Slashdot Mirror
Botnet Mafia in Online Turf War
An anonymous reader writes " The kind of turf war seen in the real world by drug gangs is being replicated by the criminal gangs behind spamming botnets, and things are turning nasty."
← Back to Stories (view on slashdot.org)
Trying to care, ..., nope failing.
As someone who doesn't have an email address anymore, I really don't care about spam in the slightest, or the battle they go over to spam people. Most of my spam, that actually made it to my inbox when I had a gmail account was in Portuguese or some random asian looking language. To me it was all gibberish [more than usual] and fleeting. But the ever presence of it [on average I would receive anywhere between 100 and 500 spams a day, with about 5-10 in my inbox] just gnaws at you. Day after day people keep assaulting your inbox, trying to take away the service from you.
And even though gmail is free, it was still MY inbox, if you know what I mean. And having these low lifes just clutter it up every day with the same foreign language bullshit nonsense was annoying.
Eventually I just deleted my account. I have a cell phone if people want to contact me. And for work I have a private email addy that my co-workers can use. Personal email is just a waste.
Tom
Someday, I'll have a real sig.
It'd be a shame if something were to happen to this nice botnet ya got here...
Time for ISPs to stop being so nicey-nice about this.
1) Send an email to all customers saying that the ISP will begin choosing a random day (say every 3 months or so) to scan for infected computers churning out email.
2) On that random day (random so the spam bots won't be programmed to be silent on that day) the ISP shuts down outgoing mail for all infected computers on their network.
3) Customer who can't send mail is irate and calls ISP tech support hotline.
4) Tech support says: we warned you... please follow these virus removal instructions and install/update your anti virus software.
Bam problem solved. People who keep getting blocked every 3 months will quickly learn to take better care of their computers. Along with the customer's invoice the ISP could send an information sheet with prevention and removal instructions.
Maybe governments can give ISPs a little financial help for doing this?
Unfortunately I don't see any other solution other than tough-love.
You could wake up with an ascii horses head in your inbox http://www.virtualhorses.com/graphics/asciiart.htm
... Botnet Wars! They can infect systems and fight it out in the process table.
"Watch out! They just spawned a thread that has access to your virtual address space! Protect your data registers!"
Will they be in the typical Pizza shop website? something like www.donluigi-pizza.com (and donluigi-pizza.org for eGangster login)
signature is pants
Browsing through some of the posts here, I'm seeing how people tend to forget the financial aspect of botnets. Spam, malware is big business (obviously) so its no surprise that can become the online equivalent to a Columbian drug war without the murders and guns. There is huge business in bots and whats sad is, the low man on the totem pole is often some American company who's advertisements are being spammed (for the spammers). Vint Cerf stated there are millions of infected machines, I don't know about those numbers, but I can tell you that if I was involved in (dis)organized crime, why should I re-invent the wheel when I could re-program my own bots to take over others' cruddily created bots. This falls in line with a document I wrong (Ubuntu and the Destruction of the Internet) where my logic is, "are you sure you want grandma using Linux"?... With e-Criminals getting savvier, how long will it be before the Internet truly becomes the Wild West... Some may think its not a big deal, but when there are finances involved, that can escalate to physical crimes (shootings, murder, etc.) and its happened a few times where (dis)organized idjits stealing e-money from games were caught up in real life incidents for stepping over "turf".
Infiltrated dot Net
Reduce, reuse, cycle
I think it might still be better than Hackers, Swordfish, and that one with Sandra Bullock though... :P
I hope they'll drive-by-spam eachother until their computers are fried.
Privacy is terrorism.
*ominously clicking together Jolt COla bottles stuck on fingertips*
Botnets... come out to play-ayyyyy!
Slashdot Burying Stories About Slashdot Media Owned
Yay! I'll get popcorn!
Oh wait, that also means the tubes get clogged. Dang it.
P.S. Some of us need personal email and have relied on it heavily for 15 years.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
If people actually started using the tools that have been available for years and signed their emails it would be a lot easier to spot the ones sent out by spam bots.
It's amazing how hard it is to get a company to send you a signed email to prove who they are and even harder to send an encrypted email containing personal information to them even though everyone knows how insecure email it.
Lazy Government,
Lazy Companies,
Lazy Consumers.
The tools are there for free and have been for years.
thank God the internet isn't a human right.
Obviously, the War On Botnets has failed. All the War On Botnets has done is created a lucrative enterprise for organized crime. We need to legalize botnets, so that botnet operators can finally come out of the shadows. Also, once legalized, we can tax botnets -- this way, botnets become an income generator for the government, rather than a black hole of enforcement dollars. The police can then better spend their time tracking down *real* criminals.
Relax and wait. Over time, ISPs will start to get seriously annoyed by this waste of bandwidth. As soon as customers start calling and complain about their crawling download speed, ISPs will have to start to act.
And ISPs who act against it will finally gain a reputation for providing being spam-free services. Just regularly call your ISP and complain about that they don't filter the spam.
For me having about 20-30 junk mails in my inbox per day isn't really much trouble. T'Bird does a fairly good job detecting them. And if it really starts to bug me I will install something like spamassassin on my server. So, who cares.
Don't get me wrong: I just hate this stuff like everyone else. But even wasting thoughts on it is useless.
Yt,
Gunnar
Ah, get over it.
I'm actually *related* to italian mafioso (though not involved), and I don't give a half-shit about this. Mafia implies italians about as much as Nazi implies germans. It's a specific group of Not-Very-Nice people, and these days, they're of any race creed or color. Use it in that fashion and the implication fades.
No, seriously. If your offended, your oversensitive. Shut up and deal with it.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
I'm still waiting to be cast in an XXX Hackers spoof, where copying a garbage file sends the female lead on a dirty, dirty quest to get out of trouble with the sleazy fat ugly cops that pursue her.
Might as well spoof Takedown as well, where a fugitive hacker leads his asian arch nemesis on a cross-country chase through every brothel in the USA, all over a dick-length argument. They finally settle their feud in a stomach-churning scene where they both anally violate a journalist named John Warkoff.
Oh come on! When have you ever seen pr0n with a good story ?
-Billco, Fnarg.com
The war on drugs is a miserable failure. So please find another parable
A "war on spam" might actually work better than "war on drugs" simply because there are liklely to be far fewer people who wants spam than want various drugs.
the whole enviroment that these people thrive in is made possible by MS Windows and its' horrible security. why don't we start screaming about fixing the root cause of the problem ?
Thing is that there are plenty of people who appear to think that Microsoft's bluring the line between user & administrator or having a "monoculture" environment is a good thing.
The kind of turf war seen in the real world by drug gangs
Until I actually RTFA, I thought they meant that botnet gangs were finding the people running opposing botnets and killing them.
Or maybe I was just secretly hoping.
I'm actually *related* to italian mafioso... Shut up and deal with it.
Yes, Sir.
As long as people are not held responsible for what damage their machines do to the net, this will not change.
Botnets rely on people being negligent, clueless and generally careless. There is no such thing as an unavoidable infection. Over 99% of all infections rely on user interaction (and yes, while over 98% of percentages used in biased reports are fake, this one I can actually vouch for), with remote exploits only constituting for a very, very small of infections, most of which also relying on your use of an insecure machine directly connected to the net.
If people acted on the road like the act in the net, a mass accident with 100s of cars involved would not be a newsworthy item. It would be the rule in rush hour traffic! And as much as I hate car analogies, this one is sadly true.
People switch their common sense off when they access the internet. I have no other explanation for this phenomenon. You can get most people to double click your attachment with the most hare brained excuse, "important news from your lawyer" is often enough.
Even if they have none!
With the "from" line reading "lawyer"!!!
The main problem isn't spam. The core problem is that those botnets are then used to spread even more and even more dangerous malware around. Bankfraud being one of the more "harmless" things in their arsenal.
People have to be held responsible for what their machines do, and what cause they harm to the rest of the net population. I'm not talking jail time, it needn't be capital punishment. The people we're talking about are not your "usual criminals". They already wet their pants if there's a chance that they could have to show up as defendent in court, as those "you went to our page so you owe us 500 bucks or we drag you to court" scams prove. Some kind of nominal fine would already be plenty.
Don't get me wrong. I don't want to keep anyone from using the net. But as with everything that can be harmful to other people using the same tools you do, you have to act responsibly. This applies to cars, this applies to guns, and it also applies to machines with internet connection.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If I could just stop the US Postal Service from spamming me.
Your post advocates a
(X) technical ( ) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(X) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, asshole! I'm going to find out where you live and burn your house down!
In a consumer help program on TV they had brought in an expert to teach people how to avoid spam (viruses was already covered in an earlier program. Sadly (?) I missed that one. From the top of my head, some of the advices was:
Do not open porn sites (Yes, he said 'open')
Do not watch online movies
Keep an updated anti virus
Do not use web based e-mail
When not using your computer turn it off. Laptop users should close the lid.(I love this one!)
The most peculiar though was that not once did he warn about giving out your e-mail address. Thank god we have experts like that to help us protect our self...