Slashdot Mirror
Malicious Spam Jumps To 3B Messages Per Day
Trailrunner7 writes "Last year saw a monstrous increase in the volume of malicious spam, according to a new report (PDF). In the second half of 2009, the number of spam messages sent per day skyrocketed from 600 million to three billion, according to new research. For some time now, spam has been accounting for 90 or more percent of all email messages. But the volume of spam had been relatively steady in the last couple of years. Now, the emergence of several large-scale botnets, including Zeus and Koobface, has led to an enormous spike in the volume of spam."
What about delicious spam?
So, if we try and hold ISPs or telecoms liable for what moves over their wires, they would have to hunt down the spammers as well as the pirates? What an awkward position to be in, especially when a big revenue stream is at stake.
Yeah, I didn't RTFA.
Also, what percentage of email is 3 billion, anyway?
-
And I still see less then 1 per month in my Inbox.
_THIS_ is the price I am willing to pay to allow Google to filter my email.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
Subscribe to one free daily naked chick mailing list. Imagine how much of that spam is about porn! There are probably more porn emails sent out every week than there are people on the planet.
I keep three email accounts. One I give out for things - registrations, contests, all that stuff. One I give out to friends and family. The third just quietly sits there empty. I check it periodically anyway and it makes me happy when no mail is found.
I can't compile what you're trying to say without the ??? and Profit! directives.
I'd rather have my ISP not be in the business of picking through my traffic and deciding what's "good" and what's "evil". Who I talk to over my connection is my business.
Because one person sending a mailshot to a hundred or so people looks a lot like a botnet.
One person mailing their CV to 200 companies can look a lot like a botnet.
One teenage girl telling everyone about a party can look a lot like a spammer.
Sure if the botnet isn't well written then it'll just blast spam out of every node 24/7 but the really good ones are going to try hard to evade detection.
Hell if you've got enough compromised PC's and you're organised as modern botnet herders are then you can collect a lot of good data on how regular users send email and make sure the nodes of your botnet avoid going far outside the curve.
3 billion spam is a drop in the bucket of the daily spam volumes seen worldwide, there has not been a global increase of spam volumes in the last year of that magnitude (Or really much at all).
Everyone that disagrees with me is a paid shill
Botnets tend to send out directly from the PC instead of using the ISP mail server as most people don't tend to host their own SMTP server.
Everyone that disagrees with me is a paid shill
Maybe in the year 1995. I'm pretty sure they can handle having a list of ISP's mail servers and use them now. Sending from a consumer line would be quite useless anyway because 99% of email services would directly block such emails.
Ya know,until they start going after the people who hire the spammers nothing is going to change. Some businessperson is responsible for our spam not the spammer. Where and how is this Viagra getting into our country?Where are all the watches being made? and so on. Someone is paying theses spammers,get them. PS: Yes i know its not easy to catch them,but if we can send and control robots from earth on mars it CAN be done.
Jack of all trades,master of none
Although I think very low of the morality of those who do this for a living, but at times you really have to respect their skills.
This isn't just like running an email service for a fortune 500 company, its more like running a black ops email service for a fortune 500 company.
Every aspect of the operation is ran over with a fine tooth comb for discretion. Not too many from each node, sending out the spam messages at a low rate, redundancy, resource management, payroll. This cannot be easy.
Too bad these people are going with a life of crime, with their potential I would think they could do very well in legitimate work.
Don't know something? Look it up. Still don't know? Then ask.
why wouldn't they use the users accounts?
Botnets grab logins for hundreds of thousands of legit email accounts, hell they can even use the users own SSL connection to send the emails when they log in to their email.
Whatever way users send normal mail the bots can emulate them.
Yes, I am sure the botnet herders will be happy to send you a cheque.
upon the advice of my lawyer, i have no sig at this time
FTA: "The spamming botnets are constantly in flux, waxing and waning, morphing, becoming obsolete, being replaced, taken down, and upgraded."
Read: replace dual-core bots with quad-core ones.
Let me know when you find a reliable way to...
a) Charge for email
b) Prevent unpaid mail from being sent
c) Prevent botnets from sending 30 free messages then stopping for the day
d) Prevent botnets from sending a ton of paid messages using financial info on the host computer
e) Prevent spammers from setting up a mail server that charges for messages, repeating d) and then collecting all the money.
etc, ad nauseum.
I've found that nurturing one's Zen nature is vital to dealing with technology. Violence is pretty damn useful too.
If we incorporate a pay per email scheme, with an email costing anywhere from 1/2 to 1 cent per email....with a cap being set by the government so you don't get screwed over by the ISP, not only would it be beneficial for the ISP, as less bandwidth because less spam, but also, people infected would be aware that they are infected if not by the first bill, then by the second billing.
I am aware of my downloads next bill, cause i see the extra bandwith used, but i don't see the emails sent.
If i get charged on the side, and see 1 million emails, but a cap of 20$ (let's say), then you bet your *ss I will clean my pc, and
get myself organized not to get billed for that again. People that spend no time monitoring their system have no clue, unless someone points it out for them.
By forcing a pay per email, you also make sure to have paper trails, and someone has to pay for that..eventually as the botnets die out, the spammers will have to charge more for the less they are making, or it will not be worthwhile for them, and the spam kings will slowly go out of business. Right now, they incorporate the pricing into what they charge their clients, but if you raise the cost because now legit spammers have to pay per email, you will get clients investing elsewhere for their marketing.
If you're going to use the check-list then at least fill it out right:
(x) No one will be able to find the guy or collect the money
( ) Microsoft will not put up with it
Bill actually suggested this a couple of years ago.
Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
Am I the only one who read this headline and thought, "59 messages a day isn't so bad?"
Why can't ISP's detect large numbers of messages suddenly going to a vast array of e-mail address and shut it down?
Basically what you're suggesting boils down to throttling the entire Internet so that it can't handle the capacity of spamming, which will make it useless for any e-mail delivery. You might as well just kill e-mail.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
SPAM was the absolute bane of my existence (I have several very public email addresses that have to remain that way) until the day I finally (at at the time reluctantly) decided to run all of my mail through Gmail accounts, without exception. I had used block lists, several ISP-based filters, spamassassin post-POP3 on my own local net, and a bunch of filters, and it was eating hours a day of attending to SPAM (new filters, fixing filters, marking as spam, marking as ham) and so many CPU cycles that a dedicated box couldn't keep up. Not to mention that due to the processing overhead of all that filtering, when someone did send me a message and told me so, I'd have to tell them "I'll get it in ten to fifteen minutes." And all for a few (three, really) email queues that belong to one person and a couple assistants?
Now I forget that SPAM exists, and my email comes in more or less instantly.
For a decade now, Google has more or less singlehandedly kept the internet usable.
STOP . AMERICA . NOW
Add to this the fact that when you do report phish, 419, or malware spam, the ISPs snooze over the report for days until finally doing something about it-- and sometimes they never do anything at all. Some mail hosters don't even have abuse accounts to report to.
---- Teach Peace. It's Cheaper Than War.
One teenage girl telling everyone about a party can look a lot like a spammer.
And what would be so bad about ISPs blocking that???
Yeah, we can see how much of a wonderful difference all those filtering programs that are on the market today are doing for the worldwide spamming problem. That is, no difference.
If you want to do something about the spamming problem, start looking beyond your own nose. Stop adjusting your filtering rules constantly. Pay attention to the cause of the problem - spam is an economic problem. Until something is done about the profit-motive (and the insane margins of profit) behind spam, the problem will only continue to grow.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Not to mention much of the corporate world's communications. This is one of those "looks good on paper" things.
You know the thing about UDP jokes? I don't care if you get it or not.
- Monty Python
"Have you got anything without spam?"
"Well, there's SPAM, egg, sausage, and SPAM; that's not got much SPAM in it."
Therefore all SPAM should have eggs and sausage in it.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Do you want ISPs in the business of Policing traffic? This is a multi-faceted problem and it needs multiple avenues to solve it. Blocking Spam traffic is one thing, filters are another. It does need to get blocked from the source. That of course will get fixed when Windows has no further BSODs.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Yeah, well, if it quacks like a duck...
Seriously, if you are trying to communicate with hundreds of people, there are technologies meant for that. Email isn't one of them.
Maybe in the year 1995. I'm pretty sure they can handle having a list of ISP's mail servers and use them now. Sending from a consumer line would be quite useless anyway because 99% of email services would directly block such emails.
It may be nearly useless. That doesn't mean that botnets aren't sending email direct-to-MX. These hosts have connected to our incoming MX's in just the last couple of minutes, and I'd say it's a small sample :) But, nearly all of these connections get pretty high scores from spamassassin, and users generally don't see the resulting spam.
129-219-159-242.nat.asu.edu
s0106001d60d07529.lb.shawcable.net
79.103.93.54.dsl.dyn.forthnet.gr
adsl-074-251-208-007.sip.tys.bellsouth.net
87-205-77-134.adsl.inetia.pl
77-56-149-16.dclient.hispeed.ch
cpe-065-190-194-031.nc.res.rr.com
cablelink-173-211-215.cpe.intercable.net
host-89-231-69-81.plock.mm.pl
He's just salty because he wasn't invited.
The ignorance of your post is incredible.
Seriously, if you are trying to communicate with hundreds of people, there are technologies meant for that. Email isn't one of them.
Yes it is. I would argue my point with you but I really do not need to. Everyone here can see that your statement is Wrong.
Why is it so hard to only have politicians for a few years, then have them go away?
http://en.wikipedia.org/wiki/Dancing_pigs has a nice explanation of the problem.
Why is this modded troll?
Seriously people, bot nets are virtually 100% windows machines, not because windows is popular, simply because windows is so EASY to subvert.
Nothing has improved or changed in this fact since spam started to be a serious problem.
Sig Battery depleted. Reverting to safe mode.
I'd be happy if more of the bigger mail services recognized my mail server for my hobby site's user signups as non-spam. Despite the fact the MX on record is the sending server, and the domain for the MX has been up for a while. I've in the past year retired the use of my company's domain name, and revised my hobby site to use a newer domain. Just the same, this has been over the course of a year, not all at once.
Michael J. Ryan - tracker1.info
But it's my business to pay my ISP to funnel the bytes sent to me. If the bytes coming from your ISP are frequently evil, I'd fully support my ISP in blacklisting you, especially if it saves me money or increases my bandwidth.
So if your ISP decides to cut yours off unless they impose some sort of anti-bot policy, I'd be in favor. And I'm perfectly willing to have my ISP do the same to me if it's what's required to play nice with their neighbors.
If you want your ISP to be blind to your bits, and suffer the fact that they'll have to install more bandwidth and be potentially filtered (and lose customers for that, raising your prices further), be my guest. I'm willing to live with that minor invasion of privacy (cutting off obvious bots) in exchange for lower prices.
I bet their work is more enjoyable and interesting than mine, over all.
http://michaelsmith.id.au
The Viagra spams seem to be dominating my filter now. They don't even mangle the spelling any more! They just change the percent discount from spam-to-spam. Perhaps they change other things too but I don't know because I just "check all, delete". The rise in Viagra spam (no puns intended anywhere in this post) seems to have started about a month ago.
If Viagra spam isn't considered malicious, then I can't say I've noticed any increase in spam. Maybe they have malicious code attached; but like I said I don't open them...
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Hell if you've got enough compromised PC's and you're organised as modern botnet herders are then you can collect a lot of good data on how regular users send email and make sure the nodes of your botnet avoid going far outside the curve.
That, or the herders adjust their botnet so the behavior of each node is such that it *becomes* the curve...
Given the estimation that 90% of e-mail was spam *before* a five-fold daily increase, why aren't more people/companies clamoring for a complete e-mail re-architecture? Improved filtering and new spam laws are just symptomatic fixes - the entire way we do e-mail needs to change.
The resources wasted and stolen by spam are staggering. Eventually the economic and political incentive to adopt better e-mail protocols has to kick in; I'm just surprised it hasn't yet.
I find the way they handled the "spam problem" in the fictional book Daemon quite perfect: "All spammers will die."
It's simple, straightforward, and is impossible to stop as it [the Daemon] operates outside the law. The first time the scenario is presented, four people are shot to death and that message is left amid the carnage. That happens a few dozen times over worldwide and you start to see a pattern even spammers will recognize...
Moral relativity aside, from a certain standpoint that tactic might actually work; there is nothing right now that scares spammers. Being found requires a significant amount of resources: tracing down the network, identifying a single point of control (if there is one,) identifying the person(s) attached to that system, etc. Botnets make the problem exponentially harder. Yet, we still can't really do anything about it and we have to dedicate entire careers to the act of reducing spam. There is something fundamentally wrong with that, I think.
Everyone is paying to filter the spam but maybe ISPs should pay to find the spammers. At some (probably low) cost, you can induce people to find the spammers. After all, the spammer has to have a way to collect money from his/her targets. Also, I wish ISPs would find the people who respond to spam and give them email accounts at a site that the spammers can freely target. These people are the real cause of spam.
A lot of ISPs already block port 25, what else do you want?
upon the advice of my lawyer, i have no sig at this time
True. I tried reporting a troublesome IP to comcast and their email address bounced as non-existent. I'm pretty sure they are supposed to keep those whois records up to date if they want to keep their domain, but hey, who follows the tld rules anymore? PS you can contact me at by sending mail to:
Proxy Domain nonsense
0 Null-ville Drive
DROP TABLE `%`, IN 12345
Get a web developer
Sadly, the real world does not work the way you expect it to.
Sadly? More like fortunately, since the botnets' internal SMTP engines typically suck and are often foiled by techniques like greylisting and blocking mail sent directly from dynamic IPs.
If they bothered to read the user's Outlook config and use that to send mail we'd be in a whole heap of trouble.
If I have been able to see further than others, it is because I bought a pair of binoculars.
If any other OS was the popular one instead, the problem would be exactly the same there. Remember that you don't even need to obtain root to send spam. The "but you only download software from your distros repo!" wouldn't be so either because people want to buy games, applications and install all kind of shareware/freeware, and that just wouldn't be possible with a single distro that would have strict rules on what apps are there (and no, messing with yum config files and cert's isn't an option with casual people either).
Thanks for the coolaid, but I'm not drinking.
Microsoft has done an excellent job selling this "Popular" argument, but it is patently untrue.
Sig Battery depleted. Reverting to safe mode.
That's because abuse@ and postmaster@ are the FIRST addresses to get spamblasted on every domain. They have been completely useless for ALL of this millenium.
Face it, the RCFs for most internet protocols were written decades ago for government and academia and were not based on a commercial-use network. FTP, Telnet, NNTP, SMTP, IRC are all obsolete junk and need to just go away like Gopher, Archie, Veronica, etc. There's too much invested in TCP to completely rewrite the way the underlying network operates, but the higher-level protocols need to be replaced by encrypted, authenticated systems that can use a central authority or ring-of-trust if authentication is mission-critical. Email should be the first to go. It's not enough to cover these junk systems with security add-ons & bandaids. They need to be completely rebuilt from scratch to include both public and restricted, private channels.
Of the 5 protocols listed above, SMTP is the only one I still run on my own servers. The others have been replaced with SCP, SSH, SSL HTTP gateways & forums, and various things like texting & twitter.
Nothing worthwhile ever happens before noon
Want to explain why botnets have started appearing on Mac OS X too then?
Indeed the dynamic IPs are on every legit blacklist known to man, but the emails have still been sent and we, the users, have to deal with the slow connections, etc,. as a result.
Would it be too much to have Micro$oft add a function to Windows that would prevent any port 25 outbound traffic without explicitly entering a passphrase or something similar? That might go along way to stopping Mom, Dad's and Jr Hacker's computer, which is infected from all those free offers, Myspace and gaming sites from sending emails?
Just a thought
== First cross river, then insult alligator.
I have a domain name that I do mail forwarding for. Some botnet owner decided it was worth finding emails to spam to on this domain. So now every single day, 24/7 365 days a year, once or twice a minute I get an attempt to send an email to fsdfs34@mydomain.com where fsdfs34 gets replaced with every possible email conceivable. At first I decided to add an ip blocker for anyone who spammed me, but it soon slowed down my mail server so much that I had to take it out once the list grew into the 10s of thousands of ips.
Now I just greylist and tightly check EHELOs which seems to keep any of the spam from getting anywhere. Nevertheless, the attempts come relentlessly and continuously like clockwork form ips all over the world.
That's naive. Any cost savings get funneled right into the profit machine long before you see any of it.
Sigs are too short to say anything truly profound so read the above post instead.
f) Prevent spammers from becoming even more effective since people would believe that a message which the sender put money into sending has to be legitimate.
Actually my ISP does that (and many ISP's in Europe? All in my country at least). I actually thought it was more widespread thing and it was just something like comcast that didn't.
Me, too.
Yet how are we to contact ISPs and get spammer accounts closed? There ought to be a way.....
---- Teach Peace. It's Cheaper Than War.
That's a quality strawman you've got going there.
Possibly. But while the ISP market is severely under-competitive (a problem that has nothing to do with spammers), there is at least some competition in many markets. That means there's some incentive to pass along at least some of the savings along, just to keep me from jumping ship.
I don't need them to pass along every dollar, but every dollar they do pass along is money in my pocket. And if their competitor passes along more, they get nothing.
Go read about them.
These users entered their administrator password to install pirated software.
Thats a far cry from clicking on an email attachment or visiting a website for a drive-by install.
Apples to Apples please.
Sig Battery depleted. Reverting to safe mode.
The user's Outlook config? Are you kidding me? The vast majority of non-corporate users don't use any mail client at all, happy with the awful webmail interfaces. Even when they do, Outlook Express, or Windows Live Mail are more common clients for home users than Outlook.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
The Yahoo filter is very good. After a while you get one spam a month, maybe, and one or two items fall into spam that you might want.
There's no way I'll waste my time filling in that form, so I've added big warning on the registration page now - sorry users of a overzealous ISP, please disable your spam filter if you can or just use another email address to register from.
Umm...
How about make windows illegal?
I'd bet most spam is forged in some way.
If a spam message fails a SPF or DK check, just drop it without any further checking. The fact that it's forged is a dead giveaway that it's not legit.
Hell, I wish gmail would just hard-reject that sorta crap instead of leaving it in my spam folder amid other possible false positives I need to sift through to make sure nothing got filed there by accident.
I honestly don't understand the benefit of the spam folder. Silent failures are BAD. Servers should either accept and deliver a message, or reject it. That way, when a legitimate message gets flagged as spam, SOMEBODY knows about it!
...and in my Gmail account I never see even one.
Minti: What's that huge shuriken in your back?! Kin: It's the instrument of my victory.
Although I think very low of the morality of those who do this for a living, but at times you really have to respect their skills.
Skills? I think it's more a case of "even a blind pig occasionally turns up a nut." There are so many wanna-be spammers and wanna-be "hackers" and wanna-be whatever's-hot-this-week that it doesn't take much of a success rate to land a ton of spam in your inbox, and mine.
I susspect that at least 85% of the people who read Slashdot could do a better job of spamming than the spammers, if they were so inclined.
If you're a zombie and you know it, bite your friend!
Just "select all" in your web browser and the contrast will, obviously, increase. I do that on some websites where the text is so faint I can't read it otherwise.
If you're a zombie and you know it, bite your friend!
How do you tell the difference between a spamvertiser and a joe job?
That is an excellent question. If one were to presume that there is no (or next to no) overlap between the two sets, then you can identify the difference based on the registration of the domain. Often a great number of spamvertised domains are all resolved by a very short list of DNS servers, which is why I advocate looking at the spamvertised domains as well as the domains that resolve and register them. If you follow that reasoning, you could also differentiate spamvertised domains from legitimate domains that are being subjected to joe jobs from spammers.
However, if a legitimate domain were to for some reason use the spammer's DNS servers and find itself the target of a joe job, then they would be targeted by those combined signs.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
It could even be built into the Windows Firewall, though you'd have to break it into a separate "enable" option per application to avoid trojans that the user expects to allow access to the internet but is actually sending spam.
Rather than "OK" or "Cancel" the buttons should be labeled "I Am Sending an E-Mail" and "I Did Not Send an E-Mail".
If I have been able to see further than others, it is because I bought a pair of binoculars.
Original poster here, maybe I should elaborate.
Why don't ISPs providing service to home users require outgoing SMTP to pass through the ISP mailserver (firewalling port 25) and flag/block extreme usage so that their customers' virus infected machines don't spew further garbage into the Internet?
I refer you again to number 2. I think you underestimate how many machines are in a given botnet and therefore overestimate how much spam one machine in that botnet sends. They could easily slide under an ISP's per-user e-mail volume limit and still participate in a million-strong spam.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Agreed, except for the part about the spam folder. My contention is that delivering mail to a spam folder is a silent fail. I prefer to reject with 5xx anything that would go in a spam folder. Then, as you point out, the sending server will notify the sender (if one exists).