Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Scammers Become Storm Botnet Victims

Posted by CowboyNeal on from the sticking-their-necks-out dept.

capnkr writes "It looks like the efforts of the anti-scammers at sites like 419eater, Scamwarners, Artists Against 419, and possibly others have become the target of the Storm botnet. Spamnation has a post about it, and as of this writing none of the above listed sites are responding. Spamnation reports that CastleCops and other anti-spam forums are being DDoSed as well. Sounds like a massive, concerted effort against the folks who are fighting the good fight. Although I hate it for the owners and admins of the above sites, I think it shows without a doubt that their efforts to 'get back' at the scammers are working."

7 of 207 comments (clear)

  1. Grey Hat solution by DigiShaman · · Score: 3, Interesting

    Aside from the legalities, perhaps Grey Hats round the world need to start developing "neuter-viri" (self replicating auto-patchers). These zombified machines have got to be defanged somehow, and fast.

    --
    Life is not for the lazy.
    1. Re:Grey Hat solution by Evi1BastardFromHe11 · · Score: 4, Interesting

      What would this accomplish? The lusers have to be hit hard to start to care about what sort of malware resides on their machines. I would rather see a solution where someone exploits a hole in the Storm control implementation and distributes a disk shredding update to all nodes.

      50M dead HDDs would be fun in the oldschool spirit and at the same time would generate enough of fuss for people to start actually caring about security.

    2. Re:Grey Hat solution by Anonymous Coward · · Score: 3, Interesting

      That is because Welchia was poorly designed. A properly designed counter-worm would not actively seek out targets. Instead, it would patch the system and wait for an infected system to contact it, where it would then spread to that infected system.

  2. Re:craigslist scammers by WhatAmIDoingHere · · Score: 3, Interesting

    You blew your load too quickly. The comedy comes from pissing them off and seeing how many hoops you can get them to jump through before telling them that you're just fucking with them.

    --
    Not a Twitter sockpuppet... but I wish I was.
  3. How do you explain this to the average joe? by mark-t · · Score: 4, Interesting

    I told my oldest son about this botnet yesterday, mentioning that with between 2 million and 20 million CPU's working at any one time, and even that larger figure likely representing only a fraction of the botnet's total capacity, it collectively represented the most powerful supercomputer ever built... and it was effectively under the control of a small group of people with criminal intent - the author, or authors, of the worm. My son responded to me with a great deal of scepticism, first saying that none of these security experts which have made this analysis have any way to estimate what sort of computing power military organizations might have, so saying that it represented the most powerful supercomputer ever was actually a completely meaningless claim, and also, he proclaimed that the story was most probably just hype and over exaggerated. He said that the claim of the most powerful supercomputer ever being controlled by criminals was simply too much to be believable, like the headlines one might see on the front page of the Weekly World News tabloid. He also said that it was ludicrous to see how sending people "penis extension ads" (which is about all he figures a botnet can do) can actually seriously harm anything or anyone.

    So this got me to wondering... how much of this actually _is_ something that is of any real concern, and if it really is, how could it be explained to people in such a way that it's not going to sound like some claim from a conspiracy theorist?

    --
    File under 'M' for 'Manic ranting'
  4. Re:Solution??? by Technician · · Score: 3, Interesting

    I got a bunch of those e-card emails several weeks ago. Knowing how my Ubuntu box is configured, I went ahead to see how the exploit works. The link is a very sparce page indicating a video download that will start automatically. If it doesn't, click here. The exploit uses both a script and social engineering. Firefox didn't start an automatic download on Ubuntu, so for grins I clicked the link. I was asked where I wanted to save e-card.exe. This exploit page was common to many e-mails indicating cards from my mother, relative, etc. I thought it interesting there was no information passed to load any kind of customized card like a real e-card. Also highly suspicious is the link was an IP address, not a URL. That move alone gets past filtered DNS services and a hosts file.

    By the way, the download in Ubuntu asking where to save it has a cancel button. I didn't download it to get a filesize. Sorry.

    I know I am not sending any extra data as part of this bot simply because my network switch sits right under my monitor. There is no unusual traffic here. I think everyone should be constantly monitoring their network traffic.

    Maybe MS and Ubuntu can make a traffic monitor that sits on the desktop by default. I know most people would ignore it thinking it is Limewire or Torrent traffic.

    --
    The truth shall set you free!
  5. Ya DHS are morons by Sycraft-fu · · Score: 3, Interesting

    We've got a professor at the university where I work that consults for DHS, one of our student workers is in his class. The misinformation this guy hands out is... legendary. For example, did you know that twisted pair only has a bandwidth of 250kHz and a maximum speed of 4Mbps? Really, it must be true, Dr. DHS said so! Never you mind things like Belden 7852A that is rated up in the 400-600MHz range, what do they know? Smarmy cable manufacturer, Dr. DHS says that's just not true!

    Well if you've got people like that advising you, I'm going to guess the technical conclusions you come to are probably not going to be the correct ones.