Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Flood Unabated After Bust

Posted by kdawson on from the removing-a-cup-of-water-from-the-sea dept.

AcidAUS writes "Last week's bust of the largest spam operation in the world has had no measurable impact on global spam volumes. The spam gang, known by authorities and security experts as HerbalKing, was responsible for one-third of all spam, the non-profit antispam research group Spamhaus said." The article speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat.

6 of 188 comments (clear)

  1. Spam is still profitable by HalAtWork · · Score: 3, Interesting

    When you arrest certain people, it doesn't remove the profitability of the activity, it doesn't remove the tools or knowledge used to perpetrate the activity, and it doesn't remove the infected computers already carrying out payloads. Maybe for a few who are deeply involved individuals with a lot to risk, they will reconsider what they're involved in, but there must be a large population who still consider it profitable and worth the risk.

    --
    Twinstiq, game news
  2. Re:Another theory... by roguetrick · · Score: 3, Interesting

    "Hey, I got an idea, if we get caught lets make sure something happens that gives us an even longer prison sentence!"

    --
    -The world would be a better place if everyone had a hoverboard
  3. Marked reduction here by DaveAtFraud · · Score: 3, Interesting

    Maybe most of my spam originated on their bot net. My dSPAM fourteen day analysis shows my incoming spam rate has dropped to less than half the level of a week ago.

    Note, I'm not complaining.

    Cheers,
    Dave

    --
    They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
    Ben
  4. thats one possibility by damn_registrars · · Score: 4, Interesting

    If they sent the keys to that botnet via email.

    That is an interesting idea, but what would be the incentive for spammers to cooperate?

    I suspect it is more likely that the systems in their botnet - of which many are compromised windows PCs - were re-compromised by someone else's worm and is now doing someone else's botnet work.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:thats one possibility by cheater512 · · Score: 5, Interesting

      Either that or they had a queue of spam that needed to be sent and its still flushing it out.

  5. Re:Another theory... by ShaunC · · Score: 3, Interesting

    Why wouldn't it just keep on churning out the spam it has until given new stuff?

    Because the life expectancy of a given spammed domain is on the order of several hours now, even with fast-flux DNS tactics, and professional spammers certainly understand that. There's no reason to expect that botnets are given a "spam this until otherwise instructed" order; instead, evidence points to very specific commands from botnet operators to mail each campaign for X site to Y addresses over Z period of time. There are screenshots out there of popular spam/bot controller interfaces. Besides, if the botnet operators have been busted, we have to presume that access to their C&C (and the ability to shut down the botnet) was part of a plea bargain.

    I've mentioned this anecdotally to friends and coworkers over the past week, but apparently I'm not the only one to notice: after the bust, spam volume has remained steady. Claims that this group was responsible for a third of all spam appear to be sorely overrated.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!