Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rustock Botnet Responsible For 40% of Spam

Posted by timothy on from the long-walk-short-plank dept.

angry tapir writes "More than 40 percent of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division. The Rustock botnet has shrunk since April, when about 2.5 million computers were infected with its malicious software that sent about 43 billion spam e-mails per day. Much of it is pharmaceutical spam."

29 of 250 comments (clear)

  1. Somebody by bobstreo · · Score: 5, Insightful

    Hunt them down and kill them all
    Please

    1. Re:Somebody by Anne+Thwacks · · Score: 4, Insightful
      Starting with the pharma companies whose products are being promoted, and the credit card companies who process the transactions.

      (They are the low hung fruit.)

      --
      Sent from my ASR33 using ASCII
    2. Re:Somebody by WrongSizeGlass · · Score: 2, Insightful

      So because someone is operating technology they are not able to safely use they should be free of reprimand?

      The infected systems should be blocked from internet access ... but surely you're not implying that people who aren't technical enough to be a sys or network admins can't own a computer? Would I have to take a test online or at a store before ordering a computer?

      Spam causes real financial trouble and being infected either means Windows and therefore Microsoft are at fault, or the user is at fault.

      I don't see you pointing a finger at those who start this whole mess: the people writing the virus "packages" for sale, the botnet operators and those who hire them to spew spam, steal bank login information, coordinate DDoS attacks and everything in between.

      Someone has to be responsible, if you left the keys to your car in the open and someone took it for a joyride, crashing into a store front and smashing up a bunch of televisions, that's exactly the same as letting someone steal bandwidth and clock cycles for spamming people.

      In this analogy those who create and maintain the botnets & spam would be the joyriders ... and once again I don't see you putting any blame on them.

    3. Re:Somebody by crow_t_robot · · Score: 3, Insightful

      (They are the low hung fruit.)

      Considering what they are selling, they are also the "well hung" fruit.

    4. Re:Somebody by selven · · Score: 5, Insightful

      I agree with hitting the pharma companies, but the credit card companies? I'd rather have them be neutral providers of monetary exchange services than have them decide what's legitimate and what isn't, just like ISPs should stay out of copyright enforcement.

    5. Re:Somebody by datapharmer · · Score: 2, Insightful

      There's no known Linux-based botnets

      The skill set of those running the linux based botnets is a little higher. It doesn't mean they aren't out there... many routers are infected and run linux just for an example, and there are quite a few rogue webservers out there too. The question for botnet owners really boils down to "do you want to run a 500 strong linux server botnet or a 2.5 million strong Windows/PC botnet?" Given the number of dual and quad core systems on the consumer market I think most would agree the latter is a better ROI.

      --
      Get a web developer
    6. Re:Somebody by DrgnDancer · · Score: 2, Insightful

      In the highly unlikely event that every person in the world switched to Linux tomorrow, I guarantee there would be a Linux botnet running in a matter of weeks. Remember that you don't have to "root" a box to get it working as a part of a botnet. Running software, initiating client side network connections, sending e-mail, these are all things that can be done as a regular user. Use a flash vulnerability, or just get the user to run a script (in some ways even easier with an unwary user in Linux, since there is no need for a telltale file extension), install botnet software in a .directory on the user's home, edit their shell start-ups scripts to get it running. Presto, botnet client.

      Would it work on you? Probably not. Would it work on a normal user? Especially a normal user who just switched to a new OS and is finding that they know even less about this new system than the little they know about the old system? Absolutely. The chances of such a person even knowing to look in .bashrc for a rogue start up, or how to do an "ls -al" to find an extra hidden directory are minuscule.

      Linux is, in general, a more secure OS than Windows in many ways (not as much so as in the past, but still more secure), but a Linux box admined by a complete neophyte in a world where people were actually targeting Linux, would be just as vulnerable as a Windows box being admined by a complete neophyte in a world where people target Windows. In the end, all OSes are vulnerable to the simple fact that normal users must be allowed (at a minimum) to run their software, save their data, and use the network. Take that away, and the computer is little more than an expensive paper weight/space heater combination device. Leave it there and users will find a way to do something stupid.

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
    7. Re:Somebody by Lurker2288 · · Score: 3, Insightful

      Yeah, go after Pfizer. Because I'm sure it's really them that's putting out all that Viagra spam, and totally not bullshit suppliers of counterfeit drugs.

      Seriously, do you have any idea how tightly regulated even direct to consumer drug ads are? There's no way any legitimate company is involved in this. I know it's fun and exciting to blame Big Pharma for everything wrong in life, but how about we stick to the many things they ACTUALLY do wrong, rather than random shit we merely attribute to them?

  2. Pharmaceutical by Tubal-Cain · · Score: 3, Insightful

    Much of it is pharmaceutical spam.

    A very particular kind of pharmaceutical.

    1. Re:Pharmaceutical by compro01 · · Score: 4, Insightful

      The spam is offering antibiotics such as linezolid, teicoplanin, daptomycin, and tigecycline, antibiotics that are reserved for highly resistant bacteria ("superbugs" like VRE and MSRA), not the stuff you can get from a veterinarian. These drugs being used inappropriately is a very bad thing.

      --
      upon the advice of my lawyer, i have no sig at this time
  3. Oh PAH-LEEEZE by Frosty+Piss · · Score: 5, Insightful

    First and foremost, don't expect ANY help from the "security" companies like Symantec and the like, SOLVING this problem would mean the end to their extortion business.

    And, don't expect ANY help from the "white hats" in general, all they can do is walk in circles pontificating about how it would be unethical to hack these networks and bring them down.

    So really, the only solution is the possibility of someone with "black hat" skilz that wants to be paid to take the system down outside the "law".

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Oh PAH-LEEEZE by blueg3 · · Score: 1, Insightful

      There's more than enough threat for Symantic etc. to deal with one and still have a viable business model.

      And you're right, white hats don't hack other people's machines, which is illegal, just because it seems like a convenient solution to a problem. That's basically how that works.

    2. Re:Oh PAH-LEEEZE by Anonymous Coward · · Score: 2, Insightful

      Still, it's true if you think about it.

      Imagine if nearly 90% of cars and trucks on the road dumped trash all over the place when driving around? Those drivers would get a ticket and be required to go to a garage to fix whatever the hell is causing their vehicle to dump trash everywhere.

      No such law exists for computers and the internet. And everyone has to suffer because of it.

      So, good is dumb because your hands are tied in laws. And evil triumph because we get billions of spam clogging the tubes all over the place.

    3. Re:Oh PAH-LEEEZE by Elektroschock · · Score: 2, Insightful

      It is no problem for Government agencies to take extralegal action.

      But indeed the core is that people should use Linux and users of infected Windows machines should pay.

  4. So how hard.... by Anonymous Coward · · Score: 3, Insightful

    Is it to order some of their crap. Track down where the money goes.

    And kill them.

    We've spent more doing less millions of times... Why don't we get around to fixin this problem?

  5. Wunna These Days, Alice... by Anonymous Coward · · Score: 1, Insightful

    Wunna these days, some bright young researcher with more brains than sense is gonna get inside one of these things.

    They're gonna get inside, suss out all the details, and then insert their own payload. And it's going to go to every single infected computer and execute just a few lines of code after a reboot:

    echo on
    echo Your machine was infected with a virus/trojan, turning it into a zombie.
    echo You have been contributing to the 43 billion spam per day.
    echo Because you fail at the Internet, your machine and all of it's data are forfeit.
    echo Have fun, and better luck next time.
    format c: /Y

    1. Re:Wunna These Days, Alice... by dgatwood · · Score: 2, Insightful

      Because statistically speaking, if they have one virus, they probably have thirty.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  6. This is why we won't shut up. by Anonymous Coward · · Score: 1, Insightful

    Us Ubuntu and Mac users will not give you peace nor rest until Windows is dead, because YOUR owned machines send OUR email accounts and blogs and forums and mailing lists spam. We're all in this together, and what one person runs affects the rest of us, whether you like it or not.

    1. Re:This is why we won't shut up. by pookemon · · Score: 1, Insightful

      "Us Ubuntu and Mac users will not give you peace nor rest until Windows is dead"

      Good luck with that. Of course once OUR Windows is dead it'll be YOUR machines sending us SPAM.

      --
      dnuof eruc rof aixelsid
    2. Re:This is why we won't shut up. by Anonymous Coward · · Score: 1, Insightful

      Don't lump me into the same crowd as you. I for one do not have anything against Windows, it has it place, just not on my laptop.
      I do not rant on on how Linux is superior to Windows, Windows can be as secure, the weak point is the user. I do not rant on on how Apple computers are easier to use, it the applications and what you are used to.

      --Sincerely
        Apple munching penguin

    3. Re:This is why we won't shut up. by grcumb · · Score: 2, Insightful

      "Us Ubuntu and Mac users will not give you peace nor rest until Windows is dead"

      Good luck with that. Of course once OUR Windows is dead it'll be YOUR machines sending us SPAM.

      Yeah, you know what? You may be right, but in the mean time...

      ... Could you please stop making excuses and fix your fucking machines that spam the rest of the world!?!

      Because, you see, whatever MY potential for causing YOU harm in the future (and I admit it's non-zero), the likelihood that the overwhelming majority of the millions of machines in this botnet right now are running Windows has a probability of 1. So maybe if WE stopped speculating about some future email Armageddon and focused on the one that's happening right now, we might actually get something done.

      And who knows? Maybe the lessons you learn by cleaning up this mess will help us all avoid it in the future? Now wouldn't that be nice?

      Nicer than your reply, anyway, which is the rhetorical equivalent of 'Yo' Momma!'

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
    4. Re:This is why we won't shut up. by silentcoder · · Score: 4, Insightful

      >Good luck with that. Of course once OUR Windows is dead it'll be YOUR machines sending us SPAM.

      No it won't. The "windows gets targeted only because it's biggest" argument is a fallacy - and an easily debunked one at that.

      Here's the REAL reason why you will never see much spams or trojans in the Linux world. Unlike our windows counterparts, when we need an app for some task, we don't open a (insecure) browser, search around, find a .exe which we then RUN to install the program.

      We connect to a repository, which is run by software experts who have repackaged and tested the programs in question, the software gets downloaded automatically - the files are checked using digital signatures to prevent MitM attacks, and only then installed.

      Average computer users will never have the capacity of computer experts to tell trojans from useful apps, and either way have no viable means of determining if a particular install file is trustworthy without having already taken the risk, all while dealing with a browser/email combination that could do all this without them even being aware of it (though at least that has gotten better than it used to - remember I-Love-You, that's how bad Outlook once was!).
      Us GNU/Linux users pool our resources to have people who are skilled select and evaluate the apps in our repositories and make our selection from a set that's pre-vetted. We can choose on features and design without having to WORRY about "does it coincidentally install spyware which will later be installing a botnet", because the people who packaged the software have nothing to gain by not removing such, and everything to benefit from ensuring the trustworthiness of the software.

      Remove the capacity to write "installer programs" for windows - create a repository (perhaps even a paid one - like Apple's app-store) and you solve the botnet problem. Trouble is, Microsoft unlike the GNU/Linux companies won't find the best way to keep their repo profitable is to be open to all comers who write useful software. Much like Apple, they'll end up using it to make sure nothing i available to their users that competes with their own products.
      The cure may be even worse than the disease - so I don't know if it's something to push for. What I can tell you is, as long as ordinary users are supposed to vet good from bad software (people who have ZERO training in how to tell the difference in other words) - botnets WILL proliferate. The problem isn't even so much OS-design (though it plays a role), it's the way software is managed on the two platforms.
      GNU/Linux simply has a software management concept that is by it's very nature far, far more secure than Windows. It's not perfect - last year Fedora's repos were pwned temporarily - and they had to create and issue a full set of new keys to ensure the integrity of what they contained - but the problem was fixable without any customer ever being at risk. That's what GNU/Linux's repository concept does - it takes the task of risk assessment and gives it to people who are trained at for the job so by definition they do it better.

      --
      Unicode killed the ASCII-art *
  7. Re:Windows has great anti-malware tech by robot256 · · Score: 3, Insightful

    This is like the corporate/university computers that re-image themselves every night against the central server, deleting anything that changed on the hard disk. That would be an awesome feature for a dumb web-surfing box for the idio---parents. Would be a little bit of a pain for everyone else, but we can avoid getting infected, right?

  8. Friendly Reminder by DynaSoar · · Score: 5, Insightful

    "Maybe what we need are a few good old fashioned hangings." -- Commissioner Orson Swindell, Federal Trade Commission
      at the first FTC spam conference.

    --
    "I may be synthetic, but I'm not stupid." -- Bishop 341-B
  9. Re:Windows has great anti-malware tech by blueg3 · · Score: 2, Insightful

    You can fairly easily set it up so that when machines reboot, all changes are lost. It's convenient for a lot of applications.

  10. Re:Windows has great anti-malware tech by Anonymous Coward · · Score: 1, Insightful

    No good. They'd just get infected the next day from some compromised banner rotation and the botnet would install itself in two minutes.

  11. Re:Question by zdepthcharge · · Score: 1, Insightful

    It would be interesting to track the credit card transaction in order to locate the front company for the credit card transactions. Surely these peoples/companies/criminals are leaving a trail of some kind in the credit card companies databases?

  12. Re:Question by sjames · · Score: 3, Insightful

    If the FBI was half as interested in nailing fraud as it was in doing the RIAA's bidding, they would create fake credit card accounts and order the spamvertized products themselves. Then they can trace the transactions back and get the merchant accounts frozen.

  13. Re:You forgot your tinfoil hat. by interkin3tic · · Score: 1, Insightful

    Companies like Symantec and Norton didn't start off as antivirus companies. They build tools and utilities. If by some miracle all of the botnets, trojans, and virus infections were to vanish from the world, I imagine that they would go back to making tools. It was virus makers that created the market, not Symantec and Norton.

    Eh, I'd say that depends on how much they've invested in their antivirus business and how much of their profits come from antivirus. If they now only get 20% of their profits from tools and utilities, I doubt they'd be happy to lose that 80%.

    It's not like those guys go to work motivated to make tools and antivirus is just a necessary evil. They go to make money.