Slashdot Mirror
Russia, China World's Biggest Spammers
An anonymous reader writes "According to this ZDNet article, The Spamhaus Project has warned that organised cirminal gangs in Russia are supplying U.S.-based spammers with details of compromised PCs that can be manipulated to send junk mail. According to Spamhaus director Steve Linford, the Russian gangs aren't constrained by any anti-spam or cybercrime laws in their home country and have no respect for legislation implemented in other countries. Also, apparently 70 percent of spam is sent from China by American spam outfits who in turn have hosting arrangements with Chinese ISPs."
User end filters are a necessity these days, and even then, I still spend at least 15 min each day dealing with the spam. My personal box - No One else knows the address, it is for my own internal network purposes, is chock full of the stuff.
What do other slashdot'ers do? What can we hope to see in the near future?
Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
Just look at the /var/log/maillog...
In Soviet Washington the swamp drains you.
If 70% 70 percent of spam is sent from China by American spam outfits, wouldn't that make the US the biggest spammer?
-- SYS 64738 --
Evil Russian spammers! Chinese spammers want to take down America!
And yet, in both cases there is plenty of demand from within the States. If it ain't rich kids experimenting, it's poor kids escaping with drugs from South America or Asia. If it's not a "bulk emailer" in California, it's a "clever marketer" in Florida sending millions of unsolicited email via servers in Russia or China.
Read the EFF's Fair Use FAQ
As they say on Fark, <Obvious>.
to see them embrace captialism so readily
we should be proud!
back in the day we didnt have no old school
There seems to be only one true solution to spam, don't use e-mail. Maybe rather than trying to fix e-mail it should be thrown out and a new paradigm for communication sought.
99 bottles of beer in 175 characte
That title is wrong.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Russia for mafia controlled zombies
China for high quality spam warez
Africa for business relations about that recently deceased relative.
GOT IT!
-Grump
Is it true that more people vote for the winner of American Idol, than vote for the president? -Ali G.
I remember you asked me about a new home purchase. I just got $300,000 l oa n for $250 per month payment and can stronly recommend a new company. Follow this URL if you like to get app rova l in several hours like me.
Sincerely yours,
Abigail Fernandez
PS: Let me know about your success.
Headline should read, US Spammers using services of Chinese ISPs, Russian mob. The Spam originates here, and ends up here. The vast majority of Spam is in English, and targeting an American audience.
autopr0n is like, down and stuff.
President Bush just outlawed China forever. We start bombing in five minutes.
Seems like every day we have a story about such-and-such is the biggest cause of spam. In fact, I bet we've accounted for at least 400% of spam with all these stories combined.
If these trends continue, I'm afraid that one day soon I'll check slashdot and find out that 97% of all spam is coming from my IP.
that the mafia has gotten with the times, and now are providing services fitting for our times.
30% Troll, 50% Underrated, 10% Interesting
Score:5, Troll
It's interesting how the Russian Mafia is helping American Marketers take advantage of Chinese Equipment. My question is: How involved are the actual Chinese people? Are they all victims of circumstance, or are they helping in some way?
Mod parent up: Classic Ronald Reagan quote spoof
Communism GROW YOUR COMMUNISTIC EDGE BY 10 INCHES! that'd be funny.
Really? That contradicts this story posted just two days ago:
The Register is reporting a study by Sandvine.com that blames Microsoft Zombies for 80% of all spam.
So which is it, then?
A simple solution to offshore spam would be to give users the ability to filter the originating mail server by allowed countries. The vast majority of my messages come from Canada and the USA, followed by a small number from Europe and South America. If I could tell my mail server to reject all but mail from my "usual" countries, I could avoid the Chinese mail bombs and bizarro unicode virus messages. The biggest prob I can see with this is offshoring - I recently started to get mail from an offshored IT unit belonging to Shell in Malaysia. That one I would have probably blocked accidentally.
Dear Sir,
It is common known that Russia and China are the source for White and Chinese mail-order brides. However their population has not the African type to satisfy your cravings. Therefore I and my colleagues who have the contact you for V aig r a already have prepared a business venture in which you can test your new supply. For only a small investment we will connect you to the premium provider of African mail-order operating out of our Locations in Congo, Liberia, and Somalia. Please reply post haste with your reply.
Sincerely yours,
DOCTOR M. BOKUZUWANDI
If having a free trade agreement is a good way of getting US legal muscle in to local laws, we should encourage FTAs between the US and Russia, China and all the other spammers.
Maybe we could then enforce the evil bit (RFC3514) world-wide!
There was just an article on how it was infected windows PCs.... and I remember everyone assuming that it was PCs here, so are we talking about Windows in China, now? How do you plan on education in that case?
If 70% 70 percent of spam is sent from China by American spam outfits, wouldn't that make the US the biggest spammer?
That's exactly what it is, only we in the U.S. like to outsource everything we possibly can--tech support, call centers, software development--and that now includes everyone's favorite e-mail marketing substance, SPAM.
Outsource! It's the trendy thing to do!
Lots of that spamming is for harvesting information. Russia and China are some of the biggest culprits in the theft of credit card numbers, eBay, Paypal, Amazon etc. Web hosting located in Russia or more often China for hosting scampages is available to anyone l33t enough to find the people selling it (not very l33t.) No logs, except of course the information you want to reap. Spam away and let the filled out forms roll in!
"Quis custodiet ipsos custodes?"
You know in the past month I have seen that 80% of Spam is caused by infected PC's in Windows. That 80% of Spam comes from China. That 70% come from Russia and China. That the US accounts for 60% of Spam. That Eastern Europe Accounts for 60% of Spam. So from this I know that there is 80+80+70+60+60= 350% Spam. This also tells me that Russia accounts for Negative 10% of Spam. Don't believe me, take this The Reg Story, http://www.theregister.co.uk/2004/06/04/trojan_spa m_study/, This one, http://www.theregister.co.uk/2004/05/25/spam_delug e/ and thats just El Reg. The only conclusive thing I have been able to determine is that these stories are worse than spam, not only are they useless, but we actually read these stories.
Does anyone else see the garbage troll posts that make absolutely no sense? Reminds me of spam.
Someone should make (using genetic algorithms) a posting bot that tries to make insightful first posts. Its fitness can be determined by the readability and moderation score.
another possible explanation of this is illegal copies of Windows.
I was recently talking with a friend from hong kong; he mentioned that virtually no one buys legitimate copies of software because it's more expensive and less readily available.
he also said that users and companies using pirated software don't update it for fear of legal action--hence the huge number of zombies.
In Soviet Russia, everyone and their grandmother is a spammer.
"Quis custodiet ipsos custodes?"
In America, spam spams you.
In Soviet Russia, you spam spam!
The USA is quite obviously the source of the spam. It is up to the USA to legislate in some way to stop the flood of spam that is hurting people all over the world. The real question is: how do you stop the spam when it is being sent from countries like China where the USA has no power to arrest spammers?
Well I think I have a possible solution and it can be illustrated by a case study. In Australia we had an international Paedophilia problem, Paedophiles were travelling to countries like Thailand where sex with children was not illegal and thus were not getting arrested. The solution that was eventually found was new laws whereby anyone who broke Australia's anti-paedophile laws could be arrested no matter where the offence was enacted. Offenders were met at the airport by police and arrested for crimes in other countries and the problem of "paedophile sex tourism" was solved.
My Solution to spam is similar. The USA needs to pass laws allowing them to track down the companies and individuals that are using the Chinese spam services and arrest them. Make the law such that sending spam is illegal no matter which country it is sent from. The spammers might get so scared they will stop Spamming
99 bottles of beer in 175 characte
I'll connect the dots:
Demand for spamming services is akin to demand for illegal drugs, in that demand from the United States fuels supply from other countries.
Read the EFF's Fair Use FAQ
That is the other (electronic) Russian Mafia. Unlike the dumb Italian teamstears who beat people with baseball bats, some of these guys are very skilled and intelligent. The counterparts of many American geeks in Russia couldn't find a well paying job, have plenty of time, and nowadays on the Internet, they have access to all the technical information they need on any subject. They will use the best asset they have, their brain, to make money or build recognition for themselves. And the way the laws are shady there they think they can get away with anything as long as its online. If spam will make a couple of hundred rubles - they'll get into spam, if they can extort money from banks by compromising their webservers, they will do that. How do I know all this? I grew up in those part and still visit friends and family once in a while...
http://www.spamhaus.org/sbl/howtouse.html/ 25_uribl.cf
http://www.spamassassin.org/full/3.0.x/dist/rules
Assume I was drunk when I posted this.
"apparently 70 percent of spam is sent from China by American spam outfits who in turn have hosting arrangements with Chinese ISPs."
Infected Windows PCs Now Source Of 80% Of Spam
OK, which is the more reliable figure?
Screw you all! I'm off to the pub
no shit all the spam comes from over there! 3rd place was a close race between the nation of nigeria and ron jeremy brand dick pills ;P
\x69 \x68\x69\x64 \x74\x68\x65 \x62\x6f\x64\x69\x65\x73 \x69\x6e \x74\x68\x65 \x66\x72\x65\x65\x7a\x65\x72
In memory of Ronald Reagan
Just block anything from China coming into the US. Or any other country. Russia too.
People couldn't care less what comes from Russia or China. Where can I get a list of every ip range in china?
Destroy enemies, only 15 years later enlist their help to for the *spammers* axis of evil! If that isn't a miracle of capitalism I dunno what is. Too bad Iraq and Afgahnistan have to wait that long for their slice of the pie -_-
I -never- expect to get ligitimate mail from Russia (though I have a friend in China). I run my own Postfix mailserver and SpamAssassin. Does anyone know how I can completely block out Russian IP addresses from sending mail to me?
Thanks! (and yes, I know that it won't solve all my spam problems)
Headline should read, US Spammers using services of Chinese ISPs, Russian mob. The Spam originates here, and ends up here. The vast majority of Spam is in English, and targeting an American audience.
and from comment #9384576:
> Linford also told the conference that some 70 percent of spam is sent
> from China by American spam outfits who are hosting their servers with
> Chinese ISPs.
That should say: "70% of spam advertises URLs hosted in China" (not "is sent from").
...
> Unless things change drastically, we predict that 80 percent of
> email will be spam by December this year, and it's very likely to go
> to 90 percent by this summer," Linford warned.
That should of course say "next summer".
The USA is quite obviously the source of the spam. It is up to the USA to legislate in some way to stop the flood of spam that is hurting people all over the world. The real question is: how do you stop the spam when it is being sent from countries like China where the USA has no power to arrest spammers?
Hey, what a brilliant idea. We currently have only a hundred or more anti-spam laws across the world, most in the US. Let's pass a few more. I am certain that when we pass the 500 anti-spam law mark, spammers will suddenly start to cower in their boots and realize that 500 anti-spam laws that aren't being enforced or have no legal/civil/criminal teeth are a formidible obstacle to overcome!
"According to Spamhaus director Steve Linford, the Russian gangs aren't constrained by any anti-spam or cybercrime laws in their home country and have no respect for legislation implemented in other countries."
Criminals with no respect for the law! This world is surely going to the dogs!
---
"The chances of a demonic possession spreading are remote -- relax."
I have gotten quite a bit of spam that is actually written in Chinese. I don't think I have gotten any spam in Russian. I actually got a piece of junk mail that I thought was funny once. The subject was "Hard times ahead!" and I thought it would be about saving money, but it was for viagra or something.
Click for offensive t-sh
I hope there's no -1 Pedantic moderation category...
I agree with this post. Instead of this "information infrastructure" they're building, perhaps they should consider plumbing. I can't see how their two buckets and a stick can suffice.
I implemented some new spam fighting techniques last night. The most effective one from logs since implementation was making HELO checks mandatory in Postfix. If the sending client doesn't submit an EHLO response, Postfix rejects the client. Since this happens before message transmission, it seems that not nearly as much bandwidth is being used (haven't verified that yet.) I'm surprised this isn't on by default in Postfix, but it sure is funny to see all these hosts rejected. None of them even resolve, there's no way that it's legitimate mail. If it is, too damn bad.
"Why do you consent to live in ignorance and fear?" - Bad Religion
PS "cirminal": Jesus, Timothy, you're actually paid to edit this?
a growing percentage is korean, chinese, spanish or russian. do you really think they're targeting americans?
I always thought anti-spam legislation was not only unconstitional but just plain wouldn't work....what we need is good filter systems...I use gmail right now and have even been putting my e-mail on slashdot...havent got one spam message yet. The argument that "It just can't be done" is absured.
stendec@gmail.com
how would the whole world's internet be fucked up because east european virus authors get arrested?
they are after all, writing viruses on contract to american spammers. if these criminals get arrested, how exactly is that a negative impact on the rest of the internet?
Did anyone see that awesome interview with Scott Richter (spammer overlord) on the Daily Show? It was so hilarious. He calls himself a high volume e-mail deployers that send useful services to people.
The best is when they posted Scott's e-mail address on national TV, which is: scottrichter442@yahoo.com
This site here has the video available of that Daily Show clip. Please try not to slashdot the site, maybe someone setup a mirror or something.
"There is no spoon." - The Matrix
Some analysis of my rejected mail logs over the last 24 hours revealed this:
Total rejected spam: 16235 (and 8178 accepted messages)
Confirmed Chinese spams: 1229
Confirmed Korean spam: 1414
Confirmed Canadian spam: 264
Confirmed Polish spam: 342
Confirmed US/comcast spam: 1363
Confirmed French spam: 181
Confirmed Southwest Bell spam: 382
Confirmed Italian spam: 114
Confirmed Spanish spam: 167 (TDE must have finally gotten their act together)
Confirmed German spam: 967
Confirmed Netherlands spam: 452
Confirmed Brazillian spam: 864
This is by no means a scientific analysis - it's based on hard-coded IP-based blacklists that are caught before standard blacklists are checked.
Spamcop RBL rejects: 5460
Spamhaus RBL rejects: 1509
Njabl RBL rejects: 1807
Homebrew RBL rejects: 6382
The big three spam sources have traditionally been Korea, China and Brazil. Comcast has been the big US spammer. France (wanadoo) has also been a major contributor though it doesn't seem to be reflected in this days' logs.
Confirmed Russian spam: 1421
2) is not a solution. never will be, either.
spam is so unbelievably cheap to send, that if even ONE PERSON ON THE WHOLE FUCKING PLANET buys a spamvertised product, it's still a net profit for spammers. 1 million emails? 100 million? 4 billion? it's all the same to spammers.
they won't stop spamming until the people buying via spam is a big fat ZERO. the less that people read and buy from spam, the more spam they will send in order to maintain status quo.
Someone's going to metamod hell for this...
CoolWebSearch is based in Russia. They're the group of people who pay their affiliates to hijack people's PCs and change their search settings and install trojans?
Yeah, thought so.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
People want an open public form of communication, but are unwilling to accept email from people they don't want to hear. I think its interesting that people expect others (i.e. government) to go after these individuals in the hopes that it will put an end to all unwanted email (especially when the individuals are in other countries). If you sat down in the middle of times square, do you think its fair to expect people to stop yelling, the cars to stop honking, cellphones to stop beeping, or the people to stop shuffling past you? The truth is, you will always get unwanted email if you aren't going to actively manage what email gets to you. Do you ever get SPAM from IM? No. The reason why is because you have actually personally networked who you want to talk to and eliminated all others. I believe the future of email communication will be based around a networked process of individual/group permissions. Till that day, people are going to be lazy, unhappy, and wishing for something impossible -- that SPAM will end if they do nothing.
Dear Dr. Bokuzuwandi,
Your prosal intrigues me, as I am always seeking to expand my business to new countries whenever possible. You must understand, however, that I cannot simply blindly enter into deals with people who I have never met. As such, I will require a sign of TRUST from you, in the form of photograph identification. Please understand that I will not be able to accept normal government ID cards or an international passport for this endeavour, as such things are easily forged. Instead,I shall give to you a password phrase, and you must have a photograph of yourself holding up a large and clear sign that displays this password phrase. Scan this photograph in and email it to me as an attachment. When I have received it, I will be 100% ready to trust you with your business proposal.
I do apologize, but until I receive this form of identification from you, I will not be able to provide you with any further information about myself.
The password phrase is "I LOVE ARSE FORKING"
Yours Very Truly,
Pastor Phil McCracken
(Hey, it worked before!)
Now if only I could find a way to similarly humiliate the spammers who advertise pirated software or penis pills...
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Russia - country (in Asia)
China - country (in Asia)
Africa - continent
Coming from Africa I find it funny how easily people make generalisations about Africa but shy away from doing it when referring to other regions.
that the internet was VERY controlled in China.
How can this happen then ?
Does it mean that this activity is accepted by their authorities ?
I filter based on those.
.mail domain is just dense and turns e-mail into a commodity controlled by big business instead of what is basically seen as something for everyone.
Current List of Domains
At the time of this posting it's at 2209 domains. In a day or so it should go up several dozen when I do an update.
It's the only thing in a spam that can't be obfuscated or it simply won't work. At best they can do one to one character codes. Occasionally a spammer will try to be clever and request the user copy and paste the link into their browser. I tend to catch those when I examine what got through but the pay off from those is probably so low that the spammer goes back to links. It's hard enough to get someone to click.
The other advantages of blocking based on click-me domains is that the header is irrelavent (it doesn't matter where it came from) and that it's the only thing that costs the spammer real money. And it's the only thing guarenteed not to be in a legitimate e-mail ever.
I've gotten several occuraces of dictionary words inbetween the same obvious spam domain entry. It's quite simple to see which are the filler to fool fully automated anti-spam systems and which are the real links.
The long and shot of it is that if you can use it, so can spammers. Charging thousands for a
You have to deal with spam within the rules that spammers set. You can't invent rules and then pretend spammers are going to follow them. After an update it takes a few days for the spam to pick up again. If major players would stop worrying about where spam was coming from and start dealing with where it's pointing to, this problem would be a lot more managable.
I've started sending my hotmail spam off to my mail server to help build the filter. It'd be nice if other people were building reliable lists so that I could premptively filter more domains. Nobody really takes it seriously though. They'd rather blacklist countries since it's "easy."
Ben
Work Safe Porn
1. In Soviet Russia ...
2.
3. Profit!
/cj
What is the best way to stop this?
Trying to rally skeptics on both sides of the Atlantic, President Bush said Saturday that the war on spam is the "challenge of our time" and insisted that bitter disputes among U.S. allies over the war on spammers were dissolving.
You /.ers keep on spinning headlines about how some foreigners from country X are the biggest spammers, yet:
"70 percent of spam is sent from China by American spam outfits"
The same scheme over and over again! Stick your homophobia somewhere and keep to the facts. Unless the US cleans up its act wrt to spam nobody will get a significant relief from spam.
Grumble,
*t
This is simply presenting more of the story. SPAM is an international enterprise. Most of the instigators are here in the US, as are most of the compramised computers. However it sounds like from this and other articles is that much of the hacking work is being done by criminal syndicates (huge shock there) and that most of the websites the spammers are setting up are in China.
/., if you bothered to read it.
This does NOT mean that the domestic spammers are being ignored. One has already been convicted, Microsoft and Time Warner are suing a bunch more, and the justice department says it is prepping 50 criminal cases under teh new SPAM law. This was all announced on
Quit with the anti-American bullshit. Yep, the problem is here. We know, we finally have a law for it, though not as strong as we'd like, and the wheels are in motion. Doesn't mean that the US is solely responsible. I do not at all think it is unreasonable that Chinese hosts should show the same standards demanded of US hosts in not hosting SPAM sites.
It'd be different if any sub-saharan african nation were to distinguish itself from its neighbours, by having a government that functions on some level. Openly robbing the public and murdering dissidents in the streets don't make a government functional in this context, sorry. Having another coup every year or two doesn't quite cut it either.
The Spamhaus Project has warned that organised cirminal gangs in Russia
When will they learn... Cirm doesn't pay...
"Was it a millionaire who said 'Imagine No Posessions?'" -- Elvis Costello
Wasn't there an article here a few days ago that said 90% of spam was getting send through compromised zombies? Are most of them colocated in China?
My problem with hard laws like this against paedos is that when justifying the terrible social injustice, you will be thinking of six-year-olds. However, *legally* paedophile is sexual assault on a minor. Which is under 21 in US (some states?), 16 in the UK, 14 in some Arab states, and probably 12 elsewhere.
So because I have a 19-year-old wife, I am now a paedophile?
ALL over-reaching laws MUST say at what point this will kick in. A few hundred years ago, nobles in Europe were betroithed from 6, married by 14. There is *definitely* a grey continuum. Personally, I'd say
6 or less. Sick. Needs help. Paedophile
10 or less. WTF? Paedophile.
10-14 Grey area. Probably too young, so no problems passing LOCAL laws against this.
14-18 Light-grey to white (:-)). Still too young, I'd say, but girls mature physically pretty early and I could understand someone targeting this age group. Frown upon it, but no legal problems unless there is another reason.
18+ White. A few "reduced capability" people here maybe *should* be protected as "statutory rape", but that should be defined upon the basis of "reduced responsibility".
Since it seems that foreign ISP's are in league with organized crime, then i'd say that this is a threat to national security. Therefore, I recommend that all TLD providers remove all references of the suspect ISPs from their databases, including blocklisting their POPs and SMTPs.
It'll be a double-edged sword, I know, but in this matter, it'l hurt them more than the rest of the world. Boycott and Blacklist all *.ru and *.cn servers until this matter has been settled.
First rule of holes; When in one, stop digging.
Dmitri: So Vladimir, whatever area do you specialize in these days? ...
Vladimir: Smuggling, my friend. Vodka, narcotics, humans... If it can be smuggled, chances are I smuggled it some time...
Dmitri: Sounds good, how about you, Ivan?
Ivan: Weapons trade, of course. Got a few good high-up friends in the Red Army that are willing to relinquish some surplus material to me at a good price, which I sell in Africa and the Middle East.
Dmitri: Good to hear you two are making a nice profit.
Vladimir: How about yourself?
Dmitri: I rent out hundreds of cracked computers to US based companies.
Ivan:
Vladimir: Dmitri, you suck.
A quick profiling of the underground eco-system (who tries to hide behind DDoS attacks and SPAM):
PPT
PDF
@cn
Use hotmail, and enable the best spam protection in your hotmail options. Only people who are in your address book will be able to send you a message. All other messages are routed to your junk mail folder.
If I am expecting something from someone who is not in my address book, I make it a point to check the junk mail folder. Problem solved.
This is the best solution folks. Either that or you do like my work does, and have all your mail filter through a service that maintains a list of spammers. Keep in mind though that these people can read all your e-mail. Also, if the spam service goes down, you're screwed.
...in the fact that I don't get spam, I don't use filters and I don't give out my email address. Oddly enough I don't get spam, that's right, none.
I find people's fixation on digital junk mail disturbing. What about laws to stop real junk mail? You know, that stuff that fills your "real" mailbox? That's a far larger problem. After all, you can just delete spam, how do you delete 17lbs of paper?
Nostalgia ain't what it used to be.
In Soviet Russia, the spammer IS YOU!
Ceci n'est pas une sig
"Steve Linford, director of The Spamhaus Project, warned on Tuesday that these gangs are supplying US-based spammers with details of compromised PCs that can be used to send out their unsolicited commercial messages, and creating viruses that will create more of these open proxies. "
In other words, this is the source of most of the zombie PCs referenced by the other slashdot article here.
Why are we not punishing the fools who hire these spamming bastages to promote their business?
After all if the source of the spammers income dwindles then they wither. Perhaps I'm being overly simplistic.
-- What's this '-r *' file doing here? -- Oh well, a simple 'rm' should do the trick.
There are numerous websites out there that list the netblocks associated with various countries. It's very easy to turn one of those lists into iptables rules to dump smtp traffic from those netblocks on the floor. As a matter of fact, this site even has the iptables syntax pre-prepared for you.
http://www.okean.com/iptables/iptables.html
I've been using the China+Korea blocking on my personal server and it drastically cut down the spam. As an added bonus, if you want to eliminate all the portscans and intrusion attempts as well, just eliminate the "--destination-port 25" and dump all those packets on the ground.
Draconian? Yup.
But I don't feel guilty at all. If more people did this then the naughty netblocks would have some incentive to clean up their act.
I don't know about the rest of you, but I have noticed most of my spam (over 50%) is coming from Korea.
I've actually taken to the process of filtering entire Korean IP ranges. While time consuming, within a week I have cut my spam in half. I'm also no longer getting unreadable asian charsets.
Anybody know where someone might obtain a list of IP ranges as assigned by country?
I could give a flying fork about asisn users. I have no need to recieve email from that part of the world anyway, so for me, the best solution is to just block off that part of the world.
No skin off my back.
Has anyone tried, even proof on concept, to create a virus or worm that innoculates zombies?
1) A globally applied (hard, I know) Email Tax. ISPs have to pay $0.001 per email, thus have to forward the cost to the users: makes spamming unprofitable (a million emails = $1000). Doesn't totally kill the idea of "free private email", it's still almost free.
2) A totalitarian firewall + antivirus package made by Microsoft and placed on Windows Update ("Get this brand new Service Pack to speed up your Internet!") to make sure it ends up covering all of the clueless population. Like everybody. As it spreads, reduces the amount of zombie machines drastically. Thus reduces spam traffic.
3) Putin and colleague in China are asked on a high level (go Dubya!) to please get interested and put their local ISPs "in line" in locally applicable creative ways. -- Dunno how useful this would be. But I imagine a CEO of an ISP would reconsider their corporate policies when held at machinegun point by a squad of friendly OMON officers.
Notice how many of the party functionaries responsible for enforcing the great chinese firewall are driving around in a Benz or a Lexus. Spam is big business run by criminals who don't give a nanosecond's thought to bribing officials in 3rd world countries. THAT is why western governments aren't willing to "follow the money and take action". They already know where the money goes.
The article said 70% was from america. You understand the diffrence between "growing" and "big" don't you?
autopr0n is like, down and stuff.
It's becoming clear that spam isn't just low-rent MLMers using disposable AOL accounts to sell their crap, spam is about organized crime and the tool we need to use against it are the RICO laws designed to fight organized crime.
;-)
First of all, start with the assumption that most spamvertized businesses are either outright frauds or otherwise participating in something illegal (ie, controlled substances without a legitimate prescription). I don't think that most people would challenge this hypothesis.
Since the primary economic activity and the secondary activity (spamming) is illegal, we can then presume that the entire enterprise represents racketeering, and anyone knowingly participating in it is also guilty of racketeering. It's viral, like the GPL.
My guess is that the spamvertised businesses and the spammers have ties with legitimate businesses (banks or ISPs), some of whom are aware of their activity and go along with it either for personal or corporate profit.
If a big enough operation could be captured under a single RICO net, get sucessfully prosecuted and do hard time it could have excellent benefits in controlling spam. The negative PR that would affect otherwise legitimate businesses (banks, ISPs) might make them far more careful who they do business with, rejecting existing spammers and spamvertised businesses, and I have a hard time believing that spamming and running a spamvertised business is something you can do without ties to the real world. Spammers and spamvertised businesses may just decide that facing federal prosecution and working much harder for resources isn't worth the risk, especially if it means criminal penalties ending in a trip to a PMITA prison.
I know I'm repeating myself, but, we have to make sure that headline appears in the "mainstream" media, not just in places that only us geeks look.
Joe 6 pack needs to be routinely reminded that "spammers=criminals", and "buying from spammers=giving money to the Russian Maffia".
I think those of us who are familliar with the problem, need to take the initiative to contact our local media and help them understand what's going on. Lay it out for them: virusses -> zombie PCs -> mail relays -> spam -> criminal gangs.
And then repeat to make sure they get it: "Aunt matilda's computer is being used to make Big Money for the russian maffia.", and "buying from spammers finances the creation of more virusses".
The fewer people who buy from spammers, the less spammers can afford to stay in business. Shout it from the rooftops.
---
"I can't complain, but sometimes still do..." Joe Walsh
something that was speculated to be employed but seems to have disappeared was that they would start charging for every email sent. Something like 1-10 cent per email. For you or me that's maybe 10-100 cents a day, but for spammers that's a bucketload of money cutting pretty deeply into their profits...anyway point being it would become less worthwhile to do it. However a lot of people would complain about being charged to send emails BUT then again we do have to pay for post and it would theoretically cut spam so i guess its how much you really want to get rid of spam
An anonymous reader writes "According to this ZDNet article, The Spamhaus Project has warned that organised cirminal gangs in Russia are supplying U.S.-based spammers with details of compromised PCs that can be manipulated to send junk mail. According to Spamhaus director Steve Linford, the Russian gangs aren't constrained by any anti-spam or cybercrime laws in their home country and have no respect for legislation implemented in other countries. Also, apparently 70 percent of spam is sent from China by American spam outfits who in turn have hosting arrangements with Chinese ISPs."
Its Criminal, not Cirminal
You create your own reality - Leave mine to me.
I just installed an anti-spam appliance yesterday. So far, over 80% of the Spam that is blocked has come from DSL and Cable lines, presumably from compromised machines.
"The natural progress of things is for liberty to yield and government to gain ground." - Thomas Jefferson
Thanks for the heads up, Captain Obvious.
Another way of saying this is we should not let politicians accept corporate campaign donations. I mean isn't a senator taking money from the corps. he's supposed to be regulating just the same as a judge taking money from a defendant? What possible further good could come from allowing this practice except the further dumbing down of the American people through incessant political advertising? Alternately we could just teach people to vote with their brains instead of based on what they heard on CNN. Right... like that'll ever happen.
An article about real russians and nobody takes a cheap "Soviet Russia" joke? This is history in the making!
As somebody who lived on the territory of the former USSR, I am not surprised that the majority of spam arrives from Russia and that kiddie pr0n sex rings are linked to companies in Belarus. Why does that happen? Well, compared to the United States those countries have virtually zero law enforcement and high levels of corruption.
Even with Vladimir Putin, Russia still lags behind in terms of law enforcement when it comes to protecting human rights, technology, women, children, etc. When I traveled across the republicts of the former USSR I was surprised by the amount of counter-theft goods that one could get through local flea markets. You can get CDs full of the latest software, like 3D Studio Max, for $2-3USD. If you get a several CDs, you get a discount. When you pop one of those puppies in your drive and read the instructions, they'll say "Please run a program called crack.exe in order to activate the product." Activation my ass. The same applies to DVDs, and brand-name products.
According to my friend who travelled to China, that country is pretty much in the same spot. Yes, they are good at banning people from accessing forbidden sites. Yet at the same time you can to to a street market and purchase a fake "NorthFace" jacket for $20USD or less; In the states you'd pay up to ten times as much. Then there are corrupt politicians and cops who can close their eyes provided that you pay them a certain amount of money. With that in mind, it is not a surprise that China and Russia lead in spam.
There is a lack of sync between technology and the laws that govern it in the countries that are not, well, *that developed* yet.
I doubt that Linford himself would say something as stupid as "Russia and China 'behind current spam deluge' when Americans advertisers are paying for it and 80% of it originates on computers running a broken US OS. I also doubt that Linford would blame the Russian or Chinese governments for the actions of organized crime in their country.
Graeme Wearden should do some more research and think. There's a real story here and the pieces are being put together. Where is the spam really coming from? Follow them money. Does anyone really buy penis enlargers, diplomas and drugs from spam? What companies have recently announced profitable new email schemes that depend on the death of normal email? Could large ISPs run by unethical companies, that have a proven record of breaking competitor's service, be trying to break competing ISP's email service by deluging their customers with spam and then advertising spam blocking email of their own? Russian and Chinese criminals seem sensational, but the truth is always much more interesting.
Friends don't help friends install M$ junk.
...with the Columbian cartels to get extra funding, ...
Columbian: relating to the United States or Christopher Colombus.
Colombian: relative to Colombia, a republic in northwestern South America.
ISPs are a major part of the problem. They either know, or can know, that they have spammers and other criminals on board. Yet many do nothing about this because they would rather have the money spammers pay them. We need to stop peering with bad ISPs in every way we can.
Those who whine about their mail not getting through because they are using one of these bad ISPs are also part of the problem. They need to stop encouraging their ISP to continue, and force the ISP to decide between good and evil. If there's another ISP, switch. If there's only one and it's because the government gives them a monopoly, then the government is the problem and they need to fix that. If there's only one and it's not a monopoly, then they need to start their own ISP (and not allow spammers, lest they also be cast into the deep pink cyber oblivion).
now we need to go OSS in diesel cars
*Not that I'm suggesting that GM (or any car other manufacturer) would resort to such lowdown dirty rotten tricks as this.
Ok... lets say we "go after the advertisers and throw them in jail or fine them millions of dollars" for sending spam.
Great, and lets say that stops spam 100%.
Now... I'm pissed off at you. I forge a fake advertisement for a product, or better yet, I know you sell a certain product, so I craft a legitimate advertisement for that product without your knowledge.
Now I spam it out to billions of addresses and wait for the feds to come in and ruin your life. Oh sure, you'll claim that you didn't send the spam, but we're already on the warpath, and you're about to be steamrolled. Who's going to believe you didn't send that spam? Who's going to believe someone illegitimately created an advertisement and sent it out for free! Yeah right... off to jail for you!
That's why the government doesn't go after the advertisers... because it can be forged and used as a weapon against your competition or against people you aren't happy with. How do you prevent this?
Currently, you don't... the only solution in the long term is going to be to revamp email to make the senders accountable. Period. End of story. No other solution is going to work.
Certainly not more laws.
It's not hard at all to block these cable/DSL/dialup hosts from sending you mail. Here's what I use:
t |c lient2).*$\N} .*$\N$ \N\ N
1) A filter that looks for hostname patterns that look like consumer internet connections (DSL/cable/dialup):
[note: these are in Exim lookup-table syntax]
\N^(dsl|cable|adsl|dialup|docsis|pool|ppp|clien
\N^.*\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3
\N^c\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\..*
\N^[sShH]\d{3,}.*\.[a-z][a-z]\.shawcable.net$
\N^.*\d+\.charter-stl.*$\N
2) Next, you block known spam-source countries. Some may take offense to this but the company I work for only sells products to people in the US, so these filters aren't a problem. To accomplish this, I set up djb's rbldns server on one of my machines. Currently, I'm blocking netblocks from Brazil, China, Korea, Malaysia, Nigeria, Russia, Singapore, Taiwan, Thailand, and Turkey. These netblocks come courtesy of blackholes.us.
3) Anything that is not caught by those first two local options is run against the DNSBL list at SORBS. We choose to use their combined blackhole list but you could just as easily go with their anti-dialup/dsl/cable IP list.
If an e-mail makes it through all of that, it gets run through SpamAssassin and blackholed if the score is >= 7.0 and marked if the score is >= 4.0.
We're also doing a bit of tarpitting. Every time we get a connection from a blacklisted IP, we tarpit them for two minutes before spitting out a 550 error code.
Despite this, we still get some spam and dictionary attacks. The spam gets filtered by the client and the dictionary guesses are blackholed by the local delivery server, which is configured not to send bounces.
Chris
Spam is an inevitable by product of having a virtually free message delivery system.
As far as I can tell, this is the first time in the history of the world that a company, legit or not, could advertise their products and services for free. Every other method costs a hell of a lot more money and doesn't reach nearly the same audience. Be it paid tv advertising, direct mail, etc.
As long as email is free to send, boxes will always be full of spam. Spam will be the end of email, the problem is only getting worse, with no real hope in sight.
Be better in bed. Wikiafterdark!
Because 50% of a shitload, is still a shitload of spam.
yeah you ever get that spam that says "Instantly downloadable windows programs from $50" they offer things like 3ds max for $80, office for $50, all for access to their 'secure download server'
HELLO
Russian Pirates, DUH!
Is spam somehow different when it's on TV and costs a million dollars a second. It still doesn't deter or change the fact that 50% of the time in front of the tube you're wasting time 'dealing' with ads. /hate/ all the advertising so much that when spam comes up nobody seems to remember it's their own fault for picking the 'ultra plus' product over the plain 'ultra'.etc.
Where I'm sitting right now I can see at least 20 brand names and I'm just here at home.
Whatever, spam is here to stay. Make spam cost a million dolalrs and only ppl with a million dollars will spam you, make it illegal and only companies with teams of lawyers will have access to your attention. etc.
We
They are the axies of evil !!! Lets nuke'm
"Insanity in individuals is something rare, but in groups, parties, nations, and epochs it is the rule." - Nietzsche
Dean turned all the political scum on to spamming so it will be that much harder to be rid of.
At political parties and individual pols to your spammer service list.
Whoa, sorry for pointing out that demand for spamming services is coming from inside the United States.
I simply intended to point out that while we're busy pointing the finger at Russia and China, the demand is being drummed up here in the States. The Russian and Chinese criminal organizations that deliver spam should be stopped, no question about it. But as an American, I think it's appropriate to bring up the fact that we can still do more to stop spam here in America.
I'm not sure how that makes me anti-American, but given the current domestic political climate I guess everyone is suspect.
Read the EFF's Fair Use FAQ
Who gives a hell where it comes from?
Isn't it the BUYERS who buy all that stuff advertised in spam we should be worried about? They are the ones who make it worthwhile. They are the ones which cause spam to be sent, and they are the ones for which all of us have to suffer in the form of bandwidth wasted for nothing.
Judging from my limited incoming spam experiences, I feel USA might contain most if not all of the buyers. Some people I know get French spam, and spam in other languages, but that's a very small minority.
And if you check out those domains to where the URL inside the spam points to, and do some digging, you end up with some Hicksville, USA company.
Why would anyone buy anything from a spammer, that's something I can't understand.
I do not moderate.
Why is the article titled "China and Russia 'behind current spam deluge' when they are just the ISPs? It's Americans paying for it, so they are behind it.
..." you just have to have it)
Of course, the lack of respect for US spam policy does not help the situation - but this is not surprising, given that the unstated rule of almost all American policy is "If you have enough money you can get away with whatever you like". (Note that this isn't "If you give me enough
Selling junk to idiots, America's number one industry.
From this article:
apparently 70 percent of spam is sent from China by American spam outfits.
From this article:
Infected Windows PCs Now Source Of 80% Of Spam.
That explains why we're getting so much spam. The current level of spam is at least 150% of the current level of spam. Why am I reminded of a quote from The Simpsons?
I've always wondered why doesn't each IPs port forward 25 their own mail servers, which then could determin if a person is trying to spam based on how many e-mails the person is trying to send, the address, the content, etc... Buisness class services would be similar except they would block out going 25. Then if you set-up your own mail server you would have to call the ISP and register it with them as a mail server, and get reverse looks and stuff. Then that mail server would fw all of it's mail to the up stream provider at the tier 1 level the mail would then get delievered. the other tier 1s would except incoming port 25 only from registered teir 1 mail servers.
Looks like the U.S. has some catching up to do.
I'm posting this so that you (the moderator) have some context to consider twitter and not mod him up whenever he posts his filler preformatted rants about installing Knoppix or whatever that unfortunately get him karma every single time and allow him to continue posting his trademark toxic crap (read on) day in and day out. You may consider this a troll - I consider it community service. And I ain't kidding.
If you're a /. subscriber, I invite you to look through some of his posting history. I guarantee that you'll be hard pressed to find someone that is more "out there" than twitter. You'll also probably notice he's got quite an AC following. Don't just read his posts, make sure you go through the replies.
To get an idea of what I'm talking about, check this post out. I mean, this is an article about email disclaimers, right? The parent of the post is complaining about the ads in the linked page and so on, and twitter actually goes off on a rant to blame it on Microsoft and recommend Lynx. WTF?
Here's another. In this post twitter not only calls the OP a troll but attempts to "tell it like it is" while making some vague argument about "GNU". Yes, if you're confused, you're not alone. The reply (modded +4) proceeds to simply destroy his bogus argument. You will notice he did not reply. This is what some people call "drive-by advocacy". A sort of I'll just leave you with my thoughts here and move on to the next flamebait kind of deal. In fact, he almost never replies because he knows that his fanatical arguments simply do not hold up to any sort of discussion. It's not that he's chosen the wrong cause - he's just going at it in a completely wrong way.
More? Just read though this post and the subsequent replies. I guess this stands on its own.
More? Bad spelling in astounding conspiracy theories, more offtopic FUD and uninformed "I'm right, look at me" rants, promptly proven wrong. Worse even, twitter wants to be RMS, apparently (that first one is a winner). I mean, really. You think?
FUD, FUD, FUD, FUD, offtopic FUD
Leave it to /. mods to give (Score:5, Insightful) to a post that deserves (Score:10, Funny)...
We should launch a major DOS attack! We are at defcon 1 here!!! (just kidding)
411 Y0UR 8453 4R3 8310NG 70 U5!! -NSA
- Competitor A and Competitor B both sell low-interest mortgages.
- Competitor A is better at identifying good risks than Competitor B, and gets fewer defaults.
- Competitor B notices that the U.S. Congress has passed a law against spamming, which allows the FBI to imprison people whose services are advertised using UCE.
- Competitor B says "Aha!" and hires Evil Taiwan Spammer, Inc. to advertise Competitor A's services.
- Competitor A is thrown in jail.
- Competitor B gets a monopoly, and profits.
Nah. Technological solutions are best. What I'd like to see is PGP/GnuPG signing of all emails. If emails were signed, then we could filter out all non-signed emails, and that would pretty much be the end of spam. To this end, I think the listserver community should really investigate linking majordomo or something to gnupg, so this policy could be implemented without giving up listservs.my old sig used to be funny, but then slashcode ate it and now it's not funny anymore
Try http://www.blackholes.us
They have lists of IP ranges assigned by country and ISP.
For outgoing SMTP connections to send email:
1) POP-BEFORE-SMTP and/or
2) Route ALL port 25 traffic through the ISP's mailserver.
For incoming SMTP connections to receive email:
ONLY ACCEPT CONNECTIONS FROM FELLOW DNS-IP-VERIFIED SMTP SERVERS. NO EXCEPTIONS!
Alas, as long as hosts continue use 'hidden mailservers' that are not officially on file with a DNS lookup, spam will continue to plague the Internet.
In a perfect world, directly delivering email to the recipient's mailserver should only be done by a fellow mailserver offically on file with the DNS system. When a 'non-mailserver' IP does this, the practice screams spam....
It seems to me that spam messages can be randomized and filter tested to make sure we get them to no end, but its a bit harder to set up the domain and server to collect the Credit Cards at the end of the spam's life cycle.
Lets everyone on slashdot click on the link in the spam, perhaps even keep a database of spams for our clicking. If the slashdot effect can sink a legit, well heeled sever, think of what it can do to joe spammers little ccard collecter.
And once it get's nailed, all of those spams with that endloop are uesless, no matter what nifty filter-clearing tricks they use.
More damn outsourcing. US spammer's have kids to feed, too.