Slashdot Mirror
Spammer DDoS-By-Virus On spamhaus.org
McDutchie writes "Steve Linford of Spamhaus announced in a press release that the latest Wintel virus, W32/Mimail-E, was created by spammers for the specific purpose of DDoS'ing Spamhaus, Spamcop, and SPEWS. It's becoming more and more clear that the spambags are the ones behind the recent mess with the Windows viruses. They must really be getting desperate."
Seriously, I've been getting less spam lately thanks to filters. Sure, it's not gone entirely, but it's a lot less of a hassle than it used to be. I sure hope this is a sign of things to come... If they're this desperate to stop anti-spammers, they gotta be in their throws of death.
Ironically, the spammers who try to "get tough" in this way will probably end up putting themselves out of business. They've only survived this long because of relative obscurity, but once these extra-malicious spammers are caught, there won't be much in the way of goodwill for the other, questionably legal ones. Good riddance.
Spammers have been DOSing internet email for years. Now they're simply adding their attacks to another protocol. Think about it.
It could very well be a diversionary tactic and it is best left to law enforcement to decide who the real culprits are.
I've said it before, the feds should stop looking for super-uber-mega crackers. The biggest, most expensive, and most damaging ONGOING computer crime is spam. They're not idiots, and they're not harmless nuisances. They're quite capable, and have hired on many technically proficient guns to do their dirty work, cracking systems, running hordes of zombies, and trying to find exploits in every commercial and non-commercial system so they can send out ever more spam.
Get to work on eliminating spammers and much of our current crop of computer-related woes will just GO AWAY. The only people who would hate for this to happen are the spammers, the hired guns, and companies like Symantec...
Anything that brings "spam" and "viruses" closer together in the public eye is bad for spammers in the long run.
And fortunately for the rest of us (or unfortunately depending on your point of view), this type of behaviour just makes spammers more of a target for legislation and law enforcement.
I'm a perfectionist but I'm trying to cut back.
Filters, yes. Spamassassin, yes. Antispam registries (think SPEWS), no.
Lists of IPs for "antispam" purposes, drive me bananas. I normally run an MTA on my machine, and don't see any reason to relay mail (slower notification of problems, have to remember to change the relay whenever moving from network to network, etc), and there are groups like the DUL that just block swaths of IPs from sending email.
I hate getting spam too, but not as much as I get screwed over by stupid antispam "fixes".
I'm all for antispammers and spammers beating each other up. They both suck.
This whole thing is just a massive upheaval over the fact that Free Email Everywhere Just Doesn't Work. It's whitelists sooner or later, anyway.
May we never see th
They must really be getting desperate.
This reminds me of the President claiming the increased rate of attacks in Iraq was a sign of progress. Since when does increasing sophistication demonstrate desperation?
Do me a favor and double it!
These sites should turn their evidence over to the FBI. There's now good reason to go after the handful of individuals responsible for most spam.
where do you get this notion that this has anything to do with the return address? it's a DDoS attack. bounces can't realistically flood a site enough to take down a DNS RBL (and if they somehow did, a temporary change in MX records would take care of that).
also legit mail admins don't launch DDoS attacks or break into other people's machines with viruses. give me a break. anyone who seriously considers doing such a thing deserves to be blacklisted.
I'm finding it very difficult to keep up with all these anti-terrorism/Homeland Security/Patriot Act laws. Didn't they create some law or other where sending computer viruses and DoS'ing constitutes an act of terrorism?
When life hands you lemons, grab the salt and pass the tequilla...
based on the number of spams that are getting through. It has jumped up again (doubled) in the last 1-2 months.
The spamers are not desperate. They have simply figured out nice openings and are bulldozing a near infinity lane highway.
I prefer the "u" in honour as it seems to be missing these days.
Remember how every spammer that got interviewed would claim that he wasn't doing anything illegal?
Well, when these viruses get traced back to the spambags, it's going to be sweet to see those bastards doing time.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I'd rather have a centralized db in this case. Case in point: You called me a n00b in a CS game, so I just throw your IP(&|)Domain onto Gnutella, all of a sudden you can't email anyone. Seems problem prone.
--I don't want the world, I just want your half.
I am against the death penalty by principle....
I can understand that some people think in the line of an eye for an eye (I don't agree with them, but atleast they have some argument).
Spam leads to irritation, or eaven to lost bandwidth or time and thus to a financial damage. To say that that justifies killing is so stupid it isn't even funny.
Jeroen
Secure messaging: http://quickmsg.vreeken.net/
The service the sites being DDoSed are offering is a list of well known IP address ranges, and domain names that are Well Known, because they have been found to either have customers who are known spammers, or have done nothing to prevent customers from being inadvertant spammers (open proxies and the like.)
If your spam assasin were configured to use one of the black hole lists that they provide, to either mark messages as potential spam, in addition to the filters you have customized, you may get a better recognition rate than just by using the filters you have customized.
No, this is not a perfect solution. Some ISP's attempting to help their customers by installing such spam filters are discovering that the black hole lists include ranges of their own addresses, and have had problems getting those addresses and domains unblocked. I am not criticising either the ISP, or the black hole list maintainers, just stating reported observations.
There are other flaws with this sollution, which generally means that you will have to continue to tweek your rules.
White lists are one option. Vetted addresses may be another. Restricting your in box to people who send their e-mail to you encrypted or signed with a public key is even another possible solution. The key doesn't have to be fully trusted to be useful, but it would be helpfull if your friends had already approved the key and your e-mail client would lift the rating out of the spam bucket if it was appropriate.
At the same time I have to review my "spam" bucket once or twice a week to make sure that one of my kids hasn't accidentally sent me a chain letter. Then I throw out the 60-80% of my inbound mail that has been dropped there. And yes that number does include the e-mail lists I am on that are not treated as spam.
-Rusty
You never know...
It is critical for anti-spam blocklists to operate in real time. The lists are not "distributed" like software, movies or other media. The blocklist must be queried, and those queries must operate close to real-time. This is essential so that updates to the list can stop a spam run while it is still in progress. Also, operating in real-time is important to support removal from the list (and potential legal problems associated with being unable to remove someone promptly).
PJRC: Electronic Projects, 8051 Microcontroller Tools
People shouldn't just jump to the conclusion that the perpetrator of this is some commercial spammer. I visit some webmaster forums and many have commplained that some of these sites like SPEWS often go overboard in their blackholing, ending up block innocent bystanders who have a tough time getting out of these blocks.
I say it could have been the work of some pissed-off admins who were frustrated.
eTrade SUCKS
The spammers spread the new viruses by email. People who use outlook are the ones at risk.
I think that software companies that produce such defective software (MS in this case) share the blame and should be included in ay legal action against these spammers!
What beggars belief more is that a corp with the near-infinite resources of Microsoft still gives people a near-perfect vector for virus distribution. I'm sure if any one of us had 40Bn cash and 8 years (is that how old LookOut Express is now?) we could either code or hire programmers to code an email client that wasnt broken.
:o)
Of course.. if they ever mended LookOut the AV guys would go out of business overnight but that's a whole new consipracy theory involving large cash backhanders and deliberately broken coding there...
I wonder if those who believe Might Is Right ever wonder if they Might Be Wrong...
If spammers are really behind these virii, and we're able to verify it, then it is probably that even the blind and computer-ignorant gov. offices, like FBI, or whoever, will eventually get the same info others have.
Whereas before their only offense was spam (which is gradually being outlawed), now they have done something for which people have been indicted and sent to jail for.
Spammers are evil -- we all know that -- and this just means the gov. (if they're awake) will finally have a tool to put the worst of them in jail once they can prove who's spacking and creating anti-anti-spam virii.
It just wouldn't be slashdot without a kneejerk liberal taking everything seriously and issuing a sober, politically correct refutal to someone's offhand comment.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
and the spammers will continue to waste your network bandwidth and resources. Content based filtering is
a inperfect solution at best, and one that does NOTHING to discourage the spammers. Only heavy blocking of spam friendly countries and isps seems to do much to discourage more spam.
Lawyers, MBA's, RIAA? A jedi fears not these things!
It's just general lack of competence and understanding with law enforcement. The whole Internet thing is new to them (it's fairly new in general for that matter) and it requires very different tactics, skills and resources than normal investigations. Thereofre it is taking time for the law enforcement agencies to change and grow.
Also it isn't really clear what is and is not important on the Internet, crime wise or even what should be a crime. I mean some things are pretty clear, like pedophiles luring little kids in for sex, or defrauding someone. These are normal crimes in a new medium. But some things like SPAM aren't nearly so clear. I mean to the lay person, it seems just like junk mail. WEll junk mail is a little annoying, but no big deal. They don't know that SPAM is different (it costs the recipient) and that the spammers aren't legit bussinesses like jumk mailers usually are, they are often scammers and criminals willing to go to any lengths.
Unfortunately, I think we have 10-20 more years before we start to see really efficient policing of the Internet. Laws and law enforcement agencies need to be changed and they need time to learn how to efficiently handle electronic crime.
And for porn sites: If they are all on *.xxx they will be filtered, but much of that filtering would happen by people apart from their clients themselves. Yes, it would remove children (which I'm sure the porn sites would be very happy about - if you're in a business that require credit card signups and where your primary cost is bandwidth, would you like to have an underage person with no credit card but all the time in the world to download your preview content over and over again and wasting your bandwidth accessing your site?), but it would also remove people surfing from work (you'd be surprised - I've run several networks where all traffic went through a Squid proxy, and the traffic stats were "interesting" considering it came from people working in glass cubicles), from any country that decides to stop the "immoral" porn sites, from any municipality or state with powers to order ISP's to filter, and a wide variety of other situations.
The porn industry would likely hate *.xxx for those reasons: It makes it easy to censor them.
And we should be vary of any attempt to force controversial content to be labelled for exactly that reason.
Another problem is who sets the standards. In some countries kissing publicly is considered obscene. Some countries consider bare womens limbs obscene. Some countries are pretty liberal about underage nudity as long as it's not in a sexual setting (some places parents taking pictures of their children playing naked on the beach would be ok on a page with their holiday pics, but would be considered child porn if they were put on a porn site, for instance)
This is why the .kids proposal was altered to .kids.us - it restricts the above problem to standards within a single country. But in the .kids.us case it's about positive labelling: Label what you explicitly want to allow rather than that which some people will want to restrict, so the problem was smaller to start with.
A .spm would have some of the same problems. As long as the criteria would be made purely based on delivery method and volume I wouldn't be too concerned, but again the question would be in what cases mass distribution could be made outside of .spm, and how to verify that it taken place.
Also, a .spm would need more than just that - a major problem of spam is the cost of handling it for ISPs. Making it harder to reach users, but giving spammers a specifically legal way of delivery, would likely exacerbate that by forcing spammers to massively increase their volume to make up for reduced reach.
Your *kid* having to push delete on something with pictures of stuff in orifices where it doesn't fit is also what the problem is...
I don't know much about this, but would it be possible for the receiving ISP to download most of the email (i.e. all except the last byte) and test that using spam filters? If it tested as likely spam then it could send a bounce to the sending server and abort the download of the rest of the message.
Would this be possible?
The basic problem is that the DOJ is a political institution. It's not a neutral enforcement institution seeking to punish lawbreakers. Who and how it decides to punish people are political decisions, deeply influenced by the political needs and goals of the administration. Spam and spammers have too many growing ties to people important to the Republican administration and its pro-corporate, pro-business financial backers. A real crackdown on spam would have shockwaves that would hurt them financially and politically, and with the election only a 366 days away, you can bet that pissing these guys off is something they don't want.
I agree entirely that content-filtering is an interim solution at best.. and quite frankly, so is IP blocking.
As a contributor to SpamAssassin and study of spam, no form of filter tactics are discouraging to spammers. All they seem to do is become more determined to find clever ways of avoiding you.
IP address blocking, bayes, content searches, none of this does much but force spammers to keep changing their tactics.
Take a look at the HTML source for some of your spam.. notice that a lot of them are hiding "high dollar" words in HTML comments, or white-on-off-white text.. These are deliberate attempts to poison bayes type methods.
IP blocking is a bit more difficult for spammers to evade, but quite frankly the only truly effective way to avoid them entirely is to block 0.0.0.0/0 (that's all IP addresses for those not familiar with CIDR). Selective IP blocking just forces spammers to try more aggressively to find new hosts to abuse. They are sending trojan horses to ordinary home users to abuse their machines, they are attacking educational networks, corporate networks, and pretty much anywhere they can get anything installed.
Even a rewrite of SMTP for security won't help much against the current tactics of the more sophisticated spammers.. They're already targeting legitimate windows users with trojan horses. Once a spammer has control of your machine, he can send spam with all the same credentials you have. Unless you've got some kind of authentication that you need to re-enter every time you send mail, they can send mail as some dumb joe who ran their trojan no matter how secure SMTP becomes. Even if every mailserver in the world was 100% secure against relaying, address forgery was impossible, and servers required authentication for delivery of mail, these tactics which are already in use would still allow them to send spam.
And let's face it, the prevalence of mail viruses shows just how easy it is to convince your average end user to run a trojan.
The best we can hope for is to make spamming inconvenient.
-Matt
"Does anyone see drawbacks to this plan?"
Basically its the same theory as warning someone in AOL-IM. Their warn level gets high enough they can't send messages until it drops some. The problem is people get into "warning wars". How high can I make a friends warn level to piss him off.
For spam who is going to be the judge to determine if its spam or not? I consider all the stupid jokes I get from people spam so I should hit them and make them pay for it. What if I piss someone off so they decide to report every email that I've sent as spam in retaliation. Even friends like to piss other friends off from time to time.