Slashdot Mirror
Artists Against 419 Releases Mugu Marauder
An anonymous reader writes "Similar in scope to the (now defunct) screensaver created by Lycos that targeted spam sites, the newly-released Mugu Marauder is intended to take fraudulent bank sites off the air by sponging up their bandwidth. Mugu Marauder can be downloaded at www.aa419.org/mm/ It's currently only available for Windows, though a Linux port is allegedly in the works."
Beware of getting slammed by your ISP with a "friendly" letter, after consuming tons of bandwidth using something like this.
Why not just post a link to them on Slashdot.
Once these sites get hit they redirect the dns towards legitamate services and change addresses.
So this will probably just end up DDoS'ing the real banks instead of the fake ones, these fake banks move around a lot and create extra damage in their wake as a result of something like this.
Fighting fire with fire just doesn't work like it should.
Just like the Lycos screensaver that strangled spammer's bandwidth by not-quite-DDOS-ing them, this is a stupid idea. Legally you'd be opening yourself up to all kind of problems running this kind of thing: ISPs don't tend to take to kindly to this sort of denial of service attack.
It's not sexy, or headline-grabbing, but the correct way to go about this is the same as it's always been: go after the ISPs to pull their accounts. If they're RFC-ignorant, add their IP blocks to the usual blacklists until they comply or are connected to an intranet.
Happy marauding...
The Official Steve Ballmer Webpage
I like this, but prefer the lad vampire at the same site. There is something somehow more satisfying about watching the images flash by.
Just put it in a browser tab and let it run!
Vigilante justive via DDOS. Well, that won't set a horrible precedent for people knobbling the web site's of those they don't like. Who's next? Radical pro-life groups DDOS'ing websites with abortion information?
(Yes, I know this has a slippery-slope element to it, but there are plenty of activist groups out there willing to be vigilantes, because they believe their actions to be either unambiguously moral, or divinely inspired.)
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
On the other hand, the rest of us pay thrice: once for the victimization of regular people not yet wise to this game, once for the waste of bandwidth because of the huge amount of spam being sent out for this scam, and now once for do-gooders pumping loads of worthless data back through our shared Internet at these websites, which are replaced faster than they go down.
On the surface it looks like a good idea, but it's just adding to the damage like all these other vigilante anti-spam tactics. A better technical solution already exists; switch from e-mail to instant messaging within a company and save all your instant messages.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
legal?
I don't care who you're or how pretty the screensaver, just don't download programs for network abuse like this and expect your ISP to take it lightly. If you really want to take action against a phising site, call the ISP hosting it and complain to them. Same principle, less innocent parties affected along the way. If you don't get a response from that ISP, call the ISP further upstream... this is how we deal with network abuse; it's slow but it's legal, and it works.
Matthew @ Bytemark Hosting
Well, as a starter, most of these fraudalent sites work IP based because they dont have the real domain.
So I'm guessing this problem you mention would not happen if you just attack the IP. When you attack the IP you'd be attacking their server, even if they point their domains to some other site.
Most scammers use shared hosting (usually signing up with a fraudulent credit card) and hence any such attacks can affect the whole server taking out hundreds of web sites
That's a bonus!!!! If those affected website owners complain enough then the ISP will pull the offender!
>It's currently only available for Windows,
Why? I once saw a webpage that did this using only javascript. A simple page reload would give you updated arrays of images which your browser then loaded over and over and over again to exhaust the spamvertized sites bandwidth.
Belief is the currency of delusion.
And will probably work just as well... vigilante justice never works and should not be tolerated.
The owls are not what they seem
aa419.org, that is. They apparently think it's legal and acceptable, so they won't complain.
If we force a 419 scammer to change IP address, or change his DNS name (or, preferably both).
have we not acheived our goal of making those trillions of SPAM messages point to a null address?
there by reducing the threat of the site?
>I once saw a webpage
. html[/url]
KaBas fake p2p site killer: [url]http://biphome.spray.se/k.b.e/scamsiteattack
It assigns a UID when the installer is run.
Each one is something like this:
620ad934fc97bebb65f77bc883211351
That makes me wonder - just what does each one represent?
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
Imagine a 419-scammer sitting in an internet café in Lagos, getting thousands and thousands of mails appearing to be from people genuinely interested in the proposal, and having to follow up on them all just in case one or two are from real persons...
In other words, until the person who owns the 0wN3d box decides to power cycle.
Of course, the dropped address will not be picked back up for an hour or so even if it changes.
websense (at least how it's configured here) blocks access to all the sites mugu is trying to download from. i'll have to try it from home.
No, that's not the one. It predated the Spray screensaver but doesn't exist any more AFAIC.
Belief is the currency of delusion.
The implementation sucks. Who needs a screensaver?
But there's a seed of a good idea here, if you throttle it. It would not take any serious bandwidth hogging to crud up the phishing net with data that the phisher has to carefully check by hand because it could lead the police to him/her. Likewise the spammers. Eat their profits by eating their time.
Taking networks down to squash the cockroach is bad, but there is no reason not to lay a little boric acid out, so to speak.
One of the links from the flashmob page is for bash scripts suitable for Linux/*nix (and presumably OS X et al).
Copyrights, Patents, Trademarks: temporary loans from the Public Domain, not real property ("intellectual" or otherwise)
At least, not in my jurisdiction. Anyway, is it illegal in the US? As in, is it a criminal offense? Down here, a DDOS may be considered a civil illicit...
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
It makes far more sense for a centralised block list, regularly updated, hosted by a reputible body.
A small change in functionality to your web browser so that when you attempt to connect to a site on your blocklist. your browser informs you and the reason why and then asks you if you want to proceed anyway.
its a much more economic use of resources and could be added to by local police agencys as victims become known or perhaps a phishing notify button added to our browsers.
when we wander upon a site thats dodgy that url can be passed on to the hosts of the blocking lists, a site would be verified to prevent malicious use and if checked out as being ok, it wouldnt be reexamined till a certain number of other referals took place.
No waste of bandwidth, no denial of service attack on any site just a hazard warning in your browser that the site may be harmful.
perhaps the banking sites might even care to host such a list.
Blarney Quality Restaurant, Plants
Unacceptable in concept and practice. Mod parent up!
,but ask for something like a re-send from the spamming server but.... 1 char by 1 char accepted only at the rate of 1 per second ! This is the same concept (so not acceptable), but at least you overburden the server and not the network.
On a slightly different subject: I heard about a system which detects email spams, rejects them
Z.
Desperate times. Desperate measures.
Oops. I meant to reply to very first post. It read:
===
FP by michaelhood (667393) Alter Relationship on Wednesday February 09, @11:03AM (#11616737)
Beware of getting slammed by your ISP with a "friendly" letter, after consuming tons of bandwidth using something like this.
===
You mean to say Artists Against 419, after finally capturing Dr. Mugu Marauder, are now releasing him?
sudo ergo sum
It is nice to know that the IT industry is full of experts who fail to do the first thing when presented with something new..... Try researching things guys. 1. The Mugu Marauder operates exactly the same as a web browser repeatedly refreshing with no cache on a specified list of target URL's (normally images because they typically have a large filesize compared to HTML pages). 2. The UID number generated for the application is used to tally stats for individual users, so just drop the paranoia. 3. FFS The sites targetted ARE NOT related in any way to legitimate banks. As I said if you did a little research before sprouting your "me too" crap you might realise just EXACTLY The Artists Against 419 are fighting against. 4. A DoS attack is defined as the act of deliberately trying to make a service on the attacked machine unavailable by flooding it with requests, sometimes using deliberately corrupted data packets. Now, I dont know where you tool come from or whether you sympathize with cyber criminals or are simply too dense to comprehend ths. We are downloading images from *CRIMINAL* fake banks after having tried to contact the hoster and shut down these *CRIMINALS* in vain at least two times or mopre. Then, and then only, do we actually start trying to deliberately exceed the allowed bandwidth of these *CRIMINALS*, so they cant use their bogus banks to prey on unsuspecting victims. It is *NOT* an attack on the servers, but on the *CRIMINAL* websites only.
The lycos thing was a reaction to spam, i.e. something pushed on to the user. Personally I didn't agree with it, but I could understand why people got involved. The 419 scam, however, only works because the sucker, oops, victim, are after something for nothing. They only have themselves to blame and this kind of vigilante action is utterly unjustified. Don't blame the scammers, blame the idiots that fall for it.
The left one? Please don't tell me you took the left one.
What exactly is the purpose of the frame site ciribank.co.uk?
Dear Verizon Subscriber:
I am Dr. Muntange Dwambo, the nephew of the director of your internet service provider's Accepatble Use Enforcement division.
It has come to our attention that you are consuming an unusual amount of bandwidth. I am therefore here to give you a one-time opportunity. My uncle has recently passed away, and left me in control of THREE HUNDRED THOUSAND GIGABYTES PER MONTH of bandwidth. Unfortunately that bandwidth is only available to Verizon subscribers, and that company does not yet offer their services in my native Nigeria.
Am I the only one who heard Roxette to sing "I'm gonna get blitzed for some sex"?
Why are they not using their botnets to DDOS the phishing sites and spammers?
I mean, then MS security vulnerabilities would suddenly make sense.
-silence
Dyslectics of the world, untie!
Of course, this will have no real impact on taking down phishing sites. The people that set up most phishing sites follow these simple steps:
1) Find a vulnerable server and root it, or get just enough access (through something like a phpBB exploit) to upload a phishing site to the right directory. They will end up with a URL that probably looks like "http://aaa.bbb.ccc.ddd/online/wamu.html". Phishing sites don't bother with mundane details like DNS or domains (waste of time and energy) because the URL will be conviently hidden with javascript by your favorite HTML email client anyway.
2) Repeat the above step as often as you like to have a "cluster" of phishing sites.
3) Send out tons of spam advertising the phishing sites, randomly picking one of the above URLs to use for the login page.
4) By the time the phishing sites are detected, reported, and disabled (could be as long as a week or two or four), hundreds of people could have attempted to log into each of the fake login sites.
5) In most cases, the owner of the server being used for the phishing site is completely oblivious of the phishing site. (The rest of their web sites are working fine, so why should they be aware of any problems?) DDoS'ing them will only attack a confused victim.
--guru
The legality of this is in question
You *must* be connected to the Internet to use
Having lots of bandwidth is preferable
You connect to lots of other computers, likely more than the user is aware of.
What does this remind you of? Exactly, what the RIAA has tried to paint as the 'Artists enemy #1'... Filesharing! Unless someone can go through and confirm that this screensaver is indeed clean, I for one am going to avoid it like the plauge. I know this has sounded like a bunch of FUD, but on a Windows box having an app 'phone home' is easy. There are also so many other good points, which I'm not going to rehash... I'm just saying to THINK before you act!
Windows has detected an undetectable error.
or just link the offending website on /.
I mod down so you can mod up. Your welcome.
THEY can't use your bandwidth. YOU use it by running javascript and suchlike crap you download from them. You don't have to, unless you're a dumbass.
This message brought to you by a grant from the the David Mamet Foundation.
That's like going into a drug inflicted neighborhood and punching all the other innocent residents in the face every day until they go get rid of the local crack house themselves.
--Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
...this is known as a DDoS or a "Distributed Denial of Service" attack. Most ISPs will cancel your account and blacklist you for things like this. Use at your own risk!
-- Game Developers: Stop porting badly-textured games from crappy console systems!
Comment removed based on user account deletion
The fake sites for which I have viewed the source do not tend to hold their own graphics. They link to the graphics on the official site (bank, ebay, whatever). Won't this just suck up the bandwidth of the real site?
If I may say so, life is a game, and there's so much to do and so few turns.
-Reiner Knizia
At least with real vigilantes, they don't take out an entire neighborhood of innocent people just to get one person..
The collateral damage on these sorts of things make the 'attackers' ( there is no better word for them ) no better then the scammers they are going after...
---- Booth was a patriot ----
/-D
I noticed that Bank of America (admittedly huge) isn't in the list of banks spoofed. Why is that? Do they have their own private fraud division or something, or has something bad happened to spoofers in the past?
For those interested, here's a definition of mugu. It's a self-link.
Wordnik, a dictionary project which aims to collect
Let's just go ahead and hang all the people who we think might be criminals. Vigilante justice is soooo cool.
Seems to me that filling their dB with useless information would be more effective. (Increasing the victim to fake ratio). These forms are where they are actually taking bank acct numbers. Taking their bandwidth is s temporary band-aid when they are opening webhosting accounts for free, or at most $5.
t art.php h tm
Couldn't someone make a bookmarklet or javascript to fill forms with fake info? Here are some of the forms they use to get personal information.
http://www.raboswiss.com/housec/ACCSETUP.HTM
http://www.swissroyallbank.com/onlinebanking/gets
http://www.kashbankcorp.com/contact_us.php
http://www.alphapbonline.com/aibb/online_servces.
http://www.alliance-ctb.com/ebank/apply.asp
http://www.libertystrongholdgroup.com/aindex.html
http://www.fichnet.net/contact.php
Damn, that sounds like a good idea. Kind'a like Training Day, but different.
Even better! When this happens often enough, the ISP will seriously re-consider if they want to offer free or nearly-free webhosting to anonymous customers.
It is more like finding who offers the housing in that neighborhood and convincing them that they should not rent to offenders.
Off toipic, that's not such a bad idea.
Quite often community involvement is the best way to clean up certain neighborhoods.
"Ignorance more frequently begets confidence than does knowledge"
- Charles Darwin
There's a critical difference between DDOSing a 409 scammer and DDOSing people you don't like politically. 409 scamming is illegal.
This is only a slippery slope if you think crooks who accidentally drop their guns at the scene of the crime - and go back to ask for it back the next day - have a "point" (it's their property after all!). For the rest of us, we understand that DDOSing democrats.org or gop.org is much more likely to get you in legal trouble than doing that to some random phisher. And rightly so.
I'd suggest a doubling delay time; start with a delay of 60 seconds -- a normal browser timeout-- after the fifth failure trying to load an image. If the picture doesn't load the next time, a two minute delay. Try again, four minutes. Probably cap it at 1024 minutes-- a little under a day, just because. In any case, such a delay would prevent a temporary /.ing from being only temporary, or prevent a 419er from making the problem go away by turning off his site for a day. On the other hand, it reduces load on a mistargetted site ~1000 fold, provided they don't have a similarly named image file.
Of course, it's only a question of time before some 419 site maker begin using the same tricks as p0rn sites do to prevent picture leeching (not work safe) from working, and hand back a 1x1 white bitmap to any off-site picture request. At which point, the Lad Vampire will need to check the next pocket.
//Information does not want to be free; it wants to breed.
This software allows you to do exactly what I predicted: you can put in any site you want and it'll start leeching from that site. Now all we need is a few dozen people to start leeching from some website they don't like, for example, some guy's private site who is unpopular on a forum, and you're looking at huge server bills and likely the site would be shutdown within a day if bandwidth went from a few megs a day to gigabytes a day.
Let's do the math: 50 people x 100 mB a day (I'm being very conservative here, since it depends on the size of the images the program is going after) = 5 gB a day x 30 days a month = 150 gB a month.
That's a giant bandwidth bill, and like I said I'm being very conservative, a lot of people aren't knowledgeable enough to compress or resize images to smaller sizes (especially if they're on broadband and don't notice how fast the 500 kbyte image uploads to their geocities, etc, site), and depending on how often that program leeches from the sites that 100 mB could be closer to 1000 mB if not more, how would you like a bill for 1500 gB of bandwidth? How will this effect small businesses who pisses off a customer who tells all his little buddies?
my karma will be here long after I'm gone
Just to clarify things (again SIGH!) the targets list is defined by The Artists Against 419 and NO-ONE else.
Too many things wrong with this.
/.ers would stop following links.
First, a slashdot effect only last a few hours. To really hit a site, the editors would need to describe the link as a photo site of Nathalie Portman dumping a bowl of hot grits down her pants.
But after a few fake postings like that,
Then you have the stories posted by Michael, which would have his bizarre editorial comments to drive people away.
Even worse, over the next weekend, Commander Toco, who never reads his own site, would post a duplicate causing a newly cleaned up site to have a second slashdotting.
the AC
slashdot makes an effective one time weapon
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
no. I'm not Jew and I hate nazis all the same. /. is not a hating place. if you want to display something like this, get your own stupid website and find ways to attract people to it. Don't force people to see a sign of hatred on a news site. You're just a fucking ass that doesn't understand what a nightmare that sign can be.
---- I am certain of only one thing : I know nothing else.
run the program moron, you can put any address in you want.
my karma will be here long after I'm gone
shit... no you can't... i saw the open blank for "targets" and thought I could type them in... still if you can create this anyone can, just a matter of time before there is a program that lets you select your own targets.
my karma will be here long after I'm gone
Yes, but it won't be the Mugu Marauder.
The original and the best :D