Slashdot Mirror
Spam Flood Unabated After Bust
AcidAUS writes "Last week's bust of the largest spam operation in the world has had no measurable impact on global spam volumes. The spam gang, known by authorities and security experts as HerbalKing, was responsible for one-third of all spam, the non-profit antispam research group Spamhaus said." The article speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat.
speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat
If they sent the keys to that botnet via email. If it got eaten up by the other ends spam filters, that would be irony indeed.
Moved to http://soylentnews.org/. You are invited to join us too!
"The article speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat."
Whatever. I've seen way too many scifi films to believe that. Obviously, skynet is now self-aware.
I for one... (etc.)
Since they did that bust in that other endless, fruitless war.
They anticipated they might someday be busted.
They could have designed the botnet with a dead man's switch... if they were busted, start feeding their partners' spam at double vigor, and have the bots create as much noise and general chaos as possible.
My inbox now seems to be filling up with lobster thermidor aux crevettes instead.
"I bless every day that I continue to live, for every day is pure profit."
Consider the economic benefits of spam! MessageLabs reports that Egham, Surrey, on the suburban outskirts of London, is the town that receives the most spam in Britain.
"It's not like there's much else to do," says Boris Busybody, 77 (IQ), of Egham Hythe, idly whirling his four-foot penis around his head in a desultory fashion. "Expanding your manhood, growing your breasts, increasing your sperm ... the Lib Dem phone calls get a bit much. That's Doctor Busybody, by the way. My Ph.D arrived last week."
Spam has revitalised the local economy. Busybody has given up cab driving and is now working a lucrative job processing payments from home after he sent them his bank details in response to an urgent security message. "I had that King Otumfuo Opoku Ware II in the back of my cab once. Very generous and helpful fellow."
The Egham Tourist Board has seized the day, with plans for a 50 foot tall penis sculpture at Junction 13 of the M25 on the exit ramp to the town. The sculpture will be encircled by a genuine imitation Rolex and spray a fountain of Spermamax, obtained at a very reasonable rate from a Canadian pharmacy. "You will search an hour for your underwear in the ocean of our spam!" is to become the new town motto.
"I did get a good one the other day," says Busybody. "Barrister Matthew Sergeant Busybody of MessageLabs said we could promote our town to millions of people just by sending them an advance fee to process our incoming email. The stuff they try! â(TM)Scuse me, V!k@grk@ kicking in, got to go have sex again. Sorry."
http://rocknerd.co.uk
Exactly when the original story broke, I went from about two hundred spams a day to over a thousand, almost all of which were new topics, and it hasn't let up since. So the keys may have been passed on to several parties who are making more extensive use of the botnet than the HerbalKing group did.
I wonder how many it will take before Yahoo finally decides to start blacklisting spam hosts rather than sticking to the woefully inadequate filters.
-- Insert witty one-liner here. --
"...the automated, 35,000-strong botnet..."
Doesn't mean that the 'machines' will stop doing what they have been 'told' to do.
FCOL, 99% of the spam is rejected because of bad addresses, rules, and so forth.
It's just possible that these bots will continue to spam until they are physically shutoff by their owners.
Sig this!
Now, personally I run Linux, so for right now, I don't have to worry. Of course, if Linux ever gets popular enough to put a real bite in Microsoft's monopoly that will change, but it's not vulnerable in the same way. Not only is it (more) secure by design, the firewall goes up before, not after the network interface, so there's no time that it's exposed to the network without protection.
Like it or not, most of the world's private computers are going to be running one form or another of Windows for the foreseeable future, and unless and until Redmond sets things so that there's a built-in firewall up and running while the box is still isolated, MS boxen are going to get pw0ned, and Joe The Plumber won't know that there's anything wrong except that his computer isn't as fast as it used to be, but he's accustomed to that by now anyway, and won't realize that it's a problem.
Good, inexpensive web hosting
Your post advocates a
( ) technical (X) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's life
Specifically, your plan fails to account for
(X) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being murdered
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Might I suggest doing business with spammers a crime instead?
When you arrest certain people, it doesn't remove the profitability of the activity, it doesn't remove the tools or knowledge used to perpetrate the activity, and it doesn't remove the infected computers already carrying out payloads. Maybe for a few who are deeply involved individuals with a lot to risk, they will reconsider what they're involved in, but there must be a large population who still consider it profitable and worth the risk.
Twinstiq, game news
I'm thinking something more direct... an anonymous-looking execution of a hooded spammer won't get quite as much attention and effect as, say, the severed heads of spammers jammed onto a pike and set in front of a datacenter.
That, or we could show some mercy and at the same time have a living, breathing object lesson by castrating viagra spammers, etc...
Quo usque tandem abutere, Nimbus, patientia nostra?
"Make big time spamming a hanging offense. That will stop it fast."
Just make sure you get the executioners ragingly intoxicated before they do the deed. I would hate for a spammer, of all people, to be remembered as being particularly well hung.
The way draconian sentences have stopped drug dealing?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
.. I thought it was because this spam ring was too big to fail and the congress bailed it out
Dear F-Secure,
Please note the implications of this story, then promptly stick your request for Internetpol up your collective asses.
Thank you
The Internet
Support NYCountryLawyer RIAA vs People
Cum with me if you want to live
Buh-bye karma!
Like every thing else that gets a death penalty, it'll only stop the same people from repeating the crime, once they're caught.
It won't stop new spammers from popping up before the first one's body is even cold.
---
"I can't complain, but sometimes still do..." Joe Walsh
It doesn't feel pity or remorse, and it will absolutely will not stop, ever...until our disks are full.
No sig today...
Maybe most of my spam originated on their bot net. My dSPAM fourteen day analysis shows my incoming spam rate has dropped to less than half the level of a week ago.
Note, I'm not complaining.
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
"It's the Child-Rapist-Murderer Anti-Defamation League on line two. They say you compared them to spammers. I think you'll need to apologise."
http://rocknerd.co.uk
> Would be nice to see something legally happen to them, as well. Seriously, if one pulls
> a number out of their ass, no matter what side of the fence they are on, they should be
> held accountable for lying at the least (publicly shunned on their "stats" in the
> future), libel, to out and out fraud.
So sue them for the damage they did to you.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
If they sent the keys to that botnet via email.
That is an interesting idea, but what would be the incentive for spammers to cooperate?
I suspect it is more likely that the systems in their botnet - of which many are compromised windows PCs - were re-compromised by someone else's worm and is now doing someone else's botnet work.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
If anyone is surprised by this news, they need to think about what they think they know about spam.
Sure not many people like to see the unsolicited ads for herbal viagra and pirated copies of photoshop. But why do the spammers send them out in the first place? It isn't because they hate us, and it isn't just because they can send out billions of them at next-to-no cost to themselves.
They send them out because they make money doing it. Which means that someone, somewhere, is paying for spam as a service. Which means that even if 100 spammers were instantaneously taken offline and thrown into pound-me-in-the-ass prison, 100 new spammers would emerge to fill there places and likely send out even more spam.
If we want to stop spam, we need to remove the economic incentive. And throwing spammers in jail does not accomplish that. So naturally the spam epidemic was largely unchanged by these arrests.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
The way draconian sentences have stopped drug dealing?
Something like that. You cannot legislate away trade in something that people want to buy and other people are willing to sell.
Email spam is profitable due to the economics of the situation, it used to be nearly free to send out spam, now with botnets it's much, much worse than that.
Consider it from another angle. How much electricity world wide is consumed by the generation of spam and the receipt and deletion of spam? What's the carbon footprint of all this mostly useless activity? Save the Planet! Stop Spamming Now!
Seriously, they shut down a spam king with a 35,000 computer botnet, and expected the spam to take a nose-dive? That's not gonna happen.
First of all, has the botnet been shut down? Does the botnet still have jobs/mail to send out? Is it self-propagating, so even if you shut down part of it, it can keep growing?
Seriously, I just don't think this would even put a dent in the amount of spam sent daily.
Perhaps if we made heavy spamming an offense worthy of the death penalty, then it would most likely stop. But today, with 99.9% (pulled this statistic out of my ass) chance of not getting caught, spam will continue to be a thriving business.
Proudly posting without RTFA.
Did you come up with this on your own or did you find it somewhere? I think it's:
(X) Funny (X) Unfortunately true
Correctness matters. Mercy matters more.
Same here (N Europe), I spent yesterday checking my mail server because I had not received any spam for 5 days. Usually, one or 2 will get through the filters but it had been quiet since before the weekend. NO SPAM at all is even arriving at my server. I am reluctant to attribute it to the bust, but I have nothing else to offer that will account for it.
Have a look at soylentnews.org for a different view