Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Spammers Infiltrate Private Online Spam Clubs

Posted by simoniker on from the spy-in-the-house-of-spam dept.

Angry_Admin writes " Spammers are now trying to find out which antispammers have infiltrated their ranks and are sharing "sensitive" info with fellow antispammers. According to the story at The Register: 'Online spammer forums like the Pro Bulk Club the Bulk Club and bulkmails.org have been gatecrashed by activists from organisations like Spamhaus. Steve Linford of Spamhaus said spammers know this already but they don't know who amongst their number is working for the other side. In theory the members-only forums of these sites is accessible only by invitation and only to individuals who have a proven track record in spamming. Apart from playing with the paranoia of spammers, the undercover investigation cast light on the latest spammer techniques.' Hopefully the spammers aren't that bright and the antispammers stick around long enough to bring them down."

48 of 411 comments (clear)

  1. Tsk tsk... by grub · · Score: 5, Funny


    Someone forgot the first rule of Spam Club...

    --
    Trolling is a art,
    1. Re:Tsk tsk... by macshune · · Score: 4, Funny

      >Someone forgot the first rule of Spam Club...

      If it's your first night, you have to spam?

  2. For Spammers By Spammers by SirChris · · Score: 4, Funny

    So there are forums out there for spammers by spammers? Do these forums get spammed also? I, personally, would love to leave a few choice words on those forums.

    1. Re:For Spammers By Spammers by Allen+Zadr · · Score: 5, Funny
      What gets to me about spammers... They obviously feel they are doing the world a favor by offering sexual deficiency drugs, pain-killers of questionable legality and mortgages for those with bad credit.

      I always picture spammers as bereft of libedo and credit, with drug abuse problems. Really, wouldn't that explain a lot?

      --
      Kinetic stupidity has a new brand leader: Allen Zadr.
  3. Just a list of names is all we need... by mobiux · · Score: 5, Funny

    If someone could get that, we could, at least temporarily, reduce this problem.

    I've got a baseball bat and loads of free time.

    1. Re:Just a list of names is all we need... by Sponge+Bath · · Score: 5, Funny
      I've got a baseball bat and loads of free time.

      Make sure you leave the bat at the scene so it looks like a suicide.

  4. Re:James Bond of the Spam world? by SnowDeath · · Score: 4, Funny

    Post your email address and I'll tell you ;)

  5. Not just a tree house club by nelsonal · · Score: 5, Insightful

    I have to ask where does the money come from in spamming? I could understand back in the mortgage boom when brokers were paying lot's of hard cash for leads, but this and other stories make spamming seem like a pretty big business which is rather surprising. Ultimately the money has to come from somewhere (the spam lists can only be sold so many times).

    --
    Degaussing scares the bad magnetism out of the monitor and fills it with good karma.
    1. Re:Not just a tree house club by Kenja · · Score: 4, Funny

      Companies need some way to sell their sugar pills, I mean H3r84L V149r4!!!!!!

      --

      "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    2. Re:Not just a tree house club by Reckless+Visionary · · Score: 4, Insightful

      Not to be overly obvious, but the money comes from the people who buy the advertised stuff. They do indeed exist. Some of them may buy regularly. (Think anatomical enhancement pills that you need to "re-fill" every month)

      --
      I think I'll stop here.
    3. Re:Not just a tree house club by UrgleHoth · · Score: 4, Informative

      If past observations are any guide, then I'd say the answer is a mix of money made selling lists and actual product sales. In the 90's I used to do IT work for an informercial/900 number infomercial outfit. The pitch was "Make money with 900 numbers." Any normal thinking person is going to say BS. And by an large it is BS. But add greed and a low entry cost, and a hard selling telemarketer, through objection/rebuttal rounds can sell "money making guides" (read legal but shady get rich quick scheme) to lots of people. In a nutshell, the infomercial marketeer made a bundle selling info packets and lists. A few who followed the formula made money, but most didn't.

      I don't like the business so I got out of doing IT support for it, but I learned a heck of a lot about the informercial/telemarketing biz.

      --

      Dogma - "let's just say we'd like to avoid any empirical entanglements."
    4. Re:Not just a tree house club by Uma+Thurman · · Score: 4, Interesting

      The money might come in part from laundering. There's really nothing to show that you didn't do $100,000,000 of business in a year, when you might have really done $1000. The balance of the fictional business on the books might actually be sourced in illegal drug, gambling, or terrorism money.

      John Ashcroft should lay off the Internet bong sellers and the purveyors of porn. If he wants to hit the terrorists in the wallet, he'll close down all the money laundering possibilities that exist. Spam operations are a huge gaping hole that everyone seems to be ignoring.

      --
      This is America, damnit. Speak Spanish!
    5. Re:Not just a tree house club by MoonBuggy · · Score: 4, Insightful

      There must be a fair amount of profit above the cost price in these pills, or they sell way more than I would imagine - if you look at the front page featured part of eBay (which costs something like 50GBP to be listed in) it is comprised mainly of 'Buy it Now' dutch listings with 500 bottles of pills for around 10 pounds each. There are sellers who hold 20 or more front page listings at a time, selling only pills. If you can afford to repeatedly invest 1000GBP as well as the cost on the products themselves you'd have to be fairly confident in making a considerable amount more than that.

    6. Re:Not just a tree house club by Chibi · · Score: 4, Informative

      There was a Slashdot article a while back about a guy who actually wanted more spam. So, people like Mr. Orlando Soto are the reason why the rest of us must suffer. :)

      Mr. Soto routinely comes home to some 150 e-mail pitches, and he loves getting them all. The 45-year-old grandfather opens most of them. He answers spam questionnaires. And he buys stuff pitched in spam e-mail -- again and again. "Everyday people call it spam," says Mr. Soto, who prefers calling it "unsolicited" e-mail. "But I'm open to everything."
      --
      If all you have are silver bullets, everything looks like a werewolf.
    7. Re:Not just a tree house club by maximilln · · Score: 4, Insightful

      I don't think that the spam operations themselves are legitimately publicly traded businesses. I forward the hypothesis that they are run by people who have set up legitimate, possibly publicly traded businesses as fronts.

      It's the same complex business pyramid cycle that led to the .com boom-bust, only this is a cycle that propagates and lives and dies on a 3-6 month basis. Like mosquitos. Do you watch the news? You see that guy in the suit in the back room reading papers at his desk? What do you think he does when he goes home at night? He dabbles in penny stocks. Where does the money from those penny stocks come from? If you believe news stories you'll think it's his own private money. In reality there are thousands of people dabbling in penny stocks using money that they receive on short term loan from other brokerage houses dealing in penny stocks. What are all of these penny stocks? They're junk bonds, to vaporous businesses, some with little more than a PO Box and a telephone number which may or may not work. What do these businesses do? They do nothing but subcontract and subcontract services over and over to each other. They're cleaners. They're nothing but numbers on a ledger or in a spreadsheet through which to push money. These small businesses have two things of interest to the brokerage houses: a bank account and an insurance policy. If the business lives or dies it's not a concern for the brokerage house or the lender. They'll collect on the insurance policy and the insurance company will tack the losses to your auto, home, life, and health premiums. What do these small businesses really do? A person with an in depth knowledge of the business world can put together a convincing business plan and use short-term exploratory investments to set up two servers and a business net connection. What does he do with that? He pitches the business to some brokerage house that's trying to put together a cohesive portfolio in "grass roots small business subsidies" or some other apple pie, feel good propaganda pitch. This brokerage house then goes out and sells its feel good apple pie line to a larger brokerage firm.

      These are not just turkeys that live down the block and work at the local foundry. These are people who graduated with MBAs and formed the social connections necessary to know where the paperwork goes, who has to sign it, and how it has to be filled out to look legit. The people running these operations don't always know that they're funding spammers. Have you seen the subcontracting breakdown for a federal building or renovation project? It's the same on the stock market. The major houses go to the mid houses. The mid houses go to the major and minor houses. The minor houses service anyone they can, including banks, credit unions, and local investment brokers. The banks, credit unions, and local investment brokers are watching applications for business licenses and applications for business loans. The people monitoring the applications are often feeding info to their cousin/brother/aunt/old roomie working in the major and mid houses. All of these people are working at their own desks, pushing nothing but paper, and no one knows that the guy who walked in the door to give a 15-minute presentation for a legit "desktop advertising clearinghouse" is really using 85% of the business investment to feed his old fraternity brother with enough money to send out spam for three months. Then they'll junk the business and the bank won't care because they had a valid insurance policy before they ever signed the loan.

      If spam were as illegal as the CANSPAM Act and all the hype and hoopla makes it seem shouldn't it be easy enough for credit agencies to latch onto these people and refuse to run their funds? Sure, it should, so why don't they? Because no one gives a flying rats bottom. They're all pushing paper, and getting paid, and as long as the business insurance is good then no one cares that the business only lasted three months. I'm sorry

      --
      +++ATHZ 99:5:80
    8. Re:Not just a tree house club by Steve+B · · Score: 4, Insightful
      John Ashcroft should lay off the Internet bong sellers and the purveyors of porn. If he wants to hit the terrorists in the wallet, he'll close down all the money laundering possibilities that exist. Spam operations are a huge gaping hole that everyone seems to be ignoring.

      That's the least of the problem. The filter-poisoning junk appended to spam messages (which ought to be prosecuted under the computer crime laws as an attack in and of itself... but I digress) is a perfect terrorist comm channel that is effectively immune to traffic analysis (i.e. there's no way to identify the intended recipient).

      I was reluctant to mention this when it first occurred to me, but after thinking it through I'm morally certain that terrorists have already figured this out.

      Maybe the FBI has also figured it out, and is already planning to scoop up some spammers and use their violations of existing laws to lean on them and anal-probe their business records... and maybe not. If this turns out to be the next failure to "connect the dots"... well, you heard it here first.

      --
      /. If the government wants us to respect the law, it should set a better example.
  6. Re:James Bond of the Spam world? by Anonymous Coward · · Score: 5, Funny

    > I wonder how they got in if it's invitation only.

    I imagine they received many invitations, and simply didn't opt-out by clicking on the handy links at the bottom.

  7. Don't doubt the Spammers IQ by tekiegreg · · Score: 5, Insightful

    They're bypassing the zillions of filters I have set up like they're bound and determined to enlarge my penis, and bypassing my filters at a rate of 30 messages/day these days. The Spammer is just as smart as the anti-spammer IMHO. Play your enemy as your equal people....

    --
    ...in bed
    1. Re:Don't doubt the Spammers IQ by mobiux · · Score: 4, Interesting

      You don't have to be smart to be a spammer
      You just have to lack morals in general.

      I think that it actually shows that the anti-spammer is winning. Spammers have to resort to trojanned machines and illegal tactics to get thier job done.

      Which makes me wonder, if it were a wild west situation where anything goes, and anti-spammers were allows to break the law in the same manner, would these spammers still be in business, or would there basically be a bounty on the heads of spammers.

    2. Re:Don't doubt the Spammers IQ by Glamdrlng · · Score: 4, Funny
      Which makes me wonder, if it were a wild west situation where anything goes, and anti-spammers were allows to break the law in the same manner, would these spammers still be in business, or would there basically be a bounty on the heads of spammers.
      The first thought that comes to mind is, take the source code for phatbot (it is GPL'd after all), strip out the bits about exploiting microsoft vulnerabilities, but leave in the code that exploits machines listening on the backdoors left by bagel, netsky, and mydoom, and give it a payload that shuts the machine down.

      No, it's not very nice, and yes, it would piss people off. But this is the anything goes solution.
      --

      Yes, my only tool is a hammer. And you're starting to look like a nail.
  8. Re:James Bond of the Spam world? by Kenja · · Score: 5, Funny
    "Well 3 cheers to these fellows! I wonder how they got in if it's invitation only."

    The same way I keep getting added to all these "opt-in" spam lists.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  9. Re:James Bond of the Spam world? by schon · · Score: 4, Interesting

    I wonder how they got in if it's invitation only.

    One would assume they got invited. :o)

    Seriously, only "known" spammers get invites - but the question is - what constitutes "known"?

    How hard would it be for an anti-spammer to set up a bogus online identity, list themselves as spammers, and then sent spam-like emails to the spammers' email addresses, and then wait for an invite?

  10. Optimists by mikehunt · · Score: 4, Insightful

    "Hopefully the spammers aren't that bright and the antispammers stick around long enough to bring them down."

    Just because someone does something you don't like, since when did that make them more stupid (or less intelligent) than you?

    Sounds like the same tired argument that anti-virus companies and virus writers use.

  11. FYI by Anonymous Coward · · Score: 5, Informative


    Some of the "infiltrators" are actually people working at the ISPs hosting these private forums.

  12. Knowing your enemy... by StressGuy · · Score: 4, Funny

    Let's see, what were the club names?

    Pro Bulk Club

    The Bulk Club

    bulkmails.org

    Egads, with such a raw display of creative thinking, we don't stand a chance. [grin]

    --
    A goal is a dream with a deadline
  13. Did I leave out "The Incredible Bulk"? by StressGuy · · Score: 5, Funny


    sorry, I'll get back to work now....

    --
    A goal is a dream with a deadline
  14. Honor among thieves? by e9th · · Score: 5, Insightful

    Given the ethics of spammers, is it any wonder that one of their own might "betray" them?

    1. Re:Honor among thieves? by Vexler · · Score: 4, Interesting

      It's interesting the reasons that some people would resort to spam. In an article recently on Tech Republic, the author interviewed several spammers on the reason(s) they started out as spammers. One had college tuitions to pay off, another just wants quick cash with no regards as to what topics are/aren't off-limits. When you consider why people spam, the knowledge can be used against them in one way or another.

  15. If only the people who READ spam weren't so stupid by hpulley · · Score: 4, Insightful

    It's a tired old argument but if no one clicked the links in spam and no one bought the products in spam, perhaps we wouldn't have spam. The people spamming aren't stupid, they know a sucker is born every minute and they hope those suckers click their links. If the clickers would grow a brain we might not have this problem.

    --
    $#!^ happens, but why does it always have to happen to me???
  16. Spam club invitations are available here... by joelparker · · Score: 4, Funny

    Dear Sir/Madam, I approach you with this offer due to the recent death of [county] Minister of Justice [name] because there is a secret bank deposit box, containing the sum of two (2) invitations to spam club. Half of these can be yours, generously. Email for details. P.S. the box also has six p3n!s enl.ar.ge.rs, five bottles of the blu* pi11 C:@l:s, and the absolute L0WEST *R*A*T*E*S for yr. m-ort-ga-ge & /\UTO W@rrn+iez.

  17. Re:James Bond of the Spam world? by grub · · Score: 5, Funny

    I wonder how they got in if it's invitation only.

    Dress in dark camoflage.

    Shoot grappling hook to rail around roof.

    Get to rooftop, shoot guard on balcony with silenced .22

    Remove camoflage.

    Use suction cup on skylight, cut out pane of glass and discard.

    Secure rope and drop into upper floor office.

    Climb down rope.

    Use chloroform-soaked rag on guard outside office door.'

    Pull out CDR with "email addresses" written in Sharpie Marker on it.

    Walk down to party, take glass of champagne from waiter.

    Send signal to antispammers telling them you're in.

    Duh, how else do you think they did it?

    --
    Trolling is a art,
  18. The virus/spam connection by Roached · · Score: 4, Insightful

    "People selling these fresh proxies are either the virus writers themselves or someone very close to them. I don't know how ties between spammers and virus writers was first forged but there is clearly a strong link there"

    ...and maybe this is the bit of information that will encourage aggressive prosecution of these spammers.

  19. Good, this is progress. by Vthornheart · · Score: 4, Funny

    Now, just give me a shotgun, a case of ammo, and a list of related addresses. It's about time we sent unsolicited E-Mailers some unsolicited lead pellets.

    --
    -Vendal Thornheart
  20. The Almighty Buch by VernonNemitz · · Score: 4, Insightful

    Since $ (or yen, marks, rubles, lira, etc) is all that any spammer wants in the first place, it logically follows that any of them can be bribed to spill all the secrets (like how to gatecrash, or instead to formally invite an antispammer, etc).

  21. Strange thing by bizitch · · Score: 4, Funny

    I cant seem to get to that website "bulkmails.org"

    I keep hitting my refresh button over and over and over and over and over again - but it doesn't come up ....

    hmmmmmm....

    --
    ---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
  22. Re:Bundled spamware and spyware by jonbryce · · Score: 5, Informative

    But the most popular download these days isn't Kazaa, it is Adaware. http://download.com.com/3101-2001-0-1.html?tag=pop Spybot is No. 3 in the rankings.

  23. Flynn Effect by m000 · · Score: 5, Informative

    The Flynn Effect is the reason why IQ tests are routinely recalibrated. Basically, information and ways of thinking that start out the purview of an elite few eventually become the norm for the average individual in a sort of intellectual trickle-down.

  24. Now that you mention it ... by Daniel+Dvorkin · · Score: 5, Interesting

    I was at a party the other night and got into a conversation with a guy who wanted some advice from me, as a Web developer, on setting up a commercial Web site. At first the conversation was pretty normal -- we talked about the choice of servers, languages, back-end databases, etc. Then he asked me, "How can I make sure people go to my site?"

    So I talked about Google PageRank, targeted vs. untargeted advertising, making his site attractive enough to inspire users to stay on it, making sure it's simple enough that it loads quickly and works on different browsers, etc. And he seemed to be listening, but after a while he asked me, "No, I mean when I send people e-mail advertising my site, how do I make sure they go to it?"

    I had to talk to him for a while to make sure he was saying what I thought he was saying, but after a while it became pretty clear that the deal is this: he's going to be running a site selling Brazilian sex tours, and he wants to know how to send spam that will a) get people to go to his site, and b) get through spam filters.

    Needless to say, the conversation didn't last long after that, but it did provide some insight into the mind of the spammer. He really didn't see anything wrong with spamming, or even with trying to be deceptive to get past spam filters. As far as he's concerned, he's selling a service people will want if only he can get his message through. I'd say he was an aggressively normal guy -- a bit of a yuppie, with a backwards baseball cap and a lite (sic) beer, definitely not a geek, probably watches lots of football and drives an SUV.

    These are the people who are crapflooding your mailbox. They're not mysterious creeps living in caves. They're your neighbors. Be aware. Eternal vigilance is the price of liberty ...

    --
    The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    1. Re:Now that you mention it ... by bladernr · · Score: 5, Funny
      but after a while it became pretty clear that the deal is this: he's going to be running a site selling Brazilian sex tours

      Did you get the URL for that? For research I mean, so I can block mail... or something... whatever... WHAT'S THE URL?!

      (note to self... don't forget to click AC box).. DAMN

      --
      Sarcasm and hyperbole are the final refuges for weak minds
    2. Re:Now that you mention it ... by Mateito · · Score: 4, Informative

      > he's going to be running a site selling Brazilian sex tours.
      > he was an aggressively normal guy

      Sorry, but "normal guys", aggressive or otherwize, don't sell sex tours to brazil.

      And, as somebody who knows brazil quite well, I advise you about taking a sex tour there. The rate of HIV is rediculous, and if you are going there to play among prostitutes you have almost a perfect chance of coming into contact with it.

      However, Brazillians are very very friendly people, and a lot of them see sex as something to be shared freely (in comparison to Europe and all of the US except for Daytona beach). Unless you are really ugly, you could go out to any night club and meet a nice girl who will want to play with you*. Or a nice boy if you are so inclined. Why pay a spamming yuppy to be the middle man?

      But if you are going there to party, take a balloon.

      (I met a lot, but I didn't, because I have one of those spouse things, and it just aint worth putting the relationship on the line for 7 minutes of slap and tickle. No, she doesn't read /.)

      --
      Norman Cook's Ode to Sl
  25. SPAM = DDOS by DrugCheese · · Score: 4, Interesting

    Just a random thought:
    Isn't this just a distributed denial of service attack on my inbox?

    --
    *DrugCheese rants*
  26. I have seen the enemy, and they are ... Us by EvilTwinSkippy · · Score: 5, Interesting
    Hi, I once wrote a bulk mailer for a DotCom. I was young. I needed the money. They collected addresses the old fashioned way: free stuff. People would be more than happy to fill out a little questionaire for a discount drink, or (gasp) to get ONTO the mailing list.

    To my credit I had written into the system a very simple and effective opt-out. Click, click, we were out of your life. Everyone on the list had taken the time to fill something out to get on the list. It wasn't really spam.

    At least that's what I tell the voice in my head.

    I also wrote the web statistic reporting engine, so I do know that pageviews to the website would skyrocket following a bulk mail. And no, most of the traffic wasn't for the "opt out" bin.

    This was back in '98, when spam was a joke, not a fact of life. I recently turned down a job reverse engineering a web-database of a certain annoying industry to generate targetted mailing lists.

    And that was from my brother.

    --
    "Learning is not compulsory... neither is survival."
    --Dr.W.Edwards Deming
  27. Selling Advertising vs. Selling Products vs. Fraud by billstewart · · Score: 4, Insightful
    Some spammers do make their money retailing the junk they advertise to suckers. They typically make their money by marking up junk, though if the products don't work, they have to find new suckers every month.

    Many spammers make their money by selling advertising service to retailers by promising to deliver eyeballs which can be turned into sales, but don't handle delivery of the product. Sometimes they're getting paid a commission, so they make money if and only if they're successful at attracting suckers to the retailer's products or websites - whether that's pills or pr0n.

    But for many other spammers, the sucker is the retailer who's expecting to get high-quality sales leads, rather than the spammees. Retailers who've learned from the experience usually don't provide repeat business, or at least not without changing the price structure to only pay for actual sales.

    And many spammers make money from fraud. Besides the currently popular Nigerian 419 and the pump&dump stock scammers, there's the old-fashioned pyramid game in its many guises. That used to be more popular than it is today, but it still seems to work. One variation on this is selling spamware to wannabee spammers.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  28. Re:James Bond of the Spam world? by pyros · · Score: 4, Funny
    Well 3 cheers to these fellows! I wonder how they got in if it's invitation only.

    Well, Sir Gallahad, Sir Lancelot, and I hid inside a giant wooden Hormel crate in front of the castle ....

  29. Re:I heard of something like this once... by eaolson · · Score: 4, Insightful
    I kid you not. A spammer who works for SpamCop. I can't post links to the freesite (that's kinda pointless), but at least the incriminating screenshots are safe on Freenet.
    I'm sorry, but I call bullshit. I know of three employees of SpamCop, none of which are named Greg. If photos of John Kerry and Jane Fonda can be Photoshopped, so can a screenshot.

    Evidence, please.

  30. So Where Are the Cops? by StormyMonday · · Score: 4, Funny

    Let's see. Class III narcotics? Check. Stock market pump 'n dump? Check. Nigerian scams? Check. Hijacked machines? Check.

    All of these are seriously illegal.

    So where are the cops?

    It'd be amusing (yes, I have a sick sense of humor) to find out that everybody in the chat room was a cop, just waiting for a real spammer to log in ...

    --
    Welcome to the Turing Tarpit, where everything is possible but nothing interesting is easy.
  31. Re:If only the people who READ spam weren't so stu by bhmit1 · · Score: 4, Interesting

    Unfortunately, that specific mob of suckers that clicks on the spam messages isn't reading slashdot (we happen to be a completely different mob of suckers) and it's doubtful that they even know a "dot head". Therefore, telling us they should know better isn't going to do the least bit of good.

    On the other hand, a different old argument would be appropriate for this group. Simply go to all those URL's (by retyping the top level url, clicking on them probably sends them a key to identify your email address), and submit lots and lots of fake orders. Heck, automate it if you can, with some kind of randomizer that picks odd names from a list so there's no easy way for the spammers to filter them out, and even better if you can impersonate a large network. Suddenly, to get one legit customer, you have to go through thousands of pieces of crap, and the business model no longer works.

    Now, if someone could make a distribute app that accepts some kind of template (go to this url, put a name here, cc number there, etc) to automatically fill in and bang on a spam supported site, I'd be more than happy to run it.

  32. Bounty on your box $.05 by darkonc · · Score: 4, Informative

    The Register article points to another article which talks about how the arrest of the PhatBot worm creator may provide some information on the rental of hordes of compromised machine as networks of spam zombies. It lists a common price of $500 for 10,000 machines -- In other words, your box is worth $.05 to a spammer.

    --
    Sometimes boldness is in fashion. Sometimes only the brave will be bold.