Slashdot Mirror
Botnet Mafia in Online Turf War
An anonymous reader writes " The kind of turf war seen in the real world by drug gangs is being replicated by the criminal gangs behind spamming botnets, and things are turning nasty."
← Back to Stories (view on slashdot.org)
I don't think this would make an exciting movie.
Trying to care, ..., nope failing.
As someone who doesn't have an email address anymore, I really don't care about spam in the slightest, or the battle they go over to spam people. Most of my spam, that actually made it to my inbox when I had a gmail account was in Portuguese or some random asian looking language. To me it was all gibberish [more than usual] and fleeting. But the ever presence of it [on average I would receive anywhere between 100 and 500 spams a day, with about 5-10 in my inbox] just gnaws at you. Day after day people keep assaulting your inbox, trying to take away the service from you.
And even though gmail is free, it was still MY inbox, if you know what I mean. And having these low lifes just clutter it up every day with the same foreign language bullshit nonsense was annoying.
Eventually I just deleted my account. I have a cell phone if people want to contact me. And for work I have a private email addy that my co-workers can use. Personal email is just a waste.
Tom
Someday, I'll have a real sig.
It'd be a shame if something were to happen to this nice botnet ya got here...
Time for ISPs to stop being so nicey-nice about this.
1) Send an email to all customers saying that the ISP will begin choosing a random day (say every 3 months or so) to scan for infected computers churning out email.
2) On that random day (random so the spam bots won't be programmed to be silent on that day) the ISP shuts down outgoing mail for all infected computers on their network.
3) Customer who can't send mail is irate and calls ISP tech support hotline.
4) Tech support says: we warned you... please follow these virus removal instructions and install/update your anti virus software.
Bam problem solved. People who keep getting blocked every 3 months will quickly learn to take better care of their computers. Along with the customer's invoice the ISP could send an information sheet with prevention and removal instructions.
Maybe governments can give ISPs a little financial help for doing this?
Unfortunately I don't see any other solution other than tough-love.
You could wake up with an ascii horses head in your inbox http://www.virtualhorses.com/graphics/asciiart.htm
... Botnet Wars! They can infect systems and fight it out in the process table.
"Watch out! They just spawned a thread that has access to your virtual address space! Protect your data registers!"
Will they be in the typical Pizza shop website? something like www.donluigi-pizza.com (and donluigi-pizza.org for eGangster login)
signature is pants
Browsing through some of the posts here, I'm seeing how people tend to forget the financial aspect of botnets. Spam, malware is big business (obviously) so its no surprise that can become the online equivalent to a Columbian drug war without the murders and guns. There is huge business in bots and whats sad is, the low man on the totem pole is often some American company who's advertisements are being spammed (for the spammers). Vint Cerf stated there are millions of infected machines, I don't know about those numbers, but I can tell you that if I was involved in (dis)organized crime, why should I re-invent the wheel when I could re-program my own bots to take over others' cruddily created bots. This falls in line with a document I wrong (Ubuntu and the Destruction of the Internet) where my logic is, "are you sure you want grandma using Linux"?... With e-Criminals getting savvier, how long will it be before the Internet truly becomes the Wild West... Some may think its not a big deal, but when there are finances involved, that can escalate to physical crimes (shootings, murder, etc.) and its happened a few times where (dis)organized idjits stealing e-money from games were caught up in real life incidents for stepping over "turf".
Infiltrated dot Net
give me a break...
Reduce, reuse, cycle
The same solution for both gangs will work.
(the obvious first choice is to shoot them in the head)
Incarcerate cheaply,hard manual labor(road gangs)to ease the burden of incarceration on the taxpayer.
No early parole,10 years.1st offence.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
As long as they don't steal my megahurtz, let them duke it out.
I guess they could hack into the military and play some global thermonuclear war.
Actually I wonder how long it will take before someone gets 'shutdown' in real life.
But that was an accident when I was learning how to use the mail function in php .. using my Ubuntu desktop with LAMP. Oh the sexness of the 183 emails from "jason@iam5o1" to my gmail ... and they kept coming for 2 days (while gmail processed?).
signature is pants
I hope they'll drive-by-spam eachother until their computers are fried.
Privacy is terrorism.
Yay! I'll get popcorn!
Oh wait, that also means the tubes get clogged. Dang it.
P.S. Some of us need personal email and have relied on it heavily for 15 years.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
I hope this doesn't spill over to any MMORPGs. Things could get really ugly if that happens.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
If people actually started using the tools that have been available for years and signed their emails it would be a lot easier to spot the ones sent out by spam bots.
It's amazing how hard it is to get a company to send you a signed email to prove who they are and even harder to send an encrypted email containing personal information to them even though everyone knows how insecure email it.
Lazy Government,
Lazy Companies,
Lazy Consumers.
The tools are there for free and have been for years.
thank God the internet isn't a human right.
Obviously, the War On Botnets has failed. All the War On Botnets has done is created a lucrative enterprise for organized crime. We need to legalize botnets, so that botnet operators can finally come out of the shadows. Also, once legalized, we can tax botnets -- this way, botnets become an income generator for the government, rather than a black hole of enforcement dollars. The police can then better spend their time tracking down *real* criminals.
b) the whole enviroment that these people thrive in is made possible by MS Windows and its' horrible security. why don't we start screaming about fixing the root cause of the problem ?
Sanity is the trademark of a weak mind. -- Mark Harrold
Sure, ISPs here blocking out email from their clients would be useful, but really not for a very large portion of the spam that traverses the internet. Most spam originates overseas. And good luck selling your idea to an ISP that doesn't speak English (or doesn't want to admit to speaking English).
We should THINK for a while.
Why are these spammers investing in creating spam bots, fighting each other, keeping their botnets alive and well, etc?
Because IT PAYS OFF.
Someone actually *does read* this fsckin' spam and clicks these damn links, and possibly even *buys the products they're advertising*.
Else, there would be no point in collecting a DB of email addresses, maintaining botnets, and so on.
It's a business, and I guess it brings *much* money.
Relax and wait. Over time, ISPs will start to get seriously annoyed by this waste of bandwidth. As soon as customers start calling and complain about their crawling download speed, ISPs will have to start to act.
And ISPs who act against it will finally gain a reputation for providing being spam-free services. Just regularly call your ISP and complain about that they don't filter the spam.
For me having about 20-30 junk mails in my inbox per day isn't really much trouble. T'Bird does a fairly good job detecting them. And if it really starts to bug me I will install something like spamassassin on my server. So, who cares.
Don't get me wrong: I just hate this stuff like everyone else. But even wasting thoughts on it is useless.
Yt,
Gunnar
Consider this a poor substitue for a (+1, Funny) mod.
The kind of turf war seen in the real world by drug gangs
Until I actually RTFA, I thought they meant that botnet gangs were finding the people running opposing botnets and killing them.
Or maybe I was just secretly hoping.
I've had several webmail accounts, mostly Hotmail (both pre- and post- MS) or GMail. One thing I've noticed is that the age of the account (not necessarily the name) made quite a bit of difference in the amount of spam received.
For example, I had my old "legacy" (pre-MS) hotmail account. Eventually it was getting about 30+ spam messages per day. A while after the MS purchase of hotmail, I decided to create a second account, and that one received pretty much no spam. The settings were all the same (exclusive access to inbox, junk mail filter enabled), but nothing helped the old account. I really think something about the old accounts were not working with the new filtering. Since changing to a post-MS hotmail account, I have very little trouble with spam; it either hits the "junk mail" folder, or I don't see it at all.
Now GMail is a bit of a mixed bag. Junk doesn't hit my inbox, but I seem to get a lot more spam (in the junk mail folder) than with Hotmail. Occasionally, but not often, junk will end up in my Inbox. Overall I'd say MS does a better job on filtering out junk mail. I used to at least get less junk mail at GMail (in the Junk Mail folder), but in the past year the GMail account pulled ahead. Overall, however, I would say they both do a good job.
Too bad they can't kill each other like real gangs. It would be nice if they thinned their numbers so much to the point that we stop getting spam all together.
Shameless plug alert: Game server control panel
As long as people are not held responsible for what damage their machines do to the net, this will not change.
Botnets rely on people being negligent, clueless and generally careless. There is no such thing as an unavoidable infection. Over 99% of all infections rely on user interaction (and yes, while over 98% of percentages used in biased reports are fake, this one I can actually vouch for), with remote exploits only constituting for a very, very small of infections, most of which also relying on your use of an insecure machine directly connected to the net.
If people acted on the road like the act in the net, a mass accident with 100s of cars involved would not be a newsworthy item. It would be the rule in rush hour traffic! And as much as I hate car analogies, this one is sadly true.
People switch their common sense off when they access the internet. I have no other explanation for this phenomenon. You can get most people to double click your attachment with the most hare brained excuse, "important news from your lawyer" is often enough.
Even if they have none!
With the "from" line reading "lawyer"!!!
The main problem isn't spam. The core problem is that those botnets are then used to spread even more and even more dangerous malware around. Bankfraud being one of the more "harmless" things in their arsenal.
People have to be held responsible for what their machines do, and what cause they harm to the rest of the net population. I'm not talking jail time, it needn't be capital punishment. The people we're talking about are not your "usual criminals". They already wet their pants if there's a chance that they could have to show up as defendent in court, as those "you went to our page so you owe us 500 bucks or we drag you to court" scams prove. Some kind of nominal fine would already be plenty.
Don't get me wrong. I don't want to keep anyone from using the net. But as with everything that can be harmful to other people using the same tools you do, you have to act responsibly. This applies to cars, this applies to guns, and it also applies to machines with internet connection.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I haven't seen any Microsoft references in any of the posts. This is Slashdot. I'm browsing at -1. Everyone is proposing solutions to the botnet problem. No one has mentioned Windows. Shocking!
ELOI, ELOI, LAMA SABACHTHANI!?
The same thing happens inside you intestines or in any given pond of water. Microorganisms compete with one another for control of nutrient resources. In a healthy ecosystem, no one organism gains complete dominance or becomes overly destructive to its environment.
I'm not saying this spam or spyware is beneficial, but it sounds like rival programs are more likely to keep one another in check before ISPs or the government ever come up with a solution. It would be interesting to see viruses, worms, etc. that are too busy attacking each other to steal your financial info.
I'd rather have viruses actively circumventing one another in the background on my computer than a clunky, expensive antiviral program constantly reminding me to download or purchase an update. Of course [lovingly pats iMac], this is all hypothetical.
Don't mix up things. You want ISPs to detect spam and filter outgoing traffic, not incoming. ISPs may tag incoming mail traffic but that's it. No ISP can know what kind of mail traffic you want to receive, so they should rather not filter it. Thence, there is no incentive in gaining a reputation of "spam-free".
Plusserver.de (this is where your server is apparently hosted) is frequently used by spammers, and I wrote to them many times without anybody reacting. The problem is that regularly checking the servers in the data center costs money, and YOU will have to pay this because the admins will not be able to track down and sue a spammer that may be located in P.R.China. Plus, many spammers time their spams according to working hours. Spam and phishings sent from servers in Germany for example are likely to send in the evening CEST, or even late on Friday when there is a certain likelyness that nobody is on duty over the weekend.
It is because so many people simply don't understand the problem that it got so big, and today it is costing taxpayers billions each year. There is no way of "even wasting thoughts on it is useless." Get a clue, man. And renew your server certificate.
Before Martin Scorsese or Quentin Tarantino directs a movie on the mafia bot wars.
I'm saying that habits from real life tend to find their way into online life, and I postulated on the habit which could have resulted in the emergence of the word "addy".
Here, have your words back. You tried putting them in my mouth, but they don't fit.
:(){
If I could just stop the US Postal Service from spamming me.
Your post advocates a
(X) technical ( ) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, asshole! I'm going to find out where you live and burn your house down!
Did anyone else find it amusing that the fine article is on a website that uses those disgusting "intellitxt" ads?
Seriously, isn't it enough to have two sidebar ads, one banner at the top of the page, and a midarticle interruptor with two ads in it without adding those fuckedup doubleunderline things that pop up and block the page if you accidentally mouse over? I just blocked them with adblock, it's not like they're any harder to get rid of...
a world with a few less common criminals will be a marginally better place.
Wow, /. says you're a friend of a friend, and a woe of a friend... I gotta stop hangin' round bipolar guys...
Ya know, I was at McDonald's getting a hamburger yesterday, and the cashier was talking with a coworker about OSPF multi-area design for switched networks.. good grief!
Shit, I screwed up the formatting. I fucking fail it. Ah well, time to go overdose on crack to end the pain caused by messing up the formatting in some text on a website.
In a consumer help program on TV they had brought in an expert to teach people how to avoid spam (viruses was already covered in an earlier program. Sadly (?) I missed that one. From the top of my head, some of the advices was:
Do not open porn sites (Yes, he said 'open')
Do not watch online movies
Keep an updated anti virus
Do not use web based e-mail
When not using your computer turn it off. Laptop users should close the lid.(I love this one!)
The most peculiar though was that not once did he warn about giving out your e-mail address. Thank god we have experts like that to help us protect our self...
I work in infosec at an anti-virus organisation, and it's starting to worry me a little. Most of our physical risks are mundane things like cleaners making off with laptops, but the risk of physical attacks on our staff is non-zero -- high enough that we have thought about it and made some plans. I have to admit I sometimes worry about the number of traces out there that would enable a skilled & highly motivated attacker to connect my name to my employer, and my home (and family) to me.
is a spamnet that doesn't try to sell you anything. Instead it tells the reader there is a big fine and possible court appearances coming down the pike if their computer is found to be infected. Maybe even make them think their system is infected. Basic text, no HTML. No attachments. Give them instructions on how to get their system clean, how to "practice safe emailing", etc..
...after all it is only text.
Just make it all sound like it was written by a lawyer, and that they may face stiff penalties if they do no comply in a short time.
Solution? No. But hey if it helps
My Suburban burns less gasoline than your Prius.
(sings)
When you're a Bot,
You're a Bot all the way
From your first cigarette
To your last dyin' day.
When you're a Bot,
If the spit hits the fan,
You got brothers around,
You're a family man!
You're never alone,
You're never disconnected!
You're home with your own:
When company's expected,
You're well protected!
Then you are set
With a capital B,
Which you'll never forget
Till they cart you away.
When you're a Bot,
You stay a Bot!
I regularly follow one particular local (Israeli) spammer whose operation seems to be botnet-based. I report every single message received from that spammer using SpamCop (spamcop.net). Recently I started adding text asking the ISP that receives the notification to confirm if the sending IP address can be confirmed to be a spam sending zombie. I still hadn't received any kind of response (I have also asked several times domain owners whose adresses were forged to confirm the addresses were used without permision and no one has ever replied).
7 4&blogcode=5950596
So what do I have: hundreds of email messages, coming from almost the same number of IP addresses spread all around the world, and with email addresses in numerous domains that seem to be irrelevant to the advertised service. And not one can be positively confirmed to really be a zombie (or forged identity). So it's obvious it's a criminal spammer, but I doubt anything legal can be done using just the evidence that each message is sent using a different IP address in a different country, and practically all of these are in dynamic consumer broadband ranges (there was one instance I know of that is recorded on the web of someone whose domain was forged on spam by this spammer that had actually filed a complaint with the police and blogged about it, but AFAIK nothing happenned).
So I know about an Israeli spamming operation. I know the spammer's cellphone number that is included in their self promoition messages. I have a list of many clients that have hired their services, including financial services, academic colleges, Some IT companies, many others, and even one government agency (i.e., my tax money paid to a botnet operator to steal computing and network resources!) but I doubt if I can do much with it. I informed all the Israeli ISPs about this spammer. I know others are getting this spam. The ISPs could probably collect hundreds of thousands of spam messages and map the botnet, and provide all the evidence needed to put the spammer in jail for many years. Yet they haven't. So it seems they're not that interested.
There's a list of all the spam messages I received from this spammer including sending IP addresses and their geographic locations plus info identifying the advertisers for each spam message that I posted (In Hebrew. Only the IP addresses and dnsstuff.com links are usable to none Hebrew speakers) here: http://israblog.nana.co.il/blogread.asp?blog=3830
If you can, filter out everything by default that DOES NOT include a certain word or
phrase in the subject line, and make sure your important contacts know what to put in to
it. It works best if you make it an uncommon word, or gibberish or spelled with numbers
(such as WeuzleWuzle, or 5p4mn0twelcom3here). I do that with one of my e-mail accounts
and it works great.
... a whitelist the moment they create an email account. "Please enter all the email addresses you know. If you wish to update this list at a later time, (instructions.) This is to protect you from unwanted emails and emails that may contain harmful programs." and then have the email providers thoroughly scan all attachments. This would stop alot of this crap pretty quickly, and it would be pretty easy to implement.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
tomstdenis is right. :)
So the RIAA realy should talk to MSFT.
Oww wait, giving RIAA ideas, any ideas, is not good, right?
hany
I was amused that website exists and slightly scared that you knew about it.
~.~
I'm a peripheral visionary.
I mean this in all sincerity, but I wish this virtual turf war would turn real and these groups would start shooting each other. More dead spammers would do a lot to make cyberspace a happier place!
/// Not a super-genius . . . yet. ///