note in the article is that "In the case of four of the six programs, a new version was launched immediately after the self-timed expiration date of the preceding one". SoBig.F expires in two weeks. "
I think the superheroes involved in the SOBIG fight miss the entire point.
The authors are probably testing the feasibility of sending out a virus (which
given the number of copies I receive) will happily be opened by people and
then simultaneously sending out spam messages to the same group of people.
There's no need for the SOBIG authors to control the machines after SOBIG has
been executed. They just need to include the spam message in the virus
itself.
That would make it truly P2P spam. Unsuspecting user X who opens SOBIG would
transmit the mechansim for sending more spam and his portion of the spam
deluge. Of course there could be a downside to all this, once the blacklist
people start cutting off EVERY ISP in the world because of spam messages SOBIG
would defeat itself because no one would be getting mail.
John.
So someones business plan is to admit to writing/distributing the worm and then rent out the affected boxes?
I must be missing something because it seems to me that such a business would be immediately sues into oblivion.
They who would give up an essential liberty for temporary security, deserve neither liberty nor security
OK, so some company decides to buy. Wouldn't they now be liable for unauthorized use of the computers. Why would a company take the risk? I think this is a red herring, and that it's just another way for worm/virus writers to justify themselves to the world (and themselves).
"Now, liken me to Sinestro and you're the Green Lantern..." *shiver*
"Understand you're having a little Jimmy Page trouble."
Back when I used ICQ, I used to like getting spammed:
HotSxzzGrl says: Can we talk?
Or something like that. It's been awhile. God I miss her, though.
My sig sucks.
I don't think many businesses would want to be associated with a virus spam scheme. Even if most people wouldn't know it came from spam, the truth would come out eventually, and that company would be investigated, and then whoever wrote the virus would be found (and jailed). This would be a horrible plan for any business.
So I'm not sure I buy that explanation.
if(!cool) exit(-1);
... that Sobig.F expires on September 10th, and the next one will probably come out on September 11th.
libertarianswag.com
I would have assumed that this was a six degrees attack on sensitive structures, given the back doors. Flood the network with viruses, and some moron will eventually lead you to the computer you've been actually targetting.
meh
I have been noticing a lot of my hosting customers are being restricted to using only their ISPs SMTP server to send e-mail. They will not be able to connect to their colocated/hosted e-mail servers to send e-mail. I believe this is to prevent SOBIG and other types of works from sending out e-mail, but this is making my job quiet hard. I have to configure webmail for all these customers who would rather use Outlook.
Spam is becoming such a huge business that they need to resort to crime to grow. The stretches of Spam have become so extensive and intrusive that they can't even legally think of anything else. My suggestion, like millions of annoyed consumers, would be to just stop spamming. It is a waste of resources both for the spammer and the spamm-e (what the hell, that doesn't look like a word). Furthermore, all the evidence I can gather suggests that it is entirely ineffective.
So why resort to a series of virusus that rip through international networks? Then again, why climb Mt. Everest? Because it was there.
(Note: Obviously the reaches of SoBig and spam in general reach well outside the United States and in all likelyhood, originated elsewhere. Don't think that I am som egocentric American who thinks that the U.S.A. is the only place on Earth. I was just using it as a frame of reference because it is what I am most familiar with.)
The New Root Council, kickin' ass sinc
If the entire internet were absolutely smashed with spam, at leats one good thing might emerge - the will to actually combat it realistically!
With all the techno-dweebs on this site and all the fasntastic opinions about whitelists and blacklists and graylists and modifying SMTP and replacing SMTP and handshakes and authentication and a million other solutions, perhaps someone, somewhere, will finally being to make a dent in actually dealing with the spam problem.
This protocol allows anonymous delivery of data within your networks. I predict death of feasibility within 1-2 years. No amount of legislation or threat of legal action can stop the flow from a vast supply of potential "dumb" drones.
Welcome to the Internet, 2003.
Next up, authenticated delivery, whitelisting, and the death of the mail server as we know it.
Spam merchants and virus/worm writers are collaborating and will collaborate, and build networks that make spam filters entirely useless.
Of course Sobig is about spam. Why else does some mysterious but well-financed entity want to control half the desktops of the world?
How about this spam technique, which I predict will occur in 6-9 months' time:
Tampering with real emails, inserting the spam message mixed with the real email.
Does that scare anyone? It makes a mockery of current technology for fighting spam.
Ceci n'est pas une signature
Maybe its just that the virus writer is actually starting to follow the kinds of ideas that geeks often toss out. "Oh yeah, if I was making a virus I'd have it..."
.doc files, or something similarly nasty. And he'll only share the key if we put deposit money in a Swiss bank account! ... hey, that's not a bad idea.
Granted, it still exploits the most obvious problem in computing: the people who use Outlook in its "Automatically Run Attachments" mode, but it would be foolish to ignore the largest and most potentially devastating venue.
Once the guy figures out exactly the heuristic to hit the most targets in the shortest amount of time, he can put a real payload in it, like a file encrypter for
skye
I suspect that the 20 hardcoded download sites in the current variant are a proof-of-concept, not a future strategy. Every time a virus is exposed that tries to download from some fixed location, I've wondered why virus writers would even try such a thing, when it's obvious that white hats will reverse-engineer their code?
What if the next version uses something more flexible... like a Google search on some particular string? Spend a few months sprinkling links to the download on servers around the world, with pages containing some unique string (call it "foo123"). When the next virus activates, it does a Google search for "foo123", and downloads its replacement. As fast as hosts are removed, more can be created and indexed.
For even better effect, use a moderately common word or phrase that Google couldn't remove from its index without causing big problems.
On the non-technical side... I was struck by the post in a previous SoBig discussion that noted that this variant expires on 9/10, and if the F-Secure expert is right, that's not a good sign:
"I think the motivation is clear. It's money," said Mikko Hypponen, director of anti-virus research at F-Secure, an antivirus firm based in Finland that is decoding the illicit program. "Behind Sobig we have a group of hackers who have a budget and money."
If there's a budget and money, then there's organization, and I'm concerned about the organizations that might see 9/11 as a good day to launch a distributed attack.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
What if the goal (or effect, either way) was to get things to the point where nearly everything was blacklisted for spam? The virus wouldn't have to send real spam, just fake spam in a way that would cause the person's ISP to be put on the blacklists. Once that happened, people would shut off the spam blocking software, and spam would reign supreme.
It is now official - Netcraft has confirmed: SMTP is dying
Yet another crippling bombshell hit the beleaguered SMTP community when recently IDC confirmed that SMTP accounts for less than a fraction of 1 percent of all servers. Coming on the heels of the latest Netcraft survey which plainly states that SMTP has lost more market share, this news serves to reinforce what we've known all along. SMTP is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] [samag.com] in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin [amazingkreskin.com] [amazingkreskin.com] to predict SMTP's future. The hand writing is on the wall: SMTP faces a bleak future. In fact there won't be any future at all for SMTP because SMTP is dying. Things are looking very bad for SMTP. As many of us are already aware, SMTP continues to lose market share. Red ink flows like a river of blood. SMTP is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time SMTP developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: SMTP is dying.
Let's keep to the facts and look at the numbers.
SMTP leader Theo states that there are 7000 users of SMTP. How many users of SMTP are there? Let's see. The number of SMTP versus SMTP posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 SMTP users. SMTP/OS posts on Usenet are about half of the volume of SMTP posts. Therefore there are about 700 users of SMTP/OS. A recent article put FreeBSD at about 80 percent of the SMTP market. Therefore there are (7000+1400+700)*4 = 36400 SMTP users. This is consistent with the number of SMTP Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, SMTP went out of business and was taken over by SMTPI who sell another troubled OS. Now SMTPI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that SMTP has steadily declined in market share. SMTP is very sick and its long term survival prospects are very dim. If SMTP is to survive at all it will be among OS hobbyist dabblers. SMTP continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, SMTP is dead.
Fact: SMTP is dead
They could be hunting spam relays. They could be looking to anonymously bounce kiddy porn. They could be looking for thousands of boxes to keep their warez .torrent files alive and kicking.
Hey, I just thought of that. That'd rock, be much easier and more effective than hunting for pubs. You even have one of your drones host the tracker in the first place.
Anyways, who cares. Patch your machines and shut up. We're seeing as many sobig stories as we are SCO, and it really isnt that big of a deal.
I don't need no instructions to know how to rock!!!!
I dont know about you but ever since SOBIG has come into picture, my mail box has been full of antivirus alerts from companies whosupposedly got infected mails from my mail ID. Looking at the smtp headers of the infected messages attached in the response, I can see that the mails were never sent from my computer or from any person I know (I dont know any one in Russia for once), but still somehow someone got my address and used it to spread the virus. Which makes me believe that somehow someone who knows me got infected by the virus and the whole address hook was sent to someone somehow.
What's under yellowstone?
Not necessarily encryption, but more likely signing.
Spammers are making money hand over fist selling placebos, which means that there is an incredible amount of stupid people that currently populate the internet. If you really want to stop spam, kill the stupids.
You've just hit on the solution! All we have to do is convince the spammers to replace their sugar pill V1a6ara with a slightly more reactive compound. Something like this, perhaps?
Problem is, the spammers are probably stupid enough to try their own product. Darn it.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Don't touch the keyboard.
It's all fun and games until someone loses the key to the handcuffs.
Stream : SoBIG.main : /. poll)
Revision : 6.0
Code to be released : Pending Approval
Target Release Date : Sept 9, 2003
Proposed fixes
1. Enhance subject line generator.
(Incorporate statistics from
2. Enhance performance.
3. Incorporate "increase penis length" email.
4. Fix critical product change requests
5. Add string confirming soBIG refers to
average penis size of development team.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Sobig always makes me think of the film Independence Day. You know how the aliens positioned their ships at strategic points around the globe and then waited for the countdown to strike simultaneously?
It makes Sobig seem more 'sinister' when I think of it in these terms. Sure it's annoying, sure it's a drain on time and resources, but what's going to happen when all the ships are in position and the countdown hits zero?
5, 4, 3...
THe other possible scenario is that prosecutors will start going after the company that advertised via the spam. I'd like that solution, I've been saying that should be going on for years...spammers will go away if people are now afraid to use that method of marketing for fear of hefty fines.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
Mail? Put "slashdot" in the subject to pass the spam filters.
Sobig scans the address book, cached webpages, text files on the harddrive, etc., for email addresses. Has it occurred to anyone that the rapid reproduction and spreading may just be a side effect of a spammer trying to gather the largest email list on earth? Imagine what they could do with a list that size? Even people who are careful with their personal email addresses could lose them to the spammer by their parents getting infected.
... and it's NEARLY untraceable back to you.**
.scr and .pif extensions and curled in a fetal position under my deskand took a nap.
Now, add this on top of how the sobig already spoofs emails and you get other people doing your spam for you
-Ab
** I know they can be traced, at least to the last computer, but getting back to the source is tough cause people tend to delete the original virrused email. I know I traced several attacks and helped notify the host companies/universities and got them cleaned up, but after my 7th track, I got fed up and gave up, adjusted my MTA to block all mails with the
Nothing fails quite like prayer.
Spoil my superfriends memories for ever and ever, you insensitive clod.
But nobody can cheapen what Wonder-woman and I had together... mmmmm... that golden lasso...
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Politically-motivated makes more sense. The current version expires on September 10, so a reasonable assumption is that the big attack comes on September 11.
IMHO, the only way for SMTP to be replaced by something secure & authenticated (a la whitelists) is if the current system goes belly up in the most insane, painful and costly way imaginable. I wish it wasn't so, but reasoning, debate and research have proven useless to convince the powers that be that something needs to be done. MASSIVE, huge spamming, unstoppable is a way that will costs billions without doing any physical harm. If that doesnt trigger change, nothing will.
When will I end this grieving ? When will my future begin ?
Think of all the things you could do with 1000s of slaves getting instructions from systems on the internet.
- DOS attacks on
.gov or .mil sites, as well as all the .coms.
- Blackmail or they get DOSed.
- Solve complex mathematical problems grid-like - maybe for cracking passwords or something.
Spam seems to be the mildest thing they can mention to the public - the possibilites for much worse things is there.(S+C) x (B+F)/T = V