Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rustock Botnet Responsible For 40% of Spam

Posted by timothy on from the long-walk-short-plank dept.

angry tapir writes "More than 40 percent of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division. The Rustock botnet has shrunk since April, when about 2.5 million computers were infected with its malicious software that sent about 43 billion spam e-mails per day. Much of it is pharmaceutical spam."

6 of 250 comments (clear)

  1. Re:Question by ScentCone · · Score: 4, Interesting

    it would seem to me that the pharmaceutical companies that benefit from this ... should have responsibility in the computer crimes taking place here

    The overwhelming majority of the "pharmaceutical" ads in questions are fraudulent. They're not actually selling Viagra. They're either selling knockoff placebos, or they're selling nothing at all, because they're just looking for naive suckers to visit a sketchy web site and cough up a credit card number or other details that can be used in identity theft schemes or similar crimes. Merck and the other actual makers of the real products would love nothing more than to shut this crap down.

    --
    Don't disappoint your bird dog. Go to the range.
  2. Re:Oh PAH-LEEEZE by Nemyst · · Score: 4, Interesting

    Your wording seems to indicate contempt. White hats or security experts unfortunately have their hands tied. They probably know how to take down the botnet, but that involves illegal activity. While the criminals are hampered by no such things, the lawful guys are stuck with it: anything they'd do that would be essentially good would get them jailed.

  3. Re:Oh PAH-LEEEZE by Yvan256 · · Score: 5, Interesting

    So, Lone Star, now you see that evil will always triumph because good is dumb. - Dark Helmet

  4. Re:Wunna These Days, Alice... by dgatwood · · Score: 3, Interesting

    No need to destroy their data. All one would have to do is replace key Windows boot files with a script that tells them that their Windows installation is hopelessly infected by viruses and has been disabled, telling them to take it to somebody who actually knows how to properly configure a Windows machine. There's no need to destroy irreplaceable data, merely to wreck Windows so badly that they have to do a full reinstall. Since that is completely beyond any of the sorts of people who are part of the problem, they would be forced to take their computers to somebody for repair, and one would at least hope that a sizable percentage of those machines would come back properly protected from viruses.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  5. Rooting out cross-border networks of perpetrators? by D4C5CE · · Score: 3, Interesting

    Our taxes pay agencies boasting their purported capability to do just that. If they let bot-herders proliferate for years, how are they supposed to be more efficient against terrorists not entirely dissimilar in organization (and with the first able to turn into the latter at any time by using/"renting out" their botnets as Weapons of Mass Disruption e.g. for DDoS attacks against critical infrastructures)?

  6. Re:Somebody by tibit · · Score: 4, Interesting

    You know what's really interesting in spam? For spam to pass the content filters, especially those based on statistical models of language, it has to have purposeful mistakes inserted all over the place. In the end, a piece of spam typically looks like if a stoned idiot wrote it. But now it seems that people who author the message in the first place became somehow infected by the stoned idiocy of their own messages.

    A few months ago I went through 300 non-scamming spam messages in my spam folder, and only managed to get to 5, I repeat, 5 payment screens. That means that most spam is pretty pointless: the websites it points to, if they haven't been left out (happens quite often), are mostly broken so that there's no way to actually pass any money to the spammer, even if you try really hard. Sometimes they superficially look like they may work, but when time comes to actually submit a payment, things are very likely to be broken. I have been testing stuff using virtual credit cards available from my bank, with very low limits -- below that of the payment amount. On a working site, you get some indication that the transaction was declined. In most places, though, there would be internal server errors, javascript errors preventing payment submittal, and all other sorts of problems.

    I think that bulk emailing operations are simply around to milk the spammers for money, and only the mailers make any money -- the spammers themselves seem too stupid to get any.

    It's quite hilarious.

    --
    A successful API design takes a mixture of software design and pedagogy.