Slashdot Mirror
Spammer DDoS-By-Virus On spamhaus.org
McDutchie writes "Steve Linford of Spamhaus announced in a press release that the latest Wintel virus, W32/Mimail-E, was created by spammers for the specific purpose of DDoS'ing Spamhaus, Spamcop, and SPEWS. It's becoming more and more clear that the spambags are the ones behind the recent mess with the Windows viruses. They must really be getting desperate."
Seriously, I've been getting less spam lately thanks to filters. Sure, it's not gone entirely, but it's a lot less of a hassle than it used to be. I sure hope this is a sign of things to come... If they're this desperate to stop anti-spammers, they gotta be in their throws of death.
Ironically, the spammers who try to "get tough" in this way will probably end up putting themselves out of business. They've only survived this long because of relative obscurity, but once these extra-malicious spammers are caught, there won't be much in the way of goodwill for the other, questionably legal ones. Good riddance.
I wonder if this will be quickly followed by a press release on being slashdotted..? The world's friendliest DDoS attack..
Chris, taffie down under..
I like this NANAE post by Steve Linford much better. Especially the last paragraph.
W32/Mimail-E, was created by spammers for the specific purpose of DDoS'ing Spamhaus, Spamcop, and SPEWS.
And in phase two of the attacks spammers craftily create stories containing links to the target spam lists and post them on slashdot. LFTL
I've said it before, the feds should stop looking for super-uber-mega crackers. The biggest, most expensive, and most damaging ONGOING computer crime is spam. They're not idiots, and they're not harmless nuisances. They're quite capable, and have hired on many technically proficient guns to do their dirty work, cracking systems, running hordes of zombies, and trying to find exploits in every commercial and non-commercial system so they can send out ever more spam.
Get to work on eliminating spammers and much of our current crop of computer-related woes will just GO AWAY. The only people who would hate for this to happen are the spammers, the hired guns, and companies like Symantec...
This is great news!
Now we're once step closer to linking spam to al Qaeda. These viruses are terrorist actions, and are more demonstrably more dangerous even than Iraq's nukes!
Once we somehow link spammers to September 11, we can invade them (or maybe just throw them in jail where the other inmates can do the "invading").
Anything that brings "spam" and "viruses" closer together in the public eye is bad for spammers in the long run.
And fortunately for the rest of us (or unfortunately depending on your point of view), this type of behaviour just makes spammers more of a target for legislation and law enforcement.
I'm a perfectionist but I'm trying to cut back.
"Honey, I feel a certain distance between us..." "Really? A 31ms ping ain't that bad..."
Except, of course, that part of SpamAssassin's checks are to use the 'antispam registries' you are complaining about.
Quite frankly, with the current volumes of spam it is impractical to try and run a mailserver for more than a few thousand users without some form of blocklist or having extremely deep pockets. The problem with SpamAssasin is that it actually increases the load on ones mail servers - a variety of checks have to be run on every single mail. By contrast, using a blocklist means that spam can be rejected before the DATA stage, reducing the load on the server, and the bandwidth consumed by spam.
Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
Recently my cable internet service was suspended. Upon calling tech support I was transfered to the fraud and abuse department, you can imagine the look on my face. The techie told me that my access had been suspended because a computer on my network was infected with the welchia worm. The techie was kind enough to even provide me with the MAC address of the offending machine. I was suprised because my mixed network of 10, linux and windows machines, is kept up to date with the latest security patches. After checking all 10 machines I found that none of them had the mac address supplied by the techie. Upon further investigation of my DHCP logs I found that my WiFi network, SSID free_as_in_beer had its first visitor. I left it open because I believe in free access and wanted to see if anyone interesting would enter the network. Unfortunatly the mysterious computer was not logged in so I could not send a net send message to it, and it seems that the person would connect infrequently. I asked my neighbors and couldnt find the individual so I was forced to employ WEP enchrption. Now I've got chalkings outside my apartment just incase someone with any bit of knowledge wants a free ride, but my point, yes I actually had one, thanks for reading was that I feel bad for grandpa and grandma with their 2000 model compaq connected directly to the cable modem for emailing the grandkids. I was fortunate enough to convince the ISP that my network had been secured and I was granted access again, they on the other hand have few options. Then again this is a good thing for repair guys that make house calls, but between gator (or whatever its called now) and all the other crap out there I think they're busy enough.
I only wish that I could keep my WiFi up without WEP for my neihgbors or anyone walking by without exposing myself to risk of internet connection termination.
Have any other slashdotters had similar experiences, or suggestions. Thanks.
Im dreaming ofa big bndwdth, That can resist the
Well, the guy behind this article is obviously a spammer.. its a really smart idea to slashdot a site which is getting DDOS'ed... Well, I'm wondering what would have been more damage.. the worm or the slashdotting
What beggars belief more is that a corp with the near-infinite resources of Microsoft still gives people a near-perfect vector for virus distribution. I'm sure if any one of us had 40Bn cash and 8 years (is that how old LookOut Express is now?) we could either code or hire programmers to code an email client that wasnt broken.
:o)
Of course.. if they ever mended LookOut the AV guys would go out of business overnight but that's a whole new consipracy theory involving large cash backhanders and deliberately broken coding there...
I wonder if those who believe Might Is Right ever wonder if they Might Be Wrong...
These cyber-crimes should be addressed in the same way as any other (international crime). Your national law enforcement officers should track down the country of residence of the culprit and/or send out an international search warrant. Contrary to popular belief, 'overseas' isn't some backwards region whose citizens have barely discovered the abacus. In many countries, writing or distributing virii is a crime, as is executing DDOS attacks. Which is good, because it means law enforcement in those countries will generally assist in bringing these criminals to justice.
If you want to complain about nothing happening, complain to your local cybercops.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
An eye for an eye, a minute for a minute;
Well, say spammers send their messages to 2 million recipients, and each spend, on average, 10 seconds reading and deleting said spam. That comes out at 231 days of _completely wasted_ life. Life that can never be given back to whoever lost it.
Even worse, since that's time spent awake, it's more like a year of real time. Say the spammer sends 100 such spams, he would then have _wasted_ an entire lifetime. We can thus, by the "An eye for an eye, a minute for a minute" rule, confiscate the rest of his life!
There's the argument you requested!
cheers,
m
Spamassassin is great for ISPs and other companies that need rule-based spam checkers that are sort of "generic".
For personal filtering, nothing beats a good bayesian filter. I use POPFile myself and it's approaching 99% accuracy and I _LOVE_ it.
Spam very, very rarely makes it past, and if it does, it's the generic "check out this site" type message with no other information. Even spammers trying this technique aren't having much success as I'm seeing less and less of it (maybe 1 or 2 message a month make it past the filters).
The next step in anti-spam evolution will be spam-scanning software that automatically follows links back to webpages and looks for "spammy" content and tags the message as spam in the email system.
For those out there that havn't tried a bayesian form of filtering yet, give POPFile a try: (http://popfile.sourceforge.net/). Just be sure to read the instructions.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
[...]
my ISP (who, incidentally, enforces a strict anti-spam policy)
These two statements are mutually contradictory. But first, a reminder that SPEWS is not Not NOT representative of mainstream anti-spam blocklist providers. Both SpamCop and SpamHaus use narrow targeted blocklists. Furthermore, the real responsibility for your blocked email lies with the recipient postmaster who chose to use the SPEWS list. Their server, their rules. You could call them and ask to be whitelisted.
According to best evidence, SPEWS always starts with an abuse complaint email and a /32 blocklisting. If further spam arrives at their address(es?) the listing expands to /28, /24, etc, until either the spammers are removed or the entire ISP is listed. In order to reach /16, your ISP must have ignored SPEWS and retained its spammers for a long Long LONG time.