Slashdot Mirror
Paid To Spam
Lathiat writes "It seems that spammers have taken a new distributed approach to sending spam, and you get paid for it.
Virtual MDA will pay you $1 per CPU hour their program is running to relay spam around the world. Obviously this is not something you should do, most users are all to familiar with the atrocity of sorting through up to hundreds of spams a day just to find one real email, Although it has been previously reported that some users love spam, I for one don't.
Is there any way end users can fight back against people like this?" At $1/hour, this sounds like a low-gain way to infuriate both your friends and perfect strangers.
(1 x 24) x 365 = $8760 per year.
The money is tempting. Imagine all the toys that could be bought with it.
Evolution or ID?
I wonder how long it will take before someone finds out that they can use captured, trojan infected, computers to relay spam and earn money through this scheme.
I guess it's tempting to think that "ahh, I have 500 "clients" and could earn thousands each day!".
Melius mori in libertate quam vivere in servitute.
How can they check that you're actually processing the spam? Sign up, block the outgoing non-meat product and take their money.
$168 a week? Cool! I'll do it!
:) /dev/null.
Psst.. don't tell the spammers: I'll fix the spamming problem by putting a black hole transparent proxy between the machine running their program and the internet...
Anything they'll try to mail gets sent straight to
No, not really, but it'd be a nice way to cheat them...
.sig: No such file or directory
This summer I was living on about 5 bags of ramen a day, and was in danger of losing a place to live. About all I had to my name was my PC, and a free internet connection.
As much as I hate spam, if I was ever in the same situation again, I would sign up for this in a heartbeat. $720 per month is more than I would make with a legitimate part time job (considering that I am a student, making Canadian money). Spam isn't going away, and I would be more than willing to run the risk of losing friends, and making enemies of perfect strangers if it meant putting food on my table, and giving me a roof to live under.
At the moment however, I am doing fine, and in spite of the nice things I could buy with $1000 a month, I will not be signing up for this, as I value my principles more than material goods.
Just something to keep in mind before slamming people who give CPU time to this cause.
It should be easy to fool that tool:
Computer behind a firewall. Firewall redirects all port 25 connections to some other server. This server accepts all mail and dumps it.
24 h sending mail, 24 earning money !
Just out of curiosity, are there any legitimate companies out there that pay for CPU cycles? I'm sure the hordes of unemployed on slashdot (myself included) would like to know.
-Colin
This could be coupled with upstream filtering, and used to collect hashes of known spam in order to block spam all over the world.
How about getting paid $1/hour to help STOP spam ??
This sounds like a great idea for an open source project!
You cant make anything foolproof, they'll only invent better fools.
Think about this: I offer you a free broadband connection on a couple of terms: #1: you must leave your computer on at all times, and #2: You must install and leave installed my special little distributed computing applet. When your machine is idle, it would connect to my servers and become a node in a massive cluster. I could then sell time on this cluster to companies and individuals with needs for extreme processing power. Interesting idea, no?
"Hand me the bullet-shooty-thing and a box of little hurts" -Overheard on a USMC Rifle range
If you simply install a firewall filter that blocks the outgoing spam mail, the spammers can never figure it out and you're making money for nothing. The program runs, it sends spam, the spam just gets nowhere.
A powerful computer to pump out spam quickly and a decent firewall to block it will pay for themselves quickly if you keep them running 24/7.
Sigmentation fault - core dumped
... considering the value of a dollar in some countries. I guess this program's demographic includes any computer up to spec in 3rd world countries.
Hey, all the more reason to go to war with them!!!
Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose.
This is actually a heckuva way for the spammers to get around RBLs such as the ones used by Razor for blocking high spam domains. Now instead there will be god knows how many spammers coming from more trustworthy domains such as att.net, comcast.net, msn.com, etc. Granted each person may be only able to do 100 or so a day before tripping their ISP mail server off, but if a few thousand people are doing it... sheesh...
And I just installed SpamAssassin/Amavisd-New/Razor/etc, then they go and do this.
'Life is like a spoonful of Drain-O, it feels good on the way down but leaves you feeling hollow inside'
I'm a commercial bulk emailer. We've wanted to do something like this for a while but always got scared off by liability issues.
This is a brilliant solution because the one thing we're always short of (even as legal bulk emailers) is IP blocks that aren't blacklisted (since a lot of the blacklists run simply on volume of email sent or take the word of somebody who's too stupid to remember he actually did sign up for a mailing list). I would assume actual spammers have an even tougher time with their IP addresses. Now they can spam up all the cable ISP's IP blocks, and once a block gets blacklisted they can just switch to a new set of users. Brilliant.
All's true that is mistrusted
One thing I have noticed in this world is, nothing gets fixed until there's some major crap hitting the big collective fan.
Now here we have an email system which is increasingly broken, taken over by spammers, yet no one can agree to cooperate on a solution. Even the laws we make dont have any teeth.
I think we should promote this new thing, and all jump onto the bandwagon.
We should be able to definitely slashdot the email system at a planetary scale, thereby causing massive amounts of media aired/printed 24/7 for a few weeks.
The repercussions on spammers would be spectacular, to say the least.
I bet there would also be some political clout to revamp email to eliminate spam and prevent it from ever occuring again.
I equate this to a spammer saying: "here's a perfectly working gun. now use it to shoot me."
Sadly, an easy way to prevent decent folks like you and me from screwing over the bad guys would be to seed several addresses into the listing that go back to the master spammer. If the master spammer never receives the email-- which conveniently has a tracking number to identify the machine that sent it-- the sender never gets a dime.
I'm unimpressed, but wait till someone codes this into a trojan with his spam-sender-id-thingy on it. He'll easily make thousands an hour without ever sullying his own machine, and at no risk to his ISP account because hey-- he's not sending the spam, the zillions of clueless users he infected are.
"Why Subscribe?" Good question...
(1 x 24) x 7 = $168/week.
And loss of your ISP connection due to violation of the TOS.
I guess they will find enough short term accounts this way. They don't care that the people they use have a new problem to deal with.
The truth shall set you free!
1. Set up dummy email server that goes nowhere. 2. Sign up for spam program. 3. Send spam to dummy server. 4. Collect $24/day ($8760/year) The more people who do this, the broker the spammers will become.
Indeed, a Windows service is just a process started by the service controller. It could be running at top priority and starving everything else in the system, if it's set up to do that.
Even at lowest priority it'll get all the cycles no one else demands, which could be just shy of 100% all night long (plus most of the day, while you're at work or in class or whatever). Viewed over a 24-hour period, the vast majority of computers nowadays have essentially zero load.
Yes, my only tool is a hammer. And you're starting to look like a nail.
I'm thinking trap it all and use it as a spamtrap. That way you're inoculated before anyone ever gets it.
Here's what you do:
Subscribe.
Set up this program on as many computers behind a closed network.
Setup a DNS system that points to another machine for a wildcard domain (have it respond to one machine for ALL DNS lookups)setup as a local email server that responds to all domains for all send requests.
Run their program on a massive array of computers, getting paid $1/hour of CPU time to email to a blackhole.
Or, block outbound SMTP requests from all machines you run it on (assuming they don't verify send - which they probably do) and run it on as many machines.
Anyways, the best way to fight this is to sabotoge it. (And get paid for it at the same time.)
of course i didn't rtfa...but stay with me i have a plan...
you get about a dozen or so computers running...since they pay per cpu hour, you run it on all of the boxes 24/7 now you put up a firewall that blocks all outgoing email traffic...now you are killing 2 birds with one stone because you are sucking money out of the spammers and you aren't actually sending any spam!
now i guess i will rtfa...
This is why we need to get the major ISPs to contribute to centralized IP address lists of all broadband DUL space. Legitimate mail servers should refuse to accept mail from cable and DSL SMTP traffic. Then these spammers' schemes won't work, and it will also dramatically cut down on virus/worm propagation. I'm unaware of any really good DUL RBL except for Maps which is now pay. Does anyone know of a solid DUL RBL that's free?
DSL/Cable Method:
Sounds good: $840 per week
First, Taxes: $500
DSL/Cable gets cut off after a week, weekly replacement, non refundable: $440
Two day wait for installation of new DSL provider (cuts funds by 2/7): $315
Give two months, and you have likely run out of providers.
T1 Method
Sounds good: $840 per week
First, Taxes: $500
Pay for T1: $375
Now were talking!
Oh, but wait - assuming you find a provider that offers a T1 that doesn't cut you off... then, within 6 to 12 months, you become a Co-Defendant in a CAN-SPAM law suit. Assuming the judge does not find you responsible... Good luck paying yourself and a lawyer on $375 per month.
There's another thing here as well. There's very little likelyhood that ANY computer can dedicate more than 95% CPU to a single task (unless you are running this program on DOS). It also assumes that they give you enough addresses to process to actually make this type of money (very doubtful).
However, assuming everything were to go your way, T1 provider that likes you and no law-suit...Yeah, you can live on that, but you'd probably want to steal candy from kids to suppliment your income.
Kinetic stupidity has a new brand leader: Allen Zadr.
This is total BS:
In the event of technical problems or data loss which causes a loss of account information, your account will be reset at $0.00, and you hereby waive any and all claims for any amount previously accrued but not yet distibuted.
This is their back door. Every time their accounts get to the point where they need to pay out... they have an 'accident'. I can see it now:
You: Where is my paycheck bitch?
Them: I'm sorry sir, there was a technical problem that resulted in data loss of account information.
You: So? Where is my paycheck?
Them: The terms of agreement clearly state that we are not responsible for any payment if this happens.
You: But this is the 4th time in a row that you were suppose to pay me!!!
Them: Sucks to be you. Now get outta here, you bother me.
I also like section 15. Give it a read.
What a scam.
-Mark
Dovie'andi se tovya sagain.
Do you wonder why spammers are now trying to sign up individual users to help them relay spam?
The answer is because relay-blacklisting is working!
None of the client-side, server-side, content-based filtering has made any difference. What HAS made a difference are mail servers which are utilizing relay-blacklists of known spammer IP space and refusing to connect with them. This has forced the spammers to begin abandoning their havens in China, Brazil, Korea and other areas. Now they're trying to infiltrate domestic broadband IP space. First they tried it via propagating viruses and worms and that isn't working out as well as they'd like (and they probably figure sooner or later, the Feds just might actually prosecute one of them), so now they want to sucker people into spamming for them.
All this is an indication that relay blacklisting IS effective.
RBLs are becoming more sophisticated nowadays. Spamcop can usually ID a spam source in real time within an hour of it beginning operation. AOL and other major ISPs are now looking at RBLs to help them block spam. It's much more economical than strip-searching e-mail content using filters.
Let's keep up the pressure. Let's continue to force the spammers into smaller areas of the Internet where they can be identified and dealt with. This latest effort is a good sign they're getting desperate to figure out where they can send spam out from. None of the content-based filtering schemes have come nearly as close to slowing down their efforts as much as RBLs.
I've had my mailserver blacklisted, and I tell you - $1000 an hour couldn't possibly be enough to blacklist-bait yourself like that. You never realise just how totally your business relies on email until suddenly it mostly stops working.
Of course, then there's the fact that this proposal is offensive, anti-social, and just plain retarded.
How were we blacklisted, you ask? We use an exim server as the gateway, with sendmail internally. The gateway server was marked as a trusted host for relaying on the internal server (indirectly; it was part of a subnet of hosts that needed to be able to relay). Normally that's not an issue, because the exim gateway would refuse to accept messages asking for relaying anyway.
Unfortunately, the exim gateway permitted percent-hack messages to pass, permitting an attacker to bypass the gateway server's checks, and deliver a message for relaying to the sendmail server. Which promptly relayed it, because the gateway was a trusted host.
Fix: disable percent hack (Why TF is it even supported anymore anyway?) and set the gateway to be able to deliver, but not relay.
1. Take 2 computers.
/dev/null -filler.
2. Connect them with a LAN.
3. Run Windows and this spam generator on computer A. Set it's network settings to use machine B as its gateway.
4. Run Linux on computer B. Hijack all connections and packets originating from computer A and destined for port 25 (or all which are targeted outside the spammer's IP, to be safe). Let other packets to travel to Internet normally, so that the spammer can download new spam definitions.
5. Run a mail server on computer B. Forward all mail coming from computer A to be study material for a Bayesian filter and then
6. Profit !!!
7. Watch as all the other geeks get the same bright idea.
8. Watch and enjoy as the spammers go bankrupt.
9. ??? (it is impossible to predict what a post-spam Internet will be like).
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
In short, after you sell your soul and your internet access, you get nothing in return. Zero, zilch, nada. Find someone who has received a nickel from these guys, if you can.
I'll bet you get a free gift!
Identity theft! Especially since they'll probably ask for account information where they can deposit your ill-gotten gains.
(Never try to out-scam a scammer... it's like trying to argue with an idiot.)
Wolde you bothe eate your cake, and have your cake?