Slashdot Mirror
Another Worm Targets Anti-Spam Sites
kevinvee writes "Yahoo! is reporting about the next battle of Spam Houses versus Spamhauses. This time, its W32/Mimail-L receiving the attention. "It's the third Mimail variation to come after us, except this one is trying to do more," said Steve Linford, founder of The Spamhaus Project. Apparently this reincarnation comes as an attachment offering naked photographs. Once infected, a follow-up e-mail is sent to the user stating that a CD containing child pornography will be delivered to their postal address. "These guys write trojan (viruses), they carry out DDOS attacks and they get their money through selling stolen credit cards and spamming," Linford said."
I think this is actually a good thing because it links spammers with viruses and therefor reinforces the association "spammer = evil". Perhaps sooner or later more people (and gov. agencies and companies) see spam not just as annoyance but as attack.
Isn't there some way to distribute the anti-spam sites/lists so that a DDOS attack can't take it out? All that's needed is a simple neural net-style system - redundancy and distributed content (which the internet makes simple) could solve this sort of problem, at least for now.
GL
It's absolutely insane. They won't stop 'til they've destroyed email.
It's melodramatic, but: spammers really have declared war on email, and the Internet and its users as a whole. They're fucking with email, they're fucking with DNS, they're sending out viruses to infect users and spread more filth, and they're trapped in this huge positive feedback loop that I'm desperately afraid won't end. They pump out millions of emails which get ignored so they pump out more which gets them blocked so they pump out more to get around that and they start attacking their opponents and now the volume of spam is so high they need to pump out even more just to get any sort of return...
Rationally, I think the only way around it is to attack the economics of spam, as has been suggested by many much smarter than me.
But really, what I want is revenge.
Carousel is a lie!
I've just received a fake "mailer daemon" rejection message with a viral attachment; although my a/v program caught it, I can see this tactic catching even the most suspicious of us...
Mastercard, wait, even better AmEx issues a card with the same idea. The card is used once in response to a single spam. The card is then cut up but not cancelled. Hand the card numbers and the billing address over on a platter.
When the card is used again, set your phasers to sue. The beneficiary of the card's usage can either be charged with fraud, etc. or roll on their superior. Pass the buck up the ladder until you can jail a spammer not on the basis of spam but of felony(ies).
Of course, this assumes that you can find a "member magnifier" offer that isn't even looking to send you Sucrosa. Still, it might be worth a shot as a low-cost investment with a good potential for a high yield.
The same idea could be used for eBay and PayPal scams. It's not as if none of us have gotten those "Please enter your password in this email and click submit button" spams. I wonder if this is already done. I'm a smart guy, but I'm still just another geek on /.. It seems some well-compensated theft prevention exec would have started doing this a long time ago if it would work. Though honestly, I don't see any problems with it myself.
The only thing more dangerous than a file named -rf is renaming it -rf\ /
As promised, there's a new tool in town. Project Web Form Flooder is still in beta, but it's functional in flooding spammer's websites with plausible data. Java source code only right now, but I'd imagine the ./ crowd can deal with that.
If we flood spammer's websites with garbage data, maybe, just maybe we'll do a little to remove the profit motive in spamming, and once there's no money in it it'll end.
Isn't it time we stopped crying and started doing something?
Just use a decent mailer, some antispam filter and update it.
Why would you just physically hurt somebody ?
I can think of plenty of reasons. Like, say, promoting child and bestiality porn. To anyone, including children. Because they refuse to take no for an answer and mutate their mail around my spam filters. Because they hammer mailservers with dictionary attacks, wasting resources that aren't theirs. Because they pull the kind of crap referenced in this story. Because they file frivolous lawsuits against anti-spam organizations who are just trying to help people avoid their crap, so that they can try and drain their resources. Because the email address I've used as a public point of contact on my websites is so flooded with bestiality porn that I'm afraid to open it in public.
In short, I don't think it's the right response, but theres certainly plenty of motivation to do so. I'm not going to cry over it if someone takes a baseball bat to Alan Ralsky's head.
Why?
It's easy to say "don't open obvious spam at all" and "never open an attachment" and "never click on a URL in an email."
Personally, my middle-aged brain only functions at about a four-nines reliability level, meaning that if I deal with thirty pieces of email a day, about once a year I'll accidentally do something STUPID.
Like pressing "reply" before I've finished composing my mail. Or replying to all when I only meant to reply to one. Or replying to a list when I only meant to reply to one person on a list. Or thinking that PayPal might really have sent me an email. Or opening a foreign attachment. Typically I realize that I've goofed approximately five hundred milliseconds after performing the mouse click that commits me to the imprudent action.
(It doesn't help that I actually have real human friends who do send me email message with subject lines that are blank, or consist of the single word "Hi!" or "Meeting.")
I am sure that you never ever do anything STUPID, and I fully agree with you that someone as STUPID as I deserves to have my computer infected with viruses.
"How to Do Nothing," kids activities, back in print!
Cannot resist this one...
OK kids, sit down and let uncle bubba explain this one for you. One, if you see something once, it might be a coincidence. Twice means that maybe lighting is hitting the outhouse twice. This is the third one of these, and with each successive version, the methods and operations of the virus are getting more effective and efficient. That means at least two developers were able to reverse engineer and increase the efficiency of the payload of the virus, OR someone is monitoring what is going on and making improvements. Tell you what, I will let you think about that one for a sec...
We also have the comments from the spammers themselves. Many have come out into the open and said that anti-spam orgs declared war on them, and that they would fight back. Do you honestly think that this is just a chance happening?
I guess it could be, I mean, you could have some slashdotter waging a disinformation campaign targeting anti-spammers to piss everyone off...
Oh, and too the nuts want to sue Microsoft under the same pretenses as suing gun manufactures...dude, spammers are equal opportunity abusers...they are abusing open protocols as much as they are using OS holes to propagate this crap. So unless you want to sue Berkley or something like that...
Spammers evil...viruses evil...censorship evil...censoring spam ev...WAIT!...good...
"We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns -- the ones we don't know we don't know."
i have yet to see anyone point out WHY spam is actually as effective as it is -- people buy into it!
if spam wasn't a money-maker, spammers wouldn't exist, it's as simple as that. just like if diets weren't such a huge industry, you wouldn't be seeing posters on how you could lose 30lbs in 30 days plastered all over your city (the birth of spam, might i add).
if all these men just stopped caring about the size of their weenies, spam would take a huge hit. if we'd all be a bit smarter and not even consider clicking on insurance / any financial links in spam, that market would also take a huge hit. and if we were all more passionate with our partners then that takes care of goat / bestiality porn. the 'barely legal' crap, you have to deal with on your own. that's just wrong.
honeypots, bayesian filters, spam blockers, LAWS... so much time, effort and money is being put into something that will only be solved once we start dealing with our own insecurities / needs.
### http://www.gunfinger.com ### greed / tec
Just something to think about: This article talks about spammers along with references to not only spam, but destruction of anti-spam, virii, pornography, theft, identity theft, and child pornography. The only way they could really make spammers look any worse is if they labeled them as baby rapists.
While it could be true, it's beginning to sound like propaganda, intending to make these guys look more Evil than life. Think about the article's motivation, author, and target audience. Be careful, there may be something more going on than what we see on the surface.
You DON'T HAVE TO make this kind of stuff up--the spammers are more than happy to provide the real thing!
The virus in question (mimail.L) offers porn, claims to be sending you child porn, attacks anti-spam sites, and tries to associate those anti-spam domains AS CRIMINALS in the minds of the target.
What do you WANT the article to say? That these spammers/virus writers are misunderstood, because they had poor childhoods and their mothers didn't like them?
Take off the tinfoil and open your damn eyes.
What part of "shall not be infringed" is so hard to understand?