Slashdot Mirror

← Back to Stories (view on slashdot.org)

Prosecuting Spamming Crackers?

Posted by Cliff on from the shutting-them-down dept.

lnixon asks: "As a recent Slashdot article mentioned, the latest trend in spamming is to use cracked Windows machines for sending spam and hosting spamvertised web sites, 'spacking', as Wired terms it. A couple of weeks ago, I started tracking one of these cracker rings down, carefully documenting the trail as I went.Mostly through luck, I actually found the originating server. This information should seriously put a crimp in their activities...if only I could get the law interested. I have tried to get the attention of CERT, of FBI and of my local police authorities, but nobody seems to be interested. Now, what should I do? Organize a posse?"

2 of 51 comments (clear)

  1. Re:Post a URL on /. by Acidic_Diarrhea · · Score: 4, Informative

    You failed to click on the link that said documentation didn't you? Go there and you can see all the information this guy has been able to gather.

    --
    I hate liberals. If you are a liberal, do not reply.
  2. Lots of hardcoded information in there by Zocalo · · Score: 2, Informative
    This does not seem a very resiliant spam net to me; a lot of the binaries you have examined seem to contain hardcoded values of hosts in the domains "768men.info", "bubra.biz" and "ucp6.biz". You even imply a hardcoded IP address (66.227.96.168) currently being hosted by FDCServers.net. One angle of attack might be to talk to the registrars and ISPs responsible for those domains and try and get them delisted under any AUP they might have. If you can get the domains delisted, then the entire spam net falls apart and the operator will have to start over. Clearly there is criminal behaviour going on here so you have some leverage, albeit not much, to try and convince them to take this course of action.

    As to the law enforcement agencies, spam is simply not a serious crime in their eyes, especially given the amount of effort they need to effect a successful prosecution. Sure, the network is being used for spam now, but a simple change to the .exe being hosted by FDCServers (or whatever hosting company the spammer is using at the time) could change that into *anything*. Make sure that you make that clear. Give them a list of any compromised IPs you have identified and suggest that they see if any of those IPs have also been used to launch DoS attacks, etc (likely, given the lack of patching). If you can establish a link to a high profile case then that might be sufficient to kick start an investigation.

    Good hunting!

    --
    UNIX? They're not even circumcised! Savages!