Slashdot Mirror
Aggressive Botnet Activities Behind Spam Increase
An anonymous reader writes, "A spam-sending Trojan dubbed 'SpamThru' is responsible for a vast amount of the recent botnet activity which has significantly increased spam levels to almost three out of every four emails. The developers of SpamThru employed numerous tactics to thwart detection and enhance outreach, such as releasing new strains of the Trojan at regular intervals in order to confuse traditional anti-virus signatures detection." According to MessageLabs (PDF), another contributor to the recent spam increase is a trojan dropper called "Warezov."
I think the Securities and Exchange Commission may turn out to be the most appropriate investigative body for SpamThru and its controllers.
Like many others, SpamThru first showed up on my radar a few weeks ago when a massive pump-and-dump stock spam campaign flooded the inboxes of just about everyone who uses email. They're still at it today, now pumping for ticker EGLY. There's no doubt in my mind that it's the same group of folks responsible for the initial run. All of these spam runs are coming solely through botnets, and the messages - and patterns of messages - share some obvious characteristics.
SpamThru and the recent barrage of stock scams are inextricably linked, I have no doubt about it. If and when the SEC investigates suspicious trading activity surrounding some of these stocks, they're likely to discover a trail that leads them straight to the folks responsible for SpamThru.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
Now, I know what you're going to say, you're going to say this is a dupe of last week's story, Bot Nets Behind Recent Spam Surge, but it's not. You see, this is Aggressive Botnet Activities Behind Spam Incease. And it's no longer recent--it's a week old.
So you can call this a dupe, but as you can see, this has clearly changed status from recent to aggressive. Or maybe like code orange to code red, DHS style.
But please, feel free to karma whore the comments from the old discussion into this one. Seriously, anyone get any new information on this? We've got a named virus but is there anything else new?
My work here is dung.
...is getting only 75% spam.
Mine is more like 1 real email for every 200 spam messages...
"The need to build the internet comes from something inside us, something programmed... something we can't resist."
And human error behind typo "incease"!
Forward the message to mailto:enforcement@sec.gov. Use Thunderbird or another mail client that does not strip or mangle the original headers (like Outlook does).
The SEC will devote significant resources investigating and often prosecuting the people who are behind these scams.
sites like freerepublic avoid dupes like this by having a rule that the subject of the article be used for the posting. Then, checking for a dupe is just a matter of a search for the exact same subject. Its simple and works a lot better.
The war with islam is a war on the beast
The war on terror is a war for peace
Personally, I haven't seen an influx of the viagra/mortgage spam as much as I've seen a sharp increase in the number of 419 scam emails of varying degrees. One of them is an account that used to get spam only very rarely. I theorize that someone else on the email service fell for the scams and word got around that there are plenty of mugus ripe for the plucking if you spam this domain.
Has anyone else seen a rise in the amount of this type of spam?
Where does the school board find them and why do they keep sending them to ME?
Its time we force ISPs to pull the plug on infected client machines or block entire ISPs. There is no valid argument to support end users who refuse to clean up their machines. The argument that either they are not responsible for the infection or are unable to clean their own machines is crap. If end users don't know how to maintain their equipment then perhaps they should be off the net.
Look at a car as an example. If I refuse to do or pay for routine maintenance it will begin to create more and more pollution and use more and more fuel. Is it the manufactures job to fix it, no, is it the road builders job, no, is it the jerks that sold me crappy fuel, only if I can catch them. So when I fail smog tests I need to either quit using the car or pay to fix it. Might not be the best analogy.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
You mean educate people so they don't fall for scams? So they think for themselves? So they know that offers that are too good to be true can't be true?
Are you nuts? Are you aware that this would mean to the market? People able and willing to compare prices before buying, people having used cars inspected before buying them, people informing themselves about the appliances they buy and who don't blindly believe the ads.
Do you know just how many jobs hang on the fact that 99% of the people around are suckers, incapable of sorting out their own life?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If you don't like how everything is getting tagged itsatrap, you can tag it !itsatrap, and vote against the tag. Enough !itsatrap votes, and the tag will be taken off the story.
Um, and do you also think scantilly clad women deserve to get raped?
A pump and dump scheme simply selects a stock with the right combination of price and volume that they think they can manipulate.
Take the EGLY.OB example (heh, it's up 6% right now). It is a low priced (under a dollar) stock, so lots of shares are cheap. It has sufficient volume (100K shares/day) to be useful. If it is too thinly traded you can't accumulate shares on the cheap. If the volume is too high, the market will keep the dumpers shares low.
So, the spammers are doing a buy-low, "advertise" (pump it up), sell-high (dump) campaign. The particular stock selected was probably just a result of a screen for the desired trading properties.
The company whose stock is manipulated (most likely) had nothing to do with it.
This issue is a bit more complicated than you think.
instead of spending $$$ and time trying to prevent spam from arriving in our inbox we should spend that money and time educating the crowd
I see you don't know much about that part of "the crowd" who falls for the spammers/phishers/etc. tricks.
Even if you could educate them all, new suckers are born every day.
The sad thing about it is that among them, there are even nice and clever people, who just have the particularity to be ignorant and naive in front of a computer...
Is there a joke I'm not in on?
My turnips listen for the soft cry of your love
In Outlook 2003, I didn't find how to forward as attachment. You have to copy the headers from the properties window, and paste them in your forwarded message. Far too complicated to explain over the phone to someone who doesn't have a clue
Compose a new message, then drag the message you want to forward from the Inbox (or whatever folder) into the new message windows. That's it.
If you want to see the headers of a message, open it and select "View" and "Options".
I wish outlook had a "view source" like that of thunderbird or Gmail, where it lets me see the raw message in ascii (great for spamassassin testing).
No sig
Do we need to tag !!itsatrap?
Saying the MS is "The source of the problem" is like coming to a murder scene where someone was stabbed with a kitchen knife, and then blaming the cutlery retailer for it. Both are patently rediculous.
MS does not have any 'responsibility' to make sure nobody using their OS is up to no good. Nor should they. If the precident is set that you are responsible for what people ultimately do with your product, nobody will every make anything ever again, fearing litigation. The fact that they are a monopoly is irrelivent. And as for the post you made after this one... That taxation and/or bond scheme might be the most backwards thing I have ever heard. OS's are prohibitively expensive to the home user as it is, without artifically inflating the price by forcing me to buy insurance (for what, I have no idea).
Yet another attempt to sidestep personal accountability, and of course it's modded up.
You can't tax Windows users unless you start clamping down on all the open relays and misconfigured email servers. SMTP is broken, and patchwork solutions like SPF are only helping a small amount. There are servers with no reverse DNS, no MX records, all sorts of invalid configurations. As an admin running several mail servers I have to choose between enforcing all the RFC's (and rejecting email from hundreds of legitimate but broken servers) or leaving the door open and being swamped by spam (which is then trapped by processor intensive sieve, filters, etc). If I turn up the security too high my users start complaining about rejected email from clueless organizations that are running perfectly good Linux/Mac/Windows mail server boxes that are not set up correctly.
IMHO it ultimately comes down to fixing SMTP.
John
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
Since all this extra spam is coming from botnets running on Windows, just block all email coming directly from a Windows box. I've been experimenting with host fingerprinting using p0f
http://lcamtuf.coredump.cx/p0f.shtml
From this I can see that almost all spam comes from Windows. I'm in the process of configuring my postfix server so it will just reject any mail from a Windows box.
The only false positives I've seen so far, is a handful of legitimate emails that come from Windows Server 2003, so I may exempt that...
Note: I'm not advocating blocking email from Windows users, just email coming directly from a Windows box. If a windows user sends email through their ISP's mail server, it will get thrugoh just fine.
I keep bringing this up, time and time again.
It's not the people trying to sell the crap that are the real issue, its the middle-men who sell the dream of "internet marketing".
Moreover, I blame those "Work at Home, make Million$" ads you in magazines and on TV; these are essentially proxies for Internet marketing and the people who do well in those jobs turn to botnets and other illegitimate means. Meanwhile the parent marketing company can distances themselves from them, calling them "consultants" when people bitch about spam campaigns.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
I half agree with you. The big argument against Big Tabacco (IIRC) was false advertising. I don't think I've ever seen an ad for any sort of firearm, and even if they did exist, I doubt they'd be trying to market to young kids (as I think the tobacco companies were ruled to have done).
The other point is that - while it is certainly true that second-hand smoke is harmful to an extent - the only person getting hurt when you light up is you. Any sane judge could make this distinction.
(DISCLAIMER: I am tired and sick and drugged up on flu medicine and in all likelihood, talking out my ass.)
Spammers, ad-ware writers, and other scum have made many, many people's online experience a nightmare. While most people try to defend themselves by installing spam filters, spyware detectors, anti-virus programs and other software, spammers continue to come up with yet even more insideous ways around these defenses with impunity. We have even asked the government to help us, and what does Uncle Sam do? He passes a law that is most favorable to spammers. The law is called the CANNSPAM act. CANNSPAM puts the burden of "opting out" of spam on us users. We have been instructed many times by anti-spam gurus to not to reply to spam or visit a spammer's websit in order to "opt out". This is because spammers in many cases use these opt out requests to confirm an actual working email address. Spam filters in many cases miss some spam and can actually flag very important legitimate email as spam. Again, we are punish while spammers continue to profit.
Spammers will continue to spam as long as there is money to be made in doing so. The economics are on the spammers' side. If a spammer sends out one million spams that advertises a product, and only one person out of ten thousand buys the advertised product, the spammer has made one hundred sales. These sales were generated at little cost to the spammer, and at big cost to users and internet providers. The Internet service providers have to pay the costs of storage and equipment to process the spam. Time is money, and many users spend their precious time deleting spam, upgrading filters, etc. If the user is at work, then their company has to pay for this time in lost productivity. The same thing goes for malicious software that generates popup ads, skews search engine result, etc. People can continue to use their antivirus, antispam, and antiadware programs to try to protect themselves, while the bad guys continue to get away with their spamming, pop-up advertising, and search engine skewing with impunity. Using defensive means to defend against spammers is much like putting one's hands over one's face in order to protect against the punches of a schoolyard bully. One might keep a specific blow from blackening an eye, or fattening a lip, but he or she has so far done nothing to deter the bully from throwing even more punches. The bully will continue to throw punches as long as there is satisfaction in doing so. It is only when the bully is confronted with a crowd of angry people, or a damned good fighter does he or she have an incentive to quit throwing punches. As it goes with bullies, the same thing goes with spammers. Punching back can definitely be a deterrent! Spammers will stop spamming only when the cost of spamming becomes higher than the profits made from spamming.
There have been many people who have made small steps in making spamming more expensive. These people understand that the spammers' weakest point is at their point of sale - usually a website. Many of these people have written programs called "spam vampires." These "vampires" are usually small programs or scripts embedded on a webpage, and they cause a visitor's browser to repeatedly download content from a spammer's website. These repeated downloads can cost spammer's a lot of money for bandwidth usage as well as processing power required to handle the data transfer. When enough people run "spam vampires," a spammer's website can cost a spammer money while at the same be too busy to process requests from those people who actually buy products advertised in spam. Programs that download content from spammers websites have been proven very effective. A program called, "Make Love Not Spam" was so effective, that it actually shut down many spammer's websites. "Blue Security" was another hard hitter against spammers. When "Blue Security" was up and running, many people, including me, noticed a huge decrease in the amount of spam received. Unfortunately, both Blue Securi