20,000 Zombie PCs -- $3000
Saint Aardvark writes "From F-Secure blog comes these links to two USA Today articles on spamming. The first gives an example of how a grandmother ended up becoming a security expert after Comcast cut her connection for spamming. The second quotes spammers advertising networks of Zombie PCs for sale. The price? $3000 for 20,000 machines."
Zombie victim Carty took matters into her own hands: She did research on how to clean up and protect her PC and diligently updates programs that scan her computer for various types of malicious code. Her PC now runs clean. "I had no clue at Christmas that I would become a security expert," she says.
So that's all it takes to be a security expert these days? No f'ing wonder there are so many security problems these days
Also, it lightens my heart and makes me feel all warm and fuzzy that it only took "as many as 70,000 pieces of mail" in a day to get Comcast to shut her down.
I have to say, I don't understand how people get into so much trouble.
Maybe I've been lucky, but I've ran a Windows XP system for about a year now (and a Windows 98SE system for about 2 years prior under the same conditions), doing the occasional patches from Windows Update, without a virus scanner or firewall. If I do something stupid that makes me suspect that I've contracted something, I'll drop over to http://housecall.antivirus.com/ and do a quick scan. This generally only happens when I'm trying to find a crack for something on a P2P network and the bastards have embedded a keystroke logger or some other little nasty in a trojan crack package.
Otherwise, I do an occasional glance-over at the list of processes running, and if my modem is lighting up like a Christmas tree I might fire up Sygate Personal Firewall or something just to see what's happening with the traffic, but I've never seen it give me real cause for concern. I still get some port traffic for the old Code Red worms and what not, but nothing that seems to have been really problematic.
As I said, maybe I'm just lucky. Then again, maybe I don't use Internet Explorer or Outlook Express, and maybe that helps a lot. Who knows.:-)
picpix image polls. create - share - vote. fun!
It's interesting that articles like this don't blame Microsoft. One wonders how Microsoft arranges that.
Since I haven't sensed that a widespread educational movement is in place to tell users otherwise (besides the occasional article in the newspaper, and I personally believe that doesn't count), can someone else step up to the plate? It sucks to have to repeat the "who's responsibility is it"? thing ad infinitum.
So here's a story... I have two Macs hooked up at home. Comcast gives you the cable modem and basically just tells you to plug it in. Not surprisingly, if I were to have an old WinXP system that was stuck on dial-up (I can't download 400 MB service packs or security updates), I would be virus infected. Fortunately, I had OS X with a firewall... except they told me to disable the firewall and virus software since I was having problems. If that works, ordinary user thinks, "Wow, well if I can't use a high-speed internet connection with a firewall/virus software, what's the point"? That seems like a setup for disaster.
Remember, most users come up with questions like this. I don't think they're at all aware of what can happen, or what the effects of identity theft are, or how much it sucks. All they know is that geeks like us tend to berate them, companies like Comcast give them a mile of rope to hang themselves, and companies like Microsoft push insecure solutions that have enough security holes to cause companies like Comcast to shut off their internet access.
Come on, we can do better, all around.
-Rob
Marriage doesn't have to suck!
If spammers are scammers, can you really expect good value for your money?
I fully expect follow-up news stories on how someone who wanted to open a business online fell for a mass marketing scam, paying spammers thousands of dollars only to see the spammers vanish in thin air with their money.
Similar scams have been played in real life with fake ATMs...
Don't blame me, I didn't vote for either of them!
Does anyone else wonder where MessageLabs gets their statistics? I can't help but wonder at their methodology (though I suspect rectal extraction). I get daily reports on SpamAssassin and my configured DNS block lists for the servers I manage. Their spam traffic doesn't start to approach 95% of inbound messages. After eliminating all internal email from the statistics, SpamAssassin flags about 20% of incoming email as suspicious and SpamHaus blocks another 10% or so. These are not confidential, hard-to-find addresses. These are university servers where staff and faculty are required to have valid email addresses posted on the department web pages. Any spider worth a damn should have harvested them long ago. I find it very hard to believe that this environment is getting 60% less spam than systems that don't provide a directory of valid addresses.
Spam is a problem, but it's time journalists (online and otherwise) start taking stats with a grain of salt. Too many organizations are willing to publish questionable numbers in an attempt to sound like they have thoroughly researched the issue.
Or in the MessageLabs case, to sell a product that will 'solve' the problem.
Using simple tools, I have watched the inbound connection attempts made to my personal computer. Many of these attempt simple http style requests on unregistered ports. The requests are in the form: ttp://www.helllllabs.com/cgi-bin/found_one.cgi or something like that.
Going to the website, I find its one that sells proxies of some form. Gee.
Now this seems like they are signing their own name to their evil deeds. Could this mean anything other than this company is scanning for proxies and registering them using their own website?
*laughs*
Um, no, we really wouldn't appreciate you doing that with our software. And it is against our terms of use. http://vsp27.stanford.edu/license.txt
But back in my d.net days, we estimated that about 1/3 to 1/2 of all installs were zombies or forgotten. The original 5 proxies (hardcoded IP's, including my old dorm IP) probably still get pounded on after all these years.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
If it hadn't already been published that the list was available (Like it's still for sale now that it's public knowledge), this would be a perfect opportunity for Comcast etc to reclaim some bandwidth. They could team with the FBI/Scottland Yard/Interpol (who would be very interested in such fraud) then buy the list with something tracable.
.sig?
If the deal is a scam, follow the money and bust the crook. If it's real, follow the money and bust the crook then clean up the zombies on your network.
Basically it's a no lose opportunity.
Psst... Hey buddy, can you spare a