Paid To Spam

Lathiat writes "It seems that spammers have taken a new distributed approach to sending spam, and you get paid for it. Virtual MDA will pay you $1 per CPU hour their program is running to relay spam around the world. Obviously this is not something you should do, most users are all to familiar with the atrocity of sorting through up to hundreds of spams a day just to find one real email, Although it has been previously reported that some users love spam, I for one don't. Is there any way end users can fight back against people like this?" At $1/hour, this sounds like a low-gain way to infuriate both your friends and perfect strangers.

$1/hour

[PurdueGraphicsMan]

At $1/hour, this sounds like a low-gain way to infuriate both your friends and perfect strangers.

What happens when other spammers adopt this business model? That $1/hour assumes that you would only work for one spammer at a time. If you were really trying to make a career out of it I'm sure you'd be working for as many spammers as once as you can handle. That being said, it's still a very sleezy way to make a few bucks considering the majority of people hate spam.

I for one would feel like I was selling the rights of everyone else for a living. I'm not sure how people can feel "good" about doing something like this.

Re:$1/hour

[Maestro4k]

• That $1/hour assumes that you would only work for one spammer at a time.

Actually it's $1 per CPU hour, so you can only work for one spammer per CPU hour. Seeings as spammers spam nonstop, I doubt your CPU cycles would ever be free to sign up with another spammer.

Re:$1/hour

[Anonym0us+Cow+Herd]

$1 per CPU hour. But nobody said anything about how fast that CPU needs to be.

How about a beowulf cluster of x286's?

Fifty old slow cpu's and you're making $50/hour.

Oh, and did I mention that my 50 old x286 boxes all share a single dial up line?

On a 300 baud modem?

Re:$1/hour

[Eraser_]

Assuming they don't seed the list with their own addresses to insure validity (damn gave them the idea), whats to stop you from just, you know, setting up your {freebsd|openbsd|linux} gateway from re-routing port 25 traffic to your own custom sendmail hack? "Accept" all the mail it sends and pipe it to /dev/null. Check to see if it's the daily report or whatever just in case they use email to send themselves the data. I see this as a great way to STOP spam ;-)

Sounds like a bad idea

[thebra]

and plus I'm still waiting for my check from All-Advantage!

Great

[TheSpoom]

Great. Way to give them free advertising on a very popular website. As much as Slashdot has users that for the most part hate spam, we also have trolls and people who just don't care and see this as a way to make money. I can hear them cheering right now.

On another note, perhaps legislation should be put forward to outlaw distributed (this would have to be defined further... perhaps third party or in a different physical location, obviously wouldn't want it to affect legitimate servers) mail delivery like this. There's not really any point in a widescale distributed email delivery system OTHER than delivering spam that I can think of... Though I'm sure spam companies would try to come up with something. In this case, I think legislation may be a good thing.

illegal in many places

[PrvtBurrito]

It also needs to be said that this is also illegal in many places (due to spam laws). Spammers are very good at hiding their identities. Stupid users are not, and would be relatively easy to get caught. Honestly, it sounds like a money saving scheme, get someone else to break the law for you, and you come out clean as a whistle. -Sean

ISPs

[Zog+The+Undeniable]

Most ISPs prohibit this in their T&Cs. So unless you have a direct pipe to the Internet, you're surely going to be cut off as soon as they realise what all that 24/7 traffic is?

Re:Thousands per year

[PurdueGraphicsMan]

I will also confess/be honest and say that it is tempting. That's money that would seem free to the person "earning" it.

Earn money fast!

[EinarH]

I wonder how long it will take before someone finds out that they can use captured, trojan infected, computers to relay spam and earn money through this scheme.
I guess it's tempting to think that "ahh, I have 500 "clients" and could earn thousands each day!".

CPU hour, not normal hour

[Theatetus]

It runs as a service (or whatever windows calls daemons nowadays) so you're not getting even close to a CPU hour in an hour.

Re:CPU hour, not normal hour

[gerardrj]

You are assuming that a daemon/service is incapable of running at 100% CPU utilization, which is just an entirely erroneous assumption. Background processes can hog just as much CPU time as your newest 3D shooter.
It all depends on what the thing it trying to do. Look at Seti or Folding, bot run as daemon/service/background processes and both will use 100% CPU.

Re:CPU hour, not normal hour

[DR+SoB]

True although, Windows for example will never let a single application always run at 100% CPU, because if so, the OS wouldn't be running now would it?

Look at it this way, if you let it use 100% CPU usuage, but only give it a 1bps internet connection (use a router to alterate the uprate speed or something), do you still get paid by CPU? Isn't the problem with spam bandwidth not CPU? I'm so confused! Would a person running a 486 with a modem get paid as much for 100% cpu as someone running a zSeries IBM mainframe on bundled T3's??

Hungry People.

[Grey+Ninja]

This summer I was living on about 5 bags of ramen a day, and was in danger of losing a place to live. About all I had to my name was my PC, and a free internet connection.

As much as I hate spam, if I was ever in the same situation again, I would sign up for this in a heartbeat. $720 per month is more than I would make with a legitimate part time job (considering that I am a student, making Canadian money). Spam isn't going away, and I would be more than willing to run the risk of losing friends, and making enemies of perfect strangers if it meant putting food on my table, and giving me a roof to live under.

At the moment however, I am doing fine, and in spite of the nice things I could buy with $1000 a month, I will not be signing up for this, as I value my principles more than material goods.

Just something to keep in mind before slamming people who give CPU time to this cause.

Once again, missing the obvious!

[wowbagger]

Folks, they are paying PER CPU hour, not per wallclock hour.

Since in almost every case you will be I/O bound, while this thing may tie up your entire connection it will not run more than a couple of CPU minutes per wallclock hour.

Thus the spammers screw the people doing this - they think they are going to get 24*7 = $168 a week, but they really are going to get about 24*7*.1 = $16.8 a week. Then they will get nothing because their account was terminated.

HOWEVER, this gives us a GREAT way to screw the spammers - run this sucker on an UNDERCLOCKED machine.

WAYYYYYY underclocked.

Like about 100 kHz.

That way, even with a modem the program will be CPU bound.

Re:Once again, missing the obvious!

[imr]

No, YOU missed the OBVIOUS:
they are SPAMMERS, they won't pay, EVER.

Re:Thousands per year

[gowen]

Imagine all the toys that could be bought with it.

Forget that, Imagine how much I'll be able to extend my penis...

TOS?

[Richardsonke1]

First of all, does this mean that the mail is sent through your own mail server? If so, that's a major TOS violation for most ISPs. If your computer is going to be its own mailserver, that may not work either, because of the number of ISPs now blocking outbout mail servers on their networks.

Secondly, check out their own TOS. For example, this line:

"In the event of technical problems or data loss which causes a loss of account information, your account will be reset at $0.00, and you hereby waive any and all claims for any amount previously accrued but not yet disbursed."

So, not only are you helping spammers, but if they "accidentally" drop that table in their database, they don't have to pay you a thing. Sounds like a really good scam to me. I should go buy a house and put in the contract that if I forget to pay, the house is free for me to keep and the loan is forgiven.

Re:Thousands per year

These aren't "good Xian soldiers" here (not that that would be any better). Do you REALLY trust them to pay?... I somehow doubt that they're willing to cut you a cheque or M.O. Wouldn't surprise me if they were running a double-scam: "Yeah, umm, your $1723 weasel payment is coming right up. Can we just have your account and routing numbers?"

Not that we would fall for it, but just think about who will.

Not so free...

[blorg]

...when their internet connection gets pulled. Which would probably happen within the first week.

Re:Fight back!

[Spyffe]

In addition, you don't even have to use up bandwidth.

If you simply install a firewall filter that blocks the outgoing spam mail, the spammers can never figure it out and you're making money for nothing. The program runs, it sends spam, the spam just gets nowhere.
A powerful computer to pump out spam quickly and a decent firewall to block it will pay for themselves quickly if you keep them running 24/7.

$1/CPU hour? Sure!

[Warpedcow]

Virtual MDA will pay you $1 per CPU hour their program is running to relay spam around the world.

Sure I'll run it. I'll also setup a firewall so that this program can't send any actual data. After all, you're getting paid per CPU hour and not per email actually sent. Who cares if the program sits there and spins the cpu trying to send and resend it's first email message? Sounds like easy money to me! ;)

And don't forget their WHOIS Info:

Atriks, LLC
55 Bridge Street
Manchester, NH 03101-1188
US

Administrative Contact:
Host Master hostmaster@atriks.com
Atriks, LLC
55 Bridge Street
Manchester, NH 03101-1188
US
Phone: 603-624-7008
Fax: 603-624-9089

Technical Contact:
Host Master hostmaster@atriks.com
Atriks, LLC
55 Bridge Street
Manchester, NH 03101-1188
US
Phone: 603-624-7008
Fax: 603-624-9089

Don't get too excited

[Welsh+Dwarf]

I hate to blow some people expectations here, but these are _cpu_ hours we're talking about.

Let me demonstrate: here's a section from my ps -ax:

PID TTY STAT TIME COMMAND
1 ? S 0:05 init [4]

and here's my uptime:
16:45:07 up 4:31, 4 users, load average: 0.09, 0.34, 0.34

(yes I turn my PC off at night, so what...).

To sum it up, init has been running for 4 hours 30 minutes, but only has 5 cpu seconds on the clock. This is an extreme example, X on my laptop has used 15 mins on 2:30 hours uptime, but it get's the point across.

Sending out spam is bandwidth limited, not cpu limited (unless you run this on a 486 over a T1), therefor, you are going to be hammering your connection, whilst only using a small percentage of your cpu, and only earning mabey 2-3 dollars a night (and I'm being optimistic there, it could be a lot less).

So in short, this will work until people realise that there being had, and then it'll just disappear into the mist.

Nice try, but zombies are more effective...

Pay people to find spammers

[bersl2]

and beat the crap out of them.

That will end the spamming quickly.

perfect!

[WormholeFiend]

One thing I have noticed in this world is, nothing gets fixed until there's some major crap hitting the big collective fan.

Now here we have an email system which is increasingly broken, taken over by spammers, yet no one can agree to cooperate on a solution. Even the laws we make dont have any teeth.

I think we should promote this new thing, and all jump onto the bandwagon.

We should be able to definitely slashdot the email system at a planetary scale, thereby causing massive amounts of media aired/printed 24/7 for a few weeks.

The repercussions on spammers would be spectacular, to say the least.

I bet there would also be some political clout to revamp email to eliminate spam and prevent it from ever occuring again.

I equate this to a spammer saying: "here's a perfectly working gun. now use it to shoot me."

Re:Fight back!

[The_Mr_Flibble]

You know it only takes 15 mins of elevated mail traffic on our systems before your ip gets locked down.

Re:IP address fun

[AKnightCowboy]

Now they can spam up all the cable ISP's IP blocks, and once a block gets blacklisted they can just switch to a new set of users. Brilliant.

Yes, very "brilliant" of them. The only thing this will accomplish is getting port 25/tcp blocked all across the Internet completely whether you're an offender or not. Thanks asshole.

Re:Fight back!

[shadowcabbit]

Sadly, an easy way to prevent decent folks like you and me from screwing over the bad guys would be to seed several addresses into the listing that go back to the master spammer. If the master spammer never receives the email-- which conveniently has a tracking number to identify the machine that sent it-- the sender never gets a dime.

I'm unimpressed, but wait till someone codes this into a trojan with his spam-sender-id-thingy on it. He'll easily make thousands an hour without ever sullying his own machine, and at no risk to his ISP account because hey-- he's not sending the spam, the zillions of clueless users he infected are.

$1 per *CPU* hour

[Pan+T.+Hose]

Please read it carefully. It is $1 per CPU hour, not $1 per hour. Sending email is not a CPU-intensive task. One CPU hour can be equivalent to as much as several weeks of saturated modem traffic!

Re:IP address fun

[CritterNYC]

I'm a commercial bulk emailer. We've wanted to do something like this for a while but always got scared off by liability issues.

This is a brilliant solution because the one thing we're always short of (even as legal bulk emailers) is IP blocks that aren't blacklisted **SNIP**

Except for the fact that *legitimate* "commercial bulk email" uses confirmed opt-in (note that I didn't say "double opt-in", a term used by spammers to imply that it's somehow extra work), has a simple and effective unsubscribe process, never purchases or rents lists, never assumes permission to do anything (email, phone, physical mail, etc), provides something of real value (weekly commentary newsletter, real sales specials, etc), and doesn't send it out too often. I have colleagues that support companies with thousands subscribed to weekly newsletters and the like (industry commentary, etc) which they send directly from their own mail server and they've never been on an RBL or had a spam complaint.

Re:Thousands per year

[Braingoo]

5 computers runing 24/7 is 120$ a day runinng 7 days straight is 840 a week you could live off that easliy.

Both your friends?

[carlos_benj]

At $1/hour, this sounds like a low-gain way to infuriate both your friends and perfect strangers.

Hey, how'd you know I only have two friends...?

umm ...

[jacobm]

Is there any way end users can fight back against people like this?

You could've started by not advertising their product for free on the front page of Slashdot ...

Not that much

[Allen+Zadr]

$840 a week sounds good, but let's break it down.

DSL/Cable Method:
Sounds good: $840 per week
First, Taxes: $500
DSL/Cable gets cut off after a week, weekly replacement, non refundable: $440
Two day wait for installation of new DSL provider (cuts funds by 2/7): $315
Give two months, and you have likely run out of providers.

T1 Method
Sounds good: $840 per week
First, Taxes: $500
Pay for T1: $375
Now were talking!

Oh, but wait - assuming you find a provider that offers a T1 that doesn't cut you off... then, within 6 to 12 months, you become a Co-Defendant in a CAN-SPAM law suit. Assuming the judge does not find you responsible... Good luck paying yourself and a lawyer on $375 per month.

There's another thing here as well. There's very little likelyhood that ANY computer can dedicate more than 95% CPU to a single task (unless you are running this program on DOS). It also assumes that they give you enough addresses to process to actually make this type of money (very doubtful).

However, assuming everything were to go your way, T1 provider that likes you and no law-suit...Yeah, you can live on that, but you'd probably want to steal candy from kids to suppliment your income.

Why are spammers doing this?

[mabu]

Do you wonder why spammers are now trying to sign up individual users to help them relay spam?

The answer is because relay-blacklisting is working!

None of the client-side, server-side, content-based filtering has made any difference. What HAS made a difference are mail servers which are utilizing relay-blacklists of known spammer IP space and refusing to connect with them. This has forced the spammers to begin abandoning their havens in China, Brazil, Korea and other areas. Now they're trying to infiltrate domestic broadband IP space. First they tried it via propagating viruses and worms and that isn't working out as well as they'd like (and they probably figure sooner or later, the Feds just might actually prosecute one of them), so now they want to sucker people into spamming for them.

All this is an indication that relay blacklisting IS effective.

RBLs are becoming more sophisticated nowadays. Spamcop can usually ID a spam source in real time within an hour of it beginning operation. AOL and other major ISPs are now looking at RBLs to help them block spam. It's much more economical than strip-searching e-mail content using filters.

Let's keep up the pressure. Let's continue to force the spammers into smaller areas of the Internet where they can be identified and dealt with. This latest effort is a good sign they're getting desperate to figure out where they can send spam out from. None of the content-based filtering schemes have come nearly as close to slowing down their efforts as much as RBLs.

This give me a GREAT idea

[SilentReproach]

Let's all sign up for it, for the sole purpose of finding out who owns the originating mailservers! Then we can ddos them, and blackhole 'em, and report 'em, and order pizzas for them...

Re:Thousands per year

[aastanna]

From their terms and conditions:
"In the event of technical problems or data loss which causes a loss of account information, your account will be reset at $0.00, and you hereby waive any and all claims for any amount previously accrued but not yet disbursed."

You can't claim until it gets to $50, and your account can be reset to $0 at any time.