Slashdot Mirror
Spammers Using Hacked Machines as Decoys
avi33 writes "This Wired story shows a disturbing alliance between hackers [sic] and spammers. Interestingly, they blame part of the alliance on market forces, leading some skilled engineers to the dark side for profit's sake. A Polish firm claims to have control of 450,000 Trojaned systems that it uses to mask the IP addresses of its hosted sites. In other words, you could host your Viagra-peddling site with a company that has a stringent no-spam policy, but a DNS lookup will point to a home user's compromised machine. Not quite bulletproof, but certainly ups the ante in the spam war."
an Internet visible server would then have to contact their ISP for a port to be opened
Considering the quality of customer service at my ISP, I'd better hurry up and request an open port for my Duke Nukem Forever server to be up in time.
It sounds like they run DNS which "load-balances" requests to the spamvertised sites through zombies set up as open proxies. Since the zombies are scattered throughout all IPs, it makes blocking them hard.
Of course the scumbags know their weak spot is the DNS. Blocking particular domains is easy, and changing the authoritative DNS for a zone takes a while (done that too often). It steps up the spam blacklisting to now require not just refusing mail, but also refusing to talk to certain DNS servers that are known to operate this way. They can move around, but it's harder; I'm not sure if this is better or worse than the current situation.
Damn spammers.
People are never as simple as their stereotypes. This applies equally to Christians, Muslims, and Emacs-lovers.
Yes and it is worth the jump backwards in technology to help OS manufacturers continue to pedal sub par product and services that are the real cause of the problem. Attacking a problem at somewhere other than its source has always been such a great way to deal with challenges like this.
me karma am bad
most of them home computers running Windows with high-speed connections.
WHY wasn't ICF turned on by default in XP Home? WHY aren't there pamphlets included with new computers about keeping AV up to date and not opening unknown e-mail attachments? WHY are so many ports in Windows open by default on Home installations? WHY is Microsoft still clinging to the broken "identify executables by extension" mechanism?
We include pamphlets about how not to hurt yourself while you're using your pretty new Gateway PC, but we can't even drop in a fucking 2 page paper about keeping A/V up to date and the danger of executable attachments? Not only that, Microsoft runs on almost all of the Home PCs out there but almost nobody (sorry geeks, we're all still nobodies when we're not on Slashdot) demands any accountability or quality or security from Microsoft?
Fuck it... I'm going to become a goddamn mime.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
This actually would block quite a few things.
1. Personal web servers. Given the quality of most of these sites, probably not a great loss.
2. Game servers. No more running a CounterStrike servers for your buddies.
3. IM file transfers (AIM, ICQ). These require open ports.
4. VoIP, unless that VoIP implementation routes connections through a third computer.
The problem is, when you advocate blocking inbound connections, you force the bulk of the net to only be passive consumers of prepackaged content, rather than equal participants in the net. Blocking specific ports for specific reasons (like outbound port 25, although that has problems too) is one thing, but just deciding everything should be blocked but "approved" stuff means a lot of apps are dead in their tracks... stuff that isn't web/mail.
People are never as simple as their stereotypes. This applies equally to Christians, Muslims, and Emacs-lovers.
Spammers are winning.
I hate to say it, but they are. They're winning because they play dirty, and we can't stoop down to their level. After two weeks of battling an unusual torrent of spam, I'm ready to torture one of the bastards in a week-long live-webcast to serve as a warning to everyone else. It's time to sink below their level, so we can punch them in the nuts without throwing out our backs!
I'm all for ISPs performing automatic blocking as long as the user has the option of opening all ports. I wish ISPs would charge, say, an extra $5/month for users that want no port blocking. I just bought a house and am moving into a neighborhood that has no DSL. That means that (1) if I get cable, I can't run my services (here in Indianapolis, all the cable companies do port blocking), and (2) if I get satellite, it's really expensive and I can't play the RTS games I always enjoyed. I LIKE running my low-traffic mail, http, and ssh servers. I LIKE being able to do nerdy stuff like accessing my computer from the remote world without having to do all kinds of port redirecting. I don't care what measures the ISP takes to make sure I'm not spamming my neighbors, just as long as they don't take away my basic capabilities. If they want to do relay tests on my machine once a day or limit my outgoing SMTP traffic, then fine. But I'd like to buy an *INTERNET CONNECTION*, and I like to do more than use my connection to look at advertisments.
...just my 2 gil.
How easy do you suppose it's going to be to get ISPs to open one of those ports? If it's too hard, written confirmation and three days notice perhaps, then its no good if I want to, say, open a port of ssh for a few days.
On the other hand, if it's too easy then it's going to be easy for some hacker to social engineer himself access to port X, should he or she so desire.
Lastly, if ISPs get to thinking that ports are some sort resource that they control, then its only a matter of time before they start charging for them. If I wanted to subscribe to one of those browser only services then that's what I would have done.
I'd have no problem with a ISP based firewall that I had administrative control over. It should be easy enough to design a web-based interface, similar to the webmail pages you see everywhere. Allow me to configure firewall rules at the ISP and I'll use that as well as my own setup. But the minute they start dictating what I can do with which, or messing around with my settings, I look for a new provider.
But I'll not willingly be locked in a cage. Not for my own protection, nor for anyone else's.
Don't let THEM immanentize the Eschaton!
Hell, a lot of ISPs can't even be bothered to do outbound filtering to drop packets with spoofed source addresses. If they did that, it would make DOS attacks vastly more difficult. But try getting anyone to care... until they get DOSd.
PHEM - party like it's 1997-2003!
Most cable companies will be happy to sell you a 'commercial' account too, they'll turn off the port blocking.
Its not any faster, the customer service still sucks, and you don't get any more IP's, but you do get to pay three times as much.
If what they're doing is redirecting to random compromised machines which in turn go to the real site, one method for combatting them is to set up a honeypot of easily-compromised machines and wait for one or more of them to get infected by these loser's trojans. Then firewall logs (or analysis of the trojan) will reveal the real addresses being relayed.
Shouldn't we be monitoring spam anyway, building a list of source IPs, and notifying the ISPs responsible for those IPs to pass along a message to their customers to either a) stop sending spam or b) fix the holes in their machines, or c) they will be cut off from the 'net...
"Freedom means freedom for everybody" -- Dick Cheney