Slashdot Mirror

← Back to Stories (view on slashdot.org)

Deconstructing a Pump-and-Dump Spam Botnet

Posted by Zonk on from the gaah-scary-graphics dept.

Behind the Front writes "eWeek has teamed up with Joe Stewart, a senior security researcher at SecureWorks in Atlanta, to show the inner working of a massive botnet that is responsible for the recent surge of 'pump and dump' spam. It's a detailed picture of how these sleazy operations work and why they're so hard to shut down. Sobering numbers: 70,000 infected machines capable of pumping out a billion messages a day, virtually all of them for penis enlargement and stock scams. Excellent graphics, too, including one chart that shows that Windows XP Service Pack 2 is hosting nearly half the attacked machines."

6 of 382 comments (clear)

  1. Re:Filter by Hijacked+Public · · Score: 1, Troll

    Why does it seem reasonable to you? Why shouldn't I be able to do what I want with the bandwidth I purchased?

    While I think ISPs should be able to do anything they want with the connections they sell, as long as they are up front about the terms, I will gravitate toward the ones who meddle less.

    --
    "Sacrifice for the good of The State" - The State
  2. Laughing myself silly. Windoze is the problem. by twitter · · Score: 0, Troll

    Why would you say the Windows OS is clearly the problem? The trojan *only* run on Windows, so one would expect that all of the clients are Windows.

    Have you found a trojan in the wild that runs on anything but Windows? That would be like finding a species of oxygen that degrades gold. Quick dump all your gold, in my pocket please, it's all going to rust next year!

    Oh yeah, I've heard about a ssh trojan that does dictionary attacks for weak passwords. That one has been stopped in it's tracks by distributions requiring a little effort to get openssh-server.

    --

    Friends don't help friends install M$ junk.

  3. Has not happened and won't. by twitter · · Score: 1, Troll

    Are you saying that it's impossible to do?

    No, just that it's more difficult to do, more limited in scope and much easier to identify and repair. These things don't exist in the Unix world, which includes plenty of granmothers on Mac OS X. There's a reason for that and it's not some silly market share issue.

    All I have to do is get granny to download it and run it [a silly script that hoses user files]

    Like I said, hard to do, limited in scope and unable to create a botnet. I'd like to see you get granny to pull up a browser or prompt, change your silly script to executable and then actually run it. Right.... Other, more insidious problems you might think of are limited in ability to spread by differences between distributions. Repair is trivial. Replacing binaries always brings improvement and is never difficult. All my family's important personal files are backed up to separate machines periodically with no effort on their part, so it will take a dedicated attack by someone who knows what they are doing to cause me real grief. Some very rational coding choices and the ability to share those decisions and work make the free software world a much better place for users. The best part about it all is how cheap and easy it is.

    This can be contrasted to the Winblows world where content and executable code are mixed, your browser and email client run both without asking you and the OS has services you can't turn off that listen to the network when they should not. A billion dollar "security" industry has not been able to cover all of these holes.

    --

    Friends don't help friends install M$ junk.

  4. Re:Filter by johnw · · Score: 0, Troll
    Anyone other than ... people who want (or need) to use a mail provider independent of their ISP.

    ERR2051: Failed to read (or at least, to comprehend) the article you're responding to error at line 3.
  5. fix for spam: Capital Punishment. by Ralph+Spoilsport · · Score: 0, Troll
    All you gotta do is kill them. Once the first few heads roll, the rest of 'em will knock it off.

    If they are overseas, hire the Israelis. They'll track the fuckers down and take 'em out. Once you pump a bag of bullets into the first few dozen, spam will go away.

    RS

    --
    Shoes for Industry. Shoes for the Dead.
  6. Re:Filter by Blkdeath · · Score: 0, Troll
    What if I don't want to go jump through hoops, or pay double for the privelege?

    By that what you mean, of course, is that you don't want to pay fair market value for a commercial broadband account.

    If you want to continue to receive drastically discounted, multi-megabit residential broadband service, you'll deal with the limitations or you'll step up and buy yourself a static and run whatever you want.

    What if I want to acess my work mail server from home? Or a clients? Or I just want to access the email that I've been using for years via pop/smtp?

    Nobody said anything about blocking POP or IMAP, we're talking about SMTP. Remember that the Internet (and e-mail in general) is a steaming pile of feces right now precisely because every Tom, Dick, and Harry out there thinks they can run a mail or web server and barely any ISPs force outbound SMTP through their own servers.

    --
    BD Phone Home!

    Shameless plug. Like you weren't expecting it.