Slashdot Mirror
Spammers Using Hacked Machines as Decoys
avi33 writes "This Wired story shows a disturbing alliance between hackers [sic] and spammers. Interestingly, they blame part of the alliance on market forces, leading some skilled engineers to the dark side for profit's sake. A Polish firm claims to have control of 450,000 Trojaned systems that it uses to mask the IP addresses of its hosted sites. In other words, you could host your Viagra-peddling site with a company that has a stringent no-spam policy, but a DNS lookup will point to a home user's compromised machine. Not quite bulletproof, but certainly ups the ante in the spam war."
Yes and it is worth the jump backwards in technology to help OS manufacturers continue to pedal sub par product and services that are the real cause of the problem. Attacking a problem at somewhere other than its source has always been such a great way to deal with challenges like this.
me karma am bad
s/hackers/crackers
My site/service got mentioned in a spam "newsletter" once without my knowledge or consent. I was promptly strung up on spamcop as a business that had advertised in spam -- and my site/service is a spam *fighting* service to begin with!
The point here is there's so much spam with so many variations on the base set of presumed facts, that hair-trigger lawsuits will cause many friendly-fire victims. I doubt the spammer I mentioned above meant to cause me any harm by mentioning me in his "newsletter", but I doubt it would be too hard to find a situation where it's done on purpose -- i *have* been "joe jobbed" several times (used as the reply address on spam) and that gets pretty nasty, too, and presents a similar situation where spammers falsely implicate others. Add in swift and sure legal consequences, and it would be much worse. Even assuming the courts have the ability to determine a false positive defendant when they see one, just think of the expense of doing that.
who's moderating the meta-moderators?
Right, the point of the article is that this makes it almost impossible to determine which ISP to contact (without ordering a bottle of Viagra and tracing the money trail.)
I've watched the spam to my inbox go from a few messages a day at the beginning of this year to over 300 a day now. Doubling every ten weeks is a statistic I can believe.
It's clear spammers have no regard for the law. One need only look at their track record: abusing open relays to defray the cost of sending mail, forging headers to divert attention away from themselves, advertising illegal products, businesses, or outright scams, exploiting vulnerabilities in computers to turn victims into zombies for more spamming.
Educating users is futile... I can't even got most of my friends to stop forwarding the latest chain message. I barely saved one of my friends from falling for a credit card phishing scheme, and she's pretty experienced compared to most.
The only thing that is going to work is to go after the people running spamvertised sites. But that's going to cause problems by creating a new kind of "Joe Job"... hire a spammer to spam for your competitor's product; the wrath of the anti-spam crowd then goes straight to your competitor.
Damn spammers.
People are never as simple as their stereotypes. This applies equally to Christians, Muslims, and Emacs-lovers.
For the same reason that Adobe Photoshop will tell you that a
It's easy, and it is generally trustworthy.
Your gripe should be with mis-identifying the extension, not with looking at the extension per se.
E.g. anna_kournikova.jpg.exe
Nothing wrong with that, except that you get to see ".jpg", rather than ".exe" - a stupid flaw by whoever wrote that piece of code, but the identifying of an executable by the
In fact, I would be more worried about something the other way around.
Imagine you get anna_kournikova.jpg, which is actually an executable ?
Right now your OS will simply fail to load the
If your OS were to recognize it as an executable and have no inhibitions from running it as such, then you're really screwed.
And just to plug Irfanview over Photoshop (at least in this respect, I know they are not comparable) : Irfanview will tell you that a picture is of a particular filetype with a wrong extension, and even pop up a dialog asking you if it should just rename the file for you. Excellent stuff.
Usually when a machine is trojaned, it communicates with the trojan creator actively, meaning it connects to an IRC channel, sends an email, somehow communicates on it's own. Most trojans would not be affected by an inbound firewall block since they would still be able to connect to the controller.
It would not be that difficult to modify a trojan that gets it's commands through an IRC channel to send a spam through that same channel.
Uh ... Poland is a country of the former Soviet Union? I don't think so.
Maybe an eastern block country. Maybe a Soviet satellite state. But hardly on the same level as Belarus or the *-stan countries (Turkmenistan, Kazakhstan, Uzbekistan, etc.).
Tuus crepidae innexilis sunt.
When I lived on the dorms, it was a different story. There were an average of 4000 attempt portscans on my machine a day.
Its almost gotten to the point of without turning to viglantism on the internet and launching counter DDos attacks on the spammers themsleves, especially those outside of countries that don't enforce or don't attempt to enfore any type of Spam laws. Most spammers now operate outside of western countries, so what's the cure?
Filtering helps, tools like Spamassassin has brought my total spams from like 80 a day to less than 10.
I for one, as much as I hate them, wouldn't mind to see a few class action lawsuits against spammers. How much longer until the pipes bust with junk and turn the Internet into a near useless medium.
I know several of my clients now call me instead of email as they say that they "Have to wade through 30 junk messages for one valid message". I have rules set up to where my customer's and family email go to seperate folders, and that helps even more, but something needs to be done.
As much as I hate to bitch and not offer any answers, I am afraid that I am stumped. I fear that any attempts to write new protocals, espically by the likes of M$, Yahoo, HP, and other major players, with result in the closing of networks, (i.e. this message was not authenticated by a pallidum enabled server, therefore it will be rejected. Please trade your Mac in for a PC with Win XP^2 for $1000) and cause a leap backwards. At the same time, while people here can say the OSS community will develop an "open" solution, the very fact that its open means that the very people we try to stop will be able to circumvent anything the community develops. Not to say this won't happen with closed-source technology, but then companies like M$ can possible use DMCA against the spammers that reverse engineer such technology.
In any case, spammers are winning and we all are losing.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
They are only winning to those that don't do anything to help themselves.
The Verisign SiteFinder was a bad thing, obviously, but I laughed at the reaction "It's breaking my spam filter." What kind of archaeic, obsolete spam filter were these people using?
Likewise, that spammers are using trojaned systems is bad, of course. Any system compromise is bad. But this is just normal virus and hacking. It doesn't make it any harder to get rid of your spam.
I've said it once and I'll say it again, Bayesian filers is the solution. It works today and it depends on no-one but yourself to start using it. Since I started using it in May, I've received 20,596 spams--of those I've seen 89 of them. I.e., only 0.43%. It comes out to one spam every other day, though that's deceptive since probably half of those that got by were cases of a single spam sent 5 times in rapid-fire mode and they all happened to get through at once--the same spam 6 hours later would've been filtered. In reality, I'd guess I see one spam per week. In a perefect world I wouldn't see any, but that's good enough for me in this imperfect world.
Now, some will say "But that doesn't solve the bandwidth problem." In the short-term, no, it doesn't. But in the short-term it doesn't waste my time which is my single largest expense when it comes to spam. And, in the long-term, if more people started using Bayesian the response rate on spam would continue to plummet making it less and less useful to spam in the first place.
But those that are being bothered by spam on a daily basis simply aren't using the tools and technology that are available to them, and have been for over a year.
WHY wasn't ICF turned on by default in XP Home? WHY are so many ports in Windows open by default on Home installations?
AIM. MSNM. ICQ.
Kazaa. Grokster. Morpheus.
Counterstrike. Unreal. Quake.
Personal web servers. Blog software. Update software. File shares.
That's WHY. Much as I hate MS software, don't blame them for saying "the customer is always right." People want to turn their computers into servers (aka traps for every conceivable virus and trojan in existence). They're going to be extremely pissed off if their Aunt Tillie can't see their photos of the new puppy by downloading from their "ZeroSoft NetSharer" webserver, which happened to come packaged with their new ink-jet printer.
Incidentally, I have some personal experience with this thing. A month ago, one of the guys I do freelance work for said his file shares were not working. I looked and found that he had the error "Incorrect function" on those drives. Three hours later, I found out that there was a firewall sitting in memory, autoinstalled by some HP update (no icon, and named like an NT process, of course). That was blocking port 445 and preventing him from connecting to the SMB server. Should have suspected it in the beginning, but who can infer anything from an error message like that?
That cost him $180 in consulting fees, and he'll probably never use a firewall again. To add to his pain, his box had been NATed, so the firewall was almost completely redundant in this case.
There's no sig like this sig anywhere near this sig, so this must be the sig.