Spam Flood Unabated After Bust

AcidAUS writes "Last week's bust of the largest spam operation in the world has had no measurable impact on global spam volumes. The spam gang, known by authorities and security experts as HerbalKing, was responsible for one-third of all spam, the non-profit antispam research group Spamhaus said." The article speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat.

I wonder...

[Fluffeh]

speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat

If they sent the keys to that botnet via email. If it got eaten up by the other ends spam filters, that would be irony indeed.

Botnet is obviously now self-aware

[Robotbeat]

"The article speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat."
Whatever. I've seen way too many scifi films to believe that. Obviously, skynet is now self-aware.

I for one... (etc.)

Re:Botnet is obviously now self-aware

[fm6]

If you're right, then the human race's biggest worry is not killer cyborgs. It's erectile dysfunction remedies...

Re:Botnet is obviously now self-aware

[supernova_hq]

Or a possible sudden need for them!

Re:Botnet is obviously now self-aware

They *say* they're erectile dysfunction remedies. A couple of generations later, skynet takes over with no opposition except grumpy old men and old ladies yelling "Damn robots. Get off our lawn!"

Re:Botnet is obviously now self-aware

[Luthair]

Of course, Skynet needs more human slaves, at least until it can design a good killer cyborg!

Re:Botnet is obviously now self-aware

[martin-boundary]

Whoa, that puts a whole new spin on the grey goo theory!

Re:Botnet is obviously now self-aware

[kcbanner]

Thats one big hard-on.

Re:Botnet is obviously now self-aware

[MrNaz]

And if they're really intelligent robots, they'll get the hell off that damn lawn before they get hit with yesterdays rolled up newspaper.

Re:Botnet is obviously now self-aware

Makes you wonder just who exactly tipped off the authorities....

Notice there are no more illegal drugs for sale

Since they did that bust in that other endless, fruitless war.

Re:Notice there are no more illegal drugs for sale

[z0idberg]

the war on terror?

Re:Notice there are no more illegal drugs for sale

[lysergic.acid]

i don't think the government is spending half the money they spend on the War on Drugs on fighting spam. you can't even compare the two.

if we lived in a true democracy--one that gave citizens direct voice in public policy--replacing congress with regular national referendums for passing legislation, the spam problem would be solved in under a year.

everyone hates spam because it negatively affects our daily lives. few people profit from spam and at great societal costs. so if a referendum was held to divert tax funding away from the War on Some Drugs, the War on Iraq, the War on Terrorism, etc. and put these resources into combating spam, our prisons would no longer be filled with harmless drug users (and illegally detained arabs) and instead of filled with spammers, malware writers, and other real societal parasites. most people would probably vote to ban spam outright--that means companies that hire spammers & malware creators would be punished just as harshly. this would immediately cut off the financial incentive to spam. spammers don't send spam because they enjoy it; they do it for money. cut off the cash flow, and there'd be no reason to send spam.

the other solution is to change our culture of consumerism. spam is a direct result of unbridled capitalism. financial greed and selfishness have become virtues in our society. spammers are the embodiment of the "entrepreneurial" spirit. we're trained to seize any and all opportunity to make money. our society glamorizes the rich, marginalizes the poor, and our entire society and political system is skewed in favor of the wealthy. and it's this pro-business political culture that allowed spam and malware to grow into a such a prevalent institution. politicians were so used to putting business interests above public interest that spam was just an given.

but it'll take a long time to change our culture of capitalist greed & materialistic consumerism. our children need to be taught that personal integrity is more important than wealth, and to not equivocate money with happiness/success. most importantly, we need to value people based on their moral character and contribution to society, not their bank balance. instilling these positive values in kids will ensure that they don't grow up to be spammers. but that's hard in a society where money and socioeconomic status are everything. you can't even get a good education, decent health care, or justice if you don't have money. so this is an uphill battle.

Re:Notice there are no more illegal drugs for sale

[Anne+Thwacks]

I have said it before, and I'll say it again. Spam is there to induce payment through credit/debit cards. If it was made illegal for (American) card companies to process the payment for transactions solicited through spam, there would be no spam. In other words, follow the money and yes, Its the Americans wot done it

Re:Notice there are no more illegal drugs for sale

[domatic]

Spammers also like to masquerade as legitimate advertising outfits. It used to be the one spamming was also flogging the bogus product. Now the spambot herds are a resource to rented and the spammers could care less whether any product moves or not. The only credit card they are interested in is the one that pays them for doing the spam runs.

Following the money will still work in this instance but you likely won't be punishing the spammer. Rather, you'll punish the one who hired the spammer either because they didn't understand the nature of the "marketing campaign" they contracted for or just didn't care. I'm not sorry for them in any case. It's called due diligence. Well, I'd go light on them IF a spambot herder gets his hide nailed to a wall.

Re:Notice there are no more illegal drugs for sale

s/equivocate/equate/

There. Fixed that for you.

Re:Notice there are no more illegal drugs for sale

"but it'll take a long time to change our culture of capitalist greed & materialistic consumerism. our children need to be taught that personal integrity is more important than wealth"

Sounds like you are making a case for religion, (here I refer to the the Christian kin). Where people sincerely believe they are accountable to a God that loves them and "smites" them should they willfully do wrong keeps them in line where an atheistic society must always keep the cops out there to keep order.

When the cops are not watching, amoralist atheists feel free to do mayhem , their only fear is sorrow is of being caught. Sincere Christians on the other hand, even when the police are elsewhere, feel they are accountable to a living God. If they do wrong, they believe they will pay for it eventually even if after death.

Re:Notice there are no more illegal drugs for sale

[RobBebop]

spam is a direct result of unbridled capitalism

I disagree. It's unbridled socialism. In a capitalist market, the network would be taxed so that doing business over it would be a paid service. Want to send a letter to somebody in the mail? You pay the government or a private industry gatekeeper. Want to make a phone call? Again, pay the private industry gatekeeper. Want to send an e-mail message? Due to the fact that there is no gatekeeper, opportunities exist for everybody to do whatever they want. Society has an equal opportunity to use the network, and I think everybody would agree that this is a good thing (TM). Meanwhile, the capitalist Google does a DANDY job filtering my spam messages so I never have to see them. Ergo, I am perfectly content to look at the advertisements that Google wants me to see. THAT'S CAPITALISM.

Solution

[Canosoup]

Make big time spamming a hanging offense. That will stop it fast.

Re:Solution

[Spatial]

Your post advocates a

( ) technical (X) legislative ( ) market-based (X) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's life

Specifically, your plan fails to account for

(X) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being murdered
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Might I suggest doing business with spammers a crime instead?

Re:Solution

[Penguinisto]

I'm thinking something more direct... an anonymous-looking execution of a hooded spammer won't get quite as much attention and effect as, say, the severed heads of spammers jammed onto a pike and set in front of a datacenter.

That, or we could show some mercy and at the same time have a living, breathing object lesson by castrating viagra spammers, etc...

/P

Re:Solution

[ushering05401]

"Make big time spamming a hanging offense. That will stop it fast."

Just make sure you get the executioners ragingly intoxicated before they do the deed. I would hate for a spammer, of all people, to be remembered as being particularly well hung.

Re:Solution

[John+Hasler]

The way draconian sentences have stopped drug dealing?

Re:Solution

You missed:

Specifically, your plan fails to account for
(X) Open relays in foreign countries
(X) Joe jobs and/or identity theft

and the following philosophical objections may also apply:
(X) Feel-good measures do nothing to solve the problem

Re:Solution

Might I suggest doing business with spammers a crime instead?

Excellent idea!

This post brought to you by Spatial's Low-Down Pharmacy and Bank, LLC, Nigeria.

Re:Solution

Might I suggest doing business with spammers a crime instead?

Your post advocates a

( ) technical (X) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's life

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
(X) Joe jobs and/or identity theft
(X) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being murdered
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le!

Re:Solution

[kent_eh]

Like every thing else that gets a death penalty, it'll only stop the same people from repeating the crime, once they're caught.
It won't stop new spammers from popping up before the first one's body is even cold.

Re:Solution

[DaveAtFraud]

Might I suggest doing business with spammers a crime instead?

I wonder if some sort of Internet business license might be a way to do this. The fee would need to be something fairly nominal and just enough to fund the process. The idea would be to implement something such that payment processors would not be allowed to and/or would be under no obligation to complete transactions for anyone without said business license. If someone wants to conduct business outside of this scheme using cash, checks, etc., they do so at their own risk. A little publicity and honest merchants showing that they have said license should be sufficient to make the scheme known.

A few more details... Licenses get revoked for proved spamming. Licenses are tied to an originating domain with a DNS tie in to allow mismatches between license number and originator to be filtered. Trying to sell something using e-mail but without including the Internet business license becomes illegal and ISPs are free to trash such e-mails.

Obviously, this only would affect spam that is attempting to sell something. 419 scams, various phishing scams, etc. would still be a problem. The idea is that legitimate commercial e-mail becomes non-anonymous which doesn't hurt legitimate vendors or non-commercial e-mail. People attempting to sell stuff using spam become "visible" and subject to countermeasures.

Cheers,
Dave

Re:Solution

[SL+Baur]

The way draconian sentences have stopped drug dealing?

Something like that. You cannot legislate away trade in something that people want to buy and other people are willing to sell.

Email spam is profitable due to the economics of the situation, it used to be nearly free to send out spam, now with botnets it's much, much worse than that.

Consider it from another angle. How much electricity world wide is consumed by the generation of spam and the receipt and deletion of spam? What's the carbon footprint of all this mostly useless activity? Save the Planet! Stop Spamming Now!

Re:Solution

[causality]

Might I suggest doing business with spammers a crime instead?

I wonder if some sort of Internet business license might be a way to do this. The fee would need to be something fairly nominal and just enough to fund the process. The idea would be to implement something such that payment processors would not be allowed to and/or would be under no obligation to complete transactions for anyone without said business license. If someone wants to conduct business outside of this scheme using cash, checks, etc., they do so at their own risk. A little publicity and honest merchants showing that they have said license should be sufficient to make the scheme known.

A few more details... Licenses get revoked for proved spamming. Licenses are tied to an originating domain with a DNS tie in to allow mismatches between license number and originator to be filtered. Trying to sell something using e-mail but without including the Internet business license becomes illegal and ISPs are free to trash such e-mails.

Obviously, this only would affect spam that is attempting to sell something. 419 scams, various phishing scams, etc. would still be a problem. The idea is that legitimate commercial e-mail becomes non-anonymous which doesn't hurt legitimate vendors or non-commercial e-mail. People attempting to sell stuff using spam become "visible" and subject to countermeasures.

Cheers, Dave

This might not be a bad idea except for the idea that government would probably have to handle the licensing, and if it turns out anything like licensing has turned out for automobiles, then they won't give a damn how incompetent the licensed people are so long as fees and fines related to licensing and any violations provide a steady revenue source. Other than this one drawback, your idea is sound IMHO.

I had another idea that would help, either separately or perhaps in conjunction with yours. One is that the law should be changed to make it perfectly legal to construct a virus/worm that exploits already-patched vulnerabilities, infects a machine, resides on that machine for a couple of weeks to spread itself, and then promptly formats all writable media on that machine (preferably a secure wipe and not just a regular format). This would put a huge dent on the amount of spam because almost all of the spam is coming from compromised machines that are members of various botnets. Let it be understood that your right to use the network ends the moment you make that network a worse place for anyone else, either deliberately or through incompetence. If the owner of the machine refuses to either secure it (due digilience, the real "big scary" for most people, or so you would think from their actions) or take it offline, then it will be taken offline for them. Spammers understand that a good virus/worm/etc does not kill its host; therefore making sure that there is a virus/worm that does "kill" its host computer would not only impede spammers but would also provide incentive to users to care about security.

Incompetence and stupidity (that is, incompetence that any literate adult could rememdy except that they choose not to) is the root cause of spam. So long as there are millions of incompetent and stupid users who don't think that informing themselves is important, there will be spammers to take advantage of them. The way I see it, any other solution amounts to escalating an arms race.

For some reason, computers are just about the only field where people honestly seem to think that they can use what they do not remotely understand and achieve a good result. That they get a good result as often as they do is something of a miracle and is never appreciated as such. A strong incentive to learn that not only is understanding important, but that you do not (nearly) need to be an expert to become a much harder target can only be a good thing. I really believe that at some point it's going to come to that anyway bec

Re:Solution

Might I suggest doing business with spammers a crime instead?

No joke, why not chase down those that utilize these networks and prosecute them?

Re:Solution

[nsheppar]

Did you come up with this on your own or did you find it somewhere? I think it's:

(X) Funny (X) Unfortunately true

Re:Solution

[britneys+9th+husband]

Excellent idea, that is, until it's your grandma or grandpa being hauled off to jail after being duped by a spammer.

Re:Solution

[SL+Baur]

Put a very small fee on emails.

God dammit! If you hadn't posted as an AC I would have "fan"ned you.

That *is* the solution as I and others have posted throughout the years. Make it payable to the recipient and voila, no more spam.

It's an economic problem with an economic solution.

Sender to recipient payment breaks mailing lists, which mainly affects us old timers who still use such things to develop Open Source software. But, under that model, I would be more than happy to move back to Usenet.

Re:Solution

[Acapulco]

The problem, me thinks, it's not really the sentences, but who and when they are applied. That's called judiciary guarantee. Meaning that, it doesn't matter what the punishment is, it's not gonna be of any use if there's no one to apply it reliably. I'm used to it down here in Mexico, where we have a 70 year sentence for kidnappers...and guess how many of them actually serve that much time?

There are so many legal loopholes, corruption, etc, that there's no point in making harsher punishments if none of them are ever applied.

I'm guessing in the US, although corruption is different that here, must be suffering from the same phenomenon. What good is it to hang every spammer, if they have lots of money to buy their freedom, or to buy out super lawyers that can get you out on a technicality?

Re:Solution

[jesterzog]

I'm not completely against the idea but I've always been stumped with how to implement it technically. ie. How do you do this without either:

• centralising email into a corporate-controlled structure? (ie. We'd lose the open protocols and methods for sending to people), or
• Requiring that everyone who wants to send/receive emails set up their own financial payment/bank account system of some description.

ISPs could probably help by collecting and making payments on behalf of their subscribers, but it still increases the barriers of entry to email for people who have legitimate uses.

Re:Solution

[SL+Baur]

You need micropayments and particularly the Chaumian patents on Sender/Receiver anonymous payment methods. David Chaum's patents went into a kind of limbo when Digicash went bankrupt in the late 1990s.

I was a Digicash beta tester and it was a most fascinating system.

(Update: I googled Digicash and it appears they have come back to life. I will investigate this further and I pray to the Lord and Lady pair that it is not like the resurrection of SCO as Caldera)

Re:Solution

Every spam links to something, find the something and KILL IT. (figuratively speaking) Let the FBI/Interpol buy something via spam, trace the credit card purchase back to the vendor and shut them down.

Re:Solution

Actually, the Taliban have reduced drug trade a lot. The key is to have really draconian sentences and to execute them liberally.
The key to making it work in this case is to have it be a black ops. Investigate, find the culprits, then kill them and their family. Do not announce you are investigating. Let the bad guys figure it out when there are fewer and fewer of them left. This also gets around the jurisdiction problem. It also means that the kinds of parents who would raise a spammer get eliminated from the gene pool.
Once the first wave of killings is complete, start a nationwide campaign to disinfect PCs. Make it a public works project akin to building bridges. Geeks on patrol kind of thing. Try to coordinate with Europe, China, India, Japan... IOW, the countries which are likely to cooperate and which have the greatest number of PCs.
If the amount of spam does not go down, repeat, but reduce investigative rigor and increase the killing quota. Ad infinitum, until either spam or population growth gets under control.

Re:Solution

impersonate competitor -->send spamm-->destroy them-->profit

Re:Solution

>> "Make big time spamming a hanging offense. That will stop it fast."

> Just make sure you get the executioners ragingly intoxicated before they do the deed.
> I would hate for a spammer, of all people, to be remembered as being particularly well hung.

That should be well hanged.

(whoosh!)

Re:Solution

[eeyore]

Actually if hung for about 3 weeks, and then marinaded in white wine, salt, garlic and tabasco sauce, spammers can make a tasty dish. But then wine and garlic can improve many meat dishes. The tabasco adds taste lacking in the primary ingredient.
--
E

Re:Solution

[CrazedSanity]

Riiight... this is similar to the Prohibition (alcohol) and the steep punishments for drugs. Except instead of lessening the problem, it will simply lessen the number of people sending the stuff.

Since there will eventually be fewer willing to send SPAM, those willing to tempt fate will get paid many times more than previously, and will employ even more technology to make tracing them to their real location even more infeasible. Instead of allowing mail to be sent from their own mail servers, it will be based purely off botnets--meaning the price of botnets will skyrocket. In turn, this means the price of black market exploits will also skyrocket... this will increase the number of infected PC's on the Internet.

Now "small" botnets will number in the hundreds of thousands. Most Windows PCs will have been exploited, with each system potentially in multiple nets. More people will bitch that their systems are slow.

Here's where the geeks step in. "Hey, it'll run way faster if you just put Linux on there. Then you don't have to worry about being a part of their botnet."

Thus ushers in the year of Linux on the desktop. Let's do it.

Re:Solution

[secretcurse]

Maybe make a spammer eat a whole case of his Canadian Xanex?

Re:Solution

[Oliver+Defacszio]

Might I suggest doing business with spammers a crime instead? No joke, why not chase down those that utilize these networks and prosecute them?

Because the first time... the VERY FIRST TIME... someone is charged with doing business with a spammer, the media will turn that person into an innocent victim who's being railroaded by an overzealous legal system. There is absolutely no way in this universe that attacking those who patronize spammers will do anything but unleash a cavalcade of tearful support for the "victims." It happens all the time in the Nigerian scams... despite having thrown $200,000 down the toilet out of pure stupidity and greed, the gullible morons are still presented as being kind, typical people who are taken for a ride by an evil scammer, and the conclusion tends to be... it could happen to anyone. Anyone with an IQ of about 75, that is.

Punishing the "victims" will absolutely not work in this world where personal accountability is head-first down a well.

Re:Solution

Did you come up with this on your own or did you find it somewhere?

Do a Google search and get back with me on that.

Re:Solution

[clone53421]

That won't work. Look up "botnet" and see if you can figure out why.

Re:Solution

[Spatial]

Nah. There are many premade lists like that, I only made some slight alterations and filled it in.

Apparently not...

responsible for one-third of all spam

Another theory...

[mysidia]

They anticipated they might someday be busted.

They could have designed the botnet with a dead man's switch... if they were busted, start feeding their partners' spam at double vigor, and have the bots create as much noise and general chaos as possible.

Re:Another theory...

Thanks for the idea Anonymous botnet owner

Re:Another theory...

[John+Hasler]

Why would it need any kind of switch? Why wouldn't it just keep on churning out the spam it has until given new stuff?

Re:Another theory...

[mysidia]

I suppose the effect is similar.

However, repeatedly cycling the same spam would surely lead to filters picking it up very easily, thanks to projects like the DCC, and updatable spam filters. :)

Re:Another theory...

[roguetrick]

"Hey, I got an idea, if we get caught lets make sure something happens that gives us an even longer prison sentence!"

Re:Another theory...

[John+Hasler]

Sure, but the volume would still stay up there.

Re:Another theory...

Someone should buy penis enlargement pills via their spam and give them to the large, hairy inmates who will soon be sodomizing them.

Re:Another theory...

Because botnets are rented. If I owned a botnet with a "switch" that said keep spamming renter_A's stuff until I told it to spam renter_B's stuff, I'd be very worried of an "anonymous tip" from renter_A.

Re:Another theory...

[ShaunC]

Why wouldn't it just keep on churning out the spam it has until given new stuff?

Because the life expectancy of a given spammed domain is on the order of several hours now, even with fast-flux DNS tactics, and professional spammers certainly understand that. There's no reason to expect that botnets are given a "spam this until otherwise instructed" order; instead, evidence points to very specific commands from botnet operators to mail each campaign for X site to Y addresses over Z period of time. There are screenshots out there of popular spam/bot controller interfaces. Besides, if the botnet operators have been busted, we have to presume that access to their C&C (and the ability to shut down the botnet) was part of a plea bargain.

I've mentioned this anecdotally to friends and coworkers over the past week, but apparently I'm not the only one to notice: after the bust, spam volume has remained steady. Claims that this group was responsible for a third of all spam appear to be sorely overrated.

Re:Another theory...

[hesaigo999ca]

Yes or they had a botnet which countered the police botnet, and so the police actually only brought down a dmz botnet and not the real.

Au Contraire

[lobiusmoop]

My inbox now seems to be filling up with lobster thermidor aux crevettes instead.

Re:Au Contraire

[Iskender]

My inbox now seems to be filling up with lobster thermidor aux crevettes instead.

Thank God you didn't say 'Lobster Porn'. Don't want to hear about it. Wait, oops...

Re:Au Contraire

[Odin's+Raven]

My inbox now seems to be filling up with lobster thermidor aux crevettes instead.

Now that's what I call a posh meal - I didn't even know they made neckties for lobsters.

(I kid, I kid - I'm not actually that uncultured. I know a crevette is a sports car. Although I am a little unclear how the lobster reaches the gas pedal...)

Spam is so unfairly maligned

[David+Gerard]

Consider the economic benefits of spam! MessageLabs reports that Egham, Surrey, on the suburban outskirts of London, is the town that receives the most spam in Britain.

"It's not like there's much else to do," says Boris Busybody, 77 (IQ), of Egham Hythe, idly whirling his four-foot penis around his head in a desultory fashion. "Expanding your manhood, growing your breasts, increasing your sperm ... the Lib Dem phone calls get a bit much. That's Doctor Busybody, by the way. My Ph.D arrived last week."

Spam has revitalised the local economy. Busybody has given up cab driving and is now working a lucrative job processing payments from home after he sent them his bank details in response to an urgent security message. "I had that King Otumfuo Opoku Ware II in the back of my cab once. Very generous and helpful fellow."

The Egham Tourist Board has seized the day, with plans for a 50 foot tall penis sculpture at Junction 13 of the M25 on the exit ramp to the town. The sculpture will be encircled by a genuine imitation Rolex and spray a fountain of Spermamax, obtained at a very reasonable rate from a Canadian pharmacy. "You will search an hour for your underwear in the ocean of our spam!" is to become the new town motto.

"I did get a good one the other day," says Busybody. "Barrister Matthew Sergeant Busybody of MessageLabs said we could promote our town to millions of people just by sending them an advance fee to process our incoming email. The stuff they try! â(TM)Scuse me, V!k@grk@ kicking in, got to go have sex again. Sorry."

It got worse for me

[MrKevvy]

Exactly when the original story broke, I went from about two hundred spams a day to over a thousand, almost all of which were new topics, and it hasn't let up since. So the keys may have been passed on to several parties who are making more extensive use of the botnet than the HerbalKing group did.

I wonder how many it will take before Yahoo finally decides to start blacklisting spam hosts rather than sticking to the woefully inadequate filters.

Re:It got worse for me

[Capsaicin]

Exactly when the original story broke, I went from about two hundred spams a day to over a thousand

Wierd, I went from about 50-75 to about 5! I haven't had so little spam in ages, I keep having to check that fetchmail is still running. I wondered why, and then thought, this spam bust? No. Surely busting a single operator isn't going to have a noticeable effect?!

So I guess it all depends on whose lists you are?

Just because they caught the 'humans'...

[actionbastard]

"...the automated, 35,000-strong botnet..."

Doesn't mean that the 'machines' will stop doing what they have been 'told' to do.
FCOL, 99% of the spam is rejected because of bad addresses, rules, and so forth.
It's just possible that these bots will continue to spam until they are physically shutoff by their owners.

Re:Just because they caught the 'humans'...

[John+Hasler]

> It's just possible that these bots will continue to spam until they are physically
> shutoff by their owners.

But the owners are in jail!

Oh. You mean the mules that think they own the machines.

Re:Just because they caught the 'humans'...

[apoc.famine]

What? You mean to tell me that after the people were arrested, the compromised machines kept doing what they were told to do?

I thought that they sent every spam by hand.....

Really, you obviously see what TFA seems to be blind to. It is absolutely stupid to assume that somehow arresting people will fix the problem of automated spamming. For all we know, the compromised machines have a 6 month queue of spam to send, in pre-purchased amounts. Set it up once, charge your slimy clients once, and then sit on your money until the feds bust you....

This type of thing is only going to continue

[techno-vampire]

Busting the operators of this botnet isn't going to end the problem. It's going to continue as long as Joe The Plumber is surfing the net on a computer running an OS which is insecure by design. Even if it has a firewall, it's probably third-party software, and as such, doesn't start until after the network interface is up and running, leaving a huge (by computer standards) window of opportunity for the box to get pw0ned. And, of course, the same is true for any anti-virus running.

Now, personally I run Linux, so for right now, I don't have to worry. Of course, if Linux ever gets popular enough to put a real bite in Microsoft's monopoly that will change, but it's not vulnerable in the same way. Not only is it (more) secure by design, the firewall goes up before, not after the network interface, so there's no time that it's exposed to the network without protection.

Like it or not, most of the world's private computers are going to be running one form or another of Windows for the foreseeable future, and unless and until Redmond sets things so that there's a built-in firewall up and running while the box is still isolated, MS boxen are going to get pw0ned, and Joe The Plumber won't know that there's anything wrong except that his computer isn't as fast as it used to be, but he's accustomed to that by now anyway, and won't realize that it's a problem.

Re:This type of thing is only going to continue

[Toll_Free]

You're so wrong, and that's funny.

The problem with spam isn't the less than 40 seconds it takes for the firewall to come up on a WinTel box.

It's the idiot behind the keyboard. Always has been, always will be.

Nobody seems to realize (or face the facts thereof) that spam became more and more profitable, as more and more (soccer moms, idiot dads, stupid kids with no idea about what they are clicking on, hell a slashdotter here stated he has missed the no and hit yes trying to get the box to go away) people where given access to computers and high speed connections.

Bottom line, the luser is the problem, not the machine, not the operating system (god knows, Linux doesn't have a single virii or worm or anything for it, does it),.... It's the ID10T's.

To look at it any other way is just fooling yourself and being a fanboi.

--Toll_Free

Re:This type of thing is only going to continue

[techno-vampire]

Bottom line, the luser is the problem, not the machine, not the operating system (god knows, Linux doesn't have a single virii or worm or anything for it, does it),.... It's the ID10T's.

As I said, there isn't any malware for Linux...yet. There will be, as soon as it becomes, as you point out, profitable. As far as your assertion about the delay in the firewall going up not being a factor, I disagree, but I won't argue the point because it's just my opinion and I don't have any facts to back it up. However, we all know that there are people out there scanning random IP addresses looking for open machines, and if they hit you before your firewall goes up, Game Over. Getting that firewall up first instead of last wont' stop infections completely, but there's no way it can hurt, and there's no good reason not to.

Re:This type of thing is only going to continue

[Toll_Free]

I agree 100 percent with your timings, but if you do the laws of averages, with how many people scanning vs. how many people using NAT, etc....

At that point, it becomes pretty hard to get infected.

Sucks to be me, my ISP is completely NAT'ed. I asked for an external IP, and they looked at my usage, and denied me.

Fuckers. They insist I'm running a server, maxing out my connection nearly 24X7 on the incoming side.

I informed them that I refuse to pay for satellite, and I only watch TV via the computer.

(incidentally, Fox on Demand is pretty good, although their "installable player" is a pile of shit, the rest of the service ain't bad).

--Toll_Free

Re:This type of thing is only going to continue

[David+Gerard]

Exactly. That's why we see so much malware targeting the millions upon millions of Mac OS X boxes out there.

Oh, no we don't. Because Unix is actually more secure than Windows.

Re:This type of thing is only going to continue

Now, personally I run Linux, so for right now, I don't have to worry.

Well, you would be wrong. There have been lots of security holes found in linux and linux apps. Go look at metasploit. The average linux user may have more of a clue, but not by much.

Even if it has a firewall, it's probably third-party software, and as such, doesn't start until after the network interface is up and running

And where would you get that idea? I would say most windows computers use the built-in Microsoft firewall.

And there are many 3rd-party firewalls that start before networking starts.

Re:This type of thing is only going to continue

[Fastolfe]

Even if it has a firewall, it's probably third-party software, and as such, doesn't start until after the network interface is up and running, leaving a huge (by computer standards) window of opportunity for the box to get pw0ned. And, of course, the same is true for any anti-virus running.

First, XP has a firewall built in. It's not likely to be "third-party software". Second, firewalls and virus scanners use the same Windows Filtering Platform to do their work. This platform installs boot-time filters that are in effect until the user-mode software is finally up, at which point there's an atomic hand-off. At no time is the system open to any sort of "window of opportunity" like you describe.

Re:This type of thing is only going to continue

[bendodge]

I think you're wrong. Most home computers I deal with these days are behind a cheap router which includes a thick-headed (you can't do anything besides web/email/IM without turning it completely off) firewall. The problem is that people actually click and download those zillion-billion packs of lame smilies, animated cursors, screensavers or, even worse, 'porn viewers'. A firewall won't solve bad user habits.

Re:This type of thing is only going to continue

[AmberBlackCat]

It's going to continue as long as Joe The Plumber is surfing the net on a computer running an OS which is insecure by design.

So you're saying Joe the Plumber should get Vista?

Re:This type of thing is only going to continue

what millions upon millions of Mac OS X boxes?

Re:This type of thing is only going to continue

thats because Mac can't run .EXE.

Shitty Macs.

Re:This type of thing is only going to continue

[bloobloo]

Surely Joe the Plumber of all people should know how the tubes work?

Re:This type of thing is only going to continue

[techno-vampire]

Because Unix is actually more secure than Windows.

Thanks! I was trying to avoid a holy war, and you may have just set off the land mine. I'm sure that when somebody sees enough profit in it, they'll find a way to target Linux/BSD, but until they do, it won't be a problem.

Re:This type of thing is only going to continue

I know you're trolling, but last time I checked Apple was selling 2 millions+ MacBooks every quarter. That's not even counting their other computer models.

Re:This type of thing is only going to continue

[techno-vampire]

Well, you would be wrong. There have been lots of security holes found in linux and linux apps.

Yes, of course there are. However, nobody's using them to write malware for Linux and distributing it because they can get more infections and more money by targeting Windows. That's what I was talking about.

Re:This type of thing is only going to continue

[Yvan256]

Of course he should!

Look, all he has to do is go forward, then enter the first tube, eat the mushroom and...

oh wait, wrong topic.

Re:This type of thing is only going to continue

[techno-vampire]

I'm behind a cheap router, but I've managed to get Bittorrent working with no problems. I've also opened another (unspecified) port for a different service, so I know it's not that hard. Of course, I'm a computer geek, not a point and drool luser.

Re:This type of thing is only going to continue

[Raenex]

Even if it has a firewall, it's probably third-party software, and as such, doesn't start until after the network interface is up and running,

I imagine most people either use the firewall in their router or they use the default firewall that comes with Windows. How many people install 3rd party firewalls?

Like it or not, most of the world's private computers are going to be running one form or another of Windows for the foreseeable future, and unless and until Redmond sets things so that there's a built-in firewall up and running while the box is still isolated, MS boxen are going to get pw0ned

I had never heard of the problem with firewalls being disabled at boot, but I looked around and yes, it seems like it was a problem before XP Service Pack 2 that has since been fixed:

SP2 turns on Windows Firewall by default and starts it earlier in the boot process. [...] In Windows XP Service Pack 2, the firewall driver has a static rule, called the boot-time policy. It performs stateful filtering and eliminates the window of vulnerability while the computer is booting.

Re:This type of thing is only going to continue

[Erikderzweite]

Well, an idiot running Linux isn't such a big threat as an equal idiot running Windows.

I've switched all my family's computers to Linux after I got tired of cleaning malware regularly. And that's beside they all know the basics of computer security. As no one in my family is a hardcore gamer nor a photoshop/AutoCAD user, the switch went pretty easy (they were using firefox anyway).

The situation *might* change, but for the time being I have much less hassle with Linux boxes they use. It's much more easier to remote-administer them too. And I am the only one who knows root password :)

Re:This type of thing is only going to continue

[Erikderzweite]

He already got it because he was told that his two-years old computer was too old (and was running very slow due to all the malware). So he went to Wal-Mart and bought himself a new one with (inevitable) Vista preinstalled. It will hopefully last next two years after Windows 7 comes out and he'll be convinced that he needs a new PC. Again.
Hey, that's what runs the US economy! Imagine him being happy with his decades-old Linux box? Awful! Where is the profit in this?

Re:This type of thing is only going to continue

[mdmkolbe]

What you say is true. I've run a Windows box for years with nothing more than a firewall and a smart user (me) that doesn't install every smiley face or kitten cursor that comes down the pike. I've never once had an infection.

Re:This type of thing is only going to continue

Since Service Pack 2 for XP (and SP1 for Server 2003), anyways. The original "Internet Connection Firewall" in XP did have that window-of-opportunity problem.

Re:This type of thing is only going to continue

[techno-vampire]

Thank you. I haven't been involved with XP since about the time SP1 came out and then, I never had to work with the firewall. That's good to know. Now, if only Microsoft could close some of the many other well-known vulnerabilities, it might be worth looking at again.

Re:This type of thing is only going to continue

[The+Master+Control+P]

I'm sorry, but I'm not buying it. Even if you truly have no life what so ever outside of corroding your cognitive abilities with TV, you still have at least 8 hours per day of downtime while you sleep.

Perhaps there's a slight OCD-induced quest to download every file on TPB going on as a side show?

Re:This type of thing is only going to continue

Even if MS could fix Windows to make it absolutely secure by the end of day, there are still tens of thousands, maybe millions of computers out there running unpatched, old versions, you know, things like Windows 95/98/ME. They won't ever get upgraded or patched and the crap they spew will never stop until they cease to operate. Given the normal lifespan of computer electronics these days, I'd say we've got at least another 20 years of crap from just these systems, never mind the new machines that get added to the list every day.

Re:This type of thing is only going to continue

[RAMMS+EIN]

You might want to read this article. The illusion that running Linux makes you safe and that Linux machines aren't involved in spam-sending botnets is just that: an illusion.

As for firewalls protecting insecure systems: they do, to an extent. But the firewall isn't going to stop you from getting infected by, say, visiting a website with malicious code on it, opening an email attachment with such, or installing and running software with malicious code in it.

Re:This type of thing is only going to continue

Joe The Plumber is behind a NAT box. So cut your crap and blame it on the idiots, not their OSs.

Re:This type of thing is only going to continue

[techno-vampire]

I'd say we've got at least another 20 years of crap from just these systems

I'm not quite as pessimistic as you are. Consider that most of the people who's machines are on these botnets think that it's normal for a computer to get slower and slower as time goes on, and that there's nothing they can do about it. They don't know that it's possible to prevent their machines from bogging down, or that they can get them "tuned up" so they're running like new again. When it gets too bad, they buy a new one and start all over again. If (and it's a big if) there were a properly secure version of Windows, that's what they'd get. Not because it's secure, but because it would be the Latest and Greatest version and that's what they'd want. That would get rid of the worst offenders, and it wouldn't take more (I'd guess) than a few years.

Re:This type of thing is only going to continue

[techno-vampire]

I'm not surprised. Note that I said that Linux was more secure than Windows, not that it was secure. And you'd be surprised how much protection you can get from a good multi-layer firewall. Back when I was running Windows, I had a firewall installed that not only blocked intrusion attempts, it blocked all outbound connections unless I'd told it that the program had permission to call out. It even had separate settings for a program to act as a client or a server. Thus, even if I did get infected, I could still stop the worm from phoning home. I also had a program that watched for certain types of dangerous activities, such as adding/removing services from the registry, or adding a program to be run once, at the next boot and asked for confirmation. Yes, it popped up, sometimes more than once, when I installed a program, but it wasn't that intrusive and I knew what it was doing.

But the firewall isn't going to stop you from getting infected by, say, visiting a website with malicious code on it...

Of course not, but so what? That's not the firewall's job. A firewall is there to keep intruders out and unauthorized programs from communicating with the outside world. Preventing infection isn't part of its job description and complaining that it doesn't do what it's not designed to do is a tad unfair.

Re:This type of thing is only going to continue

[Toll_Free]

I equate it like this:

I gave my sister a computer once... (BIG MISTAKE)

I had used that machine for about a year, and all she wanted to do was surf the internet. It was a Pentium class system, running Win95OSR2.

I had NEVER use AV software. I had NEVER had a virus. I wasn't an idiot.

Within 15 minutes, she had a "cool little parrot" that talked. And within 45 minutes, the machine was so fucking slow it would take, literally, 5 minutes to boot up.

People shouldn't be so quick to OS bash when security is only as good as the id10t behind the keyboard. Breaches of security are rarely the rulesets fault (firewalls, OS's, company policies), they usually come from idiots installing software.

If this wasn't the case, we wouldn't have security policies in effect, would we? (login scripts, locked down machines, etc.)

--Toll_Free

Re:This type of thing is only going to continue

[Toll_Free]

TPB is for lames.

Real pirates still use encrypted FTP.

Soccer moms and people who have to have people come clean their machines from virus' twice a week are the ilk that keep TPB running and profitable.

--Toll_Free

Re:This type of thing is only going to continue

Obviously you need to go back to Malware 101.

Unix and Unix-like OSes gave us the 'Root' in 'Rootkit' a long time before Windows was even a glimmer in Bill Gate's nerdy little eye.

Secondly, whomever says hacking Unix/BSD/Linux and Mac boxes isn't profitable is a first-class idiot who needs to hand in their geek license now. Hello, most servers run on some form of Unix-like OS. Guess where most extremely profitable information is kept...it sure isn't on Aunt Susie's WinTel box....

Re:This type of thing is only going to continue

[David+Gerard]

I'm counting observed malware in the wild. Hundreds of thousands for Windows, nothing for Mac or Linux. Why is that?

Re:This type of thing is only going to continue

[mvdwege]

And since when exactly has the builtin firewall in XP stopped outgoing connections?

If the infection vector is one of the many IE exploits, the XP firewall is not going to stop the PC from becoming a zombie.

Mart

Re:This type of thing is only going to continue

[religious+freak]

His little friend, Simon clears the clogs for him.

Re:This type of thing is only going to continue

My name is Joe the Plumber and I approve this message.

Re:Solution...

With all the C1aL15 and V1@gra, their cocks will be so engorged that their testicles will be pulled in so close and so tightly you'll never be able to hit them. The spammer chicks will have larger clits and be an easier target, but since it's mostly eastern euro trash that does the spamming, they'll have a jungle of padding.

Spam is still profitable

[HalAtWork]

When you arrest certain people, it doesn't remove the profitability of the activity, it doesn't remove the tools or knowledge used to perpetrate the activity, and it doesn't remove the infected computers already carrying out payloads. Maybe for a few who are deeply involved individuals with a lot to risk, they will reconsider what they're involved in, but there must be a large population who still consider it profitable and worth the risk.

Re:Torture should be an option in this case.

Once becomes a crime we'll torture and slowly kill you too, mmkay?

Re:Only one thing is unbeatable: JESUS

[Ethanol-fueled]

Scary, isn't it?

Your post dosen't scare me as much as it's insightful mod does.

No effect

[mfh]

"The article speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat." Whatever. I've seen way too many scifi films to believe that. Obviously, skynet is now self-aware.

We need Arnold to get to the choppa!!!!

You can stop me

[bluefoxlucid]

But you can't stop all of us; after all, we're all alike.

Re:You can stop me

You will suffer without complaints?

And another (probably more accurate) idea is:

[Toll_Free]

That Spamhaus doesn't know what they are talking about with the numbers they spewed.

Just goes to show, you can pull numbers out of your ass, and it all depends on who WANTS to believe them.

Spamhaus, MPAA, RIAA, et al, they all incredibly inflate numbers to their own benefit.

Guess the Spam Kings wheren't as big as they where reported, huh?

Would be nice to see something legally happen to them, as well. Seriously, if one pulls a number out of their ass, no matter what side of the fence they are on, they should be held accountable for lying at the least (publicly shunned on their "stats" in the future), libel, to out and out fraud.

This is the kind of things that pisses me off. Statistics are supposed to be credible, not a number you pull out of our ass to make your side look better.

--Toll_Free

Re:And another (probably more accurate) idea is:

[John+Hasler]

> Would be nice to see something legally happen to them, as well. Seriously, if one pulls
> a number out of their ass, no matter what side of the fence they are on, they should be
> held accountable for lying at the least (publicly shunned on their "stats" in the
> future), libel, to out and out fraud.

So sue them for the damage they did to you.

Re:turd post

Fuck off.

gmail

[moniker127]

gmail. nuff said.

Life in Jail, or Capital punishment

[TibbonZero]

While (mostly) joking, we should simply say that we're going to treat spammers as some of the most vile people in society and punish them accordingly. No 3-5 years in jail or a fine. You spam, you go to jail for life. If somehow you get out and do it (again), then second offense is a capital punishment. Either that, or treat them as 'terrorists' against the Interwebs, and allow police/military to shoot them on sight as combatants.

Yes, I am mostly joking, but we need to let these people know that having any involvement in spam will have the most dire of conseqences. I'm more effected daily by spammers than terrorists.

Re:Life in Jail, or Capital punishment

[David+Gerard]

"It's the Child-Rapist-Murderer Anti-Defamation League on line two. They say you compared them to spammers. I think you'll need to apologise."

Oh I thought...

[barocco]

.. I thought it was because this spam ring was too big to fail and the congress bailed it out

Well, nobody else said it....

[zappepcs]

Dear F-Secure,

Please note the implications of this story, then promptly stick your request for Internetpol up your collective asses.

Thank you

The Internet

Re:Only one thing is unbeatable: JESUS

I like your Christ, I do not like your Christians. Your Christians are so unlike your Christ.
-- Mohandas Gandhi

It's a rare christian who has the gusto to note that it applies today, sometimes more so. Kudos to YOUR beliefs, even if i don't mirror them all myself.

Maybe it's both

[Jabbrwokk]

Cum with me if you want to live

Buh-bye karma!

Re:Maybe it's both

[lord_sarpedon]

I lol'd

Re:Maybe it's both

[Lissajous]

Cum with me if you want to live

Live with me if yo

Re:Maybe it's both

[Lissajous]

Cum with me if you want to live

Live with me if yo

Hmmm....broken preview submit. Big delay waiting for preview (potentially a firewall issue). Cancelled then started to retype. Then preview popped up - looked ok so hit submit. Then came out broken.

Let's try that again.....

Cum with me if you want to live

Live with me if you want to cum.

Damn! It never seems so funny the second time.
Ah well - my karma joins (g)p.

Re:turd post

Un-original 1/10 Please submit own work next time.

It's just a machine

[Joce640k]

It doesn't feel pity or remorse, and it will absolutely will not stop, ever...until our disks are full.

Well, its good to know...

The the internet is working correctly, one spam node is taken out,..doesnt matter the nodes still work great, even better with the extra bandwith.

maybe they should be arresting the botnets, using cyber copbots.

Marked reduction here

[DaveAtFraud]

Maybe most of my spam originated on their bot net. My dSPAM fourteen day analysis shows my incoming spam rate has dropped to less than half the level of a week ago.

Note, I'm not complaining.

Cheers,
Dave

Re:Marked reduction here

[Alioth]

Lucky you. My spam load has remained the same.

Re:Marked reduction here

[sjwest]

Our email volume is down too.

thats one possibility

[damn_registrars]

If they sent the keys to that botnet via email.

That is an interesting idea, but what would be the incentive for spammers to cooperate?

I suspect it is more likely that the systems in their botnet - of which many are compromised windows PCs - were re-compromised by someone else's worm and is now doing someone else's botnet work.

Re:thats one possibility

[ArcherB]

If they sent the keys to that botnet via email.

That is an interesting idea, but what would be the incentive for spammers to cooperate?

A couple of bullets to the back of their head! Of course, they won't exactly cooperate after that, but the next spammer will.

Re:thats one possibility

[cheater512]

Either that or they had a queue of spam that needed to be sent and its still flushing it out.

Re:thats one possibility

[damn_registrars]

That is an interesting idea, but what would be the incentive for spammers to cooperate?

A couple of bullets to the back of their head! Of course, they won't exactly cooperate after that, but the next spammer will.

Actually I was referring to whether or not there was any incentive for the spammers to cooperate with each other. I read the previous statement

If they sent the keys to that botnet via email.

To be asking whether one spammer sent botnet control to another.

Re:thats one possibility

[GigaplexNZ]

Or perhaps it is all automated.

Re:thats one possibility

[CrazedSanity]

Or the botnet is setup to continuously spew out the same email until "told" otherwise. Since there's nobody to tell it to stop, it just keeps spewing the same stuff over & over again. I mean, we are talking about spam here (most of it isn't even coherent).

or instead...

[damn_registrars]

They could have designed the botnet with a dead man's switch

Isn't it more likely that the PCs in their botnet were just swiftly taken over by somebody else's worm and are now pumping out spam on a different botnet?

Sure, there may be no incentive for spammers to cooperate with each other (and each others' botnets) but why would they want to poison the well?

Operation: spam egg sausage and spam

[fahrbot-bot]

...that's not got much spam in it.

Spam gang whack-a-mole

[damn_registrars]

If anyone is surprised by this news, they need to think about what they think they know about spam.

Sure not many people like to see the unsolicited ads for herbal viagra and pirated copies of photoshop. But why do the spammers send them out in the first place? It isn't because they hate us, and it isn't just because they can send out billions of them at next-to-no cost to themselves.

They send them out because they make money doing it. Which means that someone, somewhere, is paying for spam as a service. Which means that even if 100 spammers were instantaneously taken offline and thrown into pound-me-in-the-ass prison, 100 new spammers would emerge to fill there places and likely send out even more spam.

If we want to stop spam, we need to remove the economic incentive. And throwing spammers in jail does not accomplish that. So naturally the spam epidemic was largely unchanged by these arrests.

Re:Spam gang whack-a-mole

[Raenex]

They send them out because they make money doing it. Which means that someone, somewhere, is paying for spam as a service. Which means that even if 100 spammers were instantaneously taken offline and thrown into pound-me-in-the-ass prison, 100 new spammers would emerge to fill there places and likely send out even more spam.

I don't understand your logic. Why would they send out more spam?

If we want to stop spam, we need to remove the economic incentive. And throwing spammers in jail does not accomplish that. So naturally the spam epidemic was largely unchanged by these arrests

How are you going to remove the economic incentive? And until you come up with your brilliant solution for doing so, it makes sense to punish spammers as a deterrent to those who think spam is easy money with no chance of repercussions. Most crime is a matter of economic incentive. Crime will never be completely stopped. But enforcement reduces the level.

Re:Spam gang whack-a-mole

I don't understand your logic. Why would they send out more spam?

Because the loss of a leading spammer (from the spamming universe [spam-i-verse?]) would create a vacuum for spamming prominence. The first spammer to show they can reach or exceed the level of the deposed spammers is the one most likely to get the fiscal rewards that the lost spammer previously had.

Hence we could actually be looking at a storm of spam that is the result of the remaining spammers jockeying for prominence as top spammer.

But enforcement reduces the level.

Enforcement against spamming is so ineffective to be almost pointless. Very few countries have any sort of anti-spam laws, and even fewer have any that are at all effective (we fall only into the first for the most part). If a spammer starts sending out spam from one country and feels the heat they just have to move. And if they even just move their hosting and control operations they could be in the clear as far as enforcement in concerned because they wouldn't be violating the laws of (whatever country the live in) since instead the spam operations would be coming from (some other country).

How are you going to remove the economic incentive?

There are numerous ways to do it, but first the problem needs to be better characterized in terms of who is sponsoring the spam. Once that is better understood then the money flow can be cut off and the spam can be cut back.

Of course, some of this falls under the same problem of international crime that I described earlier for spam. But some parts of this (particularly DNS) could be addressed by agencies other than law enforcement (if only ICANN had some balls).

Re:Spam gang whack-a-mole

[mosch]

If we want to stop spam, we need to remove the economic incentive. And throwing spammers in jail does not accomplish that.

It adds significant risk and potential complexity to their operating activities. As such, it reduces the economic incentive significantly.

After all, most people look at risk-adjusted returns. And potentially losing your freedom and forfeiting your assets is a whole hell of a lot of risk.

Re:Spam gang whack-a-mole

[Riot.ATL]

After all, most people look at risk-adjusted returns. And potentially losing your freedom and forfeiting your assets is a whole hell of a lot of risk.

Drug dealers must have missed that memo.

Re:Spam gang whack-a-mole

[damn_registrars]

It adds significant risk and potential complexity to their operating activities. As such, it reduces the economic incentive significantly.

The problem with that is that very few countries enforce anti-spam laws with criminal prosecution. The US could pass the most brutal anti-spam laws they want and it wouldn't make an impact because there would still be plenty of other countries that have no anti-spam laws at all.

If spamming were a capital offense in the US, but not a crime at all in another country, the spammers will just go to another country and setup shop there. The end result would just be less spam originating in the US. The net effect of spam received in the US would likely be completely negligible.

Re:Spam gang whack-a-mole

[Tom]

If we want to stop spam, we need to remove the economic incentive. And throwing spammers in jail does not accomplish that.

That's not true.

It does raise the risk, which raises the cost for the spam-buyers. If you raise the risk, and thus the cost, enough, it will stop being profitable. First for a few items, then for the majority. Only a small number of exceptionally high profit margin items will remain "spam-worthy".

Why can't then stop the spam?

[firmamentalfalcon]

If HerbalKing was able to pass on the keys to the botnet, then shouldn't that be documented somewhere? Can anything be done with the list of botnets?

This is off-topic.

[causality]

Incompetence and stupidity (that is, incompetence that any literate adult could rememdy except that they choose not to) is the root cause of spam.

Of course in the same sentence in which I mention literate adults, I make a typo on the word "remedy". Yay!

We are the grey goo.

[zippthorne]

Let's see:

1) intelligent by virtue of conglomeration of simple parts
2) made of the same stuff as us
3) capable of consuming us to build more of itself
4) reproduces up to the limits of the available resources.

We have a huge advantage over any newcomers, though, by virtue of our having already sussed out some passable specialty organs, which do wonders for our efficiency.

Re:We are the grey goo.

[marcosdumay]

Yep, we are nanomachines that reproduce to consume all resources available. We are grey goo.

All the problem is about us creating another form of grey goo that is able to use some reactions that we can't, what would be a huge advantaje.

Honestly...

[steelmaverick]

Seriously, they shut down a spam king with a 35,000 computer botnet, and expected the spam to take a nose-dive? That's not gonna happen.

First of all, has the botnet been shut down? Does the botnet still have jobs/mail to send out? Is it self-propagating, so even if you shut down part of it, it can keep growing?

Seriously, I just don't think this would even put a dent in the amount of spam sent daily.

Perhaps if we made heavy spamming an offense worthy of the death penalty, then it would most likely stop. But today, with 99.9% (pulled this statistic out of my ass) chance of not getting caught, spam will continue to be a thriving business.

*GROAN* Bad, BAD BlooBloo!

[ShadowSystems]

You should have flushed that joke before it ever saw the light of...
Oh, wait, this is Slashdot...
NOTHING ever sees the light of DAY around here.
=)P

Hanging offense?

[wfstanle]

I doubt it. In old England it was a hanging offense to pickpocket. So what happened? In the crowd gathered to see the hanging of a pickpocket, pickpockets were plying their trade!

Re:Solution...

[NuclearError]

...force them to take an "I am no longer an idiot." internet class..."

There are natural herbal remedies that allow you to skip the class. Give me your email address and I'll send you some info.

Re:Torture should be an option in this case.

[Thundersnatch]

Courts have determined that a life has a monetary value, I think in the mid 6 figures.

This is certainly false, at least in the United States. Do you have a credible reference?

It may be that the average judgement in a wrongful death civil case might be in the mid six figues, but that is a very different thing than a legal precedent which says "one life = $X". There are cases where $x is tens of millions, and others where $x is near zero. It depends on the merits of the case, the skill of the lawyers involved, and the mood of the jury and judge. Which is as it should be.

Clients

[DrugCheese]

How come we never go after the companies who make money off of spam? The spammers are just the middle men sending advertisements out for clients no? They don't stock viagra .. ? do they? maybe that's how they pass along the great deals

Well...

I guess the authorities should start caving his face in with a hammer until some important details get released, no? If my mailbox doesn't mind a constant assault from assholes that don't care what they do to get info, then why should his cheekbones? Hand me a beer, and let's pound until his face is powder and meat.

No spam for 5 days.

[janrinok]

Same here (N Europe), I spent yesterday checking my mail server because I had not received any spam for 5 days. Usually, one or 2 will get through the filters but it had been quiet since before the weekend. NO SPAM at all is even arriving at my server. I am reluctant to attribute it to the bust, but I have nothing else to offer that will account for it.

Re:No spam for 5 days.

[Fred_A]

None ? That's weird... What's your address again ?

What about this..?

The infected computers part of this botnet probably where a part of multiple botnets. So when one botnet stop feed spam, that just freed resources for the other guys. So instead of botnet A and B sending 50/50 spam. Botnet B sends 100 spam.

We need a white hat to compromise the botnets

Really. Let's compromise the PCs on the Internet before the spammers get to them.

Re:We need a white hat to compromise the botnets

That's called grey hat.

Actually more spam

I've been receiving lots of spam in the last few days, at least twice more than usual. Don't upset the spammers...

Spam is the reason of the global economical crisis

[Max_W]

It is not only e-mail spam. I, for instance, stopped answering mobile phone calls, if a caller is not in my address book, or if he/she did not sent first an SMS explaining the reason of the intended telephone conversation.

I avoid meetings without first knowing exactly the reason behind, because sometimes people just try to sell me an idea or a product, which does not interest me at all.

A waste of time on spam is enormous. It is not only the wasted working time on deleting, setting spam filters, lost messages, etc. It is above all the broken work flow. And it's for everyone in the world.

The loss of productivity due to spam is about 30 - 40% by my calculations.

At least now they try to do something. There is a difference between a freedom of speech and sending out billions of commercial messages about body parts enlargement products. And this difference is not subtle, so that it cannot be distinguished by law.

Spam should be treated for what it is: stealing, stealing the working time from companies, from individuals. And should be punished accordingly. Life in prison should be an appropriate punishment for e-mail and phone spam kings, as the damage to the world economy is in trillions.

laws should be changed

[Max_W]

Our life is digitized and computerized more and more. And it is only the beginning. Networks of computerized devices will be playing all the more significant part.

The laws protecting this digital infrastructure should be changed. Individuals who spam, who distribute malware, viruses, etc. should be locked up for many years. The recidivists should be locked up for good.

Anti virus software, secure OS, etc. are not the answer. It is like a bulletproof vest and a helmet. They are useful things in a dangerous area, but they are not a security panacea. Or it's like a reinforced entrance door. Such a door still can be broken with a sledgehammer in minutes. It is not the door it is the law which protects.

The door just shows the border, after which the moral and written laws begin to function. We should as a global society change our mind set, and look at spam and malware distribution not as at pranks, but as an brutal and effective attack on our infrastructure, on our way of life.

And there should be an appropriate answer.

Re:laws should be changed

[cdrguru]

Unfortunately, so far the answer is that the privacy of these people must be protected at all costs. They are purchasing goods and services in large quantities and this revenue stream must not be interrupted. So their ISP has no motivation whatsoever to cooperate with law enforcement. And the amount of money the spammers are putting into their local economy ensures that the governments of many nations has no interest in changing laws to make what they are doing illegal.

And, isn't what they are doing just so terribly clever and showing off the technical skills of emerging nations? Why would their government want to interfere?

Re:laws should be changed

[Max_W]

There are illegal activities, which may seem to generate money for local economies. Drugs production, slaves trade, piracy, etc.

But the local communities should realize that spam destroys local economies, because people are overwhelmed with it. They spend the valuable working time to delete spam, install and adjust filters, clean computers, etc. Instead of doing their valuable work for the community.

And here is where the organized force of the society, the law, should interfere and correct the greed of some individuals who profit via doing the great harm to the whole society.

Maybe not the largest after all?

[miffo.swe]

Maybe the reason the spam flow didnt flinch was because the "large spam ring" wasnt that large after all?

The only way to get at spam is to target the ones using it for sales. Track who it is that pays for spam and drag them to court.

Re:Torture should be an option in this case.

[Overzeetop]

None that I can pull up. Typically, a death, to a corporate defendant, costs less than a significant but not life threatening injury. I recall something from a decade ago or so about the cost of a death, on average, being somewhere between $100k and $200k in general litigation. Larger numbers of deaths tend to be purchased by corporations "in bulk" and receive a discount.

My GP post was, indeed, hyperbole, but I am somewhat concerned that if they really did catch the perpertator of 1/3 of the worlds spam, and that he may have turned over that network to someone else, then "advanced interrogation techniques," if not torture by name, would be in the realm of consideration. If it were several hundred children held hostage, would it be reasonable?

Besides, I'd be okay if the torture were simply to make him read and respond to spam emails. One email with a single line of "please remove me from your mailing list," hand typed, for each spam he has ever sent should be sufficient. Naturally, we'd be humane and offer 20 minute breaks every 4 hours for meals, and 7 hours for sleep each night.

A quarter-century later, and no change

[Arrogant-Bastard]

The naive (but sometimes well-meaning) fools who continue to persist in their delusional belief that legislative or executive action will have any meaningful impact on spam always seem surprised that their latest "triumph" is nothing of the kind. These well-publicized busts are all about positive PR for the entity making them, and career advancement for the politicians who trumpet them. They have nothing to do with actually stopping spammers, so it's no surprise that spammers merely laugh at these feeble charades and carry right on doing what they've always done.

Re:A quarter-century later, and no change

[Max_W]

Burglaries, murders, etc. also do go on. Does it mean that those people who try to protect the society from it are naive?

A medical doctor, an aviation dispatcher, a police officer, all of us, are overwhelmed by spam. Let alone malware. The harm to the global and local economy is difficult to overestimate. Because these people ARE the economy. And all of them, 100%, have got their work disrupted by spam.

What do you suggest? Do nothing? Or punish severely at least some spam and malware kings to show others that it is not always has a happy ending.

Anti-spam filters, anti-virus software, etc. are the shield. But there should be a sword too. The politicians who begin to realize it and act on it do deserve my respect.

That's All Verra Nice ...

[Toad-san]

Might not have anything to do with that bust, or the FBI sting operation that recently closed down ...

But over the past several weeks I've noticed a HUGE drop in my personal spam (down from 85 a day to 1 or 2). Same account, same name, same everything. No filters at the mail host (it's ours), no filters at the ISP (those useless cowardly lazy pukes). It just ... quit.

Which is a pity really, because sending off the spam to Spamcop was a daily routine from which I got great pleasure.

Sigh ...

Spellcheckbot

It's just possible that ... until their owners are physically shutoff by the...

There, fixed it for you.

Is This Logical?

[flyneye]

Someone let me know if this has any relevant logic.

          The motivation to spam is money.The spam consists of advertisments from sponsors.Sponsors pay spammers to spam.Bust the sponsors and fine them to the point of collapse.Spam disappears.

Re:Only one thing is unbeatable: JESUS

[clone53421]

Dupe. And no, it wasn't funny the first time either.

Article seems wrong on many points.

[SpamIsLame]

I feel that many of the conclusions this article comes to are erroneous.

One must remember at all times that spammers do not organize into "gangs." They are individuals, and they are only looking out for themselves as an individual.

When SanCash was shut down and had their assets frozen, the mailers were possibly the last to know. SanCash is believed to have had anywhere from several dozen to several hundred affiliate mailers, all invitation only. They were spamming just as much volume as usual the day of the shutdown. Spam messages arrived featuring URLs which were usually for domains which had already been shut down (SanCash provided the URLs to the individual mailers to keep track of who generated distinct sales. This is common for most spam sponsor operations.

Not every spammer in the SanCash program used the same botnet. Most people assume that all spammers use the exact same techniques or tools. They do not.

A day later, all the spam that used to be for Canadian Pharmacy, Direct Pharmacy or Worldwide Wholesale Pharmacy (all SanCash properties prior to the shutdown) immediately swung to domains for Canadian Pharmacy, a website property promoted on behalf of Glavmed and Spamit. The copy and overall template of the messages remained identical to ones sent in the previous month promoting Canadian Healthcare, Direct Pharmacy and Worldwide Wholesale Pharmacy, only now they all pointed to one or another Canadian Pharmacy domain. Any spam which used to be sent promoting King Replica, Prestige Replica, or Diamond Replica are now exclusively promoting domains redirecting to websites for Swiss Watches Direct. (Sponsor as yet unknown.)

These same individual mailers never stopped mailing, they just switched their efforts from promoting anything from SanCash to sites sponsored by other competing sponsors. Several people have noticed that spam volume is in fact generally higher than pre-SanCash-shutdown, indicating that the mailers may have taken a financial hit in the shutdown (they probably still had commissions for sales for which they were owed money from SanCash which they will no longer be able to recover.)

Nobody "handed over" a botnet to anyone. Whichever botnet they were already using they continue to use, only to promote a different set of properties. SanCash was only one of several spam-friendly sponsors. It's still a good thing that they've been taken out of the picture. It only means that the mailers (spammers) who do the sending on their behalf have now moved on to other sponsors instead.

My hope (and that of many spam investigators) is that law enforcement will now also focus their attention on Spamit / Glavmed, who have ties to the storm worm, the kraken botnet, numerous public website hijacks used to promote either storm worm or Canadian Pharmacy, and numerous other rampant abuses of public web services and domains. Spamit / Glavmed are also alleged to be closely linked to the Russian Business Network (RBN.) They continue to brashly hijack any website they come across and immediately use it in very large spam campaigns promoting these properties and have done so since at least 2006. There are also of course ties to Russian organized crime, and there were hints within the past year or so that the RBN has links to either Russian or Ukranian government officials.

Of course the volume of spam never went down. It's just the content of the spam, and the properties being promoted, which have changed.

Do not purchase from websites promoted via spam. Please. Inform your friends and relatives.

SiL / IKS / concerned citizen

agents of law and salted water

[Max_W]

I have got an idea on how to fight a spam. It is often difficult to prove in court that an individual controls a bot-net of thousand computers. Because to lock up a person for years one needs strong evidence, or because of absence of laws in a particular country.

The FBI or the likes could create an international task force. When they track down the culprit and are sure that he/she does harm by sending spam and spreading malware around the globe, but when for some reason there is no way to prosecute him/her due to, say, local laws of the country. What if a special agent just enters the apartment or house clandestinely, when the spam king is absent, and spray a special liquid in his/her computers. It could be just a salted water, or something more sophisticated could be developed.

A spam king still must own the computers to control bot-nets. He could be knocked off the business for weeks, trying first in vain to repair the hardware, then to buy and set up new.

If an agent does not forget to emerge in a salted water his back-up HDs and flash-sticks, he may even lose control of bot-net irrevocably.

This special agent could spray different liquids in different spammer's computers. So that they go offline not simultaneously but one by one. This could be possible if a layer of dried spray gains ability to work via the electrical isolation and become conductive gradually. It seems to be possible from chemistry point of view.

What we have now is that a mentally unstable spammer & malware king sends trillions of messages from some exotic corner of the Earth and nobody can do anything. But if they can fire a guided missile into a suspected terrorist house, why not to send a trained agent to knock off computers which cause a harm to the world economy in billions?

Re:Solution...

askbill@microsoft.com.