Sobig Worm Attacking RBL Lists?

Ubi_NL writes "According to the Register there is a close correlation between the DDOS attacks on a number of anti-spam lists and the presence of the Sobig virus. Now that Monkeys.com is gone, and spamhaus.org is taking heavy blows, are the spammers actually winning the battle by using viruses?"

Not really surprising, is it?

[borius]

With the efficiency of spam filters and widespread use of blacklists and such, how can the spammers actually make any money? It's logical that they (the spammers) should try to bring attrition to the defenses of mail servers.

Btw, I have a novel idea for bringing spammers out of business. OK, here goes: spammers want to sell you penis enlargement programs, viagra, and pr0n right? Well, what if someone sets up a company solely dedicated to selling these things at the lowest price possible? People could just go to AllMyPerverseNeeds.com and get their fix cheaply and securely. Obviously we can't compete with Nigeria type spams, but it would bring down a lot of spam I think. So, anyone in favor of starting a non-profit Viagra depot?

Attempted slander against anti-spam services also

[Ricin]

Look what I got yesterday (with forged headers):

---- quote --------------
Dear Internet user.

We are an organization dedicated to stopping spam. Please help us as we are
funded solely by private donations.

visit www.spamcop.net for full details. Or you can send your donations to:

Julian Haight
PO Box 25732
Seattle, WA
98125-1232

As you can see by this message unsolicited e-mail is an invasion of your
privacy. As you can also see it can be sent anonymously

We will continue our efforts until all spam is eliminated.

To join please visit www.spamcop.net or contact
jkdom@mail.julianhaight.com

We will continue to send out this message until we convince all ISP's to
stop all spammers.

!!!Stop low-lifes from invading your inbox with their junk!!!
---- end quote ------------

If they spew out fake spam which can only be meant for slanderous purposes, would you really expect them to *not* be in the virus game. Almost all these Windows viruses, if you hexdump them, have smtp capability. It's quite thinkable that a fair amount of them are really experiments rather than 'bad things done to innocent users because the virus writer likes doing that'.

There must be a lot of money involved in the art of spamming still. I wouldn't be surprised if spamhauses are partially means of laundering money as well (think about it). Either way, these people *are* criminals and one should consider them as such.

Re:Where's the hard evidence?

[GoneGaryT]

There have been a number of comments on this topic on a closed list for academic sites here in the UK and the analyses point to Sobig DDoS attacks, specifically against spamhaus.org in these cases. Sobig-F was a very well written piece of binary code, encrypted and compressed to 76k AFAIR, and a description of its functionality shows this. In particular, the possibility that it could act as a portal for Trojan downloads reinforces the claim.

I was trapping infected workstations by monitoring perimeter firewall logs for DNS calls to the root servers, as this is a feature of its activity. Pity I didn't have time to find out what it wanted to resolve, because that could have been interesting.

Spam ostrich

[fmaxwell]

I most certainly hope so! Blacklists are a cure far worse than the disease, and I'm completely rooting for the spammers here.

Publishing spam blacklists is a form of free speech and what you're advocating is the use of illegal means (DDoS) to suppress free speech. You suck.

What with bayesian junk filtering and using uniquely generated email addresses whenever I give them, I never see any spam, and the bandwidth it's costing me is minimal.

Grandma isn't going to be able to install and use bayesian filtering or generate unique e-mail addresses, so your solution sucks. Any "solution" which doesn't keep the spammers from getting their messages to the vast majority of people is just some geek doing mental masturbation. The spammers will continue to spam, using up bandwidth and storage, while costing ISPs, their subscribers, and businesses huge sums of money. And you'll sit there at home patting yourself on the back (or elsewhere) even though the spammers used your bandwidth, your ISP's bandwidth, your ISP's storage, and your storage. Not seeing the spam means that you can't complain about it, so that means that the spammer has less chance of being shut down.

You're just a spam ostrich. You have your head buried in the sand so that you don't see the spam -- even though it's still there.

We figured it out this summer

[bigberk]

Anti-spammers figured out what's going on this summer (see news.admin.net-abuse.email). These numerous Windows worms we're seeing are in fact trial software deployments (funded by major spammers) that are in the process of setting up an anonymous, distributed worldwide spam injection network.

You may mistakenly believe, as I did in the past, that spammers are just a bunch of unemployed losers that sit around late night bulk mailing ads for scams. It turns out that in fact they're well funded losers engaged in such a lucrative industry that they can afford to hire good programmers.

The series of windows worms we've seen this year had preset expiry dates -- ending each of the carefully released wild tests. The most recent versions (swen) have very efficient SMTP engines built-in; these are not amateur projects.

Thanks to Microsoft's monopoly of operating systems, spammers can easily deploy software around the world that relays spam. swen demonstrated the power of this software; many people were DDoS'd off the net. I alone received over 40,000 emails carrying the worm.

Except an all-out-spamwar to break out in 2004.