Deconstructing a Pump-and-Dump Spam Botnet

Behind the Front writes "eWeek has teamed up with Joe Stewart, a senior security researcher at SecureWorks in Atlanta, to show the inner working of a massive botnet that is responsible for the recent surge of 'pump and dump' spam. It's a detailed picture of how these sleazy operations work and why they're so hard to shut down. Sobering numbers: 70,000 infected machines capable of pumping out a billion messages a day, virtually all of them for penis enlargement and stock scams. Excellent graphics, too, including one chart that shows that Windows XP Service Pack 2 is hosting nearly half the attacked machines."

Yeah, but it can't post to Slashdot

Did we call or DID WE CALL IT?!?

ESNX up $3.13 from open of trading...

That was a bad picture

[Overzeetop]

I'm sorry, but the terms "Penis Enlargement" and "Excellent Graphics" were situated a bit too close together in that summary for my liking.

eweek confirms it: Linux and Mac are dying!

[Trelane]

From the graphs, it's obvious that Linux, BSD, and MacOS lumped together are only 0.05 percent of the desktop market!!

Re:eweek confirms it: Linux and Mac are dying!

[Overzeetop]

You forgot OS/2 ;-)

Hasn't worked for me

[Chapter80]

Has anyone had any luck with these stock tips? None of them seem to be panning out for me. I wonder if I am not acting fast enough. I've really taken a beating on some of these.

Fortunately, I should have significantly more money to invest shortly, as soon as I get a rather large sum from a new online friend and business associate and new friend, Mr. Emmanuel Obi from Africa, of all places.

Re:Rebuild the email protocol

[LordEd]

Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:outbound email only on request

[dknj]

and this is why you're not running an isp...

Re:Rebuild the email protocol

That was incredibly badass...Are there other forms that I could use for such issues? I really hope you didn't just type that.

Re:Rebuild the email protocol

(x) Yes, I agree
( ) Nope, you're wrong

Re:I'm just surprised that those spams still ...

[pkulak]

Well, in order to do a good pump-n-dump you'll need the enlargement pills.

Windows 95

[Pinky3]

Hackers and Spammers no longer support Windows 95. It's too hard to write worms, bots, and viri that are backward compatible.

Re:Filter

[jimicus]

Something similar would work fine. Block port 25 to SMTP by default and have a web config utility to change it. If you really wanted, you could set it up to email the user if they tried accessing port 25 when it was blocked ("You might be trying to get past this firewall. Or, you might have a virus. Here's how you can find out, and here's how you can disable it if you need . . . ")

I like that idea. Virus tries sending out 10,000 emails, user gets 10,000 emails saying "You might have a virus....".