Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammer DDoS-By-Virus On spamhaus.org

Posted by timothy on from the hissing-and-roiling dept.

McDutchie writes "Steve Linford of Spamhaus announced in a press release that the latest Wintel virus, W32/Mimail-E, was created by spammers for the specific purpose of DDoS'ing Spamhaus, Spamcop, and SPEWS. It's becoming more and more clear that the spambags are the ones behind the recent mess with the Windows viruses. They must really be getting desperate."

7 of 568 comments (clear)

  1. Re:They're annoying by Analysis+Paralysis · · Score: 4, Informative
    Spamassassin, yes. Antispam registries (think SPEWS), no.

    Hate to rain on your parade here, but SpamAssassin does use blocklists by default (as described in the FAQ). It is the existence of such blocklists that has forced certain major ISPs to stop writing "pink contracts" to known spammers and they are the only anti-spam measure that reduces the cost that ISPs have to bear in terms of mail-server storage and excess bandwidth that spam causes. Rest assured that the spam epidemic would be far worse without DNSBLs and the cost of Internet access far higher.

    Whitelists may work for some people, but others may need to keep their inboxes open (e.g. vendor support).

  2. Re:Not really... by nchip · · Score: 4, Informative

    Oh, puhhlleeeze:

    Read the virus analysis before making untrue claims:

    The worm sends a large amount of data to remote servers (port 80 and ICMP). The worm verifies that a connection is active by contacting www.google.com. If successful, an attack is initiated on the following domains:

    * spews.org
    * spamhaus.org
    * spamcop.net
    * www.spews.org
    * www.spamhaus.org
    * www.spamcop.net

    --
    signatures pending - ansa@kos.to - (dont mail there)
  3. Reject before accept (was Re:They're annoying) by Joel+Rowbottom · · Score: 4, Informative

    Seriously, if you want to reject stuff at SMTP time rather than accepting it then processing it, try using sa-exim (a freshmeat search will turn it up) - it fits into exim and rejects as soon as it's worked out it's spam - mid-DATA if need be.

    --
    Smegma.
    1. Re:Reject before accept (was Re:They're annoying) by dodobh · · Score: 3, Informative

      You either interrupt transmission before the data phase, or after the data phase has been terminated by . (RFC 2821 mandates that data cannot be interrupted).
      Interruption during the data phase will be considered as a network problem and the mail will be resent, for upto five days. Lots of bandwidth wasted.
      Stopping before the data implies that only the helo/ehlo, mail from: and rcpt to: have been sent. Stopping after data but before the quit just implies that your server will not deal with the bounce. It does nothing to save your inbound bandwidth.

      --
      I can throw myself at the ground, and miss.
  4. Re:unfortunately untouchable by JaredOfEuropa · · Score: 5, Informative
    whoever wrote this is probably sitting somewhere overseas. so, unfortunately we can bitch all we want about it being illegal, because noone is going to do anything about it.
    The reason no one is going to do anything about this is not the fact that these people are overseas, but the fact that local law enforcement is not doing anything.

    These cyber-crimes should be addressed in the same way as any other (international crime). Your national law enforcement officers should track down the country of residence of the culprit and/or send out an international search warrant. Contrary to popular belief, 'overseas' isn't some backwards region whose citizens have barely discovered the abacus. In many countries, writing or distributing virii is a crime, as is executing DDOS attacks. Which is good, because it means law enforcement in those countries will generally assist in bringing these criminals to justice.

    If you want to complain about nothing happening, complain to your local cybercops.
    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  5. Re:They're annoying by RT+Alec · · Score: 3, Informative

    While it is true that some DNSBLs block entire netblocks, those lists are used by the fewest people. There are a great many DNSBLs one can use to block mail, some are maintained better than others and most have different criteria for inclusion and removal. Use the ones that match your philosophical opinion of spam, don't use the ones that you feel are too extreme.

    It's all about freedom of choice!

  6. Spam Prevention by cagle_.25 · · Score: 3, Informative
    This is slightly offtopic, but I've been turning over an anti-spam scheme in my mind for a while. What if ...

    you are required to pay a small escrow fee as part of your ISP service fee, AND

    if someone receives and e-mail from you and deems it as spam, then he clicks the appropriate button, AND

    your escrow fee is charged *once per e-mail* and his is increased by the same amount.

    The balance of the escrow fee would be refundable at any time, but accounts with a balance of 0 would be unable to send e-mails.

    As I think through this, I can see several virtues:
    1. The senders of spam would have to pay per offensive e-mail and would thus have strong incentive to stop.
    2. Senders of legit e-mail would continue to have free or mostly free e-mail.
    3. Those affected by spam would have immediate recourse and receive compensation for their time.
    4. The spirit of the plan seems right: if you are going to waste my time with your spam, then you pay me for it. But if you are a friend, you get my time for free.

    Does anyone see drawbacks to this plan? Perhaps increase in net traffic per e-mail sent, but that would presumably be offset by a substantial decrease in spam.

    --
    Human being (n.): A genetically human, genetically distinct, functioning organism.