Project Honey Pot Traps Billionth Spam

EastDakota writes "Project Honey Pot today announced that it had trapped its 1 billionth spammer. To celebrate, the team behind the largest community sourced project tracking online fraud and abuse released a full rundown of statistics on the last five years of spam. Findings include: spam drops 21% on Christmas Day and 32% of New Year's Day; the most spam is sent on Mondays, the least on Saturdays; spammers found at least 956 different ways to spell VIAGRA (e.g., VIAGRA, V1AGRA, V1@GR@, V!AGRA, VIA6RA, etc.) in mail received by the Project; and much more."

Spelling

[Foxxxy]

I have seen 945 of the spellings in my inbox just last week.... damn spammers

Re:Spelling

[TheRaven64]

I've seen at least 1,000 spellings! Damn slashdot...

Thanks for the info on misspelling Viagra

I really thought \/!@gra looked promising. Also, most spam is in your inbox when you get to work and most spammers don't send on the weekends.

Re:Thanks for the info on misspelling Viagra

[Publikwerks]

Jesus, even spamers have better hours than me

Re:Thanks for the info on misspelling Viagra

[rwa2]

Is there even demand for the stuff? I spend most of my time trying to get it down, not up. Seems like an artificial way of getting it up would just create more problems than it solves...

Spam = spy chatter?

Is spam even really spam anymore?

Every now and then I take a look at my gmail spam folder, and none of the messages contain links or even coherent sentences.

Nothing being sold, nothing being said... What's the point?

Re:Spam = spy chatter?

*slow golf clap*

Gmail strips most of the links.

Re:Spam = spy chatter?

[Sir_Lewk]

Why would it strip out a link but allow the rest through unchanged? Why does it strip out the links in some spam messages, but not others?

Re:Spam = spy chatter?

[maxume]

My favorite theory is that spammers are making money by selling spamming services to suckers, not by actually selling a product in the spam.

I guess there is also some chance that there is some botnet out there set to verify that mail reaches addresses, and it is just running out of control.

Re:Spam = spy chatter?

[maxwell+demon]

You mean, skynet actually is created by spammers?

Re:Spam = spy chatter?

[randallman]

They are training your spam filters.

Re:Spam = spy chatter?

[CorporateSuit]

I guess there is also some chance that there is some botnet out there set to verify that mail reaches addresses, and it is just running out of control.

This. It's not just about finding whether the email address is correct, though, it's also testing the junkmail filters -- seeing what words will get a domain on a blacklist and which will still get delivered or bounced at the directory level. I learned this after researching why I got a promising email titled "TEENAGE GIRL HAS SEX WITH BAT!" only to open it up and find a disappointing message like "Gillette rosemary is talking sweet sound to hair bounces great. Sounded of?"

Re:Spam = spy chatter?

[maxume]

Well, it's more like a runaway bulldozer than a sentient computer network bent on the destruction of humanity, but sure, why not.

Re:Spam = spy chatter?

[interkin3tic]

Gmail strips most of the links.

I have to ask (afraid to hear the depressing answer) even if there are links to something for sale, what's the point? Are there honestly people out there who get an e-mail that is gibberish, a link, and then more gibberish, they click on the link, see "Hey, it's selling viagra! I need viagra!" and enter their credit card, and there are enough of these people that you can make more money preying on them than you can working at McDonalds?

Re:Spam = spy chatter?

[Aphoxema]

All life started from chaotic collisions of molecules...

Re:Spam = spy chatter?

[hvm2hvm]

in short... yes

Re:Spam = spy chatter?

[Frigga's+Ring]

Who needs to enter anything? You can install plenty of malware simply by having the user click on your link. Plus, it depends on who the spam comes from. Would you really check the URL if you received an e-mail that looked like it was from a close friend that simply read, "Check out this link: http://tech.slashdot.org/story/09/12/15/1652236/Project-Honey-Pot-Traps-Billionth-Spam"? (Disregarding, of course, the Slashdot URL display feature)

Re:Spam = spy chatter?

[fm6]

I get links. Perhaps Google is filtering yours out?

Re:Spam = spy chatter?

[stevey]

Attempting to subvert bayasian filters such that future real spam can slip through more easily.

Re:Spam = spy chatter?

[sentientbeing]

Wow cool link. Thanks for that.

Re:Spam = spy chatter?

[IndustrialComplex]

Would you really check the URL if you received an e-mail that looked like it was from a close friend that simply read,

Depends on the timing of the email.

I could have been holding an email conversation with someone regarding any number of topics, maybe I was researching treadmills, wondering what was a good deal, where to buy, consumer reviews...

And then in the middle of the conversation comes a "Hey check out this one". Granted, that requires good timing, but it happens.

And damned if I haven't accidentally clicked on a link in google by bumping my mouse as I reached for the phone and caused it to go to some squatter site or a hijacked site.

Re:Spam = spy chatter?

[IndustrialComplex]

All life started from chaotic collisions of molecules...

But this had the guiding hand of some sort of developer, a creator of those conditions you might say.

Which is to say, we are God's rhinovirus.

Re:Spam = spy chatter?

I think it is noise to confuse the Bayesian filters

Re:Spam = spy chatter?

[interkin3tic]

Would you really check the URL if you received an e-mail that looked like it was from a close friend that simply read, "Check out this link: http://tech.slashdot.org/story/09/12/15/1652236/Project-Honey-Pot-Traps-Billionth-Spam [totalyavirus.com]"?

Yes, but I admit that is largely due to being rick-rolled one too many times.

(that and they're usually headed by "Hey Bob..." when my name is not bob.)

Re:Spam = spy chatter?

[MobileTatsu-NJG]

in short... yes

This is not true. All SPAM needs to get published is somebody to spend a few bucks to get their message out there. That's it. SPAM rates are not goverened by success of the ad. SPAM is, however, dirt cheap (I think I read something like $100 for 50,000 messages...) and a number of people use that stupid "if I only get 1% of those...." logic.

Advertising in general works like that. We still have pop-up ads because some dumb-shits out there are ordering them.

Re:Spam = spy chatter?

[L3370]

Is spam even really spam anymore?

Every now and then I take a look at my gmail spam folder, and none of the messages contain links or even coherent sentences.

Nothing being sold, nothing being said... What's the point?

Take heed to the lilly botanical before racing and suffer the pullback!

These puzzle me too. You know what I think it is? I think those are test messages sent by spammers--to test mail filters for which words trigger a junk mail alert.

Re:Spam = spy chatter?

[Sulphur]

Someone is checking to see if the email address is valid.

If so, the spammer will appropriate your name for spam.

--

Another tale from the Village of the Spammed.

Re:Spam = spy chatter?

[Greenisus]

And I clicked it without even looking. Shame on me. :(

Re:Spam = spy chatter?

I once found a reply from an employer in there.

"Sorry to inform you that we hired somebody else", so no biggie. But what if that was "Please contact me for an interview".

Since then I check my spamfolder daily.

Re:Spam = spy chatter?

Because its software, it leaves enough intact that you could figure out what you need "just in case".

ok

[nomadic]

1 billionth spammer

So approximately one out of every 7 people on earth is a spammer?

Re:ok

[Monkeedude1212]

And thats only the ones they've caught.

In fact, almost everyone on the net is a spammer. It's kind of a secret club, where you have to pass a secret trial, to gain your secret right of entry. It's so secret, I shouldn't even be divulging this secret information. If the secret spammers found out, I could get

Re:ok

[MozeeToby]

Nice of them to hit the Submit button for you though, though it does seem to defeat the purpose of killing you for trying to send it.

Re:ok

[Again]

And thats only the ones they've caught.

In fact, almost everyone on the net is a spammer. It's kind of a secret club, where you have to pass a secret trial, to gain your secret right of entry. It's so secret, I shouldn't even be divulging this secret information. If the secret spammers found out, I could get

NO CARRIER?

Re:ok

According to project honey pot. They are a little over eager to classify people as spammers. I run my on mail server, so my IP is on there list. None of the emails that they found to be violating were even somewhat spam like. They were things like personal email to friends, ironing out the details on contracting work and other such personal things. I keep adding my IP to the whitelist but since I still run a mail server it keeps getting blacklisted.

Re:ok

[idontgno]

The Spam Club is sending a message. That posting was the /. equivalent of a horse's head in your bed.

Re:ok

omg! thanks for pointing this out! I've seen that joke made a thousand times, but noone ever made that comment! you sire are a god amongst men!

Re:ok

[maxwell+demon]

Did you check if your mail server is actually an open relay?

Re:ok

[Narpak]

In fact, almost everyone on the net is a spammer. It's kind of a secret club, where you have to pass a secret trial, to gain your secret right of entry. It's so secret, I shouldn't even be divulging this secret information.

Order your copy of the Secret Guide to Membership NOW. Only 19.99$, for 29.99$ you get the extra DvD and you own genuine signet ring!

Re:ok

[maxwell+demon]

Actually, when they shot him, his head fell onto his mouse, triggering a click, which by chance hit the submit button.

Re:ok

[Dan+Ost]

If my understanding is correct, project honey pot puts bogus emails in webpages and any mail sent to those email addresses are, pretty much by definition, spam.

If that's true, then that would indicate that your machine is sending email to honey pot addresses.

Re:ok

[DavidTC]

Which would work if you could submit things that way, but sadly there's a Preview required.

Re:ok

[NevarMore]

The Spam Club is sending a message. That posting was the /. equivalent of a horse's head in your bed.

I fail to see how thats anything like necro-beastiality.

Re:ok

[revlayle]

OH NO - Candlejack got h

Re:ok

No, that is the current number of compromised systems.

Re:ok

[maxwell+demon]

Well, in the shock of hearing them coming through the door, he already accidentally had pressed preview.

Re:ok

[Jamil+Karim]

His head bounced, thereby clicking twice. Miraculously on the preview button, and then the submit button.

Re:ok

[Sir_Lewk]

Slashdot doesn't make me preview comments prior to submiting, perhaps that's because I use the old commenting system.

Re:ok

[An+ominous+Cow+art]

I used to be into sado-necro-bestiality, but then I realized I was just beating a dead horse.

Re:ok

[Mister+Whirly]

What? I can submit with previewing first.

Re:ok

[operagost]

The first rule of spam club is that you don't talk about spam club.

Re:ok

[An+ominous+Cow+art]

Perhaps he was dictating?

Re:ok

[Idiomatick]

So secret that most people in it don't even know they are in it!


seriously...mostly it is people with viri.

Re:ok

[electrons_are_brave]

It depends how you have your defults set in "posting".

one billion spammers

Isn't that like McDonald's 99 billion served, or are one-sixth of us spamming?

Re:one billion spammers

[lordtoran]

More like, one-sixth of the world population are part of a botnet, relaying junk mail for the true spammers.

Re:one billion spammers

[treeves]

99 billion burgers, not 99 billion people.

People fall for spam?

[rehtonAesoohC]

It's been a long lonnnng time since I've actually seen a spam message that I didn't immediately recognize as spam... Maybe some people are completely ignorant of the fact that someone on the internet is out to take your money (*gasp!*), but honestly, how can the amount of effort expended in creating spam compare to the amount of money they receive from suckers who click on "V1AGRA!11!!" links?

I'm just sayin'...

Re:People fall for spam?

[HungryHobo]

because if you send a million spam mails you only need a handful of people to actually buy anything, I'm talking a few dozen, to cover your costs.

Re:People fall for spam?

[Thanshin]

You should reason the opposite way.

Knowing that spam gives benefit. Who are the people who fall on all those traps and how could we help them not to?

Re:People fall for spam?

[castironpigeon]

how can the amount of effort expended in creating spam compare to the amount of money they receive from suckers who click on "V1AGRA!11!!" links?

You're saying you don't know anybody who clicks on ads because they read "Click Here" ?

Re:People fall for spam?

[rehtonAesoohC]

Well I mean I can understand how people can fall for links in ads on a website somewhere, but emailed spam, really?

Re:People fall for spam?

[Again]

because if you send a million spam mails you only need a handful of people to actually buy anything, I'm talking a few dozen, to cover your costs.

And if the spam includes a link to a website which is ad-based the user doesn't even need to hand over his credit card number to make the spam worthwhile.

Re:People fall for spam?

[zullnero]

You'd be surprised. There are still people out there dipping their first toe in the Internet pool because they felt it was time that they learn this "email" thing for various reasons. Those are precisely the people that spammers are targeting.

That said, bulk email is very 1999, and the spammers know it. The real goal these days is to try to get as many systems out there connected to botnets as possible and try to "force feed" as many people with spam as they possibly can. The key is to fashion emails to look as concise as possible, and get your parents' and friends' computers to send that email to you instead of a complete stranger. Suddenly, the basic spam defense tactics that we all know and live by go out the window. Everyone's mom or dad has a mailing list for forwards, and that is a prime target. If you got an email from your dad saying "I just made my own website!" and a link, you can bet there'd be at least a few kids who'd try to be good kids and click that link. And they're always the ones who don't patch their systems up, too.

Re:People fall for spam?

[armareum]

..your link doesn't work :(

Billionth spammer? Really?

Spammer is supposed to be the person who spams our mail boxes. If there were a billion of those then approximately 1 in 7 people in the world would be a spammer. That number is unthinkable, even for Florida's and Brazil's standard..

Maybe

[machinelou]

Maybe now with a billion samples, we can start training people how to recognize it.

Re:Maybe

[sajuuk]

That would imply that the average human has a brain capable of logical deduction. Sadly, that is not the case.

Re:Maybe

[sabt-pestnu]

The article calls out that primarily, bots are used to actually distribute the spam.

Bots are also used for any number of malicious purposes, spam being perhaps the most benign (because it CAN be recognized and discarded).

People have called in this thread for training victims to make spam not pay. This might work for spam bots, but would do nothing for any other type of bot. How about training people to ensure their machine is swept clean of malware on a regular basis, and to keep adequate defenses (AV software, browser guards, whatever)?

Re:Maybe

[maxwell+demon]

Actually, you don't need logical deduction to correctly sort most emails. Just say "spam" every time, and most of the time you'll be right.

Re:Maybe

[Mister+Whirly]

All it takes is for one human brain capable of logical deduction to write the code for the software that will sort out the SPAM for everyone else.

Re:Maybe

[MobileTatsu-NJG]

Maybe now with a billion samples, we can start training people how to recognize it.

Do you actually know anybody who's ever purchased something from SPAM?

Time to celebrate with a song

[kbob88]

Let's celebrate with a song we all know: "Spam, spam, spam, spam, spam..."

Now repeat 1 billion times...

(Sad to think that way more spam has been sent than the number of times that Monty Python sketch has been played; should be the other way around)

In the terribly elegant words of... someone?

[Sir_Lewk]

You can't fix stupid.

Re:In the terribly elegant words of... someone?

[Opportunist]

Yes you can. Smith&Wesson released their first debugging tool for it over a century ago. The application remains illegal for some odd reason I don't really understand.

Re:In the terribly elegant words of... someone?

[dissy]

Yes you can. Smith&Wesson released their first debugging tool for it over a century ago. The application remains illegal for some odd reason I don't really understand.

Ah yes, the original 'point and click' interface for remotely managing stupid.

And it is illegal now you say? My apologies but from the place I hide to avoid stupid, we don't get many updates on all these new fangled laws.

Re:In the terribly elegant words of... someone?

[maxwell+demon]

Yes you can. Smith&Wesson released their first debugging tool for it over a century ago. The application remains illegal for some odd reason I don't really understand.

Ah yes, the original 'point and click' interface for remotely managing stupid.

And it is illegal now you say? My apologies but from the place I hide to avoid stupid, we don't get many updates on all these new fangled laws.

It probably violates Amazon's one-click patent.

Re:In the terribly elegant words of... someone?

[cybiko123]

It's not for debugging, it's for troubleshooting.

Re:In the terribly elegant words of... someone?

[Thelasko]

You can't fix stupid.

-Ron White

Re:In the terribly elegant words of... someone?

[StikyPad]

Hmm. I'm not sure that destroying something really qualifies as fixing it...

Aw whatever, it's all semitic or antisemantics or something. Yee haw!! *pow pow*

Re:In the terribly elegant words of... someone?

Prior Art!

Re:In the terribly elegant words of... someone?

[MobileTatsu-NJG]

You can't fix stupid.

Ignorance != stupidity.

Re:In the terribly elegant words of... someone?

[Opportunist]

Nannystate, what did you expect?

What happened to the land of the free when you can't simply shoot anyone anymore?

Re:In the terribly elegant words of... someone?

[Opportunist]

Hmm. I'm not sure that destroying something really qualifies as fixing it...

Dunno, but we'll soon see, there's an experiment with this method currently being tested on our economy.

Is anybody actually trapped by it?

[jfengel]

Their web site claims, "We also work with law enforcement authorities to track down and prosecute spammers." Have they actually prosecuted any spammers using this?

If it helps create better spam filters, yay. But I'd really like to know if any spammers are being punished as well.

Re:And now, a Joke (FROSTY PISS!)

Sorry, but only the 2nd joke was moderately funny; the rest are just retarded.

The summary is wrong

[hwyhobo]

The article says clearly:

On Wednesday, December 9, 2009 at 06:20 (GMT) Project Honey Pot received its billionth email spam message

In fact, the title of the article is:

Our 1 Billionth Spam Message

Re:The summary is wrong

The summaries are routinely wrong.

Re:The summary is wrong

[AndrewNeo]

Only routinely? You must be new here.

Re:The summary is wrong

Only routinely?

This doesn't make sense. This is like saying "only always?".

Re:The summary is wrong

[Logical+Zebra]

Thanks for reading TFA and ruining all our fun.

Legalize OTC Viagra ?

[FauxPasIII]

Putting aside for a moment the potential medical issues, I wonder how much money would be saved in the US economy if we just legalized the selling of Viagra over the counter?

Re:Legalize OTC Viagra ?

[gad_zuki!]

The cost of treating doughy impotent old men for heart attacks caused by Viagra Im sure outweighs this. Its not exactly safe:

http://www.ehow.com/facts_5687205_viagra-risk-factors.html

If anything, its legal as a script because of the intense demand. I wonder if something thats targeted at old men that also drops heart pressure and causes heart attacks would be tolerated as even sellable if it wasnt for the overwhelming demand to get Mr Pokey up one last time. Pot is safer.

Re:Legalize OTC Viagra ?

Why are we treating doughy old men then? 6 billion people and rising, let's let some of them die "with a bang".

Should have donated my email address

[jittles]

I must get a billion spam in one year. :(

Damn spammers

Cost-benefit

[delirium+of+disorder]

If you total up all the productivity lost to fighting spam and time wasted getting spam, it's probably cheaper to just put the spammers out of business by giving every male on earth free Viagra.

Re:Cost-benefit

[Hoi+Polloi]

I hope they start spamming "Meet hot and horny girls!" more then.

Re:Cost-benefit

But how would you contact them? via e-mail? Then how would they know it was legit? Damn spammers!

Re:Cost-benefit

If you total up all the productivity lost to fighting spam and time wasted getting spam, it's probably cheaper to just put the spammers out of business by giving every male on earth free Viagra.

Kill them with viagra? How can you be sure every spammer are male, need viagra and have a latent heart condition?

956 ways?

[circletimessquare]

viagra can be misspelled many ways
in an email message.
all of them not as direct as
going and using this way of
routing the word around filters,
and not even misspelling it

Re:956 ways?

[daveime]

Pare, considering you've been in the "editing" stage since February 2007, perhaps it's time to update your sig to "I've grown tired of making a Low Budget HDV Filipino Horror Movie in NYC" ?

It's not easy being a Viagra spammer...

They face a lot of STIFF competition!

Re:It's not easy being a Viagra spammer...

[fafaforza]

Depite all that, they still try to stand up and deliver, with their heads held high.

Not Something to Celebrate

[BlindSpot]

To celebrate,

Personally I think 1 billion spam isn't something to celebrate. "Mourn" is more like it...

Re:Not Something to Celebrate

[batquux]

If it helps, this really doesn't sound like much of a celebration:

To celebrate, the team behind the largest community sourced project tracking online fraud and abuse released a full rundown of statistics on the last five years of spam.

Hopefully it won't get too wild.

Where's the list

[SnarfQuest]

I've only been able to come up with 796 versions of viagra. I'm sure there must be many more. Can I download the list? It would help in my work^h^h^hhobby...

no ipV6

[mabu]

The most effective way of stopping spam thus far is using IP blacklisting. It should be noted if the net moves to ipV6, that will be the end of blacklist effectiveness for some time.

Re:no ipV6

[daveime]

Yup, just set your filter to block the range 0.0.0.0 to 255.255.255.255.

Problem solved.

Slashdot requires you to wait between each successful posting of a comment to allow everyone a fair chance at posting a comment. This is because the submission process is so borked, it takes 45 seconds to write a new entry to our database.

Chances are, you're behind a firewall or proxy, or clicked the Back button to accidentally reuse a form. Please try again. Nope, it's just my neurons fire faster than once per minute.
 

Re:no ipV6

[Straterra]

Not really. Every end user is supposed to get a /64. You could just block their /64 and accomplish pretty much the same thing.

Re:no ipV6

[JesseMcDonald]

Why would that be? You can block a /64 just as easily as a single IP address. Sure, each end-user may have 2**64 separate addresses, but they'll all be within the same subnet. If a particular host is misbehaving you can just block their entire /64.

In fact, the lack of ubiquitous NAT should make it easier to block individual hosts without affecting non-offending customers of the same ISP.

Re:And now, a Joke (FROSTY PISS!)

[Kleen13]

ID10T

Mod parent funny :)

[jonaskoelker]

Sorry for moderating you overrated. I meant to click 'Funny'. Posting to undo.

Mod parent funny

[jonaskoelker]

I posted in this thread to undo a moderation misclick. That has wiped my 'Funny' moderation of my parent's post. Sorry. Someone please mod parent Funny :)

I wonder

[tool462]

I wonder how many of those Viagra spelling variations are valid Perl code...

You forgot

[Capt.DrumkenBum]

The first rule of Spam Club, is never talk about Spam Club.

1 billion naive pattern matches?

Yea, lets celebrate the evolution of a stupid, fundementally unwinnable and pointless battle between spammers and spam fighters.

Do they keep statistics on how many legitimate messages (viagra jokes!!) were marked as spam and never brightened the day of their intended receipients?

From personal experience the number of legitimate technical emails that get marked as spam (Either disappear outright or customers later fishing out of their spam folders) is nothing short of rediculous. SNR, total lack of reliability and trust significantly reduces the utility of the Internets messaging system.

The current mail system desperately needs some morsal of trust injected otherwise it will have no future. The amount of life being sucked from the world as a whole reading/deleting/falling for SPAM is nothing short of a greek tragedy.

Unfortunately those cooking up naive solutions feed into the evolution of filter avoidance by spammers while at the same time reducing the reliability of the Internets SMTP messaging system.