Slashdot Mirror

← Back to Stories (view on slashdot.org)

Examining an Automated Spam Tool

Posted by michael on from the processed-meat dept.

Saint Aardvark writes "SecurityFocus has published an excellent column detailing how spammers r00ted an Apache server, and used it to send spam. The tool they used is (I hate to admit it) pretty sophisticated: it has macro capabilities, picks up email addresses from and reports success or failure to the master server. It's a very frightening read...and so is this: Message Labs reports that they now intercept 27 spam emails per second, up from 2 per second this time last year. Virus-created proxies are mainly to blame."

9 of 415 comments (clear)

  1. Re:All this really makes me wonder... by taperkat · · Score: 5, Insightful
    can't we just beat the stupid people that actually respond to spam, thereby making the spammers more money to keep berating me to get my cock enlarged?

    after all, I am a female.

    --
    "But I can't get an ocean that's deep enough for my day..." ~The Frames, "Fitzcarraldo"
  2. Re:All this really makes me wonder... by calebtucker · · Score: 5, Insightful

    I totally agree. While I really hate the spammers I think I might hate the people that actually buy stuff from spam a little bit more.

    If you think about it, there are some really intelligent spammers (even though they are disgusting scum of the earth). They're always one step ahead of us and are figuring out new ways to spam us.

    On the other hand, the people who buy stuff from spam are just plain morons. period.

    --
    My sig can beat up your sig.
  3. Re:Spammers know what they're doing by Vainglorious+Coward · · Score: 5, Insightful

    Spammers regularly compromise other systems and install sophisticated software to allow easier spamming.

    I could have sworn that this was illegal.

    It is illegal, but then again, many of the products and services the spammers are pimping are also illegal. The legality (or not) has very little to do with it.

    --
    My next sig will be ready soon, but subscribers can beat the rush
  4. Re:Spammers know what they're doing by Urkki · · Score: 5, Insightful

    Of course it is illegal. The problem is catching those that do it. The actual spam marketers will be hard to prosecute for it just because they use services of other "businesses" for delivering their marketing material. And actually getting these "other businesses" to court might be rather hard if they operate in some 3rd World pirate heaven, have no public office, and all business transactions are handled electronically, and are purposefully hidden or obfuscated.

  5. yes it is profitable by RouterSlayer · · Score: 5, Insightful

    yes it's definitely profitable, this is part of the problem, a major part of it!

    even with all the crap that people are doing, new SMPT clients, new RFCs and bullshit, it's not going to work!

    why? because spammers pay their ISPs tens of thousands of $ a month just for the privilege of spamming!

    I remember an old story months (or years) ago about a spammer, got tracked down, the whole nine yards, the ISP refused to cut them off because they were paying the ISP over $50,000 a MONTH to send spam. These days they pay even more.

    So all your "checks and balances" don't do any good, because the spammers are VALID users (at least in the eyes of the ISP hosting them).

    And this is also why no one does egress filtering. AT&T US, etc won't do it because they get PAID to keep sending the stuff...

    face it, spam is BIG business, it makes millions, esp for the ISPs, etc.

    all your useless "valid" client checks, checksums, special SMTP servers, blah blah blah won't make a damn of difference.

    the only way is with either good (huge) blacklists or bayesian all over the place.

    and what someone said about "end users" not caring about bandwidth usage, not true. I'm an end-user, and I care, excess bandwidth costs me money dammit! I am my own mail server, so don't tell me a firewall on my server is gonna slow down the traffic. it doesn't.

    I keep to my original proposal, a massive blacklist. headache? yes, but it'd work if kept updated...

  6. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  7. Pretty good article by bigjnsa500 · · Score: 5, Insightful

    It was a pretty good article, but he leaves off one glaring fact. If he had kept his software up to date, this would never have happened. BugTraq says August 2002 when this was identified.

    --
    This is a test. This is a test of the emergency sig system. This has been only a test.
  8. Re:yep by Urkki · · Score: 5, Insightful
    • Something desperately needs to be done with SMTP to control this stuff....

    Yes. It needs to be completely blocked at backbone routers, and new and better alternative developed.

    So, the steps would be
    1. develop a better alternative as fast as possible, and make it as simple as possible to implement.

    2. deploy the better alternative for test use.

    3. develop a fixed version 2 of the better alternative after it's holes are discovered.

    4. deploy the fixed version.

    5. block SMTP and version 1 of new protocol at international and national backbones and national borders, so that everybody is forced to switch.

    So SMTP would still be completly usable for example inside organizations, so if a company has huge installed base of legacy software, they could have internal SMTP-new protocol gateway.

    Of course this would require IETF to get their act together, and various governments to agree that this must be done, and actual new protocol to be simple enough and not contain patented algorithms or any other stupidities.

    So it will not happen. Then spam will overwhelm the internet transfer capacity. Then SMPT is blocked and free internet e-mail will cease to exist. Proprietary solutions will develop, but there will be a chaos. Incidentally, Microsoft will happily provide a closed proprietary system only usable from their operating systems.
  9. Interesting, but... by grahamtriggs · · Score: 5, Insightful

    Let's first of all say I am no fan of spam. In fact, I hate it. All spammers - and virus writers - should be strung up and subjected to some real virii.

    However, some of these statistics are possibly obscuring reality. For example, let's take Messagelabs anti-spam service. Until recently, all emails from WorldPay - receipts, etc. - were marked as spam. All the traffic on an email discussion list that I have signed up for are marked as spam. Some commercial email notification lists that I have signed up for (ie. Maplin offers) are marked as spam.

    But none of those emails *are* spam. Admittedly, some spam emails do get through without being flagged. So maybe it's a bit 'swings and roundabouts'. And regardless, the situation is pretty depressing anyway.

    One thing I have been thinking about - and just wondering whether it should be entered as an Ask Slashdot item - are some of the 'cures' as bad as the problem itself?

    I work on biology / medicine journals websites, and we offer a number of automatic notification and general update services. Note that these are *not* spam - they are requested by individuals by signing up on the website - and instructions are given in every email in how to remove yourself from the list. And they are a very valuable service to many people that do choose to receive them. Yet it only takes 1 person to not bother to read or follow the removal instructions, or otherwise hit some other temporary (accidental) issue that holds up their removal, and then submit it to a blacklist service to bugger things up for many other people.

    So where is the regulation on the blacklist services? Where is the ability for *genuine* (provably genuine) companies to register their services in such a way that rather than getting blacklisted immediately, they have the opportunity to respond to the issue raised? Is this a small or large price to pay to partially stem the tide of actual spam?