Rustock Botnet Responsible For 40% of Spam

angry tapir writes "More than 40 percent of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division. The Rustock botnet has shrunk since April, when about 2.5 million computers were infected with its malicious software that sent about 43 billion spam e-mails per day. Much of it is pharmaceutical spam."

Somebody

[bobstreo]

Hunt them down and kill them all
Please

Re:Somebody

[DWMorse]

And then, unplug their computers.

That's... that's what you meant, right?

Re:Somebody

[jordan_robot]

Hunt them down and kill them all

Blast you!!! I had the _exact_ same thought whilst reading the headline. Perhaps we should start offering bounties....

Murder is (arguably) wrong, but surely we can all agree that if anyone needs "taken care of", it's spammers!

Re:Somebody

[pspahn]

but surely we can all agree that if anyone needs "taken care of", it's spammers!

Aw c'mon. All they want is to make sure you can get a good solid boner. It's a pretty philanthropic cause. Don't be too hard on them.

Re:Somebody

[jordan_robot]

I see what you did there. You clever you.

Re:Somebody

[228e2]

No.

I know its "crazy" to think that not everyone knows how to run a bare bones Linux distro and knows how to block all ports except for 80, 8080, and say 21-23. But believe me when I say that the majority of computer users are incredibly inept when it comes to basic computer security.

Grandma will never be a network admin. Neither will your local elementary school teacher. Just because people run Windows out of the box and have no idea they are harboring an orgy of botnets is it fair to call them criminals.

Re:Somebody

[shentino]

Blue Frog was perfect for this sorta thing.

Too bad it worked so well it pissed the spammers off into lobbing a DDoS nuke.

Re:Somebody

[Anne+Thwacks]

Starting with the pharma companies whose products are being promoted, and the credit card companies who process the transactions.

(They are the low hung fruit.)

Re:Somebody

[Jorth]

So because someone is operating technology they are not able to safely use they should be free of reprimand? Spam causes real financial trouble and being infected either means Windows and therefore Microsoft are at fault, or the user is at fault. Someone has to be responsible, if you left the keys to your car in the open and someone took it for a joyride, crashing into a store front and smashing up a bunch of televisions, that's exactly the same as letting someone steal bandwidth and clock cycles for spamming people.

Re:Somebody

[WrongSizeGlass]

So because someone is operating technology they are not able to safely use they should be free of reprimand?

The infected systems should be blocked from internet access ... but surely you're not implying that people who aren't technical enough to be a sys or network admins can't own a computer? Would I have to take a test online or at a store before ordering a computer?

Spam causes real financial trouble and being infected either means Windows and therefore Microsoft are at fault, or the user is at fault.

I don't see you pointing a finger at those who start this whole mess: the people writing the virus "packages" for sale, the botnet operators and those who hire them to spew spam, steal bank login information, coordinate DDoS attacks and everything in between.

Someone has to be responsible, if you left the keys to your car in the open and someone took it for a joyride, crashing into a store front and smashing up a bunch of televisions, that's exactly the same as letting someone steal bandwidth and clock cycles for spamming people.

In this analogy those who create and maintain the botnets & spam would be the joyriders ... and once again I don't see you putting any blame on them.

Re:Somebody

[WrongSizeGlass]

Murder is (arguably) wrong, but surely we can all agree that if anyone needs "taken care of", it's spammers!

I say we give 'em a fish-hook enema and use them as bait in shark infested waters. It's better than they deserve but it still gives them a fighting chance ;-)

Re:Somebody

[Antique+Geekmeister]

You may as well point a finger at the hospital "supergerms" themselves. They're an evolutionary response to mishandling of basic security, and of the basic economics and legal handling of spam. Even if you personally went and shot the authors of this particular botnet tonight, plenty more are waiting in the wings to fill the economic and social niche they occupy.

This doesn't make the authors good people who don't deserve punishment, but like crack dealers moving into empty houses in your neighborhood, arresting one just leaves space for the next one to move in. You need to deal with the empty houses, or in this case, the ludicrous ease of spamming and refusal to act against it in general coupled with the wide open vulnerability of over-sophisticated software.

Re:Somebody

[drinkypoo]

All the user needs to do is run Linux on a 64 bit machine so they have proper NX. I'd say OSX but it's still got fake ASLR AFAIK. Problem fucking solved. There's no known Linux-based botnets. They don't have to become a firewalling expert, because there's no dangerous services running by default. For most users Linux+Chrome or Linux+FF would provide a superior experience to what they were using before. Too bad no major vendor advertises it on this basis... or adequately

Re:Somebody

[crow_t_robot]

(They are the low hung fruit.)

Considering what they are selling, they are also the "well hung" fruit.

Re:Somebody

[selven]

I agree with hitting the pharma companies, but the credit card companies? I'd rather have them be neutral providers of monetary exchange services than have them decide what's legitimate and what isn't, just like ISPs should stay out of copyright enforcement.

Re:Somebody

[tibit]

You know what's really interesting in spam? For spam to pass the content filters, especially those based on statistical models of language, it has to have purposeful mistakes inserted all over the place. In the end, a piece of spam typically looks like if a stoned idiot wrote it. But now it seems that people who author the message in the first place became somehow infected by the stoned idiocy of their own messages.

A few months ago I went through 300 non-scamming spam messages in my spam folder, and only managed to get to 5, I repeat, 5 payment screens. That means that most spam is pretty pointless: the websites it points to, if they haven't been left out (happens quite often), are mostly broken so that there's no way to actually pass any money to the spammer, even if you try really hard. Sometimes they superficially look like they may work, but when time comes to actually submit a payment, things are very likely to be broken. I have been testing stuff using virtual credit cards available from my bank, with very low limits -- below that of the payment amount. On a working site, you get some indication that the transaction was declined. In most places, though, there would be internal server errors, javascript errors preventing payment submittal, and all other sorts of problems.

I think that bulk emailing operations are simply around to milk the spammers for money, and only the mailers make any money -- the spammers themselves seem too stupid to get any.

It's quite hilarious.

Re:Somebody

[Elektroschock]

Come on, the usability of Ubuntu is now higher than of Windows 7. I don't understand Windows 7 configuration. I know many non-techsavy persons who surprisingly prefer Ubuntu.

What I hate the most about windows is that either the virus scanner slows your machine down or the malware.

Re:Somebody

[datapharmer]

There's no known Linux-based botnets

The skill set of those running the linux based botnets is a little higher. It doesn't mean they aren't out there... many routers are infected and run linux just for an example, and there are quite a few rogue webservers out there too. The question for botnet owners really boils down to "do you want to run a 500 strong linux server botnet or a 2.5 million strong Windows/PC botnet?" Given the number of dual and quad core systems on the consumer market I think most would agree the latter is a better ROI.

Re:Somebody

[Culture20]

As you hunt them down, surviving botnets will control ever larger percentages of SPAM. The final one (there can only be one) will win the prize of 100% SPAM responsibility, and that's too much power for anyone, including a collection of disparate computers.

Re:Somebody

[DrgnDancer]

In the highly unlikely event that every person in the world switched to Linux tomorrow, I guarantee there would be a Linux botnet running in a matter of weeks. Remember that you don't have to "root" a box to get it working as a part of a botnet. Running software, initiating client side network connections, sending e-mail, these are all things that can be done as a regular user. Use a flash vulnerability, or just get the user to run a script (in some ways even easier with an unwary user in Linux, since there is no need for a telltale file extension), install botnet software in a .directory on the user's home, edit their shell start-ups scripts to get it running. Presto, botnet client.

Would it work on you? Probably not. Would it work on a normal user? Especially a normal user who just switched to a new OS and is finding that they know even less about this new system than the little they know about the old system? Absolutely. The chances of such a person even knowing to look in .bashrc for a rogue start up, or how to do an "ls -al" to find an extra hidden directory are minuscule.

Linux is, in general, a more secure OS than Windows in many ways (not as much so as in the past, but still more secure), but a Linux box admined by a complete neophyte in a world where people were actually targeting Linux, would be just as vulnerable as a Windows box being admined by a complete neophyte in a world where people target Windows. In the end, all OSes are vulnerable to the simple fact that normal users must be allowed (at a minimum) to run their software, save their data, and use the network. Take that away, and the computer is little more than an expensive paper weight/space heater combination device. Leave it there and users will find a way to do something stupid.

Re:Somebody

[StillNeedMoreCoffee]

Well Somebody, your right, it does cause harm. Then why hasn't someone come up with a set of out of the distro defaults that are safe and secure? Think about it. If in the community you want Linux to be widespread and generally useful, you come up with a product that is that by default.

We work these problems as we see them, take the seat belt thing with cars. Were the people who drove cars up until the 80's (or whenever the law required seat belts) criminals because a car crash would have hurt their passengers or the people in the other car. I don't think so. But we recognized that this was a problem that could be mitigated by requiring that seat belts be put into cars, and car seats for children, now the regulations that you must have your seat belts on. Why? because even if you get hurt in an accident the cleanup from it medically, financially and other ways effects us all.

The OS community has an opportunity to lock out this problem by crafting distributions that start out secure and those that know can open up what they want. Tall order certainly, and those that know don't want to have to go through that exercize if they don't want to, and like a system that needs them around to lock things down. But the problem of viruses, bots, theft and spam are serious problems. Not only should we find and stop these people but we should remove the food that attracts the rats and roaches of the computer field.

Re:Somebody

[Hatta]

Just because people run Windows out of the box and have no idea they are harboring an orgy of botnets is it fair to call them criminals.

Yes, using technology you don't understand and causing others harm in the process is negligence.

Re:Somebody

[Rennt]

I hope you were doing this in a disposable VM, God save you if you try this in IE.

Most SPAM offers are fake, the intention is to get you to visit a malicious site.

Re:Somebody

[TheRaven64]

I'm not sure about the RIO argument. How many cheap consumer routers are out there with old, unpatched, vulnerable Linux kernels? Unlike Windows PCs, most of these are left turned on and connected to the Internet all of the time. A botnet that used those would be more useful and much harder to detect than one that used Windows machines. The Windows machine may have an order of magnitude or so more CPU power, but it will not be online for as long and the user is likely to notice slowdown and run anti-malware tools on it. If your network connection gets a bit slow, how many people would think to check that their cheap router has been rooted?

Re:Somebody

[Vexor]

So if I'm understanding this right. The network spamming "enhancement" products has shrinkage? How ironic.

Re:Somebody

[Lurker2288]

Yeah, go after Pfizer. Because I'm sure it's really them that's putting out all that Viagra spam, and totally not bullshit suppliers of counterfeit drugs.

Seriously, do you have any idea how tightly regulated even direct to consumer drug ads are? There's no way any legitimate company is involved in this. I know it's fun and exciting to blame Big Pharma for everything wrong in life, but how about we stick to the many things they ACTUALLY do wrong, rather than random shit we merely attribute to them?

Re:Somebody

[apoc.famine]

I've been saying this for some time now. Some idiot sees spam in their inbox, assumes that lots of other people see it too, and decides to hire a spammer. Spammer spams, nobody buys, spammer makes money, advertiser goes broke. However, all it takes is a couple more idiots to see spam in their inbox, and the cycle repeats.

For a long time now, people have been saying, "who buys this shit, and keeps spammers in business". I've been arguing that it's nobody, just the inertia of the system + idiots. You did the work to start to prove that. Thanks.

Re:Somebody

[pclminion]

NX doesn't protect you from much of anything. Modern exploit techniques like ROP easily defeat NX. If you can cause a stack based overflow, you can execute arbitrary code, regardless of NX. It just isn't QUITE as straightforward as it used to be.

Re:Somebody

[sloth+jr]

I understand what you're saying - and my answer is a sort of middle ground. You want a computer? Sure! Go ahead and buy one! But before you can connect to the internet, you've gotta prove that you're qualified to do so, and recognize common scams and unsafe computing practices.

Attacking the source of the issue (the botnet operators and their clients) definitely needs to be a priority (and I mean with pliers and hammers if necessary; examples should be made), but given the wide-ranging social impacts caused by botnets and spam that just aren't possible with the joyrider analogy above, it's reasonable to demand demonstration of basic competency before being allowed to recognize the "benefits" of the internet.

Re:Somebody

[sloth+jr]

All NX does is prevent smash-the-stack type exploits. The world of malware seems to be triggered by poor user behavior, and a botnet doesn't need privilege to read from a twitter-based C&C and send spam.

Re:Somebody

[tibit]

A disposable account on Centos5, using firefox. Should be good enough methinks.

Re:Somebody

[cshamis]

Just follow the money, anybody's who's making money from illegal advertisements should be rounded up and charged. And, it's not that hard because somebody is making money somewhere or they wouldn't be doing it. And if money is changing hands from one person to the next then there's a trail, and they can follow it.

Re:Somebody

[228e2]

No its not.

Because im 100% certain that you dont understand every .dll or resource file on whatever machine(s) you run.

Re:Somebody

[228e2]

I just threw Linux out as an example. As stated in a above response, if everyone were to start using Linux tomorrow, there would be Linux botnets up in the next week due to everyone using an OS they understand even less.

Re:Somebody

[228e2]

In many states, its a crime to leave your car running unattended (aka starting your car on a cold winter morning) but in all honesty, thats BS. Its a shame as humans that we are such degenerates that we have to commit a crime whenever an opportunity presents itself.

However, there is a difference between starting your car when its 5 below versus leaving your car running on the Vegas strip while you run into a motel to bang 3 hookers versus my dad using his computer to check his email and wondering why it boots up slower than it did when he first bought it. What you are suggesting is that there are internet tests prior to using or buying a computer, and history knows how limiting a right until you pass a test works out http://en.wikipedia.org/wiki/Jim_Crow_laws

Re:Somebody

[Elektroschock]

I doubt so. Linux is generally more secure, even with critical mass.

Not a surprise

[IB4Student]

The emails look the same, generally, etc. Still, a nice "fun fact".

Identifying

[Phroggy]

So if they can identify these botnets, and they know this spam is coming from them...

Do they know what IP addresses these bots are connecting from? Is it possible to make a blacklist? How can I avoid accepting mail from these 2.5 million computers?

Re:Identifying

[AfroTrance]

Is it possible to create a competing trojan/virus that, instead of turning the machine into a spambot, disables all network connections and displays a message saying: "SECURE YOUR FUCKING COMPUTER!"

Re:Identifying

[pspahn]

Instead of being an elitist dick about it, why not print yourself up some business cards and hand them out to people who need help with their computers.

Oh? Not your kind of gig? Buy a book for a niece or nephew or something and maybe they might find interest in learning how to do it.

Until then your attitude will do absolutely nothing to help cure the ailment that you apparently loathe so much. Personally, spam does not bother me because it gets filtered out quite effectively. Maybe you need to do something about your own inbox.

Re:Identifying

[Ethanol-fueled]

...and sterilize them so that they cannot contaminate the rest of the world. Especially the gamers.

Re:Identifying

[AfroTrance]

I think you take me too seriously.

Re:Identifying

[Solandri]

Do they know what IP addresses these bots are connecting from? Is it possible to make a blacklist? How can I avoid accepting mail from these 2.5 million computers?

We've traced the spam... it's coming from inside your house!

Re:Identifying

[Anne+Thwacks]

Instead of being an elitist dick about it, why not print yourself up some business cards and hand them out to people who need help with their computers.

Because business cards saying "I am an elitist dick" dont bring in much business?

Re:Identifying

[fulldecent]

>> How can I avoid accepting mail from these 2.5 million computers?

Use gmail.

Spam has been a history lesson since 2004.

Re:Identifying

[TheRaven64]

Sure, because Windows is the only OS with vulnerabilities. Remember that Linux hole we heard about last week? The one that stayed in the kernel for 4 years after being reported? Just need an arbitrary code execution hole in FireFox and you've got a means of gaining root on any Linux machines. Or what about the remotely expoitable one in the nVidia blob drivers that was there for two years? Mind you, if you kicked all of the Windows machines off the 'net, OS X would probably be the next target, and it hasn't exactly had a shortage of vulnerabilities. OpenBSD would probably do better, but even it is not immune to application vulnerabilities (although it does do some things to make them harder to exploit), and you don't actually need root access for a botnet...

Re:Identifying

[sloth+jr]

Yes, they know the IP address they're coming from. It's your box. Or it's your local internet cafe.

The point I'm trying to make here is that it's a long way from identifying a computer to identifying the responsible person for it, and maintaining a list of dynamically changing IP addresses that churns every time someone gets a new DHCP lease from their ISP is not very feasible. You'd think the ISP might have some vested interest in policing their nets, wouldn't you?

Unless we can somehow adopt broad technologies for tying every packet back to a real person, with no possibility of forging (fascists, rejoice!), this problem is unlikely to go away.

Pharmaceutical

[Tubal-Cain]

Much of it is pharmaceutical spam.

A very particular kind of pharmaceutical.

Re:Pharmaceutical

[compro01]

My accounts have been getting more offers of narcotics than genital enlargement in the past few months. Also got a few spams selling antibiotics, which is a new one, and even more reprehensible if they're genuine.

Re:Pharmaceutical

[dgatwood]

Why is it worse if they're real? You can buy antibiotics at any vet supply house.... It's not like they're hard to get without a prescription. If they're real, the spam is pretty much noise. If they're not real, then it's bad---people buying something that they think will make them well, only to have it not help them, or worse, poison them....

Re:Pharmaceutical

[compro01]

The spam is offering antibiotics such as linezolid, teicoplanin, daptomycin, and tigecycline, antibiotics that are reserved for highly resistant bacteria ("superbugs" like VRE and MSRA), not the stuff you can get from a veterinarian. These drugs being used inappropriately is a very bad thing.

Re:Pharmaceutical

[sqrt(2)]

I get mostly narcotic pain killer spam, and if I thought there was any chance I would actually receive the product after paying for it I might give them some business. They're either going to not ship you anything and just take your money, or send you sugar pills made to look like whatever they're selling. I doubt the antibiotics are real, but who knows what they could be. Probably bulk bought tylenol repackaged - if they send you anything at all which I doubt they would.

Re:Pharmaceutical

[Dumnezeu]

My accounts have been getting more offers of narcotics

And what can you recommend me?

Re:Pharmaceutical

[sjames]

It's bad in many ways. Creating new mega resistant strains will be bad for all of us. Also those are not gentle drugs, people using them need to be monitored for life threatening side effects.

It's sad that health care is so expensive in the U.S. that people would even think of resorting to ordering the drugs from a spamvertized site. It's not unexpected though, black and gray markets thrive wherever prices are kept artificially high or where prohibition is in place.

Re:Pharmaceutical

[silentcoder]

Drug faking isn't new - it's just new in the US. I spent quite a lot of time in Nigeria during my career, and one thing you learn fast is to only go to embassy doctors who import their medicines.
Why ? Because there is a thriving market for fake malaria (and other) medicines - faked so well that even doctors (local or Western) can't tell the difference.
People die from Malaria in redcross hospitals because the last batch of pills were basically sugar pills dressed up so well (along with packaging) that neither a trained doctor nor a pharmacist could tell they were getting fakes.

Thing is - in Nigeria the drug-faking business has hit a snag. Nigeria is notorious for various crimes (particularly product forgery) not being addressed because a well-placed bribe solves the problem. Trouble is - the minister of health is about as close to unbribe-able as a politician can get. Her own sister died (in the kind of rich-man's hospital where politician's family go) from malaria because the meds she got were fakes. She hates fake drugs, so she's been going after them hard. She's put together crack teams of what is probably the best law enforcement in the entire country going after them and shutting down warehouse after warehouse. Had a few attempts on her life already because she's just not folding.

*Up to here is fact - the next bit is my own conjecture*

What happens when criminals find a lucrative market starting to disappear because law enforcement got effective ? They find a new market. The USA is proving to be ripe for their exploitation. Your own profit-over-human-life approach to healthcare has created the ideal conditions for them - in fact, better conditions. In Nigeria they had to compete with charity organisations and drugs priced for a very poor country. In the USA - they can undercut the real thing by 80% and still make more money from a single pill than they'd make out of a thousand back home.
If there is one thing Nigerians have proven to be very good at, it's using the internet to commit crimes. It's also a fact that in South Africa more than 80% of all illegal drug trade (particularly cat, heroine and cocaine) are run by Nigerian expatriates. Most Nigerians are good, honest, intensely moral and very peaceful people - but those among them who are criminals are among the best (as in most effective and deadly) in the world. They obviously have the infrastructure to smuggle heroine and cocaine, compared to that smuggling a pill that looks exactly like antibiotics must be remarkably easy.

Re:Pharmaceutical

[sqrt(2)]

If you give them your credit card info, you're not actually going to get anything. On the off chance they do send you some drugs, they are going to be fake. It might cause damage if people forgo real medical treatment because they think the placebos are real, but I would be very surprised if there was anything dangerous or even effective in them. All of that assumes someone would even get something from the spammer, which is unlikely at best.

Re:Pharmaceutical

[interkin3tic]

You can buy antibiotics at any vet supply house.... It's not like they're hard to get without a prescription.

You know that, and I guess I know that too, but if someone is so ignorant that they think antibiotics are miracle drugs that should be taken for every cough or flu, then they're probably ignorant enough not to know how easy it is to get antibiotics. As I understand it, a significant amount of people who take antibiotics pointlessly are getting prescriptions for it. If you come to their door and say "Here!" then that's worse, because actually making an appointment and then paying the bill probably inhibits them from just taking it every week.

Re:Pharmaceutical

[rjch]

Perversely, this kind of spam plays hell with the company I work for since we manage IT systems for chemists. Chemists get quite irate when legitimate messages from their suppliers get marked as spam because they mention pharmaceuticals.

Re:Pharmaceutical

[weicco]

If they aren't real and people get poisoned I'd say it's just natural selection.

Re:Pharmaceutical

[tibit]

If you can get as far as actually submitting a payment. I've had poor luck with that -- maybe it's just me getting particularly broken spam. I've got heaping bunches of messages where there isn't even a single link in them.

Re:Pharmaceutical

[SkyDude]

-people buying something that they think will make them well, only to have it not help them, or worse, poison them...

In reality, the spammers aren't going to ship anything. They just want credit card info, yes?

Re:Pharmaceutical

[jmerlin]

Well after spamming for Viagra for 5 years they realized they've probably caused plenty of new VD cases, so antibiotics seems like an enterprising choice. It's good to see that the spammers are looking out for us. Thanks spammers!

Re:Pharmaceutical

[operagost]

Your own profit-over-human-life approach to healthcare has created the ideal conditions for them - in fact, better conditions. In Nigeria they had to compete with charity organisations and drugs priced for a very poor country.

Which country do you think donates the greatest amount of supplies and personnel for those poor countries? Yeah, that's right. Are we really greedy here? No, but we have government regulation and out of control litigation that pushes up the cost of health care.

Re:Pharmaceutical

[sqrt(2)]

The insurance industry running what should be a social service as a for-profit business is responsible for the price of health care. Government run health care, with all the inefficiency and problems will always be cheaper because it doesn't have to show a rising profit to shareholders every quarter; which is currently done by denying people needed care and charging more for the things they do cover.

Re:Pharmaceutical

[sjames]

I have friends with citizenship in Europe who do fly back home for any significant medical care because it really is the less expensive option.

Re:Pharmaceutical

[silentcoder]

Did I say you were greedy ? Definitely not. I said your medical system was bad. I also said it was bad for YOU - not bad for the rest of the world (mostly - it becomes an issue when drug patents mean those patients can't get lifesaving drugs but that's another thing).

I said the system you have keeps your own prices artificially high - and that creates a market for the swindlers. Those same donations you mention REDUCE their market in their own countries. Do the math.

Re:Pharmaceutical

[nimid]

Those drugs being used inappropriately is of course a bad thing but that won't happen as there's no chance that the real thing will be sent unless you're making the mistake that these people might feel bad committing fraud...

Voluptuous woman falls over heavy chest

[Spewns]

Make your girl happy with your long and huge meat machine.

*link to .ru website*

Re:Voluptuous woman falls over heavy chest

[Delarth799]

You get text in your emails still?

A vast majority of the ones I get are just a link or someone having a spaz on the keyboard a few times and then a link.
I do occasionally get ones where they try to chop up the words into several parts. Those are the easy ones to filter for.

Re:Voluptuous woman falls over heavy chest

[Nadaka]

I know, I kinda miss the days when my spam folder would be filled with messages that end in a quixotic paragraph that resembles nonsensical poetry.

Re:Voluptuous woman falls over heavy chest

[TheRaven64]

I don't get much spam anymore, but the last few I got had text in them. Unfortunately, it was not English text. Sending me spam in Chinese or Russian isn't going to have any effect, and my Spanish is sufficiently rusty that I'm not going to bother translating it. The spam I get in French is even worse than my written French, so can be entertaining to read. I haven't had any spam in English for quite a while though...

Oh PAH-LEEEZE

[Frosty+Piss]

First and foremost, don't expect ANY help from the "security" companies like Symantec and the like, SOLVING this problem would mean the end to their extortion business.

And, don't expect ANY help from the "white hats" in general, all they can do is walk in circles pontificating about how it would be unethical to hack these networks and bring them down.

So really, the only solution is the possibility of someone with "black hat" skilz that wants to be paid to take the system down outside the "law".

Re:Oh PAH-LEEEZE

[Nemyst]

Your wording seems to indicate contempt. White hats or security experts unfortunately have their hands tied. They probably know how to take down the botnet, but that involves illegal activity. While the criminals are hampered by no such things, the lawful guys are stuck with it: anything they'd do that would be essentially good would get them jailed.

Re:Oh PAH-LEEEZE

[Yvan256]

So, Lone Star, now you see that evil will always triumph because good is dumb. - Dark Helmet

Re:Oh PAH-LEEEZE

[blueg3]

There's more than enough threat for Symantic etc. to deal with one and still have a viable business model.

And you're right, white hats don't hack other people's machines, which is illegal, just because it seems like a convenient solution to a problem. That's basically how that works.

Re:Oh PAH-LEEEZE

[PatPending]

So really, the only solution is the possibility of someone with "black hat" skilz that wants to be paid to take the system down outside the "law".

Hudson: Let's just bug out and call it even, OK? What are we talking about this for?

Ripley: I say we take off and nuke the entire site from orbit. It's the only way to be sure.

Hudson: Fuckin' A...

Re:Oh PAH-LEEEZE

[jordan_robot]

White hats or security experts unfortunately have their hands tied.

Your wording seems to indicate ignorance. They choose to not engage in illegal activity. That's the difference. Unless they're under federal surveillance or other such chicanery, they could choose to go black hat and deal out some wrath.

Re:Oh PAH-LEEEZE

[Nemyst]

When you go public and start speaking about it, if something suddenly happens who do you think they're going to go look for first? If I say I'm going to kill somebody and then that person dies, it's obvious that, whether I did kill him or not, I'll get suspected. The same applies here. You could say they know how to hide their traces but really, they probably think it's just not worth their time. They don't get paid for this; criminals do.

It would normally be up to the governments to hire white hats to purge those botnets. Until then, I just don't see the situation evolving. White hats and computer geeks (i.e. those who would be best-placed to do something about it) don't really get affected by the spam because they know how to filter, counter and identify it.

Re:Oh PAH-LEEEZE

[jordan_robot]

Whoa there Cheese Dog -- I was merely commenting on the wording. At any rate, I filter, but its still a pain in the ass. I (and I'm sure many others) wish some brave hero would do something about it. Alas, I don't have the skills.... yet.

MUHAHAHAHAHAHAHAHAHAHA!

Re:Oh PAH-LEEEZE

[vlueboy]

So, Lone Star, now you see that evil will always triumph because good is dumb. - Dark Helmet

True. More technically, because of evil whistle-blowers with vested evil interests (usually monetary) or a few goody two-shoes touting a "who watches the watchers" attitude that keeps necessary law from being created.

The goody-two shoes normally support *other* laws giving otherwise-worrysome lethal or raiding force to the police/justice/penal system, but worry that certain rights of theirs will be trampled if they stand down for "good" causes tangential to their main interests. See also NRA activism in anti-gun states.

Re:Oh PAH-LEEEZE

Still, it's true if you think about it.

Imagine if nearly 90% of cars and trucks on the road dumped trash all over the place when driving around? Those drivers would get a ticket and be required to go to a garage to fix whatever the hell is causing their vehicle to dump trash everywhere.

No such law exists for computers and the internet. And everyone has to suffer because of it.

So, good is dumb because your hands are tied in laws. And evil triumph because we get billions of spam clogging the tubes all over the place.

Re:Oh PAH-LEEEZE

[silentcoder]

That is only partially true. There was a /. story not long ago about a white-hat company that utterly destroyed a botnet. Sorry I can't remember the names which is making googling rather hard.
I do remember the technical details (whose surprised ?). It was a difficult and involved process - the botnet relied on numerous DNS tricks to always be able to find it's control servers. What the white hats did was to trace and track the current set of master servers. Knocking them out wouldn't do any good, as the controllers would just activate a new set and the bots would find them.

Instead they tracked the servers, worked with law enforcement and the ISP's hosting them and got those DNS names rerouted to their own servers - which were running a control server of their own, designed to be a drop-in compatible replacement for the real thing. Result - suddenly the good guys controlled all the bots, and could then actively locate and eradicate the infections (including letters to the owners of the computers and such).
It meant a lot of coordination between many organisations because pulling it off meant a huge bunch of people doing slightly different updates to servers at the exact same time - but it was done, and it shows it CAN be done.

Interestingly I do remember that the company that did it are the new kids in security, a small startup. They don't have any share of the pie that symantec and the like has, so they have no vested interest in keeping botnets alive. Instead they are trying to build a business model on studying, and then actively destroying them.
Trouble is - botnets are like hydra's, as long as there are so many vulnerable machines on the net (e.g. the entire Microsoft Windows customer base) destroying one doesn't do any good - you see a drop in spam for a few days, maybe a week or two, then another botnet has filled in the gap.
The only real way to solve the problem is to remove those deliciously easy targets. We all know exactly how easy that will be.

Re:Oh PAH-LEEEZE

[shentino]

Blue Frog had a good run until the spammers nuked it with a DDoS.

Re:Oh PAH-LEEEZE

[shentino]

And only on Slashdot does your comment get the points for a "funny" mod without you getting the boost in karma that usually goes with it.

Re:Oh PAH-LEEEZE

[Raenex]

There was a /. story not long ago about a white-hat company that utterly destroyed a botnet.

If you're thinking if this story, it was a research professor, and the botnet was eventually allowed to be retaken.

Re:Oh PAH-LEEEZE

[silentcoder]

I wasn't thinking of that one no. The story I am thinking off was definitely a company effort, I remember reading the details and the whitepaper on the company site. I just can't remember their name.

Re:Oh PAH-LEEEZE

[Elektroschock]

It is no problem for Government agencies to take extralegal action.

But indeed the core is that people should use Linux and users of infected Windows machines should pay.

Re:Oh PAH-LEEEZE

[SkyDude]

In the US, spam is illegal. If a black hat used their skilz to defeat the botnet, would anybody care? I mean, it's not like the spammers are going to file an FBI report and demand justice.

Re:Oh PAH-LEEEZE

[TheRaven64]

Imagine if nearly 90% of cars and trucks on the road dumped trash all over the place when driving around?

Spam isn't that much of a problem. It's more akin to a car spewing out atmospheric pollution while it runs.

Re:Oh PAH-LEEEZE

[TheRaven64]

The US, like most of the western world, takes a pretty dim view of vigilante action as a means of law enforcement.

So how hard....

Is it to order some of their crap. Track down where the money goes.

And kill them.

We've spent more doing less millions of times... Why don't we get around to fixin this problem?

Re:So how hard....

[ergrthjuyt]

Generally spammers are contracted out or just trying to earn referral commissions - they aren't doing the selling themselves. Also, the money will go international, often to countries that aren't just going to say "OK, here it is" when you ask for the bank info.

Re:So how hard....

[Bryansix]

Trust me, the CIA can track the money. They have ways. They do it all the time to track the funding of terrorist organizations. If they use a bank then they are hosed. The only way they can successfully launder the money is through bartering transactions where a guy in Saudi Arabia gets $1 million and then he calls his guy in Iran and tells him to give someones daughter 10,000 goats.

Re:So how hard....

[Arrepiadd]

Then I guess it goes to show how much CIA cares about you getting spam...

anti-spam

[bakamorgan]

Find their ip address and sick 4chan on them maybe then something will get done.

Re:anti-spam

[Pseudonym+Authority]

Yes, because if anyone knows how to deal with spam, it's 4chan. Just hope the spam doesn't tell the reader to save a picture as a .js file and run it!

Re:anti-spam

[AmonTheMetalhead]

You do realize that it's very possible some of your relatives, family or friends might actually be part of that botnet without you knowing right?

Re:anti-spam

[NevarMore]

Wait, are you proposing that we ENCOURAGE 4chan to take over a botnet of 2.5 million computers?

I'll take the spam thankyouverymuch.

Re:anti-spam

[TheRaven64]

Why bother with the child porn? If you can identify him, and he's in a jurisdiction where you can do anything about him, then the computer misuses charges will already mount up to a long time in prison and probably a fine that he'll be paying for the rest of his life.

Re:anti-spam

[NevarMore]

Oh believe me, I know which relatives of mine have CP. 'Uncle' James bought a scanner to digitize all those Polaroids back in '98. I was such a cute child.

Really?

[scdeimos]

More than 40 percent of the world's spam is coming from a single network of computers

Yes, it's called the internet.

Re:Really?

[spyked]

So blocking 0.0.0.0/0 does the job. I knew it!

Re:Really?

[interkin3tic]

I installed a spam-repelling rock to my motherboard. Haven't gotten a single piece of spam since then on that computer.

Re:Really?

[AmonTheMetalhead]

That token ring network at IBM

Re:Really?

[scdeimos]

100 percent is more than 40 percent, therefore, the internet.

Saw Law & Order ep. 10 yesterday...

[The+Master+Control+P]

[Mobster Don is gunned down seconds before cops arrest him]

"Amazing..."
"What?"
"She did in 10 seconds what we've been trying to do for ten years."
"What?"
"Put Masucci out of business, permanently."

Wunna These Days, Alice...

Wunna these days, some bright young researcher with more brains than sense is gonna get inside one of these things.

They're gonna get inside, suss out all the details, and then insert their own payload. And it's going to go to every single infected computer and execute just a few lines of code after a reboot:

echo on
echo Your machine was infected with a virus/trojan, turning it into a zombie.
echo You have been contributing to the 43 billion spam per day.
echo Because you fail at the Internet, your machine and all of it's data are forfeit.
echo Have fun, and better luck next time.
format c: /Y

Re:Wunna These Days, Alice...

[dgatwood]

No need to destroy their data. All one would have to do is replace key Windows boot files with a script that tells them that their Windows installation is hopelessly infected by viruses and has been disabled, telling them to take it to somebody who actually knows how to properly configure a Windows machine. There's no need to destroy irreplaceable data, merely to wreck Windows so badly that they have to do a full reinstall. Since that is completely beyond any of the sorts of people who are part of the problem, they would be forced to take their computers to somebody for repair, and one would at least hope that a sizable percentage of those machines would come back properly protected from viruses.

Re:Wunna These Days, Alice...

[cmiller173]

If my mother-in-law calls one more time.....

Re:Wunna These Days, Alice...

[cdrguru]

You just need to have the machine provide the proper reference to someone that can fix it. Imagine if millions of computers all over the world suddenly cried out for Jacob's Computer Consulting with his worldwide army of computer-fixers.

Wouldn't you like to be Jacob? Probably has the apartment penthouse next to the folks running the botnet in St. Petersburg or Bucharest.

Re:Wunna These Days, Alice...

[mcrbids]

All one would have to do is replace key Windows boot files with a script that tells them that their Windows installation is hopelessly infected by viruses and has been disabled, telling them to take it to somebody who actually knows how to properly configure a Windows machine.

We're talking about a network of MILLIONS of computers, you know? And it's not like the good old days of Code Red where you could write an automated shutdown script with a PHP script and a telnet session - today's botnets are relatively secured against counter-attacks by security researchers and/or other infective agents. Today's worms have countermeasures, from dynamic, rolling controller hosts to DNS cross-checks and even SSL in order to prevent network counter-measures.

The technology to keep the CIA at bay is not only freely available, it's open source. Why wouldn't the bad guys use it, too?

Re:Wunna These Days, Alice...

[dgatwood]

Because statistically speaking, if they have one virus, they probably have thirty.

This is why we won't shut up.

Us Ubuntu and Mac users will not give you peace nor rest until Windows is dead, because YOUR owned machines send OUR email accounts and blogs and forums and mailing lists spam. We're all in this together, and what one person runs affects the rest of us, whether you like it or not.

Re:This is why we won't shut up.

[pookemon]

"Us Ubuntu and Mac users will not give you peace nor rest until Windows is dead"

Good luck with that. Of course once OUR Windows is dead it'll be YOUR machines sending us SPAM.

Re:This is why we won't shut up.

Don't lump me into the same crowd as you. I for one do not have anything against Windows, it has it place, just not on my laptop.
I do not rant on on how Linux is superior to Windows, Windows can be as secure, the weak point is the user. I do not rant on on how Apple computers are easier to use, it the applications and what you are used to.

--Sincerely
  Apple munching penguin

Re:This is why we won't shut up.

[pspahn]

Well then I suppose you will be quite busy for... well, the rest of your natural life.

Pick your battles. Seriously, do you get that annoyed by spam that mostly just gets sent to another folder labeled as such?

Besides, I'd like to see your response if this hypothetical fantasy land you envision actually happened. Do you have enough time in the day to field phone calls from every friend and relative asking for your help "setting up my new Ubuntu machine?" I sure as hell don't. I dodge phone calls about this crap as it is.

Re:This is why we won't shut up.

[grcumb]

"Us Ubuntu and Mac users will not give you peace nor rest until Windows is dead"

Good luck with that. Of course once OUR Windows is dead it'll be YOUR machines sending us SPAM.

Yeah, you know what? You may be right, but in the mean time...

... Could you please stop making excuses and fix your fucking machines that spam the rest of the world!?!

Because, you see, whatever MY potential for causing YOU harm in the future (and I admit it's non-zero), the likelihood that the overwhelming majority of the millions of machines in this botnet right now are running Windows has a probability of 1. So maybe if WE stopped speculating about some future email Armageddon and focused on the one that's happening right now, we might actually get something done.

And who knows? Maybe the lessons you learn by cleaning up this mess will help us all avoid it in the future? Now wouldn't that be nice?

Nicer than your reply, anyway, which is the rhetorical equivalent of 'Yo' Momma!'

Re:This is why we won't shut up.

[silentcoder]

>Good luck with that. Of course once OUR Windows is dead it'll be YOUR machines sending us SPAM.

No it won't. The "windows gets targeted only because it's biggest" argument is a fallacy - and an easily debunked one at that.

Here's the REAL reason why you will never see much spams or trojans in the Linux world. Unlike our windows counterparts, when we need an app for some task, we don't open a (insecure) browser, search around, find a .exe which we then RUN to install the program.

We connect to a repository, which is run by software experts who have repackaged and tested the programs in question, the software gets downloaded automatically - the files are checked using digital signatures to prevent MitM attacks, and only then installed.

Average computer users will never have the capacity of computer experts to tell trojans from useful apps, and either way have no viable means of determining if a particular install file is trustworthy without having already taken the risk, all while dealing with a browser/email combination that could do all this without them even being aware of it (though at least that has gotten better than it used to - remember I-Love-You, that's how bad Outlook once was!).
Us GNU/Linux users pool our resources to have people who are skilled select and evaluate the apps in our repositories and make our selection from a set that's pre-vetted. We can choose on features and design without having to WORRY about "does it coincidentally install spyware which will later be installing a botnet", because the people who packaged the software have nothing to gain by not removing such, and everything to benefit from ensuring the trustworthiness of the software.

Remove the capacity to write "installer programs" for windows - create a repository (perhaps even a paid one - like Apple's app-store) and you solve the botnet problem. Trouble is, Microsoft unlike the GNU/Linux companies won't find the best way to keep their repo profitable is to be open to all comers who write useful software. Much like Apple, they'll end up using it to make sure nothing i available to their users that competes with their own products.
The cure may be even worse than the disease - so I don't know if it's something to push for. What I can tell you is, as long as ordinary users are supposed to vet good from bad software (people who have ZERO training in how to tell the difference in other words) - botnets WILL proliferate. The problem isn't even so much OS-design (though it plays a role), it's the way software is managed on the two platforms.
GNU/Linux simply has a software management concept that is by it's very nature far, far more secure than Windows. It's not perfect - last year Fedora's repos were pwned temporarily - and they had to create and issue a full set of new keys to ensure the integrity of what they contained - but the problem was fixable without any customer ever being at risk. That's what GNU/Linux's repository concept does - it takes the task of risk assessment and gives it to people who are trained at for the job so by definition they do it better.

Re:This is why we won't shut up.

[X0563511]

Keep your Ubuntu and Mac to yourself. I use neither, and I still don't use Windows.

Re:This is why we won't shut up.

[Cro+Magnon]

Do you have enough time in the day to field phone calls from every friend and relative asking for your help "setting up my new Ubuntu machine?"

How does that differ from fielding calls from every friend and relative asking for your help "setting up my new Winders machine"?

Re:This is why we won't shut up.

[takowl]

We connect to a repository, which is run by software experts who have repackaged and tested the programs in question, the software gets downloaded automatically

Which is fine so long as you only want to install things from your distro's repositories. If you want to install something too specialist to have been included, or non-FOSS software, or even just try a new version of something, you'll be going outside that. Off the top of my head, for Ubuntu: Sage Math (no longer packaged, download binaries from website), Mendeley (binaries on website), Google Earth (Medibuntu), Google Chrome (.deb from Google's website), Thunderbird 3.1 (PPA).

I appreciate the value of repositories, and I know people do a lot of work testing and packaging things. But let's not pretend that all software we want will always be in the repositories. Especially as Linux becomes more popular, there's going to be more software that can be downloaded and installed. We shouldn't try to ignore or suppress that.

Re:This is why we won't shut up.

[silentcoder]

I didn't - but it's one in a million, not every single bloody app !

Re:This is why we won't shut up.

[DrgnDancer]

I posted this way farther up, but I'll say it again. Linux, Mac or Windows really don't matter (except that Windows is targeted and the other two aren't right now). Why? Because you're thinking about this the wrong way. Is is harder to "root" a Linux box or a Mac than Windows (especially older Windows), yes. In some cases significantly. It doesn't matter. You don't need to run a botnet client from an "administrator" or "root" account. You can run it from any normal users account. What does a botnet client "do" really? It run as a piece of software (users can do that), it initiates client communications back to the "master" (users can do that), it sends e-mail (users can do that). Are there some things that might be nice to get admin access for? Sure. I'm sure setting up a "listen" port will make the job easier, being able to whilly-nilly change permission and ownerships might make it easier to hide, but in general all the basic things a botnet needs to do can be done in userspace.

Since whatever small amount of skill users may have gotten in avoiding "bad stuff" in Windows would be useless in Linux ("I can click on this attachment! It doesn't say exe!"), if anything users would be more vulnerable to social engineering attacks. If Linux or MacOS ever becomes a significant enough presence on the Internet to be worth the effort, I'm quite certain that you'll see botnets using them. The essential problem with computers is users, and all the things that users want their computers to do. As long as users: a) need to use the computer to run programs, write files, and access the network and b) like shiny things, we're pretty much screwed.

Re:This is why we won't shut up.

[jltnol]

As a Mac guy, I agree. Macs can become infected and start sending out spam as well... it just hasn't happened yet and we can sit and argue about why 'til the cows come home, but that's not fixing the problem that Windows has foisted on the world right now. Like the OP said, my guess is that ALL of those computers are running Windows. So please quite your pontificating about how great the platform is and find a way to keep it from oozing all this spam. Yeah, you can blame in on stupid users who can't or won't update their OS all you want, but you know what? The Mac base has it's fair share of stupid users as well, but we still don't have the problems you Windows guys do. Really... Isn't it time that someone hold Redmond accountable for the expense and bother of all this crap?

Re:This is why we won't shut up.

[Fnord666]

That's what GNU/Linux's repository concept does - it takes the task of risk assessment and gives it to people who are trained at for the job so by definition they do it better.

Sure they do.

Re:This is why we won't shut up.

[silentcoder]

I said "better" - I didn't say perfectly. I'd say the total number of infected apps in GNU/Linux repositories right now is likely to be less than what is in the iPhone's app-store (where there were several revelations about trojans recently) and certainly orders of magnitude less than what you would find in for example tucows's app listing (I haven't used windows in many years when I did that was the closest thing to a "repository" you could find for comparitive purposes but I'll bet whatever is current in the windows world is even worse).

Re:This is why we won't shut up.

[takowl]

I think, though, that as Linux becomes more popular on the desktop (which it seems to be, gradually), there'll be more apps to download, and users will get used to doing so. If we ever get the bulk of non-techie users, they'll be cheerfully installing stuff from anywhere. The repository model still helps, but it doesn't make Linux invincible.

Re:This is why we won't shut up.

[silentcoder]

Well - the good news is, we can foresee that risk - and plan ahead for it.

As for making it impossible - we both know that's never going to happen - but merely raising the bar a bit (or in this case rather a lot) must ipso facto reduce the power of botnets.

Re:This is why we won't shut up.

[drsmithy]

That's what GNU/Linux's repository concept does - it takes the task of risk assessment and gives it to people who are trained at for the job so by definition they do it better.

You're seriously trying to argue people prepared to open *password protected zipfiles* and execute the contents therein, suddenly won't because of software repositories ?

Re:This is why we won't shut up.

[silentcoder]

I'm arguing that they won't need to. I'm arguing that if you've had a repository system for a couple of years- the very idea would be so strange, unusual and convoluted that most people will say "bugger that, too much effort"

Re:This is why we won't shut up.

[drsmithy]

I'm arguing that they won't need to. I'm arguing that if you've had a repository system for a couple of years- the very idea would be so strange, unusual and convoluted that most people will say "bugger that, too much effort"

Huh ? People aren't running random stuff because they're trying to find a word processor or an mp3 player, they're running random stuff because it says "click here to see boobies", or "you win $1 million if you enter this competition".

Or, to put it another way, the primary vector of malware is *not* the kind of software you find in a Linux repo.

Re:This is why we won't shut up.

[silentcoder]

Aaah yes - that explains why "your computer has a virus" fake-sites are doing so well does it ?

Re:This is why we won't shut up.

[badkarmadayaccount]

Anal retentive SELinux: properly configured - discuss.

Question

[DrugCheese]

IANAL but it would seem to me that the pharmaceutical companies that benefit from this (and yes if no one paid attention to spam it would go away, the fact it's still here means people respond to it) should have responsibility in the computer crimes taking place here.

Re:Question

[ScentCone]

it would seem to me that the pharmaceutical companies that benefit from this ... should have responsibility in the computer crimes taking place here

The overwhelming majority of the "pharmaceutical" ads in questions are fraudulent. They're not actually selling Viagra. They're either selling knockoff placebos, or they're selling nothing at all, because they're just looking for naive suckers to visit a sketchy web site and cough up a credit card number or other details that can be used in identity theft schemes or similar crimes. Merck and the other actual makers of the real products would love nothing more than to shut this crap down.

Re:Question

[zdepthcharge]

It would be interesting to track the credit card transaction in order to locate the front company for the credit card transactions. Surely these peoples/companies/criminals are leaving a trail of some kind in the credit card companies databases?

Re:Question

[AnyoneEB]

I have seen the suggestion before that although the fraud is obvious (the product "sold" never arrives), the spammers use products which people would be embarrassed to admit they were trying to buy, so the scam tends to not get reported.

Re:Question

[sqrt(2)]

Embarrassing, or downright illegal. People aren't going to go to the authorities and say, "I was trying to buy some morphine off this guy on the internet and my stuff never arrived."

Re:Question

[sjames]

If the FBI was half as interested in nailing fraud as it was in doing the RIAA's bidding, they would create fake credit card accounts and order the spamvertized products themselves. Then they can trace the transactions back and get the merchant accounts frozen.

Re:Question

[dlgeek]

That's assuming they're directly charging the credit cards. More likely, they're going to either a.) sell the credit card info as part of a huge list or b.) use the card info to purchase stuff from other (reputable) places online. With enough work, you can track them using b, but it's harder. Most techniques for doing so involve tracking based on the shipping address, but a smart criminal can make it so that it takes a lot of resources to actually track them. (For example, you can find someone who's on vacation and have the goods shipped to their house, then just walking off with them after they are delivered. To actually track this would require surveillance.)

Re:Question

[silentcoder]

It is done - most of those "Spammer gets 10 years" headlines you see are about exactly that: they are ultimately convicted of credit card fraud. The trouble is - the vast majority of the time the spammers and their victims are in vastly different jurisdictions, which makes investigation and conviction harder (as it now requires significant international cooperation). Most of the spammers are in developing nations where police services are significantly underfunded and less effective than in the US which means even if you find them an arrest is still hard... look how much trouble the US has catching well known drug barons in countries like Colombia and Mexico - when they HAVE the local authorities assisting.
Now try to imagine catching a spammer in Lagos arguably a far less nefarious crime (at least according to law enforcement), without the kind of international networks set up for trying to stop it that the drug barons face, in countries where local law enforcement is basically a kind of bribe-collection service....
Yeah - that's gonna happen.

Re:Question

[ZERO1ZERO]

Tom: Listen to this one: you open a company called the "Arse Tickler's Faggots Fan Club".

Soap: You what?

Tom: You take out an advert in the back page of some gay mag, advertising the latest in arse-intruding dildos. You sell it with, I dunno, "does what no other dildo can do until now", "the latest and greatest in sexual technology", "guaranteed results or your money back", all that bollocks. Now these dils cost twenty-five quid a pop - that's a snip for the amount of pleasure they're gonna give the recipients. But they send their cheques to the other company name, nothing offensive, er, "Bobbie's Bits" or something, for twenty-five quid. You take that twenty-five quid, you stick it in the bank until it clears. Now, this is the smart bit - you send back the cheque for twenty-five pound from the other company name, "Arse Tickler's Faggots Fan Club", saying we're sorry, we couldn't get the supplies from America because they ran out of stock. Now you see how many people cash that cheque - not a single soul, because who wants their bank manager to know they tickle arse when they're not paying cheques? Bacon: So how long do you have to wait until you see a return?

Tom: Probably no more than four weeks.

Bacon: A month? So, what fucking good is that if we need it in six - no, five days?

Tom: Well, it's still a good idea.

Re:Question

[IamTheRealMike]

No, some of them really do sell these meds, though they're often cut with something, way too strong or way too weak. The reason this spam is so prevalent is that a bunch of stupid consumers have learned that you can actually buy from these stores and you do receive pills. There was an interesting investigation into this by some paper a while ago, where they ordered some viagra from one of these stores then got it lab tested. It came wrapped in a copy of a Bombay newspaper and was dramatically stronger than the prescription stuff, but it was indeed generic viagra.

Re:Question

[X0563511]

Spammers should be handled by Seals or other agents that can get in, do it, and get out without involving that pesky "jurisdiction."

Hell, I mean if we are going to be doing that, we might as well be doing it for a cause that benefits humanity at large!

Re:Question

[silentcoder]

You know, as a citizen of one of those "not America" countries... I would prefer you don't do it at all and actually consider all those jurisdiction things. You know why ? Because even if it means spammers are harder to catch - I would still rather prefer NOT having to worry about navy seals jumping through my bedroom window if I call your government a bunch of profiteering warmongers.

If Guantanamo Bay proves one thing it's this: most Americans think civil liberties belong to them, only to them and us people inthe rest of the world have no rights at all - even if it means your government gets to trample all over the rights granted to me by mine...

Somehow, a few dead spammers as lovely as that sounds, doesn't sound worth it to me.

Re:Question

[js_sebastian]

Tom: Listen to this one: you open a company called the "Arse Tickler's Faggots Fan Club".

Soap: You what?

Tom: You take out an advert in the back page of some gay mag, advertising the latest in arse-intruding dildos. You sell it with, I dunno, "does what no other dildo can do until now", "the latest and greatest in sexual technology", "guaranteed results or your money back", all that bollocks. Now these dils cost twenty-five quid a pop - that's a snip for the amount of pleasure they're gonna give the recipients. But they send their cheques to the other company name, nothing offensive, er, "Bobbie's Bits" or something, for twenty-five quid. You take that twenty-five quid, you stick it in the bank until it clears. Now, this is the smart bit - you send back the cheque for twenty-five pound from the other company name, "Arse Tickler's Faggots Fan Club", saying we're sorry, we couldn't get the supplies from America because they ran out of stock. Now you see how many people cash that cheque - not a single soul, because who wants their bank manager to know they tickle arse when they're not paying cheques? Bacon: So how long do you have to wait until you see a return?

Tom: Probably no more than four weeks.

Bacon: A month? So, what fucking good is that if we need it in six - no, five days?

Tom: Well, it's still a good idea.

On a related note, you should read a story by Roald Dahl.. I think it is called "the Bookseller" (which, according to wikipedia, first appeared in Playboy in 1986). It's about a book seller who looks through the obituaries of influential men, and then sends a bill for some "interesting" titles to the widows... and how he is found out...

Re:Question

[egomaniac]

Awesome! So you're saying all I have to do is hire some spammers to send spam on my competitors' behalf, and then the FBI will shut them down?

Re:Question

[sjames]

One might hope there would be some investigation first rather than handling it like RIAA lawsuits.

Re:Question

[ZERO1ZERO]

thanks for the pointer -- looks interesting, along with his other 'adult' stories : http://www.greenmanreview.com/book/book_dahl_bestof.html

Re:Question

[neminem]

Why not? You hear about guys going to the cops complaining about their dealer selling them fake pot at least once a year. :p

Re:Windows has great anti-malware tech

[robot256]

This is like the corporate/university computers that re-image themselves every night against the central server, deleting anything that changed on the hard disk. That would be an awesome feature for a dumb web-surfing box for the idio---parents. Would be a little bit of a pain for everyone else, but we can avoid getting infected, right?

Friendly Reminder

[DynaSoar]

"Maybe what we need are a few good old fashioned hangings." -- Commissioner Orson Swindell, Federal Trade Commission
  at the first FTC spam conference.

Stiffy In A Jiffy

[soundguy]

The best one I ever received was

Subject: Stiffy In A Jiffy
From: Erection Perfection

Re:Stiffy In A Jiffy

[Larry+Lightbulb]

There's an Australian condom company called Jiffy - one of their best slogans was "Real men come in a Jiffy".

Re:Stiffy In A Jiffy

[MadUndergrad]

I got one recently with subject "Sperms of Endearment"

WoW spam

My email accounts only get spam from people trying to steal my battle.net password, on the order of several messages per day. I wonder where it comes from? Once I would have said China, but now I'm not so sure.

Re:WoW spam

It's because you're not old enough to have a credit card or pubic hair.

Re:WoW spam

[X0563511]

Most of my spam is of two varieties:

1. Chinese/Japanese/Korean (a good spread of all three) telling me who knows what.
2. People of various Grammar School Failures trying to weasel my battle.net password (that hasn't been used in a year anyways).

Group two there is usually using the stupid anchor-with-a-different-URL bullshit (that people still fucking fall for) and either fake "your account was compromized!" warnings, or fake beta invitations.

The (relatively small compared to above) remainder is this bullshit "your wife photos" with a zip containing drive-by-equipped HTML or other retarded attack payloads.

Re:Windows has great anti-malware tech

[blueg3]

You can fairly easily set it up so that when machines reboot, all changes are lost. It's convenient for a lot of applications.

Re:Windows has great anti-malware tech

No good. They'd just get infected the next day from some compromised banner rotation and the botnet would install itself in two minutes.

Email spam is so passe.

[Psaakyrn]

Now the port scan spams on the other hand.. Sure, I can block them, but the sheer load is causing DoS issues. What can I do about that?

Re:Email spam is so passe.

[X0563511]

Nothing. Firewall the shit out of yourself, dropping instead of rejecting. Including ICMP.

It sucks, but not doing that can either result in you seeing what you see now, or your being an unwitting member of a reflected DDoS squad.

Explanation:

Attacker sends a spoofed ICMP Echo (or whatever) with the target's IP address as the sender. Your machine dutifully (and correctly) would reply, along with N+1 others, bombarding the victim.

You forgot your tinfoil hat.

[N0Man74]

Companies like Symantec and Norton didn't start off as antivirus companies. They build tools and utilities. If by some miracle all of the botnets, trojans, and virus infections were to vanish from the world, I imagine that they would go back to making tools. It was virus makers that created the market, not Symantec and Norton.

I suppose you think cancer researchers don't really want to find a cure, because then they'd lose their funding, right?

The fact that you are marked as insightful is baffling. You have a distorted sense of reality.

I won't even bother commenting on your "white hats" criticisms, since that's been pretty well covered by others...

However, to say that *your* solution is the only solution is not only short-sighted, it's arrogant. Black Hat "skilz" must be the mystery reason why about half the number of systems are infected now, right?

There isn't a magic bullet solution that will magically fix the problem completely, aside from getting rid of the internet (and maybe humanity too!). It has to be fought on multiple fronts and incorporating multiple solutions to mitigate the problem and hopefully if it's made difficult enough or they have enough that they can lose, then maybe it will stop... but it's much more likely that we're always going to be stuck with it to at least some degree.

Re:You forgot your tinfoil hat.

[Frosty+Piss]

Jesus. Get off your High Horse and come down to reality. Commit to a Scorched Earth No Holds Barred program to get rid of spam, OR ACCEPT IT AND STOP WHINING ABOUT IT. Folks, that's our options.

Re:You forgot your tinfoil hat.

[DamonHD]

I'm afraid that I think it's you that needs the reality check.

Assuming conspiracy where there need be none just clouds your judgement.

Yes, the "white hat" folks have their hands tied because we don't want vigilante justice from morons who *think* they know what's right and wrong...

Rgds

Damon

Re:You forgot your tinfoil hat.

[interkin3tic]

Companies like Symantec and Norton didn't start off as antivirus companies. They build tools and utilities. If by some miracle all of the botnets, trojans, and virus infections were to vanish from the world, I imagine that they would go back to making tools. It was virus makers that created the market, not Symantec and Norton.

Eh, I'd say that depends on how much they've invested in their antivirus business and how much of their profits come from antivirus. If they now only get 20% of their profits from tools and utilities, I doubt they'd be happy to lose that 80%.

It's not like those guys go to work motivated to make tools and antivirus is just a necessary evil. They go to make money.

Re:You forgot your tinfoil hat.

[turkeyfish]

The solution seems simple enough. Create a registry for span at the US Justice Department that monitors spam activity categorizing it by the ISP's over which it travels. Then levy serious fines, say 10% of gross income, to those ISPs whose network traffic includes the top 10% of spam. The immediate response by the ISPs would be to disconnect/charge more for any machines/users/networks responsible. Make it easier in courts for ISP's to recoup their fines directly from spammers (those creating and/or posting spam). Yes it would be disruptive for a while, but in time efforts to snuff out spam would get better and better during each, say quarterly, fining period. Better networks would be able to boast that they have less spam and hence are more reliable. Cost of sending and posting spam would go up dramatically, eventually above the benefit obtained by spamming. Spamming would stop. Fines could be used for funding internet access to poor and places not yet served. Spam would only appear in WIKPEDIA history pages. All would be good.

Re:You forgot your tinfoil hat.

[Frosty+Piss]

Than accept spam and bot nets and quit whining.

Re:You forgot your tinfoil hat.

[sloth+jr]

And what of computers outside the US?

Clearly there's nothing simple about this problem, or it would've been fixed already.

Re:You forgot your tinfoil hat.

[DamonHD]

You are the one whining and being rude here.

Plus the world is not black and white as you seem to be suggesting.

Rgds

Damon

Re:You forgot your tinfoil hat.

[Frosty+Piss]

You are the one whining and being rude here.

Translation: "I know you are but what am I?"

Sad, very sad...

Re:Windows has great anti-malware tech

[oljanx]

The problem with that is the software that does the re-imaging requires network services among other things. In other words it's running on top of a platform that can be rooted. So while you think you're doing a complete re-image, that may not be the whole story.

Why not pay spammers and trace the spam?

[BlueCoder]

Tell me I'm not the first to think of this. Just pay and spam some traceable ads... It has to be illegal enough that you can subpoena financial records of individuals, probably mostly credit cards. If you know who first took the money surely one can trace it to the bot net(s) that finally emailed it... Surely there will be a number of middle men and they will try to hide their activities though stolen credit card number and such. But it would be traceable if anyone took the time to do it.

Can't kill the messenger

[Tijaska]

We've been chasing spammers for decades, like a dog chasing a car, with an equal lack of success. Why not skip over the spammers and go for the companies that use them to advertise? They can't be anonymous, else they would gain no benefit from advertising through spam. If we nail enough of them, market demand for spam adverts will dry up and spam merchants will have to find other employment, like handing out pamphlets to passing motorists at street intersections. At least then you can ride over them if they irritate you.

Re:Can't kill the messenger

[X0563511]

Most of the time they are either clueless or just negligent. They pay some advertiser to do some "targeted email marketing" or other buzzwords-of-the-week and assume they are getting normal advertising. Instead, they get spam in their name.

Re:Windows has great anti-malware tech

[Dr_Barnowl]

Run it in a VM with an immutable base disk image and a difference disk that gets thrown out every time it boots.

Update the base image periodically vs new threats.

While it's probably POSSIBLE to root the host of the VM you are running in, I'm willing to bet that it's too much effort for most spammermeisters right now.

Rooting out cross-border networks of perpetrators?

[D4C5CE]

Our taxes pay agencies boasting their purported capability to do just that. If they let bot-herders proliferate for years, how are they supposed to be more efficient against terrorists not entirely dissimilar in organization (and with the first able to turn into the latter at any time by using/"renting out" their botnets as Weapons of Mass Disruption e.g. for DDoS attacks against critical infrastructures)?

2.5 million Windows computers

[devent]

It's 2.5 million Windows computers that are infected. No Macs, no Linux, no *BDS, no Solaris, no YouNameIt. It would be interesting, how many are Windows XP, Windows Vista or Windows 7.

Hm lets see, 2.5 million Windows computers in one botnet agains 0 Linux computers world wide. I would say Dell was right:

"6) Ubuntu is safer than Microsoft Windows: The vast majority of viruses and spyware written by hackers are not designed to target and attack Linux." from http://www.theregister.co.uk/2010/06/14/dell_ubuntu_windows_security/

Re:2.5 million Windows computers

[devent]

Yes, that's really what get on my nerves. The word Microsoft or Windows is never reported on this kind of news. Either they just assume that everybody knows that it can be only Windows anyway, or they assume that there are no other system that works just as well (or better) on your computer or it's really a conspiracy never mention Microsoft or Windows in security reports.

Re:2.5 million Windows computers

[Ol+Olsoc]

Because as soon as Microsoft is identified, and as soon as it's mentioned that the other platforms are not so vulnerable, you'll have people screeching about how if the other platforms are just as vulnerable, it's just that they aren't as popular. Or someone will mention one virus that comes out for a different platform, somehow equating the few viruses that are in OSX or Linux for the gazillions that infect Windowsworld.

Re:The only way to stop it

[X0563511]

No good. That would just free up bandwidth for the attack spammers (outlook exploiters, "your wife photos" etc)

Re:Windows has great anti-malware tech

[X0563511]

No fear, as long as it's Windows. It will lock up or otherwise asplode within 3 minutes anyways :P

Microsoft malicious software removal tool

[Joce640k]

Why isn't the Microsoft malicious software removal thing wiping these botnets out in their millions?

Re:Microsoft malicious software removal tool

[Bryansix]

It IS. The problem is people who turn off automatic updates entirely or the botnet turns it off and they never check.

Re:Microsoft malicious software removal tool

[EvilDroid]

Usually the first thing a trojan does is block access to MS Update, McAfee, Norton, etc. websites

Re:The only way to stop it

[tibit]

I've tried responding, going to linked websites, etc. -- out of 300 spam emails that I selected that were ads and not scams, I could get the payment processed on 5 of them.

I think that the real situation is quite ironic. Scammers/spammers and mailers are usually separate outfits. It seems that the latter got the former scammed out of their money. Mailers get paid for sending stuff out, they don't care if the links work, if the website works, etc. Of course there's plenty of spam to go around, but if my anecdotal evidence of ~2% success rate at getting a payment submitted to a spamvertised outfit, things aren't looking so peachy for spammers methinks.

Re: Your sig

[TheRaven64]

It was an April Fools joke, and would have been funny if they'd removed it on the second of April. Now it's just tragic.

Re:Windows has great anti-malware tech

[snadrus]

For simplicity, go with a live CD, no hard drive, and plenty of RAM. Ubuntu does this. I've even seen a Windows Live CD run. The only pain here is boot-up. You can even setup everything caching to RAM (Puppy Linux does this but that distro has safety issues).
For bonus points, make the Ubuntu Live CD auto-login to the free 2GB of Ubuntu-One cloud storage to save Firefox bookmarks there, sticky notes, etc. Auto-login for the chat programs and Skype (installed & autostart).
FREE BUSINESS IDEA: Someone make a website that spits out a custom Ubuntu Live CD/DVD given a list of programs, auto-logins,ubuntu-one, integrated bookmark saving to the cloud, etc.