Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most Spam Comes From Just Six Botnets

Posted by CmdrTaco on from the all-obsessed-with-your-wang dept.

Ezhenito noted some research pointing out the (maybe) surprising bit of research that 6 botnets are responsible for 85 percent of the world's spam. That seems a bit high to me, but the only aspect of spam I am an expert in is *getting* it.

9 of 268 comments (clear)

  1. Since ISPs Love Filtering So Much... by blcamp · · Score: 4, Insightful


    Why can't they focus thier efforts and resources on shaping traffic to block this kind of nonsense, rather than Torrents?

    --
    The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
    1. Re:Since ISPs Love Filtering So Much... by Von+Helmet · · Score: 5, Insightful

      Spam affects the little guy. Torrents affect (apparently) the big guy.

  2. Re:Anti-bots? by ajs318 · · Score: 4, Insightful

    In theory, yes it would.

    In practice, no it wouldn't.

    You'd be opening yourself up to prosecution. Even in countries without specific "misuse of computers" laws, running a program on someone else's computer is trespass. You might think that, since trespass is a civil matter, you'd only need to worry about someone who has the money to sue you taking a dim view of what you were up to. And you'd be right. But the botnet-controllers have got enough money and would be bothered to take you to court.

    And I haven't even touched on the really horrifying issue: what if your benign, anti-malware malware malfunctioned, or was subverted by the next generation malignant, anti-benign-anti-malware-malware malware? You could easily end up becoming even worse than the enemy whose dirty tricks you borrowed.

    --
    Je fume. Tu fumes. Nous fûmes!
  3. Re:Most Spam Comes from just Six Bots, not Botnets by Anonymous Coward · · Score: 5, Insightful

    Tinfoil hat much Mr. 404? An AV product can't block every threat BECAUSE Windows is closed source? That makes no sense.

    The reason that they can't block every threat is that they are still signature based and have not completed the move to behavior based blocking and heuristics. The other problem - the main one - that you don't even mention is users. If someone bothered to write a 'SomeFamousPersonNaked.exe' for other OS'es - stupid users would still run it. (I do note that in today's world, the average Linux user is brighter about these things than their Windows counterparts - mostly because Linux is still in that niche role where it is dominated by computer savvy folks at least for now).

    But, give that same Windows user who is stupid enough to run that EXE an Ubuntu machine and send him a version that runs on Linux AND HE WILL STILL CLICK IT. Switching OS'es doesn't make a dork not a dork. Doesn't even really matter whether the user is an admin or not on Windows or Linux - just sending mail doesn't require it and now that Vista is actually usable by many people as a standard user the malware writers will adapt and not try to own the whole machine right away.

    I can see how this will be a problem for Linux users in the future if the user base continues to grow into that "stupid user" segment - at which point folks will be more than happy to write bot software for those users to run.

  4. Re:Blocking known residential blocks sucks by Corporate+Troll · · Score: 4, Insightful

    Oh, I did that too. I resigned, I still have my own mailserver, but it simply sends everything through my ISPs smtp server. Even then, I sometimes get flagged as spam. This is, alas, a battle we have lost ages ago :-(

  5. Re:Most Spam Comes from just Six Bots, not Botnets by rucs_hack · · Score: 4, Insightful

    how marvelously uninformed..

    There are no major spam bots for linux because linux just doesn't have that all important desktop install base. However infected linux servers are frequently used to admin botnets. Badly configured linux servers are like treasure to the botnet guys..

    Microsoft don't have more bots and virii in windows because their stuff is closed source, they have it because the underlying security model of windows is, and always has been, pretty poor. For years, normal users have run windows boxes in admin mode by default. This is INSANE!!, and yet it persists.
    Adding UAC hasn't helped. It was implemented so badly that people just click through the new dialogs without reading the warnings most of the time. This wouldn't happen if it didn't question almost everything you do.

    The sony rootkit couldn't be detected because of a flaw in windows that allowed it to hide even from most AV products.

    Most AV companies don't 'take bribes' to keep bots going, they just aren't very good these days. The way virii are fought on the desktop needs to change, and that change is very slow in coming.

  6. Re:People need to take responsibility by CaptainPatent · · Score: 4, Insightful
    What you have is a good idea in principle, but with potentially horrible consequences.

    I would suggest some measures we can use:

    1) static IP's. Then we can easily track down infected machines and take them offline. Advertising companies are jumping for joy at this one. The more stable the IP address, the more they can bombard you with ads specially tailored for you. I like the fact that DHCP refreshes my IP every day or so, it means that sites that use web-bugs and other semi-devious methods of gathering information and (much worse) sell it to other companies, only have a very limited time frame to do so - and the fact that my IP does refresh makes them that much less able to make any profit off of me.

    2) Laws that require people to assume some form of responsibility when they connect a computer to the net. And what's going to happen if they don't "take responsibility?" By what metric do we judge responsibility? It sounds like the only way to enforce this is to dig into private internet usage information. I think the last thing I want is another person snooping around in the internet garbage bin for places my computer has been and is going to.

    3) Perhaps some form of compulsory insurance policy. Mainly see the above, but in addition the last thing we need is another mandatory insurance policy.

    4) Laws that require ISP's to disconnect spam bots and take some responsibility. This one may not be a terrible idea in practice, but ISP's are currently going nuts over things like bittorrent. What's to stop them from classifying bittorrent activity as "suspected botnet activity?"

    I do like the spirit of the post, but I don't think there's a clear-cut solution to the problem.
    --
    Well, back to rejecting software patent applications.
  7. Re:Sue the companies who advertise by oliderid · · Score: 4, Insightful

    Precisly...For example US mortgages debt. I guess the "real" businesses behind could be easily tracked but US police officers. All you have to do is respond to the SPAM and wait until you get a phone number, a bank account or whatever. Or those VIAGRA pills...If they are "officals", then you can track their production numbers to the last "official" resellers.

    There are plenty of spams requiring real businesses behind. Most of these businesses are located in western countries. Why can't they track them?

  8. Re:Hmm by eth1 · · Score: 4, Insightful

    Actually, using something like the Spamhaus PBL (which pre-emptively lists IP ranges that shouldn't be sending direct-to-MX email, such as ISP dynamic ranges), you actually CAN block significant portions of these botnets.

    The three of my relays that use the combined Spamhaus SBL, XBL, and PBL block about 3.5 million connection attempts per day, and let 1 million emails/day through to the next layer of filtering. (about 78% of the flow, assuming that each connection would only drop off one email) The PBL accounts for about half of those blocks.