Slashdot Mirror
20,000 Zombie PCs -- $3000
Saint Aardvark writes "From F-Secure blog comes these links to two USA Today articles on spamming. The first gives an example of how a grandmother ended up becoming a security expert after Comcast cut her connection for spamming. The second quotes spammers advertising networks of Zombie PCs for sale. The price? $3000 for 20,000 machines."
What is the percentage of OS broken down. Is it consistant with the OS spread. Such as 90% Windows, 7% Linux, 3% Mac? Anybody know of a break down? What does everybody think it is?
Zombie victim Carty took matters into her own hands: She did research on how to clean up and protect her PC and diligently updates programs that scan her computer for various types of malicious code. Her PC now runs clean. "I had no clue at Christmas that I would become a security expert," she says.
So that's all it takes to be a security expert these days? No f'ing wonder there are so many security problems these days
Also, it lightens my heart and makes me feel all warm and fuzzy that it only took "as many as 70,000 pieces of mail" in a day to get Comcast to shut her down.
Lets buy a whole bunch of these zombified pcs, and launch a DDoS attack against the isps of known spammers! It may force some action, and I think it would be worth the cost.
Probably. If you're willing to pay the same price as the spammers.
Incidentally, I used ShareSniffer, back in it's day, to find unprotected shares and install the distributed.net client on about 120 machines. Mean thing to do, I know, but what the heck. At least it wasn't for monetary gain.
I have to say, I don't understand how people get into so much trouble.
Maybe I've been lucky, but I've ran a Windows XP system for about a year now (and a Windows 98SE system for about 2 years prior under the same conditions), doing the occasional patches from Windows Update, without a virus scanner or firewall. If I do something stupid that makes me suspect that I've contracted something, I'll drop over to http://housecall.antivirus.com/ and do a quick scan. This generally only happens when I'm trying to find a crack for something on a P2P network and the bastards have embedded a keystroke logger or some other little nasty in a trojan crack package.
Otherwise, I do an occasional glance-over at the list of processes running, and if my modem is lighting up like a Christmas tree I might fire up Sygate Personal Firewall or something just to see what's happening with the traffic, but I've never seen it give me real cause for concern. I still get some port traffic for the old Code Red worms and what not, but nothing that seems to have been really problematic.
As I said, maybe I'm just lucky. Then again, maybe I don't use Internet Explorer or Outlook Express, and maybe that helps a lot. Who knows.:-)
picpix image polls. create - share - vote. fun!
It's interesting that articles like this don't blame Microsoft. One wonders how Microsoft arranges that.
Actually, according to my spammeter the amount of spam has been slightly declining over the past few months. I'm still at around 400/day level though...
Since I haven't sensed that a widespread educational movement is in place to tell users otherwise (besides the occasional article in the newspaper, and I personally believe that doesn't count), can someone else step up to the plate? It sucks to have to repeat the "who's responsibility is it"? thing ad infinitum.
So here's a story... I have two Macs hooked up at home. Comcast gives you the cable modem and basically just tells you to plug it in. Not surprisingly, if I were to have an old WinXP system that was stuck on dial-up (I can't download 400 MB service packs or security updates), I would be virus infected. Fortunately, I had OS X with a firewall... except they told me to disable the firewall and virus software since I was having problems. If that works, ordinary user thinks, "Wow, well if I can't use a high-speed internet connection with a firewall/virus software, what's the point"? That seems like a setup for disaster.
Remember, most users come up with questions like this. I don't think they're at all aware of what can happen, or what the effects of identity theft are, or how much it sucks. All they know is that geeks like us tend to berate them, companies like Comcast give them a mile of rope to hang themselves, and companies like Microsoft push insecure solutions that have enough security holes to cause companies like Comcast to shut off their internet access.
Come on, we can do better, all around.
-Rob
Marriage doesn't have to suck!
MS, AOL, Yahoo, and the other majors ISPs actually sell spamming service to the large spammers. In particular, MS, AOL, and Yahoo will sell your address (those that do not belong to them), and will provide IP's and bandwidth for the spammers. Sometime ago, I was at a major bandwidth provider who worked closely with MS (it was not widely known at the time, but it is now) when a spammer approached the VP. He was upset that MS was going to change the agreement and charge 5 million a month (rather than 1 million a month). So who was the spammer? It was none other than the guy from Denver (ATM, I forget his name) who was turned over to the feds for spamming by MS.
There's also JavaScript overlay on the address bar. Put the "spoofed" address in an overlay that fits over the legitimate one. Same thing with the "padlock" for SSL.
"This calls for a very special blend of psychology and extreme violence" - Vyvyan "The Young Ones"
If spammers are scammers, can you really expect good value for your money?
I fully expect follow-up news stories on how someone who wanted to open a business online fell for a mass marketing scam, paying spammers thousands of dollars only to see the spammers vanish in thin air with their money.
Similar scams have been played in real life with fake ATMs...
Don't blame me, I didn't vote for either of them!
From the USA Today article: Are hackers using your PC to spew spam and steal?
"Consumers should demand what they do of other utilities," says Kip McClanahan, CEO of security firm Tipping Point. "When I pay my water bill, I expect my water to be drinkable out of the tap. Today, when you pay your Internet bill, the data you get is not consumable."
Huh? Where does this guy live that he gets consumable water out of his tap? Mine tastes like a dirty swimming pool.
I don't drink the water out of my tap; it goes through a filter before it goes in my body. I also don't open the gas line and hold a match to it; it goes through a burner in a carefully crafted device. And I don't have bare wires lying around carrying electricity; they are all installed in receptacles to keep me from electrocuting me and my guests.
I certainly can't sue the gas company if my faulty furnace causes my house to burn down (well, who knows these days, I probably could but it'd be wrong). And blaming the electric company for pushing too many electrons through my heart when I tried to pry some bread out of my toaster with a butter knife isn't right either. If you're daring enough to consume the water out of the tap you are probably ignorant of its contents: heavy metals, pesticides, chlorine variants, sometimes fluoride, and who knows what else.
So why should I blame my ISP for giving me data from the Internet? That's what I'm paying for and it is exactly what I want. As long as the signal levels are right for my modem and the information is IPv4 they are doing no wrong by me.
The burden of protection lies within the devices and software connected to the net. The consumer shouldn't have to give this any more thought than what they give their car about changing its oil. So who does the average consumer have to blame? You guessed it! I'm not even going to say it.
Oh, that would work, but it would be APPEASING the spammers. Modern government can't open the door of appeasement. No, far better to raid some third world software development house that has nothing to do with spam, kick the shit out the bastards and hope it stands as a warning to everybody else.
Hey freaks: now you're ju
If a system is "rooted" then they do have root access. Thus the name. And you don't need root to use sendmail which is installed by default on many distributions.
Sounds like a good time to try the Phishing IQ test. As for using the exact domain, lots of sites use a different provider for their online commerce, so that won't necessarily work.
Does anyone else wonder where MessageLabs gets their statistics? I can't help but wonder at their methodology (though I suspect rectal extraction). I get daily reports on SpamAssassin and my configured DNS block lists for the servers I manage. Their spam traffic doesn't start to approach 95% of inbound messages. After eliminating all internal email from the statistics, SpamAssassin flags about 20% of incoming email as suspicious and SpamHaus blocks another 10% or so. These are not confidential, hard-to-find addresses. These are university servers where staff and faculty are required to have valid email addresses posted on the department web pages. Any spider worth a damn should have harvested them long ago. I find it very hard to believe that this environment is getting 60% less spam than systems that don't provide a directory of valid addresses.
Spam is a problem, but it's time journalists (online and otherwise) start taking stats with a grain of salt. Too many organizations are willing to publish questionable numbers in an attempt to sound like they have thoroughly researched the issue.
Or in the MessageLabs case, to sell a product that will 'solve' the problem.
Using simple tools, I have watched the inbound connection attempts made to my personal computer. Many of these attempt simple http style requests on unregistered ports. The requests are in the form: ttp://www.helllllabs.com/cgi-bin/found_one.cgi or something like that.
Going to the website, I find its one that sells proxies of some form. Gee.
Now this seems like they are signing their own name to their evil deeds. Could this mean anything other than this company is scanning for proxies and registering them using their own website?
*laughs*
Um, no, we really wouldn't appreciate you doing that with our software. And it is against our terms of use. http://vsp27.stanford.edu/license.txt
But back in my d.net days, we estimated that about 1/3 to 1/2 of all installs were zombies or forgotten. The original 5 proxies (hardcoded IP's, including my old dorm IP) probably still get pounded on after all these years.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
"Consumers should demand what they do of other utilities," says Kip McClanahan, CEO of security firm Tipping Point. "When I pay my water bill, I expect my water to be drinkable out of the tap. Today, when you pay your Internet bill, the data you get is not consumable."
I only partially agree with this. What should happen is they should sell me access, and I should be able to waive their protections under the promise that I provide my own. I want to run my low-traffic web and email servers from my connection. Most people don't need to. I will take the extra work of securing them in return for being allowed to use them.
A blanket stop of much of this is all but impossible, though.
My blog. Good stuff (when I remember to update it). Read it.
But with a lot of linux users, maybe with some of them don't aplying security fixes and activating services because they are just there could mean that a future remote exploit to a commonly installed service (i.e. ssh, apache) could have some success, and there number of installed system is not a problem, one of the latest worms exploited a vulnerability in a not so common, commercial firewall for windows, and was pretty sucessful.
Fix a car no.. but maintence on a car.. yes. If you don't know how to check your oil, windshield washer fluid, heck how to fill the gas tank, your not going to get far. I agree that we don't need the world being able to repair failed hardware or troubleshoot irq settings (Bad example I know) but being able to keep their computer "clean" and in decent working order should be achievable. Not saying it's the end users fault completely, software and hardware still has a ways to go before it's as easy as it probably should be for the average Joe (or Jane) but people do need to take more interest in these "new fangled computer thingies" if they're gonna use em. My 2 (CAN funds) cents
Grandma does not have to become a computer security expert. All she needs is a Macintosh.
Friends don't let elderly friends drive Windows on the Internet.
i've been getting these for months. kinda makes me wonder how many people have been fooled by them.
the funniest by far is the one from the so-called mail administrator from my domain with the same basic message. the funny thing is, i own the domain
and i run the server that's running the MTA...
Surely some kind of USB dongle/smartcard-like thingy would be cheap enough now?
My bank (https://www.fortisbanking.be/) figured out the smartcard thingy from the start, about 5 years ago.
Every time I log in, I use a different 6-decimal-digit number created by the smartcard. Money transfers over a certain amount also have to be signed.
Any messages I get from my bank end up in this secured area, never in my email; they don't even have my emailaddress.
If it hadn't already been published that the list was available (Like it's still for sale now that it's public knowledge), this would be a perfect opportunity for Comcast etc to reclaim some bandwidth. They could team with the FBI/Scottland Yard/Interpol (who would be very interested in such fraud) then buy the list with something tracable.
.sig?
If the deal is a scam, follow the money and bust the crook. If it's real, follow the money and bust the crook then clean up the zombies on your network.
Basically it's a no lose opportunity.
Psst... Hey buddy, can you spare a
Email their own members, redirect them to the wrong web site, which looks real - and once they login, give them a stern looking warning and a lecture on Phishing.
And if they get sucked in two or three times, revoke their account privliges.
It would be annoying - but eventually I suspect that banks will have to take more proactive measures to educate their customers.