Another Worm Targets Anti-Spam Sites

kevinvee writes "Yahoo! is reporting about the next battle of Spam Houses versus Spamhauses. This time, its W32/Mimail-L receiving the attention. "It's the third Mimail variation to come after us, except this one is trying to do more," said Steve Linford, founder of The Spamhaus Project. Apparently this reincarnation comes as an attachment offering naked photographs. Once infected, a follow-up e-mail is sent to the user stating that a CD containing child pornography will be delivered to their postal address. "These guys write trojan (viruses), they carry out DDOS attacks and they get their money through selling stolen credit cards and spamming," Linford said."

Re:A new low

[Saint+Aardvark]

No kidding.

It's absolutely insane. They won't stop 'til they've destroyed email.

It's melodramatic, but: spammers really have declared war on email, and the Internet and its users as a whole. They're fucking with email, they're fucking with DNS, they're sending out viruses to infect users and spread more filth, and they're trapped in this huge positive feedback loop that I'm desperately afraid won't end. They pump out millions of emails which get ignored so they pump out more which gets them blocked so they pump out more to get around that and they start attacking their opponents and now the volume of spam is so high they need to pump out even more just to get any sort of return...

Rationally, I think the only way around it is to attack the economics of spam, as has been suggested by many much smarter than me.

But really, what I want is revenge.

It gets worse -

[m4ilm4n]

I've just received a fake "mailer daemon" rejection message with a viral attachment; although my a/v program caught it, I can see this tactic catching even the most suspicious of us...

A honeypot credit card for spammers....

[LilJC]

We all know the practice of creating an email account, leaving it hidden online somewhere or posting it and telling people not to use it in an effort to get email we are sure is not legitimate. If this works, let's take it a step farther.

Mastercard, wait, even better AmEx issues a card with the same idea. The card is used once in response to a single spam. The card is then cut up but not cancelled. Hand the card numbers and the billing address over on a platter.

When the card is used again, set your phasers to sue. The beneficiary of the card's usage can either be charged with fraud, etc. or roll on their superior. Pass the buck up the ladder until you can jail a spammer not on the basis of spam but of felony(ies).

Of course, this assumes that you can find a "member magnifier" offer that isn't even looking to send you Sucrosa. Still, it might be worth a shot as a low-cost investment with a good potential for a high yield.

The same idea could be used for eBay and PayPal scams. It's not as if none of us have gotten those "Please enter your password in this email and click submit button" spams. I wonder if this is already done. I'm a smart guy, but I'm still just another geek on /.. It seems some well-compensated theft prevention exec would have started doing this a long time ago if it would work. Though honestly, I don't see any problems with it myself.

Revenge?

[$ASANY]

I got some revenge for ya...

As promised, there's a new tool in town. Project Web Form Flooder is still in beta, but it's functional in flooding spammer's websites with plausible data. Java source code only right now, but I'd imagine the ./ crowd can deal with that.

If we flood spammer's websites with garbage data, maybe, just maybe we'll do a little to remove the profit motive in spamming, and once there's no money in it it'll end.

Isn't it time we stopped crying and started doing something?

Re:Revenge?

[hellraizr]

If we flood spammer's websites with garbage data, maybe, just maybe we'll do a little to remove the profit motive in spamming, and once there's no money in it it'll end.

Yes but unfortunatly most spammers have enormous clusters of servers for what they do and more bandwidth than you can shake a stick at (thats the only way the upstream providers will let them spam, they need 20mbit, they buy an OC-3). it would really be no big deal for spammers to survive a DDoS attack, it would take him down for maybe MAYBE 2 hours. how do I know this? I used to work for one. he was more legitimate than "make your penis bigger", all his lists were 2x optin but being in the biz I met all the other spammers down here in Boca Raton FL (the american capital of spam).

To put it in perspective, one spammer had somewhere around 500 servers taking up an entire row of racks in the datacenter we were at. another one had 350. the guy I worked for was comparably small, less than 50 servers. and all these guys have enormous burstable bandwidth behind them (spam eats up somewhere around 100-300mbit/sec when doing the initial dns caching)

Another thing is spammers usually hire VERY good technicians and pay them very well (which is why I stayed working for a spammer). it would be no big deal during a ddos attack, to swap out ip pools on the network (most spammers own tons of ip networks and multiple AS #'s), reprogram the router and setup LVS on 6-8 boxes and it would be able to take most any DDoS you could throw at them.

Oh and finally spam makes money. TONS AND TONS of money. hundreds of thousands of dollars profit a month usually run by 3-4 guys, so there's always room for ways around whatever we can dish at them. they simply have more resources than the userbase they spam.

Yes, us victims deserve all the blame.

[dpbsmith]

It's easy to say "don't open obvious spam at all" and "never open an attachment" and "never click on a URL in an email."

Personally, my middle-aged brain only functions at about a four-nines reliability level, meaning that if I deal with thirty pieces of email a day, about once a year I'll accidentally do something STUPID.

Like pressing "reply" before I've finished composing my mail. Or replying to all when I only meant to reply to one. Or replying to a list when I only meant to reply to one person on a list. Or thinking that PayPal might really have sent me an email. Or opening a foreign attachment. Typically I realize that I've goofed approximately five hundred milliseconds after performing the mouse click that commits me to the imprudent action.

(It doesn't help that I actually have real human friends who do send me email message with subject lines that are blank, or consist of the single word "Hi!" or "Meeting.")

I am sure that you never ever do anything STUPID, and I fully agree with you that someone as STUPID as I deserves to have my computer infected with viruses.

DIE SPAMMER DIE!

[BubbaTheBarbarian]

Cannot resist this one...

OK kids, sit down and let uncle bubba explain this one for you. One, if you see something once, it might be a coincidence. Twice means that maybe lighting is hitting the outhouse twice. This is the third one of these, and with each successive version, the methods and operations of the virus are getting more effective and efficient. That means at least two developers were able to reverse engineer and increase the efficiency of the payload of the virus, OR someone is monitoring what is going on and making improvements. Tell you what, I will let you think about that one for a sec...

We also have the comments from the spammers themselves. Many have come out into the open and said that anti-spam orgs declared war on them, and that they would fight back. Do you honestly think that this is just a chance happening?

I guess it could be, I mean, you could have some slashdotter waging a disinformation campaign targeting anti-spammers to piss everyone off...

Oh, and too the nuts want to sue Microsoft under the same pretenses as suing gun manufactures...dude, spammers are equal opportunity abusers...they are abusing open protocols as much as they are using OS holes to propagate this crap. So unless you want to sue Berkley or something like that...

Spammers evil...viruses evil...censorship evil...censoring spam ev...WAIT!...good...

"We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns -- the ones we don't know we don't know."