Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aggressive Botnet Activities Behind Spam Increase

Posted by ryuzaki0 on from the spam-i-am dept.

An anonymous reader writes, "A spam-sending Trojan dubbed 'SpamThru' is responsible for a vast amount of the recent botnet activity which has significantly increased spam levels to almost three out of every four emails. The developers of SpamThru employed numerous tactics to thwart detection and enhance outreach, such as releasing new strains of the Trojan at regular intervals in order to confuse traditional anti-virus signatures detection." According to MessageLabs (PDF), another contributor to the recent spam increase is a trojan dropper called "Warezov."

13 of 194 comments (clear)

  1. Someone's making a lot of money from this by ShaunC · · Score: 5, Interesting

    I think the Securities and Exchange Commission may turn out to be the most appropriate investigative body for SpamThru and its controllers.

    Like many others, SpamThru first showed up on my radar a few weeks ago when a massive pump-and-dump stock spam campaign flooded the inboxes of just about everyone who uses email. They're still at it today, now pumping for ticker EGLY. There's no doubt in my mind that it's the same group of folks responsible for the initial run. All of these spam runs are coming solely through botnets, and the messages - and patterns of messages - share some obvious characteristics.

    SpamThru and the recent barrage of stock scams are inextricably linked, I have no doubt about it. If and when the SEC investigates suspicious trading activity surrounding some of these stocks, they're likely to discover a trail that leads them straight to the folks responsible for SpamThru.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    1. Re:Someone's making a lot of money from this by a_nonamiss · · Score: 3, Insightful

      IANASB, but by the time you read the spam email, it's probably already too late. These people buy stocks before they blast out the spam, and sell them to the suckers that think they are going to get in early and dump later. Now, if you were really clever, you could probably figure a way to make money shorting them, but that would be unethical as well, not to mention very risky.

      --
      -Arthur
      Cave ne ante ullas catapultas ambules
    2. Re:Someone's making a lot of money from this by isometrick · · Score: 4, Funny

      Hmmm...

      Hot Stocks-Investor ALERT!!!
      SYMBOL: MSFT
      Timing is everything!
      Profits of 300-400 % EXPECTED
      TRADING SYMBOL: MSFT
      Opening Price: $28.93
      10 Day Target: $66.66

  2. Hold On Here by eldavojohn · · Score: 4, Funny

    Now, I know what you're going to say, you're going to say this is a dupe of last week's story, Bot Nets Behind Recent Spam Surge, but it's not. You see, this is Aggressive Botnet Activities Behind Spam Incease. And it's no longer recent--it's a week old.

    So you can call this a dupe, but as you can see, this has clearly changed status from recent to aggressive. Or maybe like code orange to code red, DHS style.

    But please, feel free to karma whore the comments from the old discussion into this one. Seriously, anyone get any new information on this? We've got a named virus but is there anything else new?

    --
    My work here is dung.
  3. I don't know who.. by xENoLocO · · Score: 3, Insightful

    ...is getting only 75% spam.

    Mine is more like 1 real email for every 200 spam messages...

    --
    "The need to build the internet comes from something inside us, something programmed... something we can't resist."
  4. enforcement@sec.gov by RT+Alec · · Score: 4, Informative

    Forward the message to mailto:enforcement@sec.gov. Use Thunderbird or another mail client that does not strip or mangle the original headers (like Outlook does).

    The SEC will devote significant resources investigating and often prosecuting the people who are behind these scams.

    1. Re:enforcement@sec.gov by XSforMe · · Score: 4, Informative

      If you are using outlook, you can use OLSpamCop to rescue the headers and report to pretty much anyone any spam (including enforcement@sec.gov). It is a free download available here: http://www.olspamcop.org/doc.shtml#install

      But I seriously doubt the SEC will be interested in origin of the SPAM. More likely they will do an audit on the fraudulent symbol. It usually is much more effective than tracing the origin of the spam, and it is more likely asses will get busted and the criminals (the people who proffit from the poor schmucks buying the stock) will get sent to jail.

      Nevertheless, if you want to report and spam, use spamcop so we can mitigate the damage done from the source before it pumps more shit onto the net.

      --
      My other OS is the MCP!
  5. Time to pull the plug by JohnnyGTO · · Score: 4, Insightful

    Its time we force ISPs to pull the plug on infected client machines or block entire ISPs. There is no valid argument to support end users who refuse to clean up their machines. The argument that either they are not responsible for the infection or are unable to clean their own machines is crap. If end users don't know how to maintain their equipment then perhaps they should be off the net.

    Look at a car as an example. If I refuse to do or pay for routine maintenance it will begin to create more and more pollution and use more and more fuel. Is it the manufactures job to fix it, no, is it the road builders job, no, is it the jerks that sold me crappy fuel, only if I can catch them. So when I fail smog tests I need to either quit using the car or pay to fix it. Might not be the best analogy.

    --
    Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
  6. You ... you ... you COMMUNIST! by Opportunist · · Score: 4, Insightful

    You mean educate people so they don't fall for scams? So they think for themselves? So they know that offers that are too good to be true can't be true?

    Are you nuts? Are you aware that this would mean to the market? People able and willing to compare prices before buying, people having used cars inspected before buying them, people informing themselves about the appliances they buy and who don't blindly believe the ads.

    Do you know just how many jobs hang on the fact that 99% of the people around are suckers, incapable of sorting out their own life?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. Re:This needs a tag. by dch24 · · Score: 3, Informative

    If you don't like how everything is getting tagged itsatrap, you can tag it !itsatrap, and vote against the tag. Enough !itsatrap votes, and the tag will be taken off the story.

  8. Don't blame the victim! by NotQuiteReal · · Score: 4, Insightful
    Personally I think the SEC should forcably de-list or begin the de-listing process of any stock that shows up in a SPAM campaign like this.

    Um, and do you also think scantilly clad women deserve to get raped?

    A pump and dump scheme simply selects a stock with the right combination of price and volume that they think they can manipulate.

    Take the EGLY.OB example (heh, it's up 6% right now). It is a low priced (under a dollar) stock, so lots of shares are cheap. It has sufficient volume (100K shares/day) to be useful. If it is too thinly traded you can't accumulate shares on the cheap. If the volume is too high, the market will keep the dumpers shares low.

    So, the spammers are doing a buy-low, "advertise" (pump it up), sell-high (dump) campaign. The particular stock selected was probably just a result of a screen for the desired trading properties.

    The company whose stock is manipulated (most likely) had nothing to do with it.

    --
    This issue is a bit more complicated than you think.
  9. It's not the bots...it's the protocol by John3 · · Score: 3, Interesting

    You can't tax Windows users unless you start clamping down on all the open relays and misconfigured email servers. SMTP is broken, and patchwork solutions like SPF are only helping a small amount. There are servers with no reverse DNS, no MX records, all sorts of invalid configurations. As an admin running several mail servers I have to choose between enforcing all the RFC's (and rejecting email from hundreds of legitimate but broken servers) or leaving the door open and being swamped by spam (which is then trapped by processor intensive sieve, filters, etc). If I turn up the security too high my users start complaining about rejected email from clueless organizations that are running perfectly good Linux/Mac/Windows mail server boxes that are not set up correctly.

    IMHO it ultimately comes down to fixing SMTP.

    John

    --
    "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
    1. Re:It's not the bots...it's the protocol by cr0sh · · Score: 3, Insightful
      IMHO it ultimately comes down to fixing SMTP.


      You are absolutely correct - the real question is, will we fix it (meaning us geeks and maintainers of the internet to develop and implement a new and more secure mail protocol and roll it out internetwork-wide, and fast), or will we wait for the government to fix it (whatever that means in an international arena, of course)?

      One choice leads furtherance of the core values of an open, but secure, internet. The other may lead to a broken design, corruption, and a failing system that does nothing to help curb the problem, and may make it worse. I leave it to you (and the future) to decide which falls where...

      --
      Reason is the Path to God - Anon