Slashdot Mirror
Most Spam Comes From Just Six Botnets
Ezhenito noted some research pointing out the (maybe) surprising bit of research that 6 botnets are responsible for 85 percent of the world's spam. That seems a bit high to me, but the only aspect of spam I am an expert in is *getting* it.
Is there a way to block these specific botnets!? First post yay.
Bet I could connect any one of these bots to Kevin Bacon in 3 or less.
SJW: Someone who has run out of real oppression, and has to fake it.
Srizbi is the largest contributor at 39%
I believe this figure could be much larger if the Trojan.Srizbi client was ported to Mac and linux
Anyone know what licence it's distributed under?
Comment removed based on user account deletion
Why can't they focus thier efforts and resources on shaping traffic to block this kind of nonsense, rather than Torrents?
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
What TFA says is that most Spam comes from the following six types of Bot:
Srizbi: 39%
Rustock: 20%
Mega-D: 11%
Hacktool.Spammer: 7%
Pushdo: 6%
Storm: 2%
Other: 15%
This doesn't necessarily mean that most spam comes from six botnets. Some of the bots could be used by multiple bot masters; OTOH some botmasters could control multiple botnets using different bots.
Something else I just thought of:
The botmasters are going to use the best bot available, i.e. the one enabling them to send most spam at the least cost. On the other hand, the "good guys" are fighting spam (and the bots). So whenever a certain bot starts taking over (currently Srizbi) all the good guys will focus on that one and try to shut it down. So the bot decreases in value and another, better bot will take over. Evolution at its best.
The Antivirus companies which are trying to fight the malware are also trying their best. The big difference is that while the success of a spambot can be easily measured by the customer (i.e. the botmaster), the success of an AV product is much harder to estimate. Also, the typical AV customer doesn't have the ability/time to find out which AV product is best for him. Moreover, AV products are some sort of subscription service (you buy the package and get 1 year of updates) which makes it hard to switch products. Often AV products are bundled with computers, selected by business principles and not by technical superiority.
In other words, the evolution process of malware is far superior to the one of AV products.
You have 11292 unread messages: Inbox(7803), Bulk(3489)
this is from a 10 year old yahoo account that i only visit once a month to keep it active, i log in and never open anything, i dont care = its not my harddrive all that spam is sitting on...
Politics is Treachery, Religion is Brainwashing
...Spam, spam, spam, spam, spam, baked beans and spam.
But the baked beans are off.
-- Note to Mods: There is a good reason there's no "-1 Disagree" option. --
I *used* to get next to no spam at all - maybe 2-3 mails a month. Unfortunately, I then created a mod for Oblivion which included an obfuscated version of my email in the readme for bug reporting, feedback etc. Gamershell, Fileplanet and Filefront then very helpfully added my file to their servers, and included the readme with deobfuscated address on the download page. Now I get 500 a day at times - fortunately, all but 1 or 2 a week get caught straight so it's just a matter of emptying the Trash folder every now and then.
If you haven't made a developer cry, you've wasted a day.
These botnets have "Control Servers" and we haven't managed to isolate them? Surely such centralization is a weak core that could be exploited?
If I was building a botnet, every host would be preloaded with the address of every other host that was known about by whatever was doing the infecting. Once established, each host would go about randomly informing the whole list that it now existed, as well as starting to receive notices about newly established hosts so it can keep it's own list of hosts up to date. This way there would be no single point of failure.
It surprises me that botnets using even a large amount of central servers can't be isolated off networks. If ipX is a known Russian Control Server, and ISP finds Client Y connecting to it, it makes sense Client Y needs to be disconnected and contacted, or say, have access restricted to antivirus update / download sites for say an hour (arbitrary) and then full access restored. If the client then tries to reconnect to ipX again, it should have it's access restricted for longer.
I would imagine, that even a few ISPs doing this could at least make a reasonable dent on spam. They are always complaining about bandwidth, after they remove the spam from it they will have more for legitimate customers, which will mean they can give better allowances to people who like to download, making them a more attractive ISP, profit!
Never mind, the current solution seems to be working perfectly.
In theory, yes it would.
In practice, no it wouldn't.
You'd be opening yourself up to prosecution. Even in countries without specific "misuse of computers" laws, running a program on someone else's computer is trespass. You might think that, since trespass is a civil matter, you'd only need to worry about someone who has the money to sue you taking a dim view of what you were up to. And you'd be right. But the botnet-controllers have got enough money and would be bothered to take you to court.
And I haven't even touched on the really horrifying issue: what if your benign, anti-malware malware malfunctioned, or was subverted by the next generation malignant, anti-benign-anti-malware-malware malware? You could easily end up becoming even worse than the enemy whose dirty tricks you borrowed.
Je fume. Tu fumes. Nous fûmes!
Is it possible to identify a trojanned machine that's sending out spam, like maybe find if it responds to some "unexpected" port? If you could do this, you could quickly check "unknown" mail servers and see if they were really an 0wned Windows box spewing out spam.
Comment removed based on user account deletion
What if Microsoft were to release it?
"I've got more toys than Teruhisa Kitahara."
is the advertisement at the bottom.
All 19 hijackers were known terrorists 09-10-2001. Lack of FBI intelligence does not justify warrantless wiretaps..
rather than creating a new gmail account, you should look at spamgourmet.com. The email accounts are created and limited automatically. Just give out an email address, and it automatically is limited to x many emails. You need to have a read up on it, but its very easy to use.
Or you can put a prefix to your gmail address with a '+'. ie. "temp+john38@gmail.com" the mail still gets delivered to john38@gmail, but with 'temp+john38@gmail.com' in the 'to:' field, allowing you to filter it easily.
I.O.U One Sig.
Comment removed based on user account deletion
Blocking known residential blocks sucks as a solution as it removes some of the democracy of the net.
I (like others I'm sure, but maybe not so many of us these days) run a mail/web server from home. I just use it for personal mail. I have SPF and rDNS set up, I play by all the rules. Why block me because I use ADSL at home with a static IP ?
Whilst I appreciate that accepting mail from my IP is potentially a higher risk factor, blocking all residential blocks sems to me to be overkill.
You know... we don't let people drive without a drivers license and insurance. The general public has to start taking some responsibility here.
I would suggest some measures we can use:
1) static IP's. Then we can easily track down infected machines and take them offline.
2) Laws that require people to assume some form of responsibility when they connect a computer to the net.
3) Perhaps some form of compulsory insurance policy.
4) Laws that require ISP's to disconnect spam bots and take some responsibility.
If we had people throwing garbage from the windows of their cars we'd probably urge more enforcement of anti-littering laws. But what if these people were spewing porn? If we had a trespass issue as bad as the spam issue then we'd urge more enforcement of laws already on the books.
In the case of spam, we don't have the laws we need for the most part.
There are people who are responsible. I should think we can figure out ways to encourage them to clean up their act. The thing is this is not harmless. Many of these spams are NOT suitable for children and many children have net access. It is not even possible for most parents to screen this.
Perhaps we need enforcement of some of the child pornography legislation. A for instance is that if some adult is so irresponsible as to discard their used porn rags in a school yard then I don't think ignorance would be considered a suitable defense. Yet that same individual who allows his computer to remain part of a botnet which dumps porn into computers children have access to is somehow innocent? I don't think so.
It would take only a few cases and the public would wise up real fast.
Comment removed based on user account deletion
Well, that's convenient - my hand cannon holds six bullets.
Well, they already are worse than the spammers, in their own way.
Most of the shite legacy software that was written (using Microsoft's deliberately incomplete, and occasionally downright wrong, documentation) for Windows takes advantage for its legitimate operations of the exact same features that most malware uses for its nefarious ones, so it won't run as a non-administrative user.
You know what's worse? It'd be a quick half-hour job to fix it, if only the owners had thought to demand the Source Code.
Je fume. Tu fumes. Nous fûmes!
: New pill will grown & strengthen yourBotnets
: As Seen On: Maxim, GQ, Esquire, FHM, Rolling Stone magazines
: Will increase your size permanently up to 8 botnets!
This is just like the specious 'War on Drugs' that's been so remarkably successful over the past decades. The problem here is that there are morons who actually send money for bootleg Viagra pills, male-member enhancers, and other quality merchandise which these spams promote. Just say no!
Life on the internet was a lot simpler when all stupidity could be pinned on AOL users.
Now if we could only get rid of all those easily bot-ified Minesweeper/Solitaire boxes.....
Did the Futurists predict this and we just didn't take heed*? Or did no one predict this? I've always heard "never underestimate the power of human stupidity", but I guess we shouldn't misunderestimate the power of money and the drive to get it. 20 years ago, if you had told Alvin Toffler that this great interconnected information system was going hijacked by pharmaceutical ads, he'd have told you that you were a lunatic.
*I just saw BladeRunner-TFC again this weekend. Ridley Scott gave us the Blimp with blaring music and spotlights to shine into your windows. That's pretty close.
Seeing that six botnets propagate most of the spam really shouldn't be a surprise to anyone who is familiar with spamhaus. After all, why would the spammers want to reinvent the wheel and produce new botnets when each botnet is itself constantly gaining new zombie PCs?
Really, this is nowhere near as useful as the spam distribution data that is available through spamhaus, telling us who is behind the bulk of the spam, and what geographic parts of the world they are associated with. The botnet building and controlling seems to be the easy part of the spammers' game now, and we can all thank our neighbors and their new un-patched boxes on 24/7 DSL / cable connections for that.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I predict tomorrow's headline to be "90% of x computers belong to one of six bot nets." where x is either a group of foreign countries, corporate computers, or home computers depending on the mood of the day.
While most of us treat spam as junk it is there to serve a very specific purpose. To get our money into the accounts of unscrupulous companies. A mate of mine (honestly) replied to spam and got some pills back. There are proper businesses behind them. Why can't we trace where the money goes and sue their butts off?
How many companies are actually advertising at any one time? Is all the spam for one company, ten companies, a thousand companies or a million?
I have excellent Karma and I am not afraid to Troll it.
If more people configured their sendmail to reject bad HELOs, it would be a lot harder to send spam.
Je fume. Tu fumes. Nous fûmes!
I just checked this and i think you got the address round the wrong way.
you need to put it john38+temp@gmail.com for it to work as the other way round just goes to the wrong address
I was wondering whether it would help if Google (and maybe some of the other top 10) notified you when you showed up on one of the IP block lists with a big yellow box at the top of the page, like an IE alert: "Warning: Your computer has been reported to be a SPAM relay! Please clean up your computer with the following tools..."
Something like that. They could get the list of infected IPs from one of the black lists.
I'm not a network guy, so I don't know what kind of technical restrictions there would be... obviously this wouldn't work well with proxies - maybe NAT would be an issue as well? In any event, I personally would appreciate such a service, even if I got hit with false positives once in a while. Of course, the bots would eventually get wise and filter out the messages, but that's part of the fun of the war.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Yup. You are 100% correct that ISP's like to charge extra for a static IP. Since I run statics I know exactly what you are saying.
I was on the phone with my Bank's security people last week and suggested they look into static IP's as a method to guard against identity theft. They have a HUGE exposure. Moving to statics for the general population would really help them from two standpoints.
1) They could implement a white list for their clients.
2) In the case of unauthorized access the IP can be given to the cops.
There are probably other advantages as well.
Now the thing is the ISP industry will not offer them for the reasons you pointed out. However we can urge to have legislation passed and then they have to offer them. Sometimes laws can be used to good advantage to make good things happen.
As for the issue of the ISP lumping torrents in with spam? Spam is on a separate port. Problem solved.
Perhaps I'll call my MP's office and offer to work on a committee to address some of these issues. I'd urge others to as well. It might take a while to figure out what might work and what might not, but addressing the issue is unlikely to be negative.
I think one thing that is totally clear is that an ISP who offers a connection to a spammer is totally irresponsible yet this happens and while they denied it they were quite happy to cash the cheques.
It is totally unbelievable that an ISP would not be able to monitor traffic on a certain port from a certain IP address and note that its spam.
Getting laws to force ISP's to shut down spammers would be a really good start. It might even solve most of the problems. As for enforcement? Well - we have the source IP addresses. If we have the law on the books and the enforcement people in place then this becomes transparent. All we need to do is simply advise the enforcement people of the issue.
A quiet call can be made to the management of the ISP. If the problem continues then the ISP faces a fine for non-compliance. Eventually they will get the message or they will no longer be in business.
A side affect of legislation like this is that when the plug gets pulled this will create an incentive for the owner of the infected computer to do something about their problem.
What of overseas spam? I figure if one country does something like then then maybe most countries will follow suit. As for the ones who don't? I don't know. Perhaps other measures can be found to contain that problem. I'm reminded of the incident where Telstra in Australia was black-listed. Telstra cleaned up its act rather quickly.
The thing is that at this point we are leaving it to the individual to protect themselves and for the most part the vast majority of the population simply is not up to speed in this area and never will be. Furthermore the problem is getting worse.
An MX record isn't required for sending mail, for receiving mail there's a fallback to A if no MX is found. The problem you're describing (backscatter) is solved by SPF; if only more people configured their MTA to check that before generating a bounce :(
That targets the top 5, 10 etc botnet issues so they can be addressed specifically without having to do broad spectrum AV searches (That fail depending on product)
I need to run as admin to update software, as I am regularly prompted to do. Switching over to admin is annoying, so mostly I just don't update software.
I wish I could specify that certain programs are allowed to update themselves without admin rights.
You are 100% correct. Going after the companies that profit from sale would cut of the air supply for the industry. It would be just like the internation ban on the trade of ivory that pretty much halted poaching.
Like all pain, suffering is a signal that something isn't right
It's not a bad idea, and I think it should be done.
You're right about NAT, though -- at least a few ISPs are starting to run NAT at the ISP level. We need IPv6 badly.
Don't thank God, thank a doctor!
While it may be difficult to terminate entire networks and IP address ranges, a more effective solution would be to identify the individuals who are directly responsible for sending unsolicited just e-mail through "botnets" and the individuals who are responsible for providing access to these illegally hijacked "botnets" and then kill them. Such an action would be most effective if done brutally and painfully, through acts of torture, with videos and images of the events and the aftermath released to the public as a warning to others who might engage in the same behaviour.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Spammer's note to self: (1) duplicate all gmail addresses with dummy "+" fields purged. (2) duplicate all gmail addresses with the most common non-filtered dummy fields, such as "family" and "work". Now each gmail address will be hit with a dozen or a hundred variations, in hopes that one will get through the filter.
Typically, you may use the "Run As" option within windows to launch an application with different user credentials so that it may perform tasks that require Administrator-level access. Additionally, some applications may be user-updated so long as the user has write access to the software's installation directory, though this is often not recommended.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
So what this article is saying is that I wont get c1@l1s ads for my chinchilla?
My chinchilla and his harem are greatly disappointed.
N.B. No chincillas, real or fictional, were harmed in the making of this post.
Leben Sie jetzt die Fragen.
To clarify, that means that "Admin" can set it so that when "User" runs Program X, that program will act as though it were being run by "Admin?"
If that's correct, where is that option? (And thanks for the tip!)
The only way to fix this is to just release a competing bot that destroys all of the other bots and is otherwise harmless. There's no other way around it. I've seen zombie PCs and their owners and I don't think you can do anything to fix either one. After getting paid twice to fix their machine and educate them about how to keep it fixed - I gave up. They couldn't have paid me enough to come back a third time. They obviously just didn't care about learning how to use a computer properly. Apparently smiley face programs and gator clocks are too fun to pass up.
It doesn't matter what OS you use, if you're never installing the updates, and you're constantly installing garbage you find on the Internet - you're going to end up being host to every piece of garbage malware there is. The anti-botnet-botnet is the only thing that we as power users can do to save the general public from themselves.
You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
I thought it was ironic the article about spam had a classic spam ad in it.
Which is the high part? The 85% spam number, or that it takes 6 entire bot-nets to generate it?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Most ISPs still do IPs dynamically. While I might be 10.0.0.1 today, tomorrow I might get evil-infected 10.0.0.2 and Google would start pissing at me.
Alas many (shittly written) email validations don't like + in emails.
I use SneakEmail, create a new email address per service. They get forwarded to my main email. If the address starts to get spammed, and I like the service I filter to just that service, if the email needs to be public I add a filter to the header, and if neither I kill the address. Simple.
Wow, I should not post when knackered.
And what's the problem with running "sed 's/\+.*@gmail/@gmail/'"?
It's very tempting to think some ISPs don't want to do anything about spam.
Je fume. Tu fumes. Nous fûmes!
I stated that there is a means to launch applications while logged in as one user so that the application runs using different user credentials. This does, however, require that the user who launches the application enter the credentials for the different user account.
There are third party tools for allowing applications to run under a different user account without any extra credentials. This is accomplished by storing an encrypted hash of the alternative user account in a wrapper that calls the executable. I have used such a tool to give a user access to a utility that required, due to incompetent programming by the developers at Intuit, Administrative access. Unfortunately, I am currently unable to locate that software at this time.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Not a bad idea, I think there's already malware pop-ups that already do that though. The problem is how will people trust that message, or how to prevent malware publishers from tricking people into installing even more crap on their computers.
- Many people have dynamic IPs. ISPs apparently like to charge extra for a static IP, and at least some say that having one is "not recommended" unless you have special needs.
- Probably because of this, blocklists often include ranges instead of individual IPs. So if I get caught by a spambot, maybe a couple hundred other people will also get told to fix their computer.
Hm... what would people think if ISPs were *required* to provide static IPs? Good for finding spambots and other malware infections, bad for privacy (could be partially offset by widespread encryption and tor/freenet/...), increased regulation...There's some sites that do this. I once got a "You are on the SBL, you cannot access this page" message. Was just about to format my hard drive when I remembered:
1)I was on a dynamic IP
2)My PC was sans PSU when the email was sent.
If you haven't made a developer cry, you've wasted a day.
It's sort of ironic, in that new technology is often embraced rapidly. We clamour to support the next big thing - to remain up to date. And yet, we are reticent to discard older techologies, for fear of alienating friends, family, clients and coworkers.
If Google or Microsoft or [insert favourite large company here] created central cert server[s] that a new mail protocol could authenticate through, we might be able to leave the current batch of spambots in the dust.
The new mail protocol would need to do all of the smtp things, plus it would need to be authenticated via a certification server. ISP's would authenticate to the central cert server[s], independent / home users would authenticate their e-mail servers to the ISP cert server - and all is good. If you identify spam, you send an e-mail to the central authentication server, and the originating ISP cert server is notified to block/shutdown the spam originator or risk being marked as a spammer and having *all* trafic blocked.
I know, easier said than done, but food for thought just the same. I have read some musings about similar things of late, but nothing that would be as generic and ubiquitous as this.
Thoughts?
- Avron
"You know what's worse? It'd be a quick half-hour job to fix it, if only the owners had thought to demand the Source Code."
Spoken like someone who has never actually debugged crappy code before. If I had a nickel for every time someone just needed "a half-hour" to fix a problem in code....
"But this one goes to 11!"
spamgourmet is great. I've been using it for years and years... Still got over 2000 spam emails in my gmail spam folder though.
/. but spamgourmet keeps track of emails trapped. Boy, this site get harvested a lot! Who'd of thunk it?
I list it above ^^ just for kicks. I have no interest in receiving mails from people on
This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
shouldn't it be really easy to fix:
1. Computers which are part of botnets probably have very obvious usage patterns and traffic coming from them.
2. Most ISPs would have to be flying blind and stupid to not notice this if they bothered to look for it.
3. ISPs could come to a mutual agreement to stop spam
4. Any user on an ISP found to be generating spam should be cut off until they agree to clean their machine.
5. any ISP unwilling to agree to that could find other ISPs not interested in dealing with any traffic from them
6. Short of spammers buying a direct connection to the internet or creating their own ISP (which other ISPS could just block their entire range) this should pretty much knee-cap them.
All it would take would be for a few big ISPs worldwide to push something like this and all the little guys would fall in line. Yeah its kind of bully tactics and there might be a bit of a cost incurred at the beginning but once you got the majority of it cleaned up spammers would really have to move on and the work load would become much lighter. Frankly a little bullying in this direction might be fine if it would stop spam, I know I'm tired of receiving it.
For security, the MD5 hash of this message and sig is 09f911029d74e35bd84156c5635688c0.
Great. When our customers do this, all they do is contribute to the problem. Any spam that filters through to their inbox they assume is fine to report, and the brain dead reporting methods attribute the spam to their original destination, us. So, we get kicked for it, even though that customer explicitly asked for their mail to be forwarded.
Worse yet, when a customer thinks it's a good idea to turn on a catch all, for a domain name that's been around since 1996, and also choose to forward all their email.
SPAM sucks, but don't make the problem worse by forwarding email, just check the temporary account via pop or whatever, and orphan it when you're done with it.
It always amazes me that botnet spam is so easy to identify and filter at the SMTP level.
The programmers that create those trojans and stealthy bots should be quite capable, yet the spamming payloads they (or others?) write to run on the botnets are lousy.
It seems like it is too much effort to read RFC-2821 and come up with a spambot that at least talks the SMTP protocol without stupid errors, and on the next level they are not very cleverly written either.
(e.g. most botnet spam is still blocked by simple greylisting, because the sender address is apparently generated randomly for every connection attempt)
>If more people configured their sendmail to reject bad HELOs, it would be a lot harder to send spam.
No, it would be harder to send "joe-jobs" (spam which has *your* return-path). There's really nothing against which to check HELOs, other than that they are valid 'A' records, and whether or not the reverse DNS matches. Since we are talking about spam coming from "bots", there is no reason not to use a HELO name that matches the machine from which the e-mail message is coming.
If you want to check the HELO against an SPF record or DomainKeys (DNS TXT), even based on the specs you shouldn't reject the message if these records don't exist (which would almost certainly be the case for infected desktops).
Even if every legit sender had an SPF record, the only thing you would get rid of is joe-jobs. spam would not be affected, since what people end up seeing is the "pretty name", not the RFC headers (which are few). There's no reason for a spammer to spend much time on making RFC headers or HELO name contain misdirection.
One means to stop a lot of this is to disallow connections to port 25 other than the ISP's own mail server (and even that could be blocked, too, as there is a different port appropriate for email submission that has worked fine in most mail agents for years). There are a few cases where people want to run their own mail server (like BSD and Linux users). If they call up their ISP and specifically ask for port 25 to be opened up for them, the ISP should open it just for them. The chance of someone that knows what port 25 is for to be infected is far less than the average desktop Windows users. For business users, they should be encouraged to do their own port 25 blocking to block individual users, and leave the mail servers open to connect to port 25.
This doesn't prevent spam going through the reachable mail server. So the next step is for the mail servers to install some quota software on a per user basis (with authenticated login so the spammers can't make up an infinite number of users to get around a quota). That and applying the filtering to outgoing mail can reduce the spam a lot.
And finally, people who let their office computer be infected more than 2 times in a one year window need to become unemployed for damn good cause.
now we need to go OSS in diesel cars
On my home PC, I don't require a password for either account; I'm the admin and the user, and I trust myself. :) I just read that logging in under the user account is more secure.
So if I do "run as" admin while logged in as user, it should just run, right?
In practice you'd get sued... ala the Sony Rootkit fiasco... they did it not once but Twice, once with music cds and a second time with move dvds... you think they would have learned that putting a rootkit in your software (with the aim of ratting out 'music/movie pirates') is going to get you sued.
now on the other hand, if you live in china, creating a virus that shuts down a couple million computers, That will get you a job. in IT security... likely with one of the companies that can't remove your virus...
Depending on where you live in the world you Might get away with anti-malware malware, but then those are the kinds of places where they don't ask questions about people with bullets in their heads...
https://www.gnu.org/philosophy/free-sw.html
Actualy, Google does notify you... on Friday one of our machines was improperly configured and started blasting Google, Google put us on a blacklist and required us to enter a CAPTCHA for every search. We got the machine fixed and Google placed us back in good standing.. not exactlly the same as what you said but along the same lines..
Posting anon since we as an organization really should'nt have ran into that sort of thing!
Yet if ISPs were blocking residential http servers, these anti-spam nerds would FLIP OUT. ISP blocked your residential smtp server? Meh *shrugs* The anti-spam crusaders are ruining the open nature of the internet. False positives are unacceptable. I'll take spam over false positives any day.
Really, you need to do it the other way around. You tell all your friends that you're john38+yeahreally@gmail.com, and you send anything without the +yeahreally to the bit bucket.
You can even give different people different +extensions, though managing the white list for them gets to be a pain. Especially since your new, improved email addresses will gradually leak into the spam books (everybody's got a friend dumb enough to push the "forward this article to a friend and sign them up for spam for life!") but it gives you some address space to play with even when you don't have direct control over the mail server.
How many groups and how many people are writing viruses, trojans, etc to gain control over a PC and use it in a botnet? Twenty? Sixty? A hundred? Let's say a thousand smart programmers are busy working as virus code monkeys. How many technically savvy people are the "victims" of a botnet, either directly (getting infected) or indirectly, as a recipient of UCE? More than a thousand? More than a hundred thousand? How many really smart programmers, engineers, scientists, whatever working together would it take to disable the botnets and the people behind them? Don't give me any poodlepoo about network anonymity - If we can detect a single friggin photon bouncing off a satellite, we can find out where packets originate. I propose that the resources are there, we just lack the yarbles to organize and take action. Reminds me of the Churchill speech that goes like: "Never was so much owed by so many to so few".
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
You have thousands of computers all controlled by a centralized source right? Wrong. They have trails. That's why there are waves of attacks. They start small but eventually all of the compromised systems do the attack/mail/whatever.
How is this accomplished? Why can't we track them down? Torrents my friends.
Imagine a Bot, that used a torrent to update it's configuration every so often. Then that torrent is deleted and it's like it never existed. Keep the number of connections down, use existing servers to spread the torrent initially, but have it focus on other hacked servers originally created to host the file. 10-20 should do it and take absolutely no time to do.
Create a method to update the torrent or key off a series of downloads for the botnet to use a new config and search torrents for it.
The concept is very easy... and very scary. I personally think that once you make the crime not worth the punishment... it will mostly go away or be focused in other countries. These people are affecting thousands of peoples lives. A thief who steals a car gets 10 years, where these guys barely get jailtime? C'mon. They've stolen millions and that's what you KNOW about.
The problem seems clear to me. I do not understand why this has not been understood. The problem is easily solvable by email clients, with a minor change in protocol, and can be backwards compatible with older clients.
I base it on two observations I've had:
- I do not get SPAM from addresses I know
- 99.999% of messages with SPAM do not have valid email addresses to reply to
So here is how to fix:
1) Bobby's email client randomly generates a long code or "safe word" (for this example, "supermanhateskryptonite123456"). A new "safe word" is used for each new suspicious email.
2) Jane just got Bobby's email address and sends him an email for the first time. Bobby's client doesn't know Jane, so Bobby's client delays Jane's email, and replies back to her with Bobby's "safe word." The message is part of a standard protocol so that email clients can easily understand it, but also people who have old clients can read the reply and understand what to do as well. The message basically says, "Hi! I'm Bobby's computer. I don't know you. But if you really exist, please reply back to me with 'supermanhateskryptonite123456' so that I can trust your email address." (BTW, Bobby isn't aware any of this even happened yet.)
3) Jane's computer is compatible with this new protocol, and sees the standard protocol reply from Bobby. Also unknown to Jane, her email client silently replies back with 'supermanhateskryptonite123456' in the message.
4) Bobby's computer gets the reply (which proves that the address is valid) and now it can trust Jane's email address, so her original message (that was temporarily held) is now displayed to Bobby. Any further emails from Jane won't be delayed.
This solves several problems:
- You don't need a "bad words" list to check for SPAM
- You don't need Bayesian filters
- You don't have to set up a "white list" of email addresses manually
- If you decide someone is SPAMMING you, you have a valid email address to go after
- It doesn't require ISP's to do anything
- It doesn't require other users to do anything (other than the first-time response)
- If Jane's computer is compromised by a virus that reads her mail settings and address book, Bobby will know whose computer is infected and can do something about it
Idea is for free.
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
Megatron, Soundwave, Starscream, Barracade, Blackout, and Michael Bay.
The Rapture is NOT an exit strategy.
I find that perfectly acceptable, if the dialog is just a small box that warns you once a day. 1000 people getting one small box, is worth it if one of the 5 muppets responsible fixes his damn spyware. Plus with couple of good filters you can filter out the 100 mac/linux users and anybody not on IE7- or FF2- (while a Firefox user may be dumb enough to get malware, most alternative users / people on alphas/early betas will be geeks)
IranAir Flight 655 never forget!
The user who runs the application must still have the credentials for an Administrator account.
If you are seeking a means to allow certain "backup admins" to run only specific applications with Administrative credentials, while not allowing them Administrative access for the entire system, then you should seek a third party application that can create a wrapper executable to launch applications using the stored and encrypted username and password of another user. Such software exists, though I am currently unable to locate any free versions.
With such a utility, you can create a "wrapper" executable, enter the username and password of an Administrator account, and assign a specified utility to the wrapper. Anyone who runs the wrapper executable will launch the target application with the credentials of the Administrator user. This, however, is not necessarily fully secure; any application that allows access to Windows Explorer (which is the case with most software featuring a "Save" or "Open" file dialogue) could potentially allow for a backdoor to launch other applications with elevated privileges.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Given your list of programs, it is obvious that your experience is that of the average home user; regardless of the fact that you use a VPN client to connect to your office.
In terms of OS security, poorly coded applications such as Quickbooks Manufacturing & Wholesale cause nothing but security policy issues for admins because they require that the user have Local Admin privileges. This obviously causes issues as the user, without additional registry hacks/group policy tweaks, can install programs at will and have access to parts of the system that they would not otherwise have. Not to mention that they also have issues with roaming profiles, which is another issue altogether.
While you mentioned the use of the "Run as administrator" option, it's a moot point in the corporate world as it defeats the purpose of implementing securing policies to protect the workstation installation and restrict what the user can and cannot do.
Just my 2 cents... from a different vantage point than that of an end user.
STOCKHOLM, Sweden, Friday (UNN) -- Russian hackers have accepted EUR800,000 in donations from customers of Nordea, Sweden's largest bank, after a sophisticated "phishing" campaign recruited customers into downloading a Trojan horse program that recorded their account login details.
The Russians had looked up the definition of "hacker" in the Jargon File and been inspired to leverage the creative power of open source Free Software. The first campaign took place in August 2006 and was detected a month later, having affected around 250 Nordea customers.
The emails claimed to be from the Nordea Open Trojan Foundation, telling recipients to install an anti-spam and donation tool. Their computers were then infected by the Trojan HaxDoor.RMS.w32, which installs itself in C:\WINDOWS\SYSTEM32 and sends your passwords to its creators, but only after you have read through and accepted the GNU General Public License and checked the README file for known problems. The email also included full source code.
Swedish police traced the attacks to Russia by looking at the contact details, including address and phone number, included in the README. They have filed over 100 bugs on the creators' SourceForge project and joined the mailing lists on the grass-roots marketing and publicity site SpreadHaxDoor.com.
A Nordea spokesman said the attacks have "quietened down" after the initial influx last Autumn. "We are constantly looking at the security of our online banking and many different measures are taken. We are updating our systems behind the scenes. Many already run on enterprise Linux distributions, but we will be moving desktops to Linux as well for more efficient funds transfer with less reverse engineering required, and may recommend that our customers do the same."
The Trojan only affects computers running Windows. "For unsupported platforms, we have an 'honor system' which gives our details so you can send some money in," said a spokesman for the hacker group. "We hope this will help and encourage contributors interested in porting the Trojan to other operating environments."
http://rocknerd.co.uk
I'll agree with you. Using fire to fight fire is a pretty good idea but it rarely works.
Take the example about five years ago of the Welchia worm that was supposed to exploit unpatched Windows systems and then patch them (along with trying to "infect" other unpatched networked systems). It didn't exactly work as planned though and all of the major virus scanners flagged it as malware.
I imagine that if the programmer who wrote it was found that they would still be sitting in jail.
Expect these bots to be responsible for 50% more spamming now that their names are readily available. This thread alone will create several new spammers. I think the worst part is people in some countries can backdoor to their hearts content. There aren't any laws in place and short of a blackhawk down type of operation it won't be stopped.
"I guess I'm gonna fade into Bolivian."
Isn't there some kind of anti-spam vigilante group out there? I could see a very successful campaign around simply pestering the hell out of any company that is advertised in an unsolicited email. Are there websites towards this aim? Some domain name ideas (available at the posting of this comment): spamfuck.com, murderspam.com, spamstab.com, nospamorelse.com, spamvenge.com.
C'mon! With domain names like those someone has to be able to whip the collective vitriol towards spammers into a chocolate froth; scrubbing clean the evil spamwads(.com, also available!!) and saving the princess, all in time to have milk and cookies before bedtime. Lets form a posse and string 'em up!
On the one hand, I do agree with the need to do something about spam. OTOH, just because you haven't gotten complaints about false positives is a rather useless statement, don't you think? I mean, it's quite possible that someone would never even know that they didn't receive the legitimate email that they never got. How would they? I mean, in certain situations, someone might know they never received an email that someone told them about through another means - telephone, snail mail, in person, Instant Message, etc, but that would probably be a minority of false positives, I would suspect?