Slashdot Mirror
Another Worm Targets Anti-Spam Sites
kevinvee writes "Yahoo! is reporting about the next battle of Spam Houses versus Spamhauses. This time, its W32/Mimail-L receiving the attention. "It's the third Mimail variation to come after us, except this one is trying to do more," said Steve Linford, founder of The Spamhaus Project. Apparently this reincarnation comes as an attachment offering naked photographs. Once infected, a follow-up e-mail is sent to the user stating that a CD containing child pornography will be delivered to their postal address. "These guys write trojan (viruses), they carry out DDOS attacks and they get their money through selling stolen credit cards and spamming," Linford said."
If the government can go after the tobacco companies for killing people with their second hand smoke, why can't they go after the software companies that have obviously turned a blind eye to security in the name of profit and the after-market anti-virus industry? It's their shoddy software that allows this to be possible yet they make billions while costing ISPs and end users billions more.
Hell, some US states are even going after gun manufacturers..
Trolling is a art,
I think this is actually a good thing because it links spammers with viruses and therefor reinforces the association "spammer = evil". Perhaps sooner or later more people (and gov. agencies and companies) see spam not just as annoyance but as attack.
Seriously, I dislike spammers as much as the next guy, but immediately saying this is the work of a spammer is stretching it just a bit. For all we know the person behind the worm has nothing to do with spam.
Isn't there some way to distribute the anti-spam sites/lists so that a DDOS attack can't take it out? All that's needed is a simple neural net-style system - redundancy and distributed content (which the internet makes simple) could solve this sort of problem, at least for now.
GL
It's absolutely insane. They won't stop 'til they've destroyed email.
It's melodramatic, but: spammers really have declared war on email, and the Internet and its users as a whole. They're fucking with email, they're fucking with DNS, they're sending out viruses to infect users and spread more filth, and they're trapped in this huge positive feedback loop that I'm desperately afraid won't end. They pump out millions of emails which get ignored so they pump out more which gets them blocked so they pump out more to get around that and they start attacking their opponents and now the volume of spam is so high they need to pump out even more just to get any sort of return...
Rationally, I think the only way around it is to attack the economics of spam, as has been suggested by many much smarter than me.
But really, what I want is revenge.
Carousel is a lie!
Yes, but when those virii are targetting one machine instead of the internet as a whole, it makes something of a difference, Graham...
Simon
Physicists get Hadrons!
I've just received a fake "mailer daemon" rejection message with a viral attachment; although my a/v program caught it, I can see this tactic catching even the most suspicious of us...
Mastercard, wait, even better AmEx issues a card with the same idea. The card is used once in response to a single spam. The card is then cut up but not cancelled. Hand the card numbers and the billing address over on a platter.
When the card is used again, set your phasers to sue. The beneficiary of the card's usage can either be charged with fraud, etc. or roll on their superior. Pass the buck up the ladder until you can jail a spammer not on the basis of spam but of felony(ies).
Of course, this assumes that you can find a "member magnifier" offer that isn't even looking to send you Sucrosa. Still, it might be worth a shot as a low-cost investment with a good potential for a high yield.
The same idea could be used for eBay and PayPal scams. It's not as if none of us have gotten those "Please enter your password in this email and click submit button" spams. I wonder if this is already done. I'm a smart guy, but I'm still just another geek on /.. It seems some well-compensated theft prevention exec would have started doing this a long time ago if it would work. Though honestly, I don't see any problems with it myself.
The only thing more dangerous than a file named -rf is renaming it -rf\ /
As much as I hate spam and worms and such, that is too funny. Some dumb bastard tries to get the free pr0n from the email, gets infected, then gets scared to death because they lock you up for a LONG time for possessing kiddy pr0n.
Maybe this is vigilante spam, using the scared straight theory. Next time Joe Sixpack tries to look at the free pr0n, a little voice will pop up and remind him of what happened LAST time.
What they're doing amounts to terrorism (at least, under today's NewSpeak definition of "Terrorism"). Why are the authorities not trying to track these guys down? How hard can it be? It is extremely difficult to completely cover your tracks on the net. You find out where an email came from. Track it back to the ISP. Find out where it came from. Track it back to the next ISP. Check their logs. Continue until you get to a modem pool/DSL connection. There's your guy.
Are they all outside the country? Will those foreign ISPs not cooperate? Why is this so common?
Like woodworking? Build your own picture frames.
This is getting ridiculous. All of these worms/viruses of late have their own SMTP engine built in, and connect directly to external SMTP servers to spread their payload. ISP's (and businesses that provide access to internal workstations) need to block access to external SMTP servers! In particular, block egress port 25 from the network.
So you will ask, "But then how will I use my company's or other SMTP servers from home?" Easy, the port used for initial mail submission (IMS) should be set to a different port altogether. IMS and mail transport are different activities and should be treated as such. Use SMTP+AUTH+SSL, run it on port 465, and everybody is happy (except spammers and virus authors).
"But I want to run my own server on my dial-up or other consumer level account!" Contact your ISP and see if you can get a static IP address. SMTP servers should be on static IPs, that way bounces and other system messages can be routed properly. Check the AUP of your ISP, you might be prohibited from running a server on your account (find another ISP, or use the tip above to use a different SMTP server).
To do otherwise is to continue to be part of the problem, not part of the solution.
I never really understood why someone didn't just contact the CC companies and get a really low limit on their credit cards. Hell, even TELL them that you're going to use it for "verification purposes" online, so that you'd want to know who tried to charge money to it. I don't know if you can, but ask them to keep track of where it was rejected.
Enter the number once, and watch the traceable info for spammers / people that buy this information just ROLL in.
It may be time-consuming, but so is this battle with attempting to blacklist spammers.
As promised, there's a new tool in town. Project Web Form Flooder is still in beta, but it's functional in flooding spammer's websites with plausible data. Java source code only right now, but I'd imagine the ./ crowd can deal with that.
If we flood spammer's websites with garbage data, maybe, just maybe we'll do a little to remove the profit motive in spamming, and once there's no money in it it'll end.
Isn't it time we stopped crying and started doing something?
Just use a decent mailer, some antispam filter and update it.
Why would you just physically hurt somebody ?
I can think of plenty of reasons. Like, say, promoting child and bestiality porn. To anyone, including children. Because they refuse to take no for an answer and mutate their mail around my spam filters. Because they hammer mailservers with dictionary attacks, wasting resources that aren't theirs. Because they pull the kind of crap referenced in this story. Because they file frivolous lawsuits against anti-spam organizations who are just trying to help people avoid their crap, so that they can try and drain their resources. Because the email address I've used as a public point of contact on my websites is so flooded with bestiality porn that I'm afraid to open it in public.
In short, I don't think it's the right response, but theres certainly plenty of motivation to do so. I'm not going to cry over it if someone takes a baseball bat to Alan Ralsky's head.
Why?
Probably the most impressive, presumably malicious attachment I've seen so far has been one I've had a few copies of recently. When I first saw it, it looked surprisingly plausible:
n sfer-Encoding: binary"
"Hello there,
I would like to inform you about important information regarding your email address. This email address will be expiring.
Please read attachment for details."
It claimed to be from 'admin' at my email provider, an address which actually exists and I have had mail from them in the past, so even I had a second look...
It had an attached Zipfile, message.zip, containing a message.html, which began...
"MIME-Version: 1.0
Content-Location:File://foo.exe
Content-Tra
Then a binary which definitely looked like a Windows executable. The whole attachment was about 35kB in size, so fairly plausible for a reasonably complex HTML document.
Anyone know what it might be? The apparent HTML payload in a Zipfile seems pretty innocuous at first glance, so you have to be even more careful. I'm using an up-to-date Pine on a remote FreeBSD machine, so I was perfectly safe, but I can really imagine others being caught
It's easy to say "don't open obvious spam at all" and "never open an attachment" and "never click on a URL in an email."
Personally, my middle-aged brain only functions at about a four-nines reliability level, meaning that if I deal with thirty pieces of email a day, about once a year I'll accidentally do something STUPID.
Like pressing "reply" before I've finished composing my mail. Or replying to all when I only meant to reply to one. Or replying to a list when I only meant to reply to one person on a list. Or thinking that PayPal might really have sent me an email. Or opening a foreign attachment. Typically I realize that I've goofed approximately five hundred milliseconds after performing the mouse click that commits me to the imprudent action.
(It doesn't help that I actually have real human friends who do send me email message with subject lines that are blank, or consist of the single word "Hi!" or "Meeting.")
I am sure that you never ever do anything STUPID, and I fully agree with you that someone as STUPID as I deserves to have my computer infected with viruses.
"How to Do Nothing," kids activities, back in print!
Cannot resist this one...
OK kids, sit down and let uncle bubba explain this one for you. One, if you see something once, it might be a coincidence. Twice means that maybe lighting is hitting the outhouse twice. This is the third one of these, and with each successive version, the methods and operations of the virus are getting more effective and efficient. That means at least two developers were able to reverse engineer and increase the efficiency of the payload of the virus, OR someone is monitoring what is going on and making improvements. Tell you what, I will let you think about that one for a sec...
We also have the comments from the spammers themselves. Many have come out into the open and said that anti-spam orgs declared war on them, and that they would fight back. Do you honestly think that this is just a chance happening?
I guess it could be, I mean, you could have some slashdotter waging a disinformation campaign targeting anti-spammers to piss everyone off...
Oh, and too the nuts want to sue Microsoft under the same pretenses as suing gun manufactures...dude, spammers are equal opportunity abusers...they are abusing open protocols as much as they are using OS holes to propagate this crap. So unless you want to sue Berkley or something like that...
Spammers evil...viruses evil...censorship evil...censoring spam ev...WAIT!...good...
"We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns -- the ones we don't know we don't know."
i have yet to see anyone point out WHY spam is actually as effective as it is -- people buy into it!
if spam wasn't a money-maker, spammers wouldn't exist, it's as simple as that. just like if diets weren't such a huge industry, you wouldn't be seeing posters on how you could lose 30lbs in 30 days plastered all over your city (the birth of spam, might i add).
if all these men just stopped caring about the size of their weenies, spam would take a huge hit. if we'd all be a bit smarter and not even consider clicking on insurance / any financial links in spam, that market would also take a huge hit. and if we were all more passionate with our partners then that takes care of goat / bestiality porn. the 'barely legal' crap, you have to deal with on your own. that's just wrong.
honeypots, bayesian filters, spam blockers, LAWS... so much time, effort and money is being put into something that will only be solved once we start dealing with our own insecurities / needs.
### http://www.gunfinger.com ### greed / tec
> It's absolutely insane. They won't stop 'til they've destroyed email.
... when there isn't a commons left. When we've all retreated into isolated communities and protocols, and will have to pay for the privelege of connecting with strangers, under the rare circumstance anyone might even treat contact from a stranger as anything but suspicious. Where that contact will be monitored and regulated, ostensibly to reduce spam, but nevertheless we will need the permission of the gatekeepers to push out any decent quantity of content.
s/email/every public commons/
These people can, have, and will spam by email, fax, autodialers, IM, SMS, spyware, and every single method of communication they can get their hands on that makes it cheap to publish.
The feedback loop will certainly end
FTC Commissioner Orson Swindle (I love that name) has said about spam "what we need are a couple of good hangings". While the government continues to do the one thing it's good at, make harrumphing noises at the problem, nothing whatsoever is being done about this ongoing criminal behavior, let alone unethical hucksterism. I'm not a fan of government intervention, mind you -- it'd just be nice if they just started enforcing the laws they actually have on the books.
I've finally had it: until slashdot gets article moderation, I am not coming back.
Okay, my fault for feeding the trolls, but:
When I talk about "attacking the economics of spam," what I mean is making it unprofitable to be a spammer. I think there are lots of ways to do this; taxing, while one way, is a particularly stupid and noxious method.
Here are things I think will work to varying degrees:
- Blacklists
- Spidering spammer websites
- Legal action (sadly, no URL...)
I think the best idea is spidering websites. What if spamming meant inviting a massive DOS on your website?Carousel is a lie!
Sounds like your IP is inside a CIDR block listed by SPEWS (or something similar). If it happened to be SPEWS (your symptoms certainly match), did you actually bother to read the SPEWS FAQ?
There certainly is a reason why you got blocked. Either someone has sent spam from your IP (if you have dynamic IP) or spam has been sent from the same netblock (and your ISP didn't bother to eject the spammer scum).
If you present this kind of accusations, we (or at least I) would like to hear some more details...
99 bottles of beer on the wall... take one down, chug it a-down 98 bottles of beer on the wall... 98 bottles of beer on
Even better: pretend to buy. Some spammer's site are so easy to crack (hint: SQL-injection) that it's a joke.
Harvest credit card numbers (with matching delivery and billing addresses, and often with matching CVV's) on one spammer's site, and use them on another's.
If enough people do this on a routinely basis, several things will happen:
- The word will spread about among buyers of spamvertised products that buying these is a surefire way to get trouble with their credit card
- Excessive rate of chargebacks make many spam operations unprofitable
- Credit card companies will realize that spammers are troublesome business partners, and become very reluctant to give them merchant accounts.
Hit them in the pocketbook (but use an open proxy, unless you want to get into trouble yourself...)Just something to think about: This article talks about spammers along with references to not only spam, but destruction of anti-spam, virii, pornography, theft, identity theft, and child pornography. The only way they could really make spammers look any worse is if they labeled them as baby rapists.
While it could be true, it's beginning to sound like propaganda, intending to make these guys look more Evil than life. Think about the article's motivation, author, and target audience. Be careful, there may be something more going on than what we see on the surface.
You DON'T HAVE TO make this kind of stuff up--the spammers are more than happy to provide the real thing!
The virus in question (mimail.L) offers porn, claims to be sending you child porn, attacks anti-spam sites, and tries to associate those anti-spam domains AS CRIMINALS in the minds of the target.
What do you WANT the article to say? That these spammers/virus writers are misunderstood, because they had poor childhoods and their mothers didn't like them?
Take off the tinfoil and open your damn eyes.
What part of "shall not be infringed" is so hard to understand?
Agreed. I don't advocate extralegal violence against spammers, but were such a thing to happen, and were I asked to sit on the jury of the person charged with the offence, I would return a verdict of not guilty. Assault and/or homicide are crimes against human beings. In my system of values, spammers ceased to qualify as such several years ago.
If asked for my views on spammers during jury selection (DAs in spammer-infested areas take note, I'm by no means the only one), I would admit as such and would likely be removed from the pool of eligible jurors. If not asked during jury selection, I would simply stick to my guns during deliberations and demand a verdict of not guilty on the grounds that neither an assault nor a homicide was committed.
My beliefs would most likely result in a hung jury and a retrial, or, (in the extremely improbable event that I sway the other 11), jury nullfication -- the setting of a precedent that in that court's jurisdiction, and unless/until the verdict is overturned by a higher court, spammers are no longer protected by laws intended to protect human beings. Let hilarity ensue.
It's the ratio.
In my Bayesian corpus, the .COM extension in an HTML tag is a 90.43% spam probability (because most of my non-spam doesn't have HTML tags) and a 22.0% spam probability in free text.
Meanwhile, BIZ is a 99.92% spam probability when found in an HTML tag and a 90.5% spam probability in free text.
So, yes, .BIZ is a good spam token and I, too, have thought about filtering everything .BIZ. The main reason I don't is because my Bayesian filter catches 99.9% of it all anyway so there's no reason to bother increasing my false positives by filtering BIZ.
Spammers do indeed have a weak point. They are dependent on procesing their payments via credit card companies.
I once tried to set up an online business that would accept payment via credit card. To set up a trading account, you have to jump through all sorts of hoops and rules. It's not cheap or easy. The credit card comapnies cheak who you are quite rigourously before they will give you a business trading account.
Part of their rules is that the trader must clearly identify theirself/the business when making a sale.
There are only a very few credit card companies - amex, visa, mastercard, mbna, that covers about 80% of the market.
I'm not quite sure how to go about informing the credit card comanies that you have received an illegal credit card payment request. Perhaps you could send the spam to them, or the url of the actual webpage where it asks to fill in your credit card numbers.
For the desperate, you could actually pay something, maybe using a spare card that you never use, then at once inform the credit card company of the situation, requesting a refund, and giving them relevant details, e.g. the website with the unlawful request on it, so that they will place a black mark against the trading account of the spammer.
Too many of them and they will close his trading account. With the resources that credit card companies have for checking on background, its gonna be bloody hard for the spammer to reopen new acocunt, especially as lying for the purposes of getting a trading account is something that the police take REALLY seriously...
(close your card or keep an eye out for any further withdrawals from your account and instantly notify the credit card company - they will then know the spammer's been passing around your details and have his address on file - more charges for the police to use)
What do you think of this method?
-tomato