Slashdot Mirror
Paid To Spam
Lathiat writes "It seems that spammers have taken a new distributed approach to sending spam, and you get paid for it.
Virtual MDA will pay you $1 per CPU hour their program is running to relay spam around the world. Obviously this is not something you should do, most users are all to familiar with the atrocity of sorting through up to hundreds of spams a day just to find one real email, Although it has been previously reported that some users love spam, I for one don't.
Is there any way end users can fight back against people like this?" At $1/hour, this sounds like a low-gain way to infuriate both your friends and perfect strangers.
Most ISPs prohibit this in their T&Cs. So unless you have a direct pipe to the Internet, you're surely going to be cut off as soon as they realise what all that 24/7 traffic is?
When I am king, you will be first against the wall.
It runs as a service (or whatever windows calls daemons nowadays) so you're not getting even close to a CPU hour in an hour.
All's true that is mistrusted
Including their phone number and mailing address:
Sendmails Corporation
P.O. Box 195
Manchester, NH 03105
TEL: 603.622.6999
FAX: 603.624.9089
Of course what you choose to do with that information is up to you...
Atriks, LLC
55 Bridge Street
Manchester, NH 03101-1188
US
Administrative Contact:
Host Master hostmaster@atriks.com
Atriks, LLC
55 Bridge Street
Manchester, NH 03101-1188
US
Phone: 603-624-7008
Fax: 603-624-9089
Technical Contact:
Host Master hostmaster@atriks.com
Atriks, LLC
55 Bridge Street
Manchester, NH 03101-1188
US
Phone: 603-624-7008
Fax: 603-624-9089
Someone needs to set up a huge server room that accepts only incoming packets so the spammers can seed the servers. Then no spam is sent out, but you still get paid. Make spam more costly that the revenue it generates... (Yea I know server rooms are expensive... just a thought)
I hate to blow some people expectations here, but these are _cpu_ hours we're talking about.
Let me demonstrate: here's a section from my ps -ax:
PID TTY STAT TIME COMMAND
1 ? S 0:05 init [4]
and here's my uptime:
16:45:07 up 4:31, 4 users, load average: 0.09, 0.34, 0.34
(yes I turn my PC off at night, so what...).
To sum it up, init has been running for 4 hours 30 minutes, but only has 5 cpu seconds on the clock. This is an extreme example, X on my laptop has used 15 mins on 2:30 hours uptime, but it get's the point across.
Sending out spam is bandwidth limited, not cpu limited (unless you run this on a 486 over a T1), therefor, you are going to be hammering your connection, whilst only using a small percentage of your cpu, and only earning mabey 2-3 dollars a night (and I'm being optimistic there, it could be a lot less).
So in short, this will work until people realise that there being had, and then it'll just disappear into the mist.
Nice try, but zombies are more effective...
Ask 8 slackers a question, get 10 awnsers (a citation, but I can't remember from who)
You know it only takes 15 mins of elevated mail traffic on our systems before your ip gets locked down.
Providing you have a Linux(tm) (or something) firewall handy, and a junk windows box to run the proggie on, you can set up a few rules with iptables, bind, and sendmail to put this together as follows:
1 - install crapware on the junk machine
2 - on the fw, have iptables transparently redirect all outboud smtp traffic to the local copy of sendmail
3 - configure bind on FW to be a root, and put a wildcard MX record in to point to your FW as the MX for world+dog
4 - have sendmail configured to accept all messages from everywhere (the wildcard MX record above will aid in this)
5 - work some virtusertable magic to get sendmail to dump all messages to a local account whose mailspool dumps to dev/null
6 - ???
7 - Profit!
Of course, we would have to include some exceptions to allow some presumed "test" or "tracker" messages through to let the company know that the program is running, and to fool them into thinking you are sending the spam out, but hey...
Anything else I am missing?
John
Please read it carefully. It is $1 per CPU hour, not $1 per hour. Sending email is not a CPU-intensive task. One CPU hour can be equivalent to as much as several weeks of saturated modem traffic!
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
I noticed recently while trying to diagnose an email problem that Time Warner Cable now limits its "unlimited service" to 1,000 emails sent per day. Obviously, you'll hit your limit well before that CPU-hour, so you'll never make more than $365/year and eliminate your ability to send any personal email.
You'd make more money hanging out at the street corner holding cardboard sign that says, "Will compute for food."
Yeah, right.
One catch -- if you read through their "agreement," they have the right to round the time you "work" downwards, they have the right to defer payment until you reach a certain amount accrued, and they have the "right" to LOSE YOUR ACCOUNT INFORMATION. Really. "Sorry, we lost your info, so we don't owe you anything."
In short, after you sell your soul and your internet access, you get nothing in return. Zero, zilch, nada. Find someone who has received a nickel from these guys, if you can.
"Ain't no right way to do a wrong thing."
In addition, Atriks' own policy insures that they will NEVER pay you.
Believe me, this news hits slashdot late. The folks at your ISP almost certainly are aware of Atriks, and its owner Brian Harberstroh by now, and if not, you can point them to THIS. Spamhaus does not add listings to ROKSO until after a spammer has had three documented terminations. In fact it often takes several before one can get three which are documented, as most ISPs don't announce when they've terminated a spammer.
--Og
I case you couldn't get to the site like me, here are the terms of service from the google cache.
Terms Of Service
1. ACKNOWLEDGMENT AND ACCEPTANCE OF TERMS OF SERVICE. Atriks, LLC
("ATRIKS") web site, VirtualMDA and other ATRIKS services and web properties ("Service"),
owned and operated by ATRIKS, is provided to the
member community under the following Terms of Service and any operating rules
or policies that may be published by ATRIKS. The Terms of Service comprise the
entire agreement between Member and ATRIKS and supersede all prior agreements
between the parties, regarding the subject matter contained herein. By
participating in the registration process, members are indicating their
agreement to be bound by all of these Terms of Service.
2.Payment. Upon completing the registration procedure, you will be given a unique
identification account number ("UID"). You will be paid by ATRIKS $0.25 for every
Central Processing Unit Hour ("CPU HOUR") used by the VirtualMDA software located
on your personal or business computer(s) (either or both of which shall be the
"Installed Computer(s)") is actively connected to the internet ("Online"). The
Installed Computer may accumulate a maximum of 24 CPU HOUR's in one day. If
your UID logs more than 24 CPU HOURS in one 24 hour period, your account
may be suspended or terminated for unusual or suspicious activity. In order to
receive payment, you must submit a request to ATRIKS using the electronic request
form provided to you via your member account webpage. Your member account webpage
will contain a calculation showing the amount of money accrued in your account.
In case of a dispute as to the amount accrued, the amount shown in your account
is final and binding upon you in all respects. You may only request payment, and
ATRIKS shall only disburse from your account, when your account is equal to or
greater than $50.00 for United States residents and $90.00 for those residents
outside the United States. In the event of technical problems or data loss which
causes a loss of account information, your account will be reset at $0.00, and
you hereby waive any and all claims for any amount previously accrued but not yet
disbursed. All payments shall be by check, made payable to you, and sent to you
at your last known address via the U.S. Postal Service, first class mail. There
will be a check processing fee of $3.00 (three dollars) and any payment returned
to ATRIKS shall be voided, and your account shall be deleted and any accrued
amounts will be forfeited
3. DESCRIPTION OF SERVICE. ATRIKS is providing Member with Internet services and
opportunities to get rewarded while using the Internet in exchange for performing
certain actions as desired by our advertisers. As part of this service ATRIKS provides
Member with proprietary software ("SOFTWARE") for relaying email messages.
In consideration for this Service, Member agrees to: (1) create only
one account per household and, (2) provide certain current, complete, and accurate
information about Member as prompted to do so by the Service and, (3) maintain and
update this information as required to keep it current, complete and accurate and.
All information requested on original sign-up shall be referred to as account
information ("Account Information"). Furthermore, ATRIKS will not share, sell, trade,
or give away personally identifiable Member information to third parties without Members'
explicit permission. Upon registration, all users grant to ATRIKS their explicit
permission (1) to contact them with important information about Members' accounts and
updates to our services, policies and business practices, (2) to access and use the
Installed Computer(s) for relaying permission based (opt-in) email for ATRIKS and/or
third parties, and (4) data gathering activities, without further notice to or permission
from Member. The users have the option to choose not to be contacted or t
A few boxen on the party-end of a T1 would be $8k/yr. each, and I doubt anyone would yank your line. Only morons that try this stunt on a home DSL connection would get cut off. With the extra $$$ flowing in (a T1 costs about $500/mo around these parts), you could buy another T1 and some nice gear. Maybe even a $1m house.
You'd still be evil, though. It's so hard to wash away the stains spam leaves on your hands.
A lot more than you would guess.
A few years ago I developed and managed a cluster of such machines to send out daily emails to the users of a large internet site (these were emails that people signed up for, not spam).
One machine ran a perl script which accessed the db and pulled out the various bits of content, addresses, and names. It would piece together the basic message and hand off the rest of the assembly and actual sending to one of three other machines.
These four 486/25 with 32M RAM running FreeBSD were able to send about 300,000 custom emails per hour without breaking a sweat.
Gomez Peer is a legitimate company that'll pay you for your bandwidth and CPU time. Basically, it checks various websites for reachability/performance. Apparently it's hard to get in, unless you're on their "most wanted" location list.
Yeah the email address signing up receives a confirm/deny email with three links: "subscribe", "don't subscribe", and "for God's sake don't ever send me anything from any of your servers ever again" (last two links are also in the footer of all messages we send out). We did once have a problem with a h4x0r (one of our clients at the time) trying to automate hits to the subscribe link but we caught him.
We never could think of a good fix to prevent that. Anybody have any ideas?
All's true that is mistrusted
Whois:
55 Bridge Street
Manchester, NH 03101-1188
Phone- 603-624-7008
Fax- 603-624-9089
hostmaster@atriks.com
Atriks is a mailing list company. "Atriks offers targeted public record data that comes entirely from publicly available Internet sources. We collect, compile, aggregate and provide the most high-quality, complete, and up-to-date data possible for every individual and business with a presence on the Internet." They're a member of the Direct Marketing Association. They claim a server farm with 330 servers and seven terabytes of data. Here are some of the lists they offer:
-
Atriks Broadband Consumers "1,000,000+ consumers who have demonstrated a thirst for better technology and a willingness to spend money for enhanced products and services are included."
-
Atriks Personal Domain Owners with Credit Cards "7,000,000+ consumers have registered a domain for their own personal use and have created Web sites that share everything from jokes to family pictures. A key part of their registration is supplying credit card information, resulting in a file with all major credit card selects available."
-
Atriks Subscribers by ISP "6,700,000+ subscribers identified by ISP are included in this database. Mailers can target these subscribers by more than 100 selectable ISP providers."
Those are just the "consumer" lists. They also have business-to-business lists.Atriks is co-located with a local ISP, MV Communications.. MV has been in business for many years. They have modest backbone connections for an ISP; 6Mb/s to Global Crossing, 12Mb/s to Level 3, and 12Mb/s to Paetec. Unclear at this time if MV and Atriks have common ownership.
They're what the DMA would call a "legitimate spammer".
Not really an original idea. Snail mail mass marketers seed their lists with their own PO Boxes and such to ensure that mails are actually getting sent.
From their terms and conditions:
"In the event of technical problems or data loss which causes a loss of account information, your account will be reset at $0.00, and you hereby waive any and all claims for any amount previously accrued but not yet disbursed."
You can't claim until it gets to $50, and your account can be reset to $0 at any time.
I suspect it will be much less than that. Note that the Virtual MDA web site states that "Sendmails pays VirtualMDA users based on every CPU hour used." CPU time is not the same as the entire time your computer is switched on; only those CPU cycles used by their spamming software will accrue towards the $1/hr they offer. From my mail server:
last pid: 1164; load averages: 2.06, 2.03, 2.05 up 9+18:45:52 14:10:25
118 processes: 3 running, 114 sleeping, 1 zombie CPU states: 0.0% user, 99.2% nice, 0.8% system, 0.0% interrupt, 0.0% idle
Mem: 170M Active, 118M Inact, 89M Wired, 17M Cache, 61M Buf, 106M Free
Swap: 512M Total, 484K Used, 511M Free
PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU CPU COMMAND
79891 smmsp 2 0 1880K 1168K poll 0 0:14 0.00% 0.00% mimedef
636 smmsp -6 0 25880K 24908K piperd 0 0:08 0.00% 0.00% perl
835 smmsp -6 0 14304K 13812K piperd 0 0:03 0.00% 0.00% perl
73986 smmsp 2 0 2188K 984K select 1 0:01 0.00% 0.00% mimedef
243 smmsp 18 0 2384K 1224K pause 0 0:01 0.00% 0.00% sendmail
73986 smmsp 18 0 2388K 1760K pause 0 0:00 0.00% 0.00% sendmail
You can see that sendmail only accrued about a seconds worth of cpu time in the 9+ days it has been running here. Granted, a busy spam spewer would rack up cycles much faster, but it still wouldn't amount to the total length of time the computer has been running. I'd guess after a couple weeks of continuous spamming, you might have earned an hour or so of cpu time. Whoopee! Sign me up. Not.
Full ToS is on their website
.sig
http://www.virtualmda.com/terms.htm
I've paraphrased their clauses.
My comments are in italics after.
1. By signing up, you agree to this ToS
2. You get $1 for every "CPU HOUR".
You have to ask to get paid.
We won't pay unless it's at least $50.
If there's anything suspicious, or we make a mistake in accounting, you get nothing.
Comment: it's not clear what a "CPU HOUR" is, but I suspect despite the many claims on slashdot, that they really do mean $1 for every hour your computer is running their program and is connected to the internet sending email. But their program doesn't run unless both you and they tell it to, so they could guarantee that it runs less than 40 hours if they wanted to.
3. You agree not to cheat.
4. We can change the Terms of Service whenever we want.
My guess is that this happens if you would actually get paid if they didn't.
5. You are responsible for security.
6. There is no warranty.
7. We aren't liable for anything.
8. Our software has a copyright.
9. We decide if you violated the ToS.
10. You can't resell the service.
I wonder why they're worried about that.
11. You are responsible for anything we send.
Yes, they really do expect you to take the fall for what they are doing.
12. You indeminfy us.
And if they should happen to take the fall, then you have to pay for that too.
13. All you can do if you don't like it is quit.
14. The legal jurisdicition for everything is New Hampshire.
15. You agree not to participate in class actions against us.
And that goes for all time, not just this.
In other words, they know you're going to want to sue them, so they want to make sure it's not worthwhile to do it.
Mostly, the ToS is the usual collection of stupidity, but that last clause is so out there that I had to comment.
-- this is not a
I installed the client just for kicks (Don't expect them to pay out, I'm curious):
Time Run: 1:31:14:999
CPU Time Used: 0:01:05:199
CPU % Usage: 1.69%
Oh yeah, did I mention it has a trojan?
Typed screenshot from AVG Antivirus:
AVG Residant shield
Virus
Trojan horse Downloader.4.Small.BT
is found in file
D:\Program Files\VirtualMda\package.exe
To remove this virus, please run AVG for Windows
At 0.2% CPU usage:
24x365x.002 = $17.52/yr
You can bet they've optimized it for minimal cpu usage, and that it'll suck up nearly all of your bandwidth. You'd be paid about $20 a year for most of what you pay over $300 a yr for. A very raw deal, not to mention the high probability of it getting you in trouble with your isp.
jrjBlog
Allight, this is just scary...
Upon registration, all users grant to SENDMAILS CORPORATION their explicit
permission (1) to contact them with important information about Members' accounts and
updates to our services, policies and business practices, (2) to access and use the
Installed Computer(s) for relaying permission based (opt-in) email for SENDMAILS CORPORATION and/or
third parties, (3) to access and use the Installed Computer(s) for domain name resolution,
and (4) data gathering activities, without further notice to or permission
from Member. The users have the option to choose not to be contacted or their
information shared by terminating their account. SENDMAILS CORPORATION collects online behavior
statistical information for our members. Examples of information that we collect,
other than through the registration form, include URL of visited pages, registration
for offerings and IP addresses. Examples of data gathering activities include web page
retrieval, domain tld discovery, and internet port/proxy discovery. Upon termination
of the online session, closing of the browser and/or termination of your membership,
this information will no longer be collected. We gather this information to improve
the administration of the services and to increase the earning potential of our members.
This information will be made available to third parties. If any information provided
by Member is incomplete or inaccurate, SENDMAILS CORPORATION retains the right to terminate Member's
membership and rights to use the Service.
No thank you....
O_O
Joseph?