Anti-Spammers Infiltrate Private Online Spam Clubs

Angry_Admin writes " Spammers are now trying to find out which antispammers have infiltrated their ranks and are sharing "sensitive" info with fellow antispammers. According to the story at The Register: 'Online spammer forums like the Pro Bulk Club the Bulk Club and bulkmails.org have been gatecrashed by activists from organisations like Spamhaus. Steve Linford of Spamhaus said spammers know this already but they don't know who amongst their number is working for the other side. In theory the members-only forums of these sites is accessible only by invitation and only to individuals who have a proven track record in spamming. Apart from playing with the paranoia of spammers, the undercover investigation cast light on the latest spammer techniques.' Hopefully the spammers aren't that bright and the antispammers stick around long enough to bring them down."

Not just a tree house club

[nelsonal]

I have to ask where does the money come from in spamming? I could understand back in the mortgage boom when brokers were paying lot's of hard cash for leads, but this and other stories make spamming seem like a pretty big business which is rather surprising. Ultimately the money has to come from somewhere (the spam lists can only be sold so many times).

Re:Not just a tree house club

[Reckless+Visionary]

Not to be overly obvious, but the money comes from the people who buy the advertised stuff. They do indeed exist. Some of them may buy regularly. (Think anatomical enhancement pills that you need to "re-fill" every month)

Re:Not just a tree house club

[nelsonal]

I was thinking about that, back in the refi days a broker would pay upwards of $25 per lead for refinancing leads. I could see how a spammer would easily clear some decent money. Selling jars of pills for what $10-$20 means the markup has to be pretty steep to cover their costs. Considering that they are now swaping zombie PCs to cover their tracks, one would think that there was some real money in this business. I haven't seen a cellular spam in some time (another source of high dollar commissions). I'm surprised that there is that much money in p3nIs 3nI@rgm3nt and other cheapo items. I wouldn't think that the spammer would be in the business of the refil, and the commission wouldn't be as large. Perhaps I should get to cracking on ebay or with some ad sense words.

Re:Not just a tree house club

[MoonBuggy]

There must be a fair amount of profit above the cost price in these pills, or they sell way more than I would imagine - if you look at the front page featured part of eBay (which costs something like 50GBP to be listed in) it is comprised mainly of 'Buy it Now' dutch listings with 500 bottles of pills for around 10 pounds each. There are sellers who hold 20 or more front page listings at a time, selling only pills. If you can afford to repeatedly invest 1000GBP as well as the cost on the products themselves you'd have to be fairly confident in making a considerable amount more than that.

Re:Not just a tree house club

[Frizzle+Fry]

Why was the parent modded up? It doesn't even make sense. I'm a bit bothered by the people here (probably including these moderators) who seem to be in denial and refuse to believe that people buy things from spammers. Well guess what: they do. You may want to believe that we live in a world where no one would do such a thing and come up with crazy alternate explanations as to why spam exists, but sadly the simple explanation sometimes really is the correct one, even if it makes you feel superior to write it off as "naive" or "knee-jerk".

Re:Not just a tree house club

[iminplaya]

Thanks for relieving me of being the only one with that thought. I made a similar post a while back and boy, did I get slammed! Not by the mods but by others who refuse to see the connection. Like so many property crimes, this is a two way street, and this problem would hardly be noticable if it weren't for the customers. If nobody buys from fences or spammers or anybody like them, the problem will damn near disappear. I'm for any tech that can minimize spam,(and I do like this infiltration thing. We should apply this to gov't. Y'know, change it from the inside) but we need to address the social problem that their customers represent. This goes for many things like theft, drugs(if your into prohibition), etc.

Re:Not just a tree house club

[medelliadegray]

and the sad thing about the enhancement pills is that people who buy them truely believe they are working--a significant number of problems males can have will be the resuly of purely phyochological issues. confidence, esteem, etc.

So their having problems in bed, and they decide "what do i have to lose if i try these, the worse that will happen is they wont work." So they buy the enhancement pills, and their confidence rises with expectation that the pills will in fact work. Next thing the guy knows, he's a stallion with the libedo of a young bull.

1+1=2, right? i bought the pills, i can stay up! These pills ARE enhancement pills!

wrong.

If anything out there truely worked, and didnt require a perscription, viagra would NOT cost $15 per pill--or whatever obscene cost it is right now.

Re:Not just a tree house club

[maximilln]

I don't think that the spam operations themselves are legitimately publicly traded businesses. I forward the hypothesis that they are run by people who have set up legitimate, possibly publicly traded businesses as fronts.

It's the same complex business pyramid cycle that led to the .com boom-bust, only this is a cycle that propagates and lives and dies on a 3-6 month basis. Like mosquitos. Do you watch the news? You see that guy in the suit in the back room reading papers at his desk? What do you think he does when he goes home at night? He dabbles in penny stocks. Where does the money from those penny stocks come from? If you believe news stories you'll think it's his own private money. In reality there are thousands of people dabbling in penny stocks using money that they receive on short term loan from other brokerage houses dealing in penny stocks. What are all of these penny stocks? They're junk bonds, to vaporous businesses, some with little more than a PO Box and a telephone number which may or may not work. What do these businesses do? They do nothing but subcontract and subcontract services over and over to each other. They're cleaners. They're nothing but numbers on a ledger or in a spreadsheet through which to push money. These small businesses have two things of interest to the brokerage houses: a bank account and an insurance policy. If the business lives or dies it's not a concern for the brokerage house or the lender. They'll collect on the insurance policy and the insurance company will tack the losses to your auto, home, life, and health premiums. What do these small businesses really do? A person with an in depth knowledge of the business world can put together a convincing business plan and use short-term exploratory investments to set up two servers and a business net connection. What does he do with that? He pitches the business to some brokerage house that's trying to put together a cohesive portfolio in "grass roots small business subsidies" or some other apple pie, feel good propaganda pitch. This brokerage house then goes out and sells its feel good apple pie line to a larger brokerage firm.

These are not just turkeys that live down the block and work at the local foundry. These are people who graduated with MBAs and formed the social connections necessary to know where the paperwork goes, who has to sign it, and how it has to be filled out to look legit. The people running these operations don't always know that they're funding spammers. Have you seen the subcontracting breakdown for a federal building or renovation project? It's the same on the stock market. The major houses go to the mid houses. The mid houses go to the major and minor houses. The minor houses service anyone they can, including banks, credit unions, and local investment brokers. The banks, credit unions, and local investment brokers are watching applications for business licenses and applications for business loans. The people monitoring the applications are often feeding info to their cousin/brother/aunt/old roomie working in the major and mid houses. All of these people are working at their own desks, pushing nothing but paper, and no one knows that the guy who walked in the door to give a 15-minute presentation for a legit "desktop advertising clearinghouse" is really using 85% of the business investment to feed his old fraternity brother with enough money to send out spam for three months. Then they'll junk the business and the bank won't care because they had a valid insurance policy before they ever signed the loan.

If spam were as illegal as the CANSPAM Act and all the hype and hoopla makes it seem shouldn't it be easy enough for credit agencies to latch onto these people and refuse to run their funds? Sure, it should, so why don't they? Because no one gives a flying rats bottom. They're all pushing paper, and getting paid, and as long as the business insurance is good then no one cares that the business only lasted three months. I'm sorry

Re:Not just a tree house club

[Steve+B]

John Ashcroft should lay off the Internet bong sellers and the purveyors of porn. If he wants to hit the terrorists in the wallet, he'll close down all the money laundering possibilities that exist. Spam operations are a huge gaping hole that everyone seems to be ignoring.

That's the least of the problem. The filter-poisoning junk appended to spam messages (which ought to be prosecuted under the computer crime laws as an attack in and of itself... but I digress) is a perfect terrorist comm channel that is effectively immune to traffic analysis (i.e. there's no way to identify the intended recipient).

I was reluctant to mention this when it first occurred to me, but after thinking it through I'm morally certain that terrorists have already figured this out.

Maybe the FBI has also figured it out, and is already planning to scoop up some spammers and use their violations of existing laws to lean on them and anal-probe their business records... and maybe not. If this turns out to be the next failure to "connect the dots"... well, you heard it here first.

Re:Not just a tree house club

[Steve+B]

For it to work, you would need:
an agreed-upon set of code words -- could fall into enemy hands.

No, you don't -- all you need is a fairly simple steganography program to hide a few bits in each word (for each string of, say, four bits, randomly generate a word that checksums to that target).

the ability to send spam reliably -- if you test, you risk getting shut down; if you don't test, you risk failure at an important moment.

Put your real recipients fairly early in the queue (but still far enough down that they'll be untraceable; number 27,347 or thereabouts out of millions ought to be good enough). If spammers were being shut down fast enough to cut the flow before that point, spam wouldn't be the problem it is.

And, just in case, have a couple of backup throwaway accounts.

an excuse to send spam -- probably not a major problem, since a ficticious product or some random Web site would presumably suffice.

As you say, this one is trivial.

the ability to receive spam reliably -- if your operatives don't see the encoded message, they can't act on it.

You gotta be kidding me. The difficult thing is not receiving spam.

Don't doubt the Spammers IQ

[tekiegreg]

They're bypassing the zillions of filters I have set up like they're bound and determined to enlarge my penis, and bypassing my filters at a rate of 30 messages/day these days. The Spammer is just as smart as the anti-spammer IMHO. Play your enemy as your equal people....

Re:Don't doubt the Spammers IQ

[Cpt_Kirks]

It's been discussed before, but why not just do a forced patch of the OS? Kill the virus and immunize the machine...

Optimists

[mikehunt]

"Hopefully the spammers aren't that bright and the antispammers stick around long enough to bring them down."

Just because someone does something you don't like, since when did that make them more stupid (or less intelligent) than you?

Sounds like the same tired argument that anti-virus companies and virus writers use.

Honor among thieves?

[e9th]

Given the ethics of spammers, is it any wonder that one of their own might "betray" them?

If only the people who READ spam weren't so stupid

[hpulley]

It's a tired old argument but if no one clicked the links in spam and no one bought the products in spam, perhaps we wouldn't have spam. The people spamming aren't stupid, they know a sucker is born every minute and they hope those suckers click their links. If the clickers would grow a brain we might not have this problem.

Re:Bundled spamware and spyware

[Planesdragon]

Why would producers of legitimate software, e.g. Kazaa, Weatherbug, etc. bundle their stuff with known spamware, ad-serving crap, and general spyware bullshit?

Because they're not legitimate software, of course.

Kazaa, for example, makes a dubiously legal P2P app that it distribute(d) for the express purpose of getting a free-to-use grid to run various programs on.

And, unfortuantely, it'll be awhile before the Flynn effect makes all of us smart enough not to use spyware.

The virus/spam connection

[Roached]

"People selling these fresh proxies are either the virus writers themselves or someone very close to them. I don't know how ties between spammers and virus writers was first forged but there is clearly a strong link there"

...and maybe this is the bit of information that will encourage aggressive prosecution of these spammers.

Spammers not smart?

[neilcSD]

>>Hopefully the spammers aren't that bright

Most spammers arent terribly sophisticated. Let's face it though, a handful are extremely smart and capable, otherwise we'd have gotten rid of them a long time ago.

The Almighty Buch

[VernonNemitz]

Since $ (or yen, marks, rubles, lira, etc) is all that any spammer wants in the first place, it logically follows that any of them can be bribed to spill all the secrets (like how to gatecrash, or instead to formally invite an antispammer, etc).

Invitation-only is very easy to get around

[Ra5pu7in]

All Spamhaus would have to do was include a couple of false spammer names on its officials lists, use those false identities to complain on more generic forums about the ridiculousness of laws like CAN-SPAM, and wait for the invites to show up. Almost every group, no matter how exclusive, has members who are more gullible and willing to make the invite. (C'mon - the only reason spamming is profitable is because the broader group of computer users has so many gullible people who are willing to believe they can gain an inch, lose a pound, and refinance for a much lower rate.)

Re:What now?

[almostmanda]

it's good because spammers, in the privacy of their own little club, exchange spamming tricks. if we know their evil plan, we may be able to tweak filters to block it before it arrives. the whole point of spam filters is prevention, and knowing who it's coming from and how they plan to send it might be very helpful.

Re:Bundled spamware and spyware

[jpop32]

Why would producers of legitimate software, e.g. Kazaa, Weatherbug, etc. bundle their stuff with known spamware, ad-serving crap, and general spyware bullshit?

Isn't it obvious why? Because it makes money, and right now. Do spammers care if they kill the medium they use? Nope, because they're making money from it, right now.

Who cares, it works for me, at least for now.

It's shortsighted but unfortunately it fits the general profile of human behaviour. I don't see the way spammers or malware producers behave any differently than the way big companies or governments behave, just on a different level. So, I think it's safe to say that things like this will go on for the forseable future.

Re:Bombs

[easter1916]

It's unwanted email, for heaven's sake. Calm down and stop talking nonsense about bombs.

Re:hmmm On picking nits.

[_xeno_]

(Strangely, those of germanic descent weren't detained.)

Germans are white, and some even immigrated before the nation was the United States (the Pennsylvania Dutch, where Dutch is really Deutsch).

Japanese are "yellow" or whatever. They immigrated only more recently, since around 1850 or whenever Japan's borders were opened to foreigners. (At WWII, that still would have been about three generations or so for those here the longest.)

According to one of my Japanese co-workers, those of Japanese or Asian descent are still discriminated against when it comes to security clearances and government jobs. (I wouldn't know, I'm a white male from a small town, I got my clearance fairly quickly once the paperwork was through.)

Today, it's just those of Arab descent we round up and imprison.

I'm sure you already knew that, though - it just really ought to be said. Racism is hardly dead in America - we've come a long way, but we aren't even near the finish line yet.

Selling Advertising vs. Selling Products vs. Fraud

[billstewart]

Some spammers do make their money retailing the junk they advertise to suckers. They typically make their money by marking up junk, though if the products don't work, they have to find new suckers every month.

Many spammers make their money by selling advertising service to retailers by promising to deliver eyeballs which can be turned into sales, but don't handle delivery of the product. Sometimes they're getting paid a commission, so they make money if and only if they're successful at attracting suckers to the retailer's products or websites - whether that's pills or pr0n.

But for many other spammers, the sucker is the retailer who's expecting to get high-quality sales leads, rather than the spammees. Retailers who've learned from the experience usually don't provide repeat business, or at least not without changing the price structure to only pay for actual sales.

And many spammers make money from fraud. Besides the currently popular Nigerian 419 and the pump&dump stock scammers, there's the old-fashioned pyramid game in its many guises. That used to be more popular than it is today, but it still seems to work. One variation on this is selling spamware to wannabee spammers.

Re:I heard of something like this once...

[eaolson]

I kid you not. A spammer who works for SpamCop. I can't post links to the freesite (that's kinda pointless), but at least the incriminating screenshots are safe on Freenet.

I'm sorry, but I call bullshit. I know of three employees of SpamCop, none of which are named Greg. If photos of John Kerry and Jane Fonda can be Photoshopped, so can a screenshot.

Evidence, please.

Re:James Bond of the Spam world?

If you're a top-notch spammer, how can you build a reputation? Isn't staying anonymous part of being a pro?

Scott Richter. Enough said.

Just like everyone else

[tuxlove]

Hopefully the spammers aren't that bright...

This is hopeless wishful thinking. Spammers are just as bright as anyone else. In addition, they generally seem to have a fair share of low cunning. Don't underestimate them.

Not that I advocate vigilantism...

[angst_ridden_hipster]

...

but it would be pretty easy to write a little script that searched for "spam-friendly" and similar search terms on Overture, Google, etc, and clicked through those links.

Pretty soon, ISPs would have to stop advertising those services. They'd have to resort to mis$pelling s+earch Te(rms like in a SP.AM mess(age, thereby cutting down the effectiveness considerably.

Of course, anti-spam services would probably take a lot of collateral damage from an approach like this. Innocents getting caught and torn apart by the mob show the fundamental problem with the vigilante approach.

Spammer techniques

[jcuervo]

I've always wondered: why don't spammers just run their messages through SpamAssassin or something before they send out the spam? Just keep tweaking it until it gets a satisfactorily low score, then blast it out to the net.

I know they're not that bright (Nigerian twits, especially), but this should be a no-brainer.