Slashdot Mirror
Spammer DDoS-By-Virus On spamhaus.org
McDutchie writes "Steve Linford of Spamhaus announced in a press release that the latest Wintel virus, W32/Mimail-E, was created by spammers for the specific purpose of DDoS'ing Spamhaus, Spamcop, and SPEWS. It's becoming more and more clear that the spambags are the ones behind the recent mess with the Windows viruses. They must really be getting desperate."
Seriously, I've been getting less spam lately thanks to filters. Sure, it's not gone entirely, but it's a lot less of a hassle than it used to be. I sure hope this is a sign of things to come... If they're this desperate to stop anti-spammers, they gotta be in their throws of death.
Ironically, the spammers who try to "get tough" in this way will probably end up putting themselves out of business. They've only survived this long because of relative obscurity, but once these extra-malicious spammers are caught, there won't be much in the way of goodwill for the other, questionably legal ones. Good riddance.
I wonder if this will be quickly followed by a press release on being slashdotted..? The world's friendliest DDoS attack..
Chris, taffie down under..
Spammers have been DOSing internet email for years. Now they're simply adding their attacks to another protocol. Think about it.
I like this NANAE post by Steve Linford much better. Especially the last paragraph.
W32/Mimail-E, was created by spammers for the specific purpose of DDoS'ing Spamhaus, Spamcop, and SPEWS.
And in phase two of the attacks spammers craftily create stories containing links to the target spam lists and post them on slashdot. LFTL
I've said it before, the feds should stop looking for super-uber-mega crackers. The biggest, most expensive, and most damaging ONGOING computer crime is spam. They're not idiots, and they're not harmless nuisances. They're quite capable, and have hired on many technically proficient guns to do their dirty work, cracking systems, running hordes of zombies, and trying to find exploits in every commercial and non-commercial system so they can send out ever more spam.
Get to work on eliminating spammers and much of our current crop of computer-related woes will just GO AWAY. The only people who would hate for this to happen are the spammers, the hired guns, and companies like Symantec...
This is great news!
Now we're once step closer to linking spam to al Qaeda. These viruses are terrorist actions, and are more demonstrably more dangerous even than Iraq's nukes!
Once we somehow link spammers to September 11, we can invade them (or maybe just throw them in jail where the other inmates can do the "invading").
So how about using Bitkeeper or Freenet or Gnutella to distribute spam blacklists and other information?
-- Ed Avis ed@membled.com
Anything that brings "spam" and "viruses" closer together in the public eye is bad for spammers in the long run.
And fortunately for the rest of us (or unfortunately depending on your point of view), this type of behaviour just makes spammers more of a target for legislation and law enforcement.
I'm a perfectionist but I'm trying to cut back.
Filters, yes. Spamassassin, yes. Antispam registries (think SPEWS), no.
Lists of IPs for "antispam" purposes, drive me bananas. I normally run an MTA on my machine, and don't see any reason to relay mail (slower notification of problems, have to remember to change the relay whenever moving from network to network, etc), and there are groups like the DUL that just block swaths of IPs from sending email.
I hate getting spam too, but not as much as I get screwed over by stupid antispam "fixes".
I'm all for antispammers and spammers beating each other up. They both suck.
This whole thing is just a massive upheaval over the fact that Free Email Everywhere Just Doesn't Work. It's whitelists sooner or later, anyway.
May we never see th
First they spam us and now they do even infect us with viruses... when will it ever stop?
I don't really get it, while spam is increasingly annoying (altough i use a highly customized spam assassin filter i still get about 10 unwanted mails) writing viruses is plainly illegal. But what's the reason for DDoS'ing these sites? The only way to fight the spam is to use mail filters. if people want one they have to customize it themselves to make it actually work.
If the spam keeps increasing as fast as it has in the past few years, the future of mail will be dark... here is my vision: (behold!) you will have a "buddy" list of friendy or coworkers similar to instant messaging services such as ICQ and MSN Messenger and only mails from "thrustworthy" origin gets actually forwarded to you mailbox. not so cool, isn't it? but imho its the only way not to have to delete several dozens of spam a day. (and what annoys me most -> i sometimes accidentially delete mails from friends because they are hidden underneath masses of spam.)
yours
johannes
".Sig Stealer" was here
it goes without saying that this is pretty sleazy, but unless they are idiots, whoever wrote this is probably sitting somewhere overseas. so, unfortunately we can bitch all we want about it being illegal, because noone is going to do anything about it.
time to continue using spamassasin. it works pretty much 100% for me. it's not really the most ideal solution (the ideal solution being saving the bandwith used by spam by not allowing delivery), but it does same the man-time in trashing spam.
These sites should turn their evidence over to the FBI. There's now good reason to go after the handful of individuals responsible for most spam.
I have found a useful friend with Mailwasher, For those of you that thought the war was lost, check out this beauty.
No direct links, Look it up for yourself.
"Honey, I feel a certain distance between us..." "Really? A 31ms ping ain't that bad..."
I dont think anyone can be that stupid... Uhh.... hmm. Nevermind.
Recently my cable internet service was suspended. Upon calling tech support I was transfered to the fraud and abuse department, you can imagine the look on my face. The techie told me that my access had been suspended because a computer on my network was infected with the welchia worm. The techie was kind enough to even provide me with the MAC address of the offending machine. I was suprised because my mixed network of 10, linux and windows machines, is kept up to date with the latest security patches. After checking all 10 machines I found that none of them had the mac address supplied by the techie. Upon further investigation of my DHCP logs I found that my WiFi network, SSID free_as_in_beer had its first visitor. I left it open because I believe in free access and wanted to see if anyone interesting would enter the network. Unfortunatly the mysterious computer was not logged in so I could not send a net send message to it, and it seems that the person would connect infrequently. I asked my neighbors and couldnt find the individual so I was forced to employ WEP enchrption. Now I've got chalkings outside my apartment just incase someone with any bit of knowledge wants a free ride, but my point, yes I actually had one, thanks for reading was that I feel bad for grandpa and grandma with their 2000 model compaq connected directly to the cable modem for emailing the grandkids. I was fortunate enough to convince the ISP that my network had been secured and I was granted access again, they on the other hand have few options. Then again this is a good thing for repair guys that make house calls, but between gator (or whatever its called now) and all the other crap out there I think they're busy enough.
I only wish that I could keep my WiFi up without WEP for my neihgbors or anyone walking by without exposing myself to risk of internet connection termination.
Have any other slashdotters had similar experiences, or suggestions. Thanks.
Im dreaming ofa big bndwdth, That can resist the
based on the number of spams that are getting through. It has jumped up again (doubled) in the last 1-2 months.
The spamers are not desperate. They have simply figured out nice openings and are bulldozing a near infinity lane highway.
I prefer the "u" in honour as it seems to be missing these days.
Remember how every spammer that got interviewed would claim that he wasn't doing anything illegal?
Well, when these viruses get traced back to the spambags, it's going to be sweet to see those bastards doing time.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Well, the guy behind this article is obviously a spammer.. its a really smart idea to slashdot a site which is getting DDOS'ed... Well, I'm wondering what would have been more damage.. the worm or the slashdotting
Maybe it's a 1-2 punch type approach. ...(DNS/blacklist/etc has to be re-routed until virus passes)
Step A - release virus to DDoS on blacklist maintainers
Step B - while blacklists are down, send out massive spam campaign or more virus-type spam
Well, it doesn't prove they're desperate, but it shows that spamhaus and others hurts them (otherwise, why attack them).
Opus: the Swiss army knife of audio codec
Surely it would be more appropriate to force them to take an overdose of their own viagra? Sorry, v1agra.
I'm being serious here...
Haven't the authorities shown a propensity for going after malicious software writers, particularly viruses and worms, whilst completely ignoring spam? By writing malicious software, haven't they just attracted a whole lot more attention from law enforcement than they would otherwise have got?
Good on them I say - I think we could do with more law enforcement attention on these sort of people!
Of course it doesn't deny the impacts on those being attacked, nor covers the international aspects of spam. But with more countries creating explicit laws to deal with hacking and misuse of computers, the more dodgy spammers might start getting what they deserve - a good ass-pounding in prison!
Oh, puhhlleeeze:
Read the virus analysis before making untrue claims:
The worm sends a large amount of data to remote servers (port 80 and ICMP). The worm verifies that a connection is active by contacting www.google.com. If successful, an attack is initiated on the following domains:
* spews.org
* spamhaus.org
* spamcop.net
* www.spews.org
* www.spamhaus.org
* www.spamcop.net
signatures pending - ansa@kos.to - (dont mail there)
First get a corporate shield, an S-corp can be had for as little as $100 in most states. This will protect your personal assets from a lawsuit.
.40 bottle of vitamin C with a little sticker that says "Placebo you bought from a spammer, dumbass. Cure wait ails ya."
Get a bulk mailer and email harvester and sell "Placebon the Herbal Viagra." Get a credit card processing account (or maybe just paypal) from a bank.
Email a million people.
Get ~5,000 orders.
Charge $19.99
Send them a
You profit. They get burned. Everyone wins. For the moral people, think of it as your personal war against scurvy.
I'm actually asking if anyone knows of a free, OSS or not alternative.
snort is quite useful on *NIX machines. Quoth FreeBSD's security/snort ports description:
cpghost at Cordula's Web.
Anyone who believes that this is the desperate act of a dying species is woefully wrong. Spammers used to be somewhat naive technologically, but the last year or two has seen a consolidation of spammers with virus writers and in essence the battlelines between the "good" and the "bad" users of the Internet have never been so well drawn as now.
A symptom of all evolving systems, natural or artificial, is that parasites will take advantage of easy opportunities. In nature, this battle has been a fundamental force for evolution and change. I don't see why it should be different in the Internet, which largely behaves like a natural system.
Here is an analysis of the subject by an expert on the matter (oh, it's ME?!). Bottom line: as long as the Internet is built on predictable defined structures (protocols and gateways), it will be heavily parasitized. What we see today is only a warmup. The solution is to find ways of evolving the structures of the Internet faster than the parasites can evolve.
This problem won't go away through wishful thinking - we need to understand what is actually going on. Heck, this discussion is moot: if my theory is correct, self-modifying defensive systems will happen exactly as the parasites have evolved: because this is what happens in natural systems.
I just trolled myself. Damn.
Ceci n'est pas une signature
this virus spreads itself by email a ZIP attachment which contains EXE that must be run, of course its Windows only.
I would love a way to identify IP address of all idiots who contract this virus, just to be sure my AOL/RoadRunner/Verizon netblock blacklists are complete.
People shouldn't just jump to the conclusion that the perpetrator of this is some commercial spammer. I visit some webmaster forums and many have commplained that some of these sites like SPEWS often go overboard in their blackholing, ending up block innocent bystanders who have a tough time getting out of these blocks.
I say it could have been the work of some pissed-off admins who were frustrated.
eTrade SUCKS
The spammers spread the new viruses by email. People who use outlook are the ones at risk.
I think that software companies that produce such defective software (MS in this case) share the blame and should be included in ay legal action against these spammers!
What beggars belief more is that a corp with the near-infinite resources of Microsoft still gives people a near-perfect vector for virus distribution. I'm sure if any one of us had 40Bn cash and 8 years (is that how old LookOut Express is now?) we could either code or hire programmers to code an email client that wasnt broken.
:o)
Of course.. if they ever mended LookOut the AV guys would go out of business overnight but that's a whole new consipracy theory involving large cash backhanders and deliberately broken coding there...
I wonder if those who believe Might Is Right ever wonder if they Might Be Wrong...
Seriously, if you want to reject stuff at SMTP time rather than accepting it then processing it, try using sa-exim (a freshmeat search will turn it up) - it fits into exim and rejects as soon as it's worked out it's spam - mid-DATA if need be.
Smegma.
An eye for an eye, a minute for a minute;
Well, say spammers send their messages to 2 million recipients, and each spend, on average, 10 seconds reading and deleting said spam. That comes out at 231 days of _completely wasted_ life. Life that can never be given back to whoever lost it.
Even worse, since that's time spent awake, it's more like a year of real time. Say the spammer sends 100 such spams, he would then have _wasted_ an entire lifetime. We can thus, by the "An eye for an eye, a minute for a minute" rule, confiscate the rest of his life!
There's the argument you requested!
cheers,
m
If spammers are really behind these virii, and we're able to verify it, then it is probably that even the blind and computer-ignorant gov. offices, like FBI, or whoever, will eventually get the same info others have.
Whereas before their only offense was spam (which is gradually being outlawed), now they have done something for which people have been indicted and sent to jail for.
Spammers are evil -- we all know that -- and this just means the gov. (if they're awake) will finally have a tool to put the worst of them in jail once they can prove who's spacking and creating anti-anti-spam virii.
I've been using SpamAssassin's Bayesian filtering features to get rid of my spam for good. I've turned off SpamAssassin's use of any of the antispam sites like spamhaus, spews, and spamcop, mainly because some of them have been foolish enough to sweep such a wide net that turning on use of these sites causes SpamAssassin to filter legitimate mail that comes from my own domain! (that's what I get for living in a country whose ccTLD is run by a brain-damaged registrar...) I've been running almost totally on Bayesian filters after having trained them carefully for a month, and have thus far had zero false positives and false negatives. I mainly keep the spam around to further strengthen the training of my filters and for occasional entertainment value. Those Nigerian scams can be really funny sometimes, you know. :)
These blacklists could go away tomorrow and my Bayesian filters will only keep getting better and better at weeding out the spam. In my experience, these antispam sites are actually more part of the problem than the solution, because they filter more mail than they should.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
It just wouldn't be slashdot without a kneejerk liberal taking everything seriously and issuing a sober, politically correct refutal to someone's offhand comment.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
So there.
Any technology distinguishable from magic is insufficiently advanced.
Slashdot will.
There are few things I can think of more Homer-Simpson-ish than post a slashdot link to certains sites to tell the world they are being DoSed.
-><- no
Spamassassin has Baysian filtering, in addition to the extensive ruleset it uses.
It can also optionally "autolearn", where decisions about what is spam based on existing knowledge can be used to provide automatic learning input for the Baysian system for future emails.
May we never see th
It's just general lack of competence and understanding with law enforcement. The whole Internet thing is new to them (it's fairly new in general for that matter) and it requires very different tactics, skills and resources than normal investigations. Thereofre it is taking time for the law enforcement agencies to change and grow.
Also it isn't really clear what is and is not important on the Internet, crime wise or even what should be a crime. I mean some things are pretty clear, like pedophiles luring little kids in for sex, or defrauding someone. These are normal crimes in a new medium. But some things like SPAM aren't nearly so clear. I mean to the lay person, it seems just like junk mail. WEll junk mail is a little annoying, but no big deal. They don't know that SPAM is different (it costs the recipient) and that the spammers aren't legit bussinesses like jumk mailers usually are, they are often scammers and criminals willing to go to any lengths.
Unfortunately, I think we have 10-20 more years before we start to see really efficient policing of the Internet. Laws and law enforcement agencies need to be changed and they need time to learn how to efficiently handle electronic crime.
The death penalty, according to the liberals, is no deterrent because if you are crazy enough to kill, you won't be deterred by the threat of execution. Fair enough, but that's not going to be the case with spam. A few spammer executions would tilt the risk-benefit calculation hugely against spamming, thus eliminating the problem and saving millions of dollars (which will help the economy and therefore improve standards of living and therefore improve life expectancy -- thus saving lives).
Next up, the death penalty for people who stuff bubble gum in coin slots so I can't buy my bus tickets... \end{tongueInCheek}
And for porn sites: If they are all on *.xxx they will be filtered, but much of that filtering would happen by people apart from their clients themselves. Yes, it would remove children (which I'm sure the porn sites would be very happy about - if you're in a business that require credit card signups and where your primary cost is bandwidth, would you like to have an underage person with no credit card but all the time in the world to download your preview content over and over again and wasting your bandwidth accessing your site?), but it would also remove people surfing from work (you'd be surprised - I've run several networks where all traffic went through a Squid proxy, and the traffic stats were "interesting" considering it came from people working in glass cubicles), from any country that decides to stop the "immoral" porn sites, from any municipality or state with powers to order ISP's to filter, and a wide variety of other situations.
The porn industry would likely hate *.xxx for those reasons: It makes it easy to censor them.
And we should be vary of any attempt to force controversial content to be labelled for exactly that reason.
Another problem is who sets the standards. In some countries kissing publicly is considered obscene. Some countries consider bare womens limbs obscene. Some countries are pretty liberal about underage nudity as long as it's not in a sexual setting (some places parents taking pictures of their children playing naked on the beach would be ok on a page with their holiday pics, but would be considered child porn if they were put on a porn site, for instance)
This is why the .kids proposal was altered to .kids.us - it restricts the above problem to standards within a single country. But in the .kids.us case it's about positive labelling: Label what you explicitly want to allow rather than that which some people will want to restrict, so the problem was smaller to start with.
A .spm would have some of the same problems. As long as the criteria would be made purely based on delivery method and volume I wouldn't be too concerned, but again the question would be in what cases mass distribution could be made outside of .spm, and how to verify that it taken place.
Also, a .spm would need more than just that - a major problem of spam is the cost of handling it for ISPs. Making it harder to reach users, but giving spammers a specifically legal way of delivery, would likely exacerbate that by forcing spammers to massively increase their volume to make up for reduced reach.
Your *kid* having to push delete on something with pictures of stuff in orifices where it doesn't fit is also what the problem is...
Consider the consequences of univeral use of whitelists.
Spam initally becomes almost completely ineffective (good), and it becomes difficult to contact people initially without an introduction.
So, how do we solve the problem of contacting someone who does not have my address on their whitelist, e.g., a researcher who just published something of interest?
We'd need to start a way of traversing overlapping "buddy networks". This may spawn something like the 'Six Degrees of Separation' experiment/game, as in "I need to get this message to Mr. X, could you please forward it to someone who might be closer to him?".
This could have ineresting social consequences. Increasing bonds by increasing communications and traded favors? Increasing annoyance among friends? I don't think spam could penetrate such a filter, since it would have to convince multiple people that it is a genuine message.
Thoughts?
It's not attacking several financial sites, just Fethard Finance.
.biz TLD has been regularly used by spammers, who use the zombie networks to host their websites and even DNS servers. I bet fethard.biz is ran by someone, who is sick and tired of getting the .biz domain thorouhgly plonked by blocklists and complained either directly to the criminal spammers or the admins of the .biz TLD and the spammers got a word of that.
The
Proletariat of the world, unite to kill spammers.
The more painfully and slowly, the better.
In Soviet Russia, I ruled you
you are required to pay a small escrow fee as part of your ISP service fee, AND
if someone receives and e-mail from you and deems it as spam, then he clicks the appropriate button, AND
your escrow fee is charged *once per e-mail* and his is increased by the same amount.
The balance of the escrow fee would be refundable at any time, but accounts with a balance of 0 would be unable to send e-mails.
As I think through this, I can see several virtues:
1. The senders of spam would have to pay per offensive e-mail and would thus have strong incentive to stop.
2. Senders of legit e-mail would continue to have free or mostly free e-mail.
3. Those affected by spam would have immediate recourse and receive compensation for their time.
4. The spirit of the plan seems right: if you are going to waste my time with your spam, then you pay me for it. But if you are a friend, you get my time for free.
Does anyone see drawbacks to this plan? Perhaps increase in net traffic per e-mail sent, but that would presumably be offset by a substantial decrease in spam.
Human being (n.): A genetically human, genetically distinct, functioning organism.
[...]
my ISP (who, incidentally, enforces a strict anti-spam policy)
These two statements are mutually contradictory. But first, a reminder that SPEWS is not Not NOT representative of mainstream anti-spam blocklist providers. Both SpamCop and SpamHaus use narrow targeted blocklists. Furthermore, the real responsibility for your blocked email lies with the recipient postmaster who chose to use the SPEWS list. Their server, their rules. You could call them and ask to be whitelisted.
According to best evidence, SPEWS always starts with an abuse complaint email and a /32 blocklisting. If further spam arrives at their address(es?) the listing expands to /28, /24, etc, until either the spammers are removed or the entire ISP is listed. In order to reach /16, your ISP must have ignored SPEWS and retained its spammers for a long Long LONG time.
But not whitelisting as we know it.
Think about it: most spam comes from cable and adsl connected machines. dynablock.easynet.nl is trying to block each and every dynamic IP on earth, effectively making it a whitelist of static and therefore blockable IP's.
One could even take this one step further: blacklist the entire internet and whitelist known mailservers. Getting out of that should be easy, but no so easy that a spammer could do it automatically. And when you're spamming from a whitelisted IP, the IP is blacklisted again for, say, 1 week. Then it can be whitelisted again, but when you're spamming again, then it's blacklisted for a month.
The hard part of such a whitelist is: where do you start? I think it would be sensible to start out by simply tagging mail originating from blacklisted IP's. Early adopters can then whitelist each and every IP they expect mail from. After a while a sufficiently small amount of mail will be tagged by the blacklist, so it can be used to start blocking with it.
If we only could convince each and every postmater on earth to use such a system, it could be very, very useful.
Meanwhile, please use Dynablocker. It can really help making h4x0red boxes useless as a spam source.
This is your sig. There are thousands more, but this one is yours.
The basic problem is that the DOJ is a political institution. It's not a neutral enforcement institution seeking to punish lawbreakers. Who and how it decides to punish people are political decisions, deeply influenced by the political needs and goals of the administration. Spam and spammers have too many growing ties to people important to the Republican administration and its pro-corporate, pro-business financial backers. A real crackdown on spam would have shockwaves that would hurt them financially and politically, and with the election only a 366 days away, you can bet that pissing these guys off is something they don't want.
Since the site is currently being slashdotted, here is a copy of the press release:
A new virus released by spammers on Saturday 1st November is infecting computers worldwide, and this time the purpose of the virus is to attack www.Spamhaus.org. The W32.Mimail.D virus is the latest in a string of viruses, each one released by spammers for the purpose of creating a vast worldwide network of spam-sending machines and building an attack network consisting of hundreds of thousands of virus-infected zombie machines with which the spammers then attack anti-spam organizations.
W32.Mimail.D is designed to infect computers worldwide causing them to each begin making overwhelming amounts of bogus requests to Spamhaus.org's web server, www.spamhaus.org, and also attacks the web servers of www.spamcop.net and www.spews.org.
Spamhaus began coming under massive distributed Denial of Service (dDoS) attacks in July 2003, soon after the release of the SoBig.E virus and the Fizzer virus (W32.HLLW.Fizzer). In June Spamhaus stated that spammers had now moved from simple spamming through open proxies to actually manufacturing and sending out viruses to create a network of spam proxies, infecting hundreds of thousands of mainly home-user machines on broadband (ADSL) lines.
Fizzer (W32.Fizzer-A) in particular is a very wide-spread worm which spreads by emailing itself to contacts in Microsoft Outlook and Windows address books. The purpose of Fizzer is to install a minature web server on which spammers then host typically "pills & porn" sites, an IRC backdoor, and a DoS attack tool specifically for attacking anti-spam organizations. In August and September 4 anti-spam systems were forced into closure under overwhelming dDoS attacks that hit them for weeks at a time.
Spamhaus itself was subjected to the same intense dDoS attacks for 3 months but survived thanks to its large distributed network capable of absorbing the attacks. Still, expecting more attacks, in mid September we moved the Spamhaus web site behind an anti-dDoS device known as iSecure supplied by Melior CyberWarefare Defence (www.ddos.com) and can therefore now withstand the waves of dDoS attacks.
From: http://www.spamhaus.org/news.lasso?article=13
My parents have an SBC DSL account and now I can't send them email from my server (admittedly hosted on a roadrunner cable modem) because they're blocking everything from 'dialups'.
Then relay your mail through your ISPs SMTP server and move on with life. Suddenly, everything works, and you still have control over your own mail server. This also offloads SMTP re-sends, etc, onto the ISP mail server, rather than your own, which is rather nice.
Spammers spend a tremendous amount of time and energy cracking systems, setting up zombies, getting around barriers of all sorts. The reason why is because they have a financial incentive to do so.
If security through obscurity is an intellectually bankrupt concept, then the spam industry innovates security knowledge like no other.
The fact is that spammers not only save work for the script kiddies, they help the NSA, CIA, FBI, KGB... as well as IBM, MSFT, SYMC...
Think of them as parasites that feed off our collective ignorance, and you'll see what a useful cleansing function they serve in the greater ecosystem.
They where a great free email service ('whitelist') similar to the TMDA system.
I see quite a few posts suggesting that spammers are getting desperate, but brazen seems more appropriate. They are shutting down some of our most effective anti-spam tools and there seems nothing we can do about it. To me that looks more like their winning.
Quack, quack.
1. Print out all the new laws and proposed regulations; bind them into a big, thick book.
2. Get some competent network admins (who are obviously nowhere near any government cyber-crime unit) and can easily track down the source of the spam and worms.
3. Go to the perpetrators home or residence.
4. Beat the perpetrator over the head with the book of laws.
The more laws we pass, the heavier the book becomes and the more brain damage it will do. Considering the trend our leaders have in thinking more laws will stop this when the existing laws aren't being enforced, the only reasonable solution is to use the actual laws themselves as some form of blunt instrument.
Well, if you use TMDA, you can configure it to avoid what you're talking about. With TMDA, it can detect whether or not an email was sent in response to an actual email that you sent. If so configured, then any challenges that you get from someone will only be delivered to your mailbox if you actually sent the original email. If a spammer, right now, sends an unsolicited challenge to my mailbox, I'll never see it.
So, exactly the contrary to what you're saying. The wider spread the use of C/R like TMDA, the less effective that your suggestion will be.
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.