Slashdot Mirror
Malicious Spam Jumps To 3B Messages Per Day
Trailrunner7 writes "Last year saw a monstrous increase in the volume of malicious spam, according to a new report (PDF). In the second half of 2009, the number of spam messages sent per day skyrocketed from 600 million to three billion, according to new research. For some time now, spam has been accounting for 90 or more percent of all email messages. But the volume of spam had been relatively steady in the last couple of years. Now, the emergence of several large-scale botnets, including Zeus and Koobface, has led to an enormous spike in the volume of spam."
What about delicious spam?
Why can't ISP's detect large numbers of messages suddenly going to a vast array of e-mail address and shut it down?
Nobody normally does that; seems like it should be easy behavior to detect and stamp out algorithmically.
1. Lusers get spammed by e-mail
2. Lusers migrate to facebook
3. Lusers, get infected with koobface on facebook
4. Lusers spam everyone by e-mail
Windoze.
Yours In Minsk,
K. Trout
So, if we try and hold ISPs or telecoms liable for what moves over their wires, they would have to hunt down the spammers as well as the pirates? What an awkward position to be in, especially when a big revenue stream is at stake.
Yeah, I didn't RTFA.
Also, what percentage of email is 3 billion, anyway?
-
And I still see less then 1 per month in my Inbox.
_THIS_ is the price I am willing to pay to allow Google to filter my email.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
Subscribe to one free daily naked chick mailing list. Imagine how much of that spam is about porn! There are probably more porn emails sent out every week than there are people on the planet.
I keep three email accounts. One I give out for things - registrations, contests, all that stuff. One I give out to friends and family. The third just quietly sits there empty. I check it periodically anyway and it makes me happy when no mail is found.
Thanks Mr. Bill Gates.
1c each, first 30 per day free. It would stop all spam dead
3 billion spam is a drop in the bucket of the daily spam volumes seen worldwide, there has not been a global increase of spam volumes in the last year of that magnitude (Or really much at all).
Everyone that disagrees with me is a paid shill
Ya know,until they start going after the people who hire the spammers nothing is going to change. Some businessperson is responsible for our spam not the spammer. Where and how is this Viagra getting into our country?Where are all the watches being made? and so on. Someone is paying theses spammers,get them. PS: Yes i know its not easy to catch them,but if we can send and control robots from earth on mars it CAN be done.
Jack of all trades,master of none
I'm sure someone will post the standard reply to this comment but here it goes:
What if ISPs blocked ports and prevented everyone and his dog from running a mail server by default? (I can already hear the outcry from everyone running his own) - though as with DNS redirections this could be turned off by logging in to your profile (at your ISPs home page)? At least we'd get rid of all the crap coming from bot nets.
FTA: "The spamming botnets are constantly in flux, waxing and waning, morphing, becoming obsolete, being replaced, taken down, and upgraded."
Read: replace dual-core bots with quad-core ones.
Just joking.
ass of them aal, dying. All major mechanics. So I'm DOG THAT IT IS. &IT Followed. Obviously development model for the project. Spot when done For
If we incorporate a pay per email scheme, with an email costing anywhere from 1/2 to 1 cent per email....with a cap being set by the government so you don't get screwed over by the ISP, not only would it be beneficial for the ISP, as less bandwidth because less spam, but also, people infected would be aware that they are infected if not by the first bill, then by the second billing.
I am aware of my downloads next bill, cause i see the extra bandwith used, but i don't see the emails sent.
If i get charged on the side, and see 1 million emails, but a cap of 20$ (let's say), then you bet your *ss I will clean my pc, and
get myself organized not to get billed for that again. People that spend no time monitoring their system have no clue, unless someone points it out for them.
By forcing a pay per email, you also make sure to have paper trails, and someone has to pay for that..eventually as the botnets die out, the spammers will have to charge more for the less they are making, or it will not be worthwhile for them, and the spam kings will slowly go out of business. Right now, they incorporate the pricing into what they charge their clients, but if you raise the cost because now legit spammers have to pay per email, you will get clients investing elsewhere for their marketing.
Am I the only one who read this headline and thought, "59 messages a day isn't so bad?"
SPAM was the absolute bane of my existence (I have several very public email addresses that have to remain that way) until the day I finally (at at the time reluctantly) decided to run all of my mail through Gmail accounts, without exception. I had used block lists, several ISP-based filters, spamassassin post-POP3 on my own local net, and a bunch of filters, and it was eating hours a day of attending to SPAM (new filters, fixing filters, marking as spam, marking as ham) and so many CPU cycles that a dedicated box couldn't keep up. Not to mention that due to the processing overhead of all that filtering, when someone did send me a message and told me so, I'd have to tell them "I'll get it in ten to fifteen minutes." And all for a few (three, really) email queues that belong to one person and a couple assistants?
Now I forget that SPAM exists, and my email comes in more or less instantly.
For a decade now, Google has more or less singlehandedly kept the internet usable.
STOP . AMERICA . NOW
The report is very well written and provides very interesting information, but whoever decided to use light grey on white should get his or her eyes poked out with a needle.
Yeah, we can see how much of a wonderful difference all those filtering programs that are on the market today are doing for the worldwide spamming problem. That is, no difference.
If you want to do something about the spamming problem, start looking beyond your own nose. Stop adjusting your filtering rules constantly. Pay attention to the cause of the problem - spam is an economic problem. Until something is done about the profit-motive (and the insane margins of profit) behind spam, the problem will only continue to grow.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
- Monty Python
"Have you got anything without spam?"
"Well, there's SPAM, egg, sausage, and SPAM; that's not got much SPAM in it."
Therefore all SPAM should have eggs and sausage in it.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
The Viagra spams seem to be dominating my filter now. They don't even mangle the spelling any more! They just change the percent discount from spam-to-spam. Perhaps they change other things too but I don't know because I just "check all, delete". The rise in Viagra spam (no puns intended anywhere in this post) seems to have started about a month ago.
If Viagra spam isn't considered malicious, then I can't say I've noticed any increase in spam. Maybe they have malicious code attached; but like I said I don't open them...
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Given the estimation that 90% of e-mail was spam *before* a five-fold daily increase, why aren't more people/companies clamoring for a complete e-mail re-architecture? Improved filtering and new spam laws are just symptomatic fixes - the entire way we do e-mail needs to change.
The resources wasted and stolen by spam are staggering. Eventually the economic and political incentive to adopt better e-mail protocols has to kick in; I'm just surprised it hasn't yet.
I find the way they handled the "spam problem" in the fictional book Daemon quite perfect: "All spammers will die."
It's simple, straightforward, and is impossible to stop as it [the Daemon] operates outside the law. The first time the scenario is presented, four people are shot to death and that message is left amid the carnage. That happens a few dozen times over worldwide and you start to see a pattern even spammers will recognize...
Moral relativity aside, from a certain standpoint that tactic might actually work; there is nothing right now that scares spammers. Being found requires a significant amount of resources: tracing down the network, identifying a single point of control (if there is one,) identifying the person(s) attached to that system, etc. Botnets make the problem exponentially harder. Yet, we still can't really do anything about it and we have to dedicate entire careers to the act of reducing spam. There is something fundamentally wrong with that, I think.
Everyone is paying to filter the spam but maybe ISPs should pay to find the spammers. At some (probably low) cost, you can induce people to find the spammers. After all, the spammer has to have a way to collect money from his/her targets. Also, I wish ISPs would find the people who respond to spam and give them email accounts at a site that the spammers can freely target. These people are the real cause of spam.
There is so much waste on the internet. And you complain about spam? Look at Flash ! Most of the Flash movies out there are basically TV. Is TV known for education as people had hoped when it was invented? No it is dumbed down for the sheeple out there: reality shows ad anauseum. Should 24 be an example of an education show? What exactly do we learn from 24? In short, TV is basically a waste and now I fear that the internet is turning into shit. And you complain about waste? Even slashdot itself seems to use so much goddamn javascript. Soon one will need a supercomputer just to execute javascript. OIE VEY.
I have a domain name that I do mail forwarding for. Some botnet owner decided it was worth finding emails to spam to on this domain. So now every single day, 24/7 365 days a year, once or twice a minute I get an attempt to send an email to fsdfs34@mydomain.com where fsdfs34 gets replaced with every possible email conceivable. At first I decided to add an ip blocker for anyone who spammed me, but it soon slowed down my mail server so much that I had to take it out once the list grew into the 10s of thousands of ips.
Now I just greylist and tightly check EHELOs which seems to keep any of the spam from getting anywhere. Nevertheless, the attempts come relentlessly and continuously like clockwork form ips all over the world.
where might i....oh wait ...haha.
and i failed to confirm im a human
then what the fuck am i
In other news, Lifehacker's Remains of the Day for today reports that 80% of malicious exploits use Adobe Acrobat PDF files as an attack vector. Download the report and get infected! ROFL!
The Yahoo filter is very good. After a while you get one spam a month, maybe, and one or two items fall into spam that you might want.
There's no way I'll waste my time filling in that form, so I've added big warning on the registration page now - sorry users of a overzealous ISP, please disable your spam filter if you can or just use another email address to register from.
holy SHIT, 3Billion messages per day, why that's equivalent to one NEW individual piece of spam in EVERY LIVING PERSON'S INBOX ON EARTH...every 2 days!!. Or rather spam folder. But still! Looked at it another way, in just one short month, that would be FIFTEEN messages in a single person's inbox. How many legitimate mails do you get per month? Can you imagine sorting through FIFTEEN pieces of spam to get to just four weeks of real mail? Email is useless.
um, not. wake me when the number of spam messages reaches 3B per second. That will be an interesting milestone...
You nerds sure get hyped up over 59 spam messages a day. That really isn't that much when you think about the whole internet.
Wait... you mean that wasn't hex?
I should think that spam is much more serious problem bandwidth-wise.
...and in my Gmail account I never see even one.
Minti: What's that huge shuriken in your back?! Kin: It's the instrument of my victory.
How do you tell the difference between a spamvertiser and a joe job?
That is an excellent question. If one were to presume that there is no (or next to no) overlap between the two sets, then you can identify the difference based on the registration of the domain. Often a great number of spamvertised domains are all resolved by a very short list of DNS servers, which is why I advocate looking at the spamvertised domains as well as the domains that resolve and register them. If you follow that reasoning, you could also differentiate spamvertised domains from legitimate domains that are being subjected to joe jobs from spammers.
However, if a legitimate domain were to for some reason use the spammer's DNS servers and find itself the target of a joe job, then they would be targeted by those combined signs.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.