Slashdot Mirror
Spammers Using Hacked Machines as Decoys
avi33 writes "This Wired story shows a disturbing alliance between hackers [sic] and spammers. Interestingly, they blame part of the alliance on market forces, leading some skilled engineers to the dark side for profit's sake. A Polish firm claims to have control of 450,000 Trojaned systems that it uses to mask the IP addresses of its hosted sites. In other words, you could host your Viagra-peddling site with a company that has a stringent no-spam policy, but a DNS lookup will point to a home user's compromised machine. Not quite bulletproof, but certainly ups the ante in the spam war."
Just sue the owner of the company that they're advertising.
Make some $$$.
It sounds like they run DNS which "load-balances" requests to the spamvertised sites through zombies set up as open proxies. Since the zombies are scattered throughout all IPs, it makes blocking them hard.
Of course the scumbags know their weak spot is the DNS. Blocking particular domains is easy, and changing the authoritative DNS for a zone takes a while (done that too often). It steps up the spam blacklisting to now require not just refusing mail, but also refusing to talk to certain DNS servers that are known to operate this way. They can move around, but it's harder; I'm not sure if this is better or worse than the current situation.
Damn spammers.
People are never as simple as their stereotypes. This applies equally to Christians, Muslims, and Emacs-lovers.
antics/foibles of payper liesense corepirate nazi softwar gangster stock markup FraUD execrable.
it's not that hard to do. there's so much of it to choose from.
from the grasping_for_something_to_say_besides_i'm_afraud dept.
Viruses are becoming increasingly more sophisticated and the time between the delivery of a patch from Microsoft until hackers figure out workarounds is becoming dangerously short. In the case of the Blaster virus it was 25 days, Ballmer said
"When it gets down to five or 10 days a lot of our users will be in a tough position. Their [hackers'] exploits are getting more sophisticated," Ballmer said.
you wonder how these fauxking corepirate nazi payper liesense stock markup FraUD ediots can stay out of jail for yet another daze? defense lawyers. that's how. you're paying for it, as well as everything else.
most of them home computers running Windows with high-speed connections.
WHY wasn't ICF turned on by default in XP Home? WHY aren't there pamphlets included with new computers about keeping AV up to date and not opening unknown e-mail attachments? WHY are so many ports in Windows open by default on Home installations? WHY is Microsoft still clinging to the broken "identify executables by extension" mechanism?
We include pamphlets about how not to hurt yourself while you're using your pretty new Gateway PC, but we can't even drop in a fucking 2 page paper about keeping A/V up to date and the danger of executable attachments? Not only that, Microsoft runs on almost all of the Home PCs out there but almost nobody (sorry geeks, we're all still nobodies when we're not on Slashdot) demands any accountability or quality or security from Microsoft?
Fuck it... I'm going to become a goddamn mime.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
This actually would block quite a few things.
1. Personal web servers. Given the quality of most of these sites, probably not a great loss.
2. Game servers. No more running a CounterStrike servers for your buddies.
3. IM file transfers (AIM, ICQ). These require open ports.
4. VoIP, unless that VoIP implementation routes connections through a third computer.
The problem is, when you advocate blocking inbound connections, you force the bulk of the net to only be passive consumers of prepackaged content, rather than equal participants in the net. Blocking specific ports for specific reasons (like outbound port 25, although that has problems too) is one thing, but just deciding everything should be blocked but "approved" stuff means a lot of apps are dead in their tracks... stuff that isn't web/mail.
People are never as simple as their stereotypes. This applies equally to Christians, Muslims, and Emacs-lovers.
Spammers are winning.
I hate to say it, but they are. They're winning because they play dirty, and we can't stoop down to their level. After two weeks of battling an unusual torrent of spam, I'm ready to torture one of the bastards in a week-long live-webcast to serve as a warning to everyone else. It's time to sink below their level, so we can punch them in the nuts without throwing out our backs!
I'm all for ISPs performing automatic blocking as long as the user has the option of opening all ports. I wish ISPs would charge, say, an extra $5/month for users that want no port blocking. I just bought a house and am moving into a neighborhood that has no DSL. That means that (1) if I get cable, I can't run my services (here in Indianapolis, all the cable companies do port blocking), and (2) if I get satellite, it's really expensive and I can't play the RTS games I always enjoyed. I LIKE running my low-traffic mail, http, and ssh servers. I LIKE being able to do nerdy stuff like accessing my computer from the remote world without having to do all kinds of port redirecting. I don't care what measures the ISP takes to make sure I'm not spamming my neighbors, just as long as they don't take away my basic capabilities. If they want to do relay tests on my machine once a day or limit my outgoing SMTP traffic, then fine. But I'd like to buy an *INTERNET CONNECTION*, and I like to do more than use my connection to look at advertisments.
...just my 2 gil.
Forgive my ignorance of the relevant RFCs, but if a service provider doesn't let all valid (according to the RFCs) packets get to your box, are they actually providing "Internet" access?
I.e., isn't it a different protocol at that point?
I never said just "approved" applications. I just said that the default should be everything is off. If you need a port open then it's a service request with the ISP.
That would be a bad idea, but just because someone can't *by default* start running a web server on their machine accessible from the Internet does not make them into "passive consumers". If they want to they can, they just ask the ISP.
A close family member's Windows 2000 box was 0wn3d within days of getting broadband even though they never need any "server" capabilities on the net. Which would have cost the ISP more... dealing with his complaint or dealing with others' requests to open certain ports?
John.
Oh, you must be on comcast.
I prefer the "u" in honour as it seems to be missing these days.
The only reason to Spam is to sell a product. But surely if some seller advertises this way, utilizing hacked systems, they are in serious violation of law. Why don't the feds simply go after the clients of spammers. If that happened enough you'd think that the spammers wouldn't be able to make money and would simply stop spamming!
How easy do you suppose it's going to be to get ISPs to open one of those ports? If it's too hard, written confirmation and three days notice perhaps, then its no good if I want to, say, open a port of ssh for a few days.
On the other hand, if it's too easy then it's going to be easy for some hacker to social engineer himself access to port X, should he or she so desire.
Lastly, if ISPs get to thinking that ports are some sort resource that they control, then its only a matter of time before they start charging for them. If I wanted to subscribe to one of those browser only services then that's what I would have done.
I'd have no problem with a ISP based firewall that I had administrative control over. It should be easy enough to design a web-based interface, similar to the webmail pages you see everywhere. Allow me to configure firewall rules at the ISP and I'll use that as well as my own setup. But the minute they start dictating what I can do with which, or messing around with my settings, I look for a new provider.
But I'll not willingly be locked in a cage. Not for my own protection, nor for anyone else's.
Don't let THEM immanentize the Eschaton!
If that's the way spammers operate, there's no need for new spam laws, no? What they're doing (unauthorized access to a machine) is already a criminal offense. Why not prosecute on that?
Opus: the Swiss army knife of audio codec
Yes, but it's only a felony in the US. None of those doing the work are in the US.
Even a US-based spammer can claim ignorance of the hired hackers' methods.
And what if the credit card is charged in Kazakhstan?
Hell, a lot of ISPs can't even be bothered to do outbound filtering to drop packets with spoofed source addresses. If they did that, it would make DOS attacks vastly more difficult. But try getting anyone to care... until they get DOSd.
PHEM - party like it's 1997-2003!
Here is yet another example of how spammers have no regard for laws and where their activity is blatantly criminal. It also illustrates why spam laws will be ineffective.
.sig?
It is about time for Law enforcement to find them (follow the money, duh!) and prosecute them. If they are hiding someplace that has no effective rule of law, find them and then knee-cap them. Maybe then they will appreciate law-and-order a bit more.
Psst. Hey buddy, can you spare a
If what they're doing is redirecting to random compromised machines which in turn go to the real site, one method for combatting them is to set up a honeypot of easily-compromised machines and wait for one or more of them to get infected by these loser's trojans. Then firewall logs (or analysis of the trojan) will reveal the real addresses being relayed.
Shouldn't we be monitoring spam anyway, building a list of source IPs, and notifying the ISPs responsible for those IPs to pass along a message to their customers to either a) stop sending spam or b) fix the holes in their machines, or c) they will be cut off from the 'net...
"Freedom means freedom for everybody" -- Dick Cheney
www.eFax.com are spammers
I have issues with paying for someone to not do something. Why do I have to pay for an unlisted phone number I should get a rebate. Why should I pay for my ISP to not block my ports because the vast majority of people can not set up there own firewall. Naw they should pay me for not having to provide me with a firewall.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
ITS CRACKERS! Hackers are just normal computer enthusiats like me and you. Crackers are the malicious ones. http://www.catb.org/~esr/writings/hacker-history/h acker-history-3.html
Tragek
I've said it once and I'll say it again, Bayesian filers is the solution.
/dev/null -- and worse, now you're spinning extra cycles to scan the mail.
No, it's not. Filtering is merely automating "just hit delete." It still gets sent, it still travels the wires to your box, it still hits your spool.
The core argument against spam is that it shoves the costs of advertising onto the recipents. That's why we said that "just hitting delete" wasn't an acceptable answer.
Now, you're singing "Just use Baysian to delete for you." Same spam on the wire, same hit on the spool, same copy to
Just hit delete means you kill 1000 this month -- and 10000 a year later. I'm tired of paying for bandwidth that spammers use. I'm tired of throwing cycles at SpamAssassin to trap the spam.
Filtering is not an answer. Filtering is a bandage -- and it's one that's soaking through.
Ceci n'est pas une sig.