Slashdot Mirror
Researchers Hijack Storm Worm To Track Profits
An anonymous reader points out a story in the Washington Post, which begins:
"A single response from 12 million e-mails is all it takes for spammers to turn annual profits of millions of dollars promoting knockoff pharmaceuticals, according to an unprecedented new study on the economics of spam. Over a period of about a month in the Spring of 2008, researchers at the University of California, San Diego and UC Berkeley sought to measure the conversion rate of spam by quietly infiltrating the Storm worm botnet, a vast collection of compromised computers once responsible for sending an estimated 20 percent of all spam."
The academic paper (PDF) is also available. We've previously discussed another group of researchers who were able to infiltrate the botnet for a different purpose.
How come they don't track down the IP addresses of infected computers and inform the users their computer is compromised? It seems these researchers also are getting a kick out of the botnet at the cost of the victims.
They must be really smart. After all, how are they able to figure out how it is that I'm in need of a bigger schlong, can't get it up w/o viagra and need a new Rolex at bargain prices and I'm looking for a Russian wife. I mean, what kind of research have they been doing to target me perfectly?
HexaByte - he's a square and a half!
I don't have any data to back this up, but it seems to me that people are migrating from small provider companies to big internet provider companies - and their e-mail is going together. And it also seems to me that all those big companies have good e-mail filters (or they're getting one that will be good in a small period of time). If that's true, spam will face a dead end pretty soon.
Even if you stay with a small provider company with your personal e-mail, there are many good solutions to avoid spam. I used Popfile for a long time and it worked pretty well.
Either way, if people will go to their spam box and click that viagra ad, it will be their problem. It doesn't affect me anymore.
Any life is made up of a single moment, the moment in which a man finds out, once and for all, who he is.
You post on Slashdot?
Just about to reply when NoScript said http://s.fsdn.com/sd/iframe/text/javascript http://ad.doubleclick.net/adj/ostg.slashdot/news_p9_leader;pg=index;logged_in=1;tile= http://s.fsdn.com/sd/iframe/news.html? Oh Shit too late.......
Zap the partition table.
Deleted
I mean, what kind of research have they been doing to target me perfectly?
I don't know, but if the stats are as the submission suggests, it would seem that the only recourse must be a series of extremely messy object lessons.
I might suggest burning "THOU SHALT NOT SPAM" into their backs with an oxy torch. If anyone can suggest an improvement on this, feel free...
Suggest an improvement?
Make them write lines.
No, before you roll your eyes so hard you sprain something, hear me out.
Try to get an estimate for how prolific this particular spammer is, and then make them legibly write out every e-mail they have ever sent by hand, using crappy 5 cent pens that splutter and run dry frequently.
They get released when they're done.
Oh, Spam... right.
When I first read the title, I was thinking more along the lines of:
Bless the Maker and His water.
Bless the coming and going of Him,
may His passage cleanse the world,
may He keep the world for His people.
-- Frank Herbert
-- Working to secure tomorrows technology. Honestly Officer!
How about just raising the penalty for guilty spammers. You know, forcing them to read spam for 8 hours / 7 days a week for several years. Maybe that would help?
The way I read it, they only need one response for every 12 million emails that they send. They send many more than that and they might get more than the one response per 12 million necessary to make a profit. It's more a testimony to the low cost of sending those 12 million emails.
Virtue finds and chooses the mean.
Aristotle, Ethica Nichomachea
No. If you send 12 million emails, you can expect to get one order for $100 pills. To sell a million dollars worth of product, you would have to send 120 billion emails.
I realize this will either be wildly popular with you or you'll hate it, but what I'd like to see someone do is infiltrate the botnet somehow (either by vulnerability or crack their key or whatever) and send a command to the herd to zero the boot sector and shut down their host. (the zombies, not the herder's machines)
Nothing enough to cause data loss, but enough to force the naive owners to take their machines to someone to get them fixed/cleaned up. I'm tired of being a victim of computer neglect en masse.
Not saying there's just one botnet out there, so I'd be greatly entertained to see them fall one by one. Should make a nice spectacle. Wouldn't it be entertaining to get up tomorrow and read front page stories all over the place the likes of which we got with Code Red, that a sizeable chunk of zombies just dropped off the grid and there were long lines at the PC repair shops this morning? Stories of entire businesses being brought to a halt because 95% of the machines in their office were owned? Sorry, but "serves them right", and thank you have a nice day while I go check my mail and see 80% fewer medications for sale.
I work for the Department of Redundancy Department.
Only because the botnet operators steal resources in such a large manner they can turn a "profit". Whatever that may be. How do you calculate a script kiddies costs anyways?
The much more interesting information was the US$ 2700 for about 350 Million Spam messages received and (an estimated) four times as much sent.
Rounded up that is a dollar earned for every 10 Million messages received and 40 Million messages sent (and caught as spam early on). Not counting that: "Still, the researchers acknowledge their figures don't take into account perhaps the most profitable aspect of the pharma spam business: The repeat customer who comes back time and again to purchase refills."
I would like to see that figure (10 Million for 1 Dollar) put against the resources lost/spent fighting Spam. How much damage do they do in order to make money. Do they steal 1 Dollar for every Cent they make? 10 Dollars? 100 Dollars? How much does it hurt the economy?
And maybe it is finally time to do something serious about Spam.
A single response in 12 million emails ? So someone orders $50 of 'GetHard' or whatever.
Then introduce micropayments on all emails. $50/12,000,000 or about 0.5 millicents an email. No normal operation would suffer, and spammers can't make a profit. Job done.
proposing refundable microcharge for sending email (which is NOT fully refunded ONLY when the recipient subsequently marks incoming email as spam). Obviously my idea might be flawed, but those who have critiqued it never formulated why. At the present conversion rates, a refundable cent per email will do wonders. Possibly it will kill spam, or at least change its quality and quantity very considerably.
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
Actually, I'd rather they be made to pick up a piece of litter for every spam email they sent, or some other such public service that equates piece for piece to the amount of spam they have sent.
Repaint a house for someone = 100 spam messages
Clean up a city block of litter = 100 spam messages
Well you get the point. Force them to wear bright yellow spandex jumpsuits with the spam logo on it until they have fully atoned.
Whatever the punishment, it should be public, and only mildly degrading.
Something that lets us all remember what they did, and what it costs in reparations.
Support NYCountryLawyer RIAA vs People
Given that they sent 350Million emails that linked to the researcher's websites in a month, and that they estimate they redirected 1.5% of the botnet's total spam. 1 in 12Million over however many billions of emails they send a month == profit
the researchers seem to take the legality of their actions under serious consideration. From TFA:
"Measurement Ethics:
We have been careful to design experiments that we believe are both consistent with current U.S. legal doctrine and are fundamentally ethical as well. While it is beyond the scope of this paper to fully describe the complex legal landscape in which active security measurements operate, we believe the ethical basis for our work is far easier to explain: we strictly reduce harm. First, our instrumented proxy bots do not create any new harm. That is, absent our involvement, the same set of users would receive the same set of spam e-mails sent by the same worker bots. Storm is a large self-organizing system and when a proxy fails its worker bots automatically switch to other idle proxies (indeed, when our proxies fail we see workers quickly switch away). Second, our proxies are passive actors and do not themselves engage in any behavior that is intrinsically objectionable; they do not send spam e-mail, they do not compromise hosts, nor do they even contact worker bots asynchronously. Indeed, their only function is to provide a conduit between worker bots making requests and master servers providing responses. Finally, where we do modify C&C messages in transit, these actions themselves strictly reduce harm. Users who click on spam altered by these changes will be directed to one of our innocuous doppelganger Web sites. Unlike the sites normally advertised
by Storm, our sites do not infect users with malware and do not collect user credit card information. Thus, no user should receive more
spam due to our involvement, but some users will receive spam that is less dangerous that it would otherwise be."
However, their premise of "reducing harm" is questionable. How can we be sure that a person who decided to purchase these drugs (against all warnings) really believes that not buying them is the best thing for him? What if this person really wants to purchase a drug that he thinks will enlarge him? Who gives the researchers the right to decide what other people should spend their money on? Under several legal interpretations, forcing a person not to buy something perceived as harmful is not legal: denying to sell cigarettes to a person of legal age may be illegal, under discrimination laws.
The bottom line is that the researchers have a good point regarding the ethics of their study, however this issue is not 100% resolved.
I can now die happy having seen the phrase, "Excellent Hardness is Easy!" in an academic paper.
So your plan would result in Joe Sixpack getting a bill for email that he claims he didn't send.
And he would be correct. He would not have sent it. His machine would have. While it was a zombie.
#1. The ISP blocks all outgoing port 25 connections. We've been over this one before. It means more expenses for the ISP so they're not going to do it unless they are forced to do it through law.
#2. The vigilante approach of writing a "virus" that identifies and infects infected computers ... and then removes the existing infection, downloads updates, installs a silent anti-virus app and checks back in at regular intervals for updates. The problem with that is that the people who do it become "criminals" under US law.
"Botnets. Spammers Botnets.
What kind of boxes are on botnets?
Compaq, HP, Dell & Sony, true!
Gateway, Packard Bell, maybe even Asus, too!
Are boxes, found on botnets, all running Windows, FOO!"
Why is it that TFAs almost never mention the OS of all the computers that make up these botnets?
Perhaps it's just one of those things that EVERYBODY knows, and as such, doesn't really need to be mentioned.
Guaranteed! This comment 100% Anthrax free!
Speak for yourself.
oh wait...
Consider it a form of quarantine.
Deleted
You are probably right about the *indows machine in the botnet. The brand is irrelevant.
What is never mentioned is how many servers are infected (websites) with malware (or participate in it) because of errors in the apps running on them. I would say most of these are running *nix. I don't see IIS that much.
I think we are converting a botnet (spam) problem into a religious OS thingy.
Hygrade frankfurts are fresher because more people eat them or do more people eat them because they are fresher?
There are more *doze PCs out there so more of them will be infected.
Anyone have stats on percentages (with a link)?
Think yourself lucky - I get targetted by ads for diet pills and hair restorer.
Just keep saying it though. Maybe eventually people will believe you.
Help stamp out iliturcy.
Unsolicited spam email Subject lines _MUST_ contain the phrase, "this is an unsolicited email". I think that would pretty much cover it. (The word Spam isn't used so there isn't any gray area with that processed meat product). I know that there have been attempts at this before and it has been shot down but I don't understand why. Obviously the purpose of this would be to have these in email filters to block the crap all of the time so why doesn't it pass? Someone in the gubment think it unfair to all of the people sending ILLEGAL emails?
Files in Windows System folder:
wincom32.sys
peers.ini
wincom32.ini
Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wincom32
Damn it! You're right.
Out of all the spam I've gotten in recent years, I've only got 1 from a Russian bride-to-be:
Hello! My name is Nataliya, me of 26 years, I the intellectual, nice, sexual girl which at present searches for serious attitudes - I shall tell more search for the man for marriage!
I only, that have read through your questionnaire and it has very much interested me, I wish to continue to learn you.
So we can have dialogue!
Please reply only my personal e-mail: iriska640@yahoo.com
I look forward to your prompt answer :)
Nataliya.
As I'm already married ('nuff said), I can't take advantage of this incredible offer, so you can have her.
BTW She's blond, petite, late 20's.
Good Luck
Don't be apathetic. Procrastinate!
People write viruses & trojans & worms to infect Windows because Windows is so easy to 0wn.
Guaranteed! This comment 100% Anthrax free!
I see two potential solutions...
One is a worm that's released in the wild whose sole purpose is to find and clean infected/vulnerable computers, and then throw huge warning signs at them. If the same machine is re-infected X times within a year, the worm just shuts the computer off. A Robin-Hood worm of sorts. Illegal just like Batman, but hell, if it does the internet some good, why not. If they don't do it, the vulnerable hosts don't just disappear. Instead, they just sit there waiting for real hackers to exploit them. Or, if they're already compromised, they can only do harm anyway.
The other solution is tough love. Get caught with a compromised machine, your internet connection is shut off automatically, until you can prove that you've fixed the vulnerability. But of course, the ISPs won't wanna do this voluntarily. After all, this would affect their profits...
eTrade SUCKS
anyone know which insightful greybeard wrote the original?
Your mistake. It's right here.
Don't worry. It's a common error. Get the facts and you'll understand.
Help stamp out iliturcy.
Sorry about that. One of the problems with slashdot is that it can be tricky touching upon common memes, and you've stumbled on one. The problem with your assertion is that it's been made for fifteen years, thoroughly examined, and disproved in every case.
GNU/Linux is not Windows. It won't ever be. Because Linux is available in over 1,000 distributions and hundreds of versions, and always will be, the generic reference to "Linux" includes far more scope than "Vista" or "W7" ever could. Linux is available in versions for your PS3, for Sun hardware, and IBM mainframes. By itself that makes it a harder target because one exploit can't target all of linux. It's used in almost all supercomputers and a great many network routers. The embedded applications like EMC SANs and security cameras and TV recorders and dash mounted Nav devices and many other things far exceeds Microsoft's desktop operating system installed base. Microsoft could not dream of being able to hire as large or well qualified a team of programmers motivated to secure the software out of their own self interest (i.e. improvements come from people who want to use it, not people who are only paid to write it).
I can do no better than commend to you ESR's great work, The Cathedral & The Bazaar.
Basically here's how it works: in order for Windows to have a "brand" it can market, it has to have a coherent set of services and applications which are identified with it. This fixed set becomes a target, and since it is software written by humans, vulnerabilities will be found which are consistent across that platform. Since it must enforce compatibility across generations, the code is generally recycled across revisions. Linux has no such limitations.
Now by responding to your obvious question I have to slur Linux a little bit in order to not look so much like a fanboi. Of course any individual installation of Linux can be rooted, at least if someone is using it to surf the Internet. That's not the point. No one exploit is going to be broad enough even to get most of them, and you can't say that about any version of Windows.
Help stamp out iliturcy.
This is your original post:
If Linux had the greatest market share, it would have the most viruses. Windows is just a big target. Think about it -- if you wrote a virus, would you rather design it to attack 90% of the OSes in the wild, or 2%?
The smugness of the "windows has viruses because it sucks" position is a really poorly thought-out one.
Semantic analysis of the grandparent and your post yields no significant similarities. They differ in form, content, structure and purpose. They are opposites. It's not even remotely possible that you were trying to say this.
Try again?
Help stamp out iliturcy.
No argument here.
Help stamp out iliturcy.