Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammer DDoS-By-Virus On spamhaus.org

Posted by timothy on from the hissing-and-roiling dept.

McDutchie writes "Steve Linford of Spamhaus announced in a press release that the latest Wintel virus, W32/Mimail-E, was created by spammers for the specific purpose of DDoS'ing Spamhaus, Spamcop, and SPEWS. It's becoming more and more clear that the spambags are the ones behind the recent mess with the Windows viruses. They must really be getting desperate."

4 of 568 comments (clear)

  1. Re:They're annoying by Analysis+Paralysis · · Score: 4, Informative
    Spamassassin, yes. Antispam registries (think SPEWS), no.

    Hate to rain on your parade here, but SpamAssassin does use blocklists by default (as described in the FAQ). It is the existence of such blocklists that has forced certain major ISPs to stop writing "pink contracts" to known spammers and they are the only anti-spam measure that reduces the cost that ISPs have to bear in terms of mail-server storage and excess bandwidth that spam causes. Rest assured that the spam epidemic would be far worse without DNSBLs and the cost of Internet access far higher.

    Whitelists may work for some people, but others may need to keep their inboxes open (e.g. vendor support).

  2. Re:Not really... by nchip · · Score: 4, Informative

    Oh, puhhlleeeze:

    Read the virus analysis before making untrue claims:

    The worm sends a large amount of data to remote servers (port 80 and ICMP). The worm verifies that a connection is active by contacting www.google.com. If successful, an attack is initiated on the following domains:

    * spews.org
    * spamhaus.org
    * spamcop.net
    * www.spews.org
    * www.spamhaus.org
    * www.spamcop.net

    --
    signatures pending - ansa@kos.to - (dont mail there)
  3. Reject before accept (was Re:They're annoying) by Joel+Rowbottom · · Score: 4, Informative

    Seriously, if you want to reject stuff at SMTP time rather than accepting it then processing it, try using sa-exim (a freshmeat search will turn it up) - it fits into exim and rejects as soon as it's worked out it's spam - mid-DATA if need be.

    --
    Smegma.
  4. Re:unfortunately untouchable by JaredOfEuropa · · Score: 5, Informative
    whoever wrote this is probably sitting somewhere overseas. so, unfortunately we can bitch all we want about it being illegal, because noone is going to do anything about it.
    The reason no one is going to do anything about this is not the fact that these people are overseas, but the fact that local law enforcement is not doing anything.

    These cyber-crimes should be addressed in the same way as any other (international crime). Your national law enforcement officers should track down the country of residence of the culprit and/or send out an international search warrant. Contrary to popular belief, 'overseas' isn't some backwards region whose citizens have barely discovered the abacus. In many countries, writing or distributing virii is a crime, as is executing DDOS attacks. Which is good, because it means law enforcement in those countries will generally assist in bringing these criminals to justice.

    If you want to complain about nothing happening, complain to your local cybercops.
    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...