Spam Drops 1/3 After Rustock Botnet Gets Crushed

← Back to Stories (view on slashdot.org)

Spam Drops 1/3 After Rustock Botnet Gets Crushed

Posted by CmdrTaco on Tuesday March 29, 2011 @03:45AM from the eggs-bacon-sausage-and dept.

wiredmikey writes "The Rustock Botnet was sending as many as 13.82 billion spam emails each day before being taken down early this month by an effort headed by Microsoft in cooperation with authorities and the legal system. According to Symantec's March 2011 MessageLabs Intelligence Report, the Rustock botnet had been responsible for an average of 28.5% of global spam sent from all botnets in March. Following the takedown, when the Rustock botnet was no longer cranking out spam by the billions, global spam volumes fell by one-third. For reference, toward the end of 2010, Rustock had been responsible for as much as 47.5% of all spam, sending approximately 44.1 billion e-mails per day, according to MessageLabs stats. Since then, Bagle, a botnet that wasn't even on MessageLabs' top ten spam-sending botnets at the end of 2010, has taken over from Rustock as the most active spam-sending botnet this year."

135 of 199 comments (clear)

Min score:

Reason:

Sort:

Impressive by disopaos · 2011-03-29 03:46 · Score: 5, Insightful

It's really impressive Microsoft was able to do this. They've dropped 33% of the worlds spam and they did it all alone. Microsoft deserves kudos to this. Good job MS!
1. Re:Impressive by Joce640k · 2011-03-29 03:51 · Score: 4, Informative
  
  "Spam will be a thing of the past in two years' time" - Bill Gates, 24 January 2004.
  
  --
  No sig today...
2. Re:Impressive by Evtim · 2011-03-29 03:52 · Score: 3, Insightful
  
  Excellent! So they can drop all attempts to regulate the bandwidth. After all we just got 30% wider pipe, did we not?
  For those oh so bandwidth hungry mobile devices......
3. Re:Impressive by GameboyRMH · 2011-03-29 03:57 · Score: 1
  
  Making it worse...
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
4. Re:Impressive by postbigbang · 2011-03-29 04:04 · Score: 4, Insightful
  
  Microsoft's operating system architecture allowed users to have admin privileges, among other architectural mistakes. Defaults were made so that HTML rendering was done by default, as well. Many users were infected because of incompetence-- not by sheer numbers.
  FOSS coders have the same loathing for spam and lack of prosecution that other coders do. That Microsoft has taken down a botnet is laudable. Others ought to join in, too. But first, perhaps online email services ought to acknowledge the role the play in allowing spammers to do their work. Microsoft is one of the good guys here, acknowledging abuse complaints quickly, but others like AOL and Yahoo, don't even acknowledge a complaint, let alone act on them.
  Botnets are one part of the problem, but even users trying to do their very best get infected. It's less so than before XP SP2+ editions, but there are very few non-Microsoft botnet members out there. Think about that.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
5. Re:Impressive by rolfwind · 2011-03-29 04:07 · Score: 2
  
  Microsoft didn't create any problem to begin with. All OS's with billions of stupid users will get infected.
  Not all OSes are created equal.
6. Re:Impressive by cpghost · 2011-03-29 04:09 · Score: 3, Insightful
  
  Since most of those botnet machines are running MS, I'd say, it's about time MS became involved in the fight against spam. The delivery mechanism for all this spam wouldn't exist if it weren't for Microsoft's poor record at building a somewhat secure operating system.
  
  --
  cpghost at Cordula's Web.
7. Re:Impressive by vlm · 2011-03-29 04:12 · Score: 1
  
  And for my users at work, for me, for my family it really is a thing of the past, because
  
  All non-corporate communication is done via facebook wall posts now?
  We are rapidly nearing the point where no email will flow unless:
  1) One side is a spammer.
  or
  2) One side is a corporation or an individual acting on the behalf of a corporation.
  I could see a point in a year or two where "email spam" is about as relevant to the general population as "usenet spam".
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
8. Re:Impressive by Anonymous Coward · 2011-03-29 04:18 · Score: 1
  
  Mod parent up - it seems like almost all accounts in the 202XXXX range are MS shills. It's getting annoying.
9. Re:Impressive by dmomo · 2011-03-29 04:21 · Score: 1
  
  "Regulation of Bandwidth" and "Having More Available Bandwidth" are two separate concerns. Arguments for or against the prior should stand regardless of the latter. If only this were so.
10. Re:Impressive by jhigh · 2011-03-29 04:24 · Score: 1
  
  It's not about whether or not an OS CAN be rooted. Rather, it is about the degree of difficulty, particularly using a default installation. In that regard, Linux > Windows.
  
  --
  Social Engineering Expert: Because there is no patch for stupidity.
11. Re:Impressive by swanzilla · 2011-03-29 04:26 · Score: 1
  
  He failed to factor in the Hawaiians...they love that stuff.
  
  --
  0 = 1 + e^(Alt something)
12. Re:Impressive by DNS-and-BIND · 2011-03-29 04:27 · Score: 2
  
  Good job! Especially since worm-riddled broadband-connected home computers running Microsoft operating systems were the cause of the spam problem in the first place. An unreasonable man like me would view this as a problem of Microsoft's causing, and by default their responsibility to clean up. Seems as if Microsoft's shoddy programming job allowed the holes to exist in the first place, and they cynically passed the cost on to the rest of us. Sort of like how an amoral oil company should be forced to clean up its oil rig blowout without any special thanks.
  Nah, that's crazy talk. Kudos to Microsoft!
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
13. Re:Impressive by WrongSizeGlass · 2011-03-29 04:28 · Score: 1
  
  Microsoft didn't create any problem to begin with. All OS's with billions of stupid users will get infected.
  So MS (or rather one of their paid shills) is blaming the users for piss poor OS security on Windows?
14. Re:Impressive by aztracker1 · 2011-03-29 04:28 · Score: 2
  
  It doesn't even take rooting an OS.. though it does help to prevent being removed by AV programs later... a trojan can be installed with user permissions and run by the user's desktop when said user is logged in... It doesn't take root, but helps... on non-windows OSes, most users aren't running any kind of AV scans which would make it easier.
  
  1. Build Java(cross-platform) puzzle game/clone
  2. Inject email spamming software into the game.
  3. Send billions of spam...
  4. Profit!
  
  --
  Michael J. Ryan - tracker1.info
15. Re:Impressive by postbigbang · 2011-03-29 04:44 · Score: 1
  
  All of this is about native thru iteratively more difficult hurdles for bot makers. When an OS is inherently more simple to root and bot, the OS seems very likely to have been poorly designed.
  Now that XP SP2+ inhibits this, there have been further exploits through email and browser payloads that have caused innumerable machines to become bot'd.
  If you divide that out, let's look at the iPad phenomenon, where they outsell a lot of stuff, and Apple's total end-user marketshare has climbed through the roof. In the wild, I've seen exactly zero machines that have been bot'd using iOS or MacOS. I've seen all of one Linux machine bot'd-- as an experiment. I've seen rootkits on Linux servers, to my chagrin. I've had one of my critical web Linux servers get rooted, but we killed it as we watched it become injected by changing DNS.
  So it's not misleading. It is what it is. It was really really easy, jaw-dropping easy. Now it's tougher. MacOS has its own foibles as does Linux. Statistics doesn't really account for the problem: bad coding and architecture do.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
16. Re:Impressive by Anonymous Coward · 2011-03-29 04:44 · Score: 1
  
  Uh... why would "open source guys" have a desire or initiative to kill Windows-exclusive botnets? It's Microsoft's problem.
  I did brief development on a popular worm project back in 2000. Compromised *nix machines were as valuable as fucking gold. If found they were far more likely to be used for hosting needed servers. Windows bots had lots of problems: average uptimes of ~2 hours, competing malware infections (which ours attempted to remove), and IP connection count issues (500+ connections either crashed the machine, lagged it so hard the user rebooted, or made IRC servers whimper and die).
  I think it's fair to say that your operating system has a pathetic reputation when even the botnet owners scorn it.
17. Re:Impressive by AJH16 · 2011-03-29 05:03 · Score: 2
  
  Unfortunately no, since spam didn't take 100% of the pipe.
  
  --
  AJ Henderson
18. Re:Impressive by digitig · 2011-03-29 05:30 · Score: 1
  
  Microsoft's operating system architecture allowed users to have admin privileges, among other architectural mistakes.
  On home systems they have to let potentially inexperienced users have access to admin privileges. Vista took them away by default, but whenever some tempting piece of software says it needs someone to type the admin password most users will do it so it barely slows down the spread of trojans. The same attach would work just as well as any OS with a large home-user userbase. The weakness is not so much the OS, it's PEBKAC.
  
  --
  Quidnam Latine loqui modo coepi?
19. Re:Impressive by postbigbang · 2011-03-29 05:39 · Score: 1
  
  Until XP SP2, which did the same thing as Vista, user was root/admin. A lot of software had to run as root, too, which Microsoft forced a demotion of when they changed this policy.
  It's really the architecture, and irresponsibly bad QA, as well as rush to market problems.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
20. Re:Impressive by Belial6 · 2011-03-29 05:39 · Score: 1
  
  You use sarcasm, but MS really didn't create the problem. If the SMTP protocol had security from the start, spam wouldn't be much of a problem. I'm sure MS could have been more helpful sooner, but the spam problem certainly doesn't fall on their feet.
21. Re:Impressive by Stunky · 2011-03-29 05:51 · Score: 2
  
  He was right. Gmail was launched April 1st, 2004.
22. Re:Impressive by DNS-and-BIND · 2011-03-29 05:52 · Score: 1
  
  The problem is not SMTP, the problem is infected Windows boxes cranking out millions of spams per day.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
23. Re:Impressive by Robert+Zenz · 2011-03-29 05:54 · Score: 1
  
  So it's the problem of the Protocol that it gets billions of emails from millions of hijacked machines?
24. Re:Impressive by Belial6 · 2011-03-29 06:04 · Score: 1
  
  If Windows were 100% secure, there would still be huge amounts of spam. If Windows disappeared tomorrow, spam would continue and the drop in volume would be temporary. So, Windows is not the problem. SMTP is the problem.
25. Re:Impressive by smelch · 2011-03-29 06:11 · Score: 1
  
  Well most of the spam is sent to linux mail servers. Bitch. Also your post is probably 100% bullshit.
  
  --
  If I can just reach out with my words and touch a butthole, just one, it will all be worth it.
26. Re:Impressive by Belial6 · 2011-03-29 06:13 · Score: 1
  
  Simple answer: Yes.
  
  If there were no windows boxes, spam would continue. SMTP does not identify the sender. The inability to identify the sender is the single biggest vector for spam. That is a protocol problem. Not an OS problem.
27. Re:Impressive by DriedClexler · 2011-03-29 06:31 · Score: 1
  
  In fairness, he also said that 660 ppm ought to be enough for anyone.
  
  --
  Information theory is life. The rest is just the KL divergence.
28. Re:Impressive by Lokitoth · 2011-03-29 07:00 · Score: 1
  
  Actually, XP SP2 did not do anything other that sandbox IE into a low-priviledge process. If the user is in the Administrators group, he is running as Admin all the time. The problem was merging the 9X branch and NT branch of Windows together (in Windows XP) while maintaining backwards compatibility. If they forced the default user to have to provide an additional password (or even worse, log in to another account, or runas) whenever anything needed to be installed, people would have been screaming in frustration - not to mention the problems with poorly written software assuing it can party on the entire partition and registry. In fact, we saw a mini version of that in Vista with all the brouhaha over UAC and application compatibility.
  And before Win98, there really was not as much pressing need for "security features" in the 9x branch simply due to the fact that generally it was already "completely secure" since it was not connected to anything - for the most part. Folks doing the planning were more concerned with feature lists - that was the big issue. *NIX was luckier and savvier in that regard since it came about from multi-tennant systems and had to deal with security from the beginning. In fact, XP SP2 was essentially a big "mea culpa" out of MS - they stopped developing their new operating system (Longhorn) to refocus efforts on making WinXP more secure.
  The architecture of NT actually supported everything you needed to not run the average user as Admin. Claiming it to be an architecture problem is disingenuous. Usability and compatibility is what got in the way of delivering "secure by default"; until users were hit in the face with malware and social engineering attacks, how many of the average consumer would have understood the need for split-priviledge security, and how many would have been willing to put up with it?
29. Re:Impressive by Tom · 2011-03-29 07:18 · Score: 1
  
  If Windows disappeared tomorrow, spam would continue and the drop in volume would be temporary.
  That is a bold claim. Got any supporting evidence? Not guesses, theories, thoughts, I mean evidence.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
30. Re:Impressive by Tom · 2011-03-29 07:22 · Score: 1
  
  The weakness is not so much the OS, it's PEBKAC.
  That is an arrogant assumption of computer nerds.
  No other industry gloats in its own superiority in such a way. Any car maker, toaster maker, supermarket layout designer, literally everyone else doesn't subscribe to the "customer is dumb" mantra, but looks at where his product is at fault by giving confusing feedback, not guiding the customer correctly, not being easy enough to use, etc. etc.
  And yes, that includes security questions.
  Yes, I am a professional in that area. There are a few cases of "human error", but in 99% of the "user is stupid" cases, a better designed software, interface, workflow or whatever would greatly improve upon the problem.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
31. Re:Impressive by postbigbang · 2011-03-29 07:31 · Score: 1
  
  I guess you missed all of the demotion in SP2. Wasn't much, but it was a start. And while you're correct in citing that lowly NT3.5x could have users and administrators, no one coded that way. Everyone had to be an administrator to work. SP2 started the chain completed partially in Vista, then a bit better in 7 to allow genuine user functionality in user space with user apps that could talk to the OS and get work and peripherals to work.
  Even now, the use of the registry database is an architectural defect, as once you're inside it, you can screw things up as you please. Want a nice registry hive masquerading as a CSS hack? Using the right stuff, its slips right past every defense. Today. This minute. Even if you're patched-- zero-days waiting on a shelf.
  Consumers were taught that Windows was a playground. Please customize it with all this neat stuff. Move stuff around. Add-on with glee. Don't worry about security. Your username and password will protect you-- even on those old LANMAN hashed passwords.
  This isn't the forum to do a long debate on the merits of OS architecture. There's not a single one of them without fault. But Gate's choice (ultimately it was his) to merge NT with 98 into 2000 left lots of holes open to allow 'legacy' applications to work. Did they sandbox user space? No. Did they allow apps to run as root and things killing those apps to run root/kernel space? Yes. Were there more sins? Yes. Does BSD, MacOS, and Linux have similar sins? Yes-- but not as many, and not as many that makes one slap their forehead in revilement. After 30years of doing this shit, I've seen too much for you to change my mind. The facts are the facts. History is what it is.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
32. Re:Impressive by digitig · 2011-03-29 07:56 · Score: 2
  
  It's not an arrogant assumption of computer nerds -- I make security blunders too. It's a recognition that there's a fundamental mismatch between what the computer is capable of and the fact that it's a consumer durable. If there were no driving test then I bet road fatalities would be higher, but pretty much nothing you could do to the user interface of the automobile whilst still retaining the functionality would fix that. The only solution is to make it so that only those trained and shown to be at least basically competent are allowed behind the wheel. That probably couldn't be enforced for home computers, so the only answers would be to cripple functionality (would work for a lot of users, actually) or take security out of their hands (another current story on /.). The power users wouldn't be happy, though.
  
  --
  Quidnam Latine loqui modo coepi?
33. Re:Impressive by blair1q · 2011-03-29 08:05 · Score: 1
  
  It doesn't need it from the start. MS's inet stack can be watching for connections to SMTP ports and looking for to-addresses that only exist in spam databases. If the OS detects that, it can phone home, or kill the sending task, or pop up a "You are infected by a spam email botnet program." There's no reason anyone should be hosting one of those any more.
34. Re:Impressive by BadPirate · 2011-03-29 08:06 · Score: 1
  
  "Spam will be a thing of the past in two years' time" - Bill Gates, 24 January 2004.
  Yeah, my g-mail spam filter works like a charm.
  
  --
  - Holy crap, I've got MOD points! Who thought that was a good idea.
35. Re:Impressive by Quirkz · 2011-03-29 08:10 · Score: 1
  
  Parts per million? Pages per minute? Parachutes per metronome?
  
  --
  The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
36. Re:Impressive by blair1q · 2011-03-29 08:16 · Score: 1
  
  SMTP is a protocol and has no behaviors. SMTP-formatted email does identify the sender. Unfortunately, such a thing is easily spoofed. So SMTP can be manipulated to hide the true sender and its location on the network. That's the flaw. But fixing that wouldn't be enough. The proximal problem is that people still get trojans on their machines that can act like normal programs, and the server accepting your connection has no way of knowing whether the client sending it data is legitimate or bogus. The way to fix that is for servers to distribute the code that sends data, and only allow that client to do so. But then the trojan would consist of a script to operate that mechanism as though it was being done by a user.
  So the real solution is to track these fuckers down and throw them into a pit with hungry tigers and poisonous snakes. Make their brains part of the malware protection system. And keep doing it, because there's one born every minute.
37. Re:Impressive by Belial6 · 2011-03-29 08:17 · Score: 1
  
  Well, having personally seen spam spewing from an open relay on a linux box, seems like pretty decent evidence. The Linux and MacOS system that spit out spam now are do not disappear if Windows goes away. In fact, there would be more of them. Now, do you have any supporting evidence to the contrary? Not guesses, theories, thoughts, I mean evidence.
38. Re:Impressive by DriedClexler · 2011-03-29 08:28 · Score: 1
  
  Parts per million. "A reduction to 66% [660 parts per million] ought to be enough for anyone."
  my joke = phail
  
  --
  Information theory is life. The rest is just the KL divergence.
39. Re:Impressive by Belial6 · 2011-03-29 08:31 · Score: 1
  
  I'm not sure what definition of "behaviors" you are using, but the definition everyone else uses means that SMTP certainly does have behaviors. SMTP does not identify the sender. It allows the sender to offer up their identity if the so choose. Yes, I am splitting hair by saying that securely identifying the sender isn't the same as just taking their word for it, but that is the crux of the problem.
  
  Stopping spam is a two part problem. The first part is identifying who the mail comes from. Without a secure way of doing that, there is little beyond what we do today that can be done about it. The second part is throwing the spammers into a pit with hungry tigers and poisonous snakes. You can't do part two until you have done part one.
40. Re:Impressive by jdpars · 2011-03-29 08:35 · Score: 2
  
  Have you SEEN email spam lately? It's entirely non-sensical. Anyone who clicks on something in one (assuming it makes it past a spam blocker) is an idiot. Spam might as well be gone.
41. Re:Impressive by Tom · 2011-03-29 09:05 · Score: 1
  
  Hubris
  Users aren't stupid, they just aren't geeks. It is our fucking job to make these machines useable by normal people. If we can't do that, then it's all just ego-stroking and mental masturbation.
  Unless you have done actual research and experiments and have solid evidence to be sure there aren't other causes (bad architecture, bad security design, bad user interface, misleading OS feedback, not to speak of bugs and exploitable faults), "it's the stupid users" is a cop-out, and a cheap one at that.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
42. Re:Impressive by Tom · 2011-03-29 09:16 · Score: 1
  
  It's not an arrogant assumption of computer nerds -- I make security blunders too.
  The problem isn't that. The problem is how easy they are catastrophic. If our cars were designed that way, highways would be slaughterhouses. Sure, there are quite a few deaths every day, month, year - but we feel compelled to improve on safety continually, instead of shrugging, say "dumb drivers" and going on without a change.
  That is what I call arrogance. Even if it was the fault of the driver, maybe you can make an improvement that reduces the likelihood of others making the same mistake?
  
  That probably couldn't be enforced for home computers, so the only answers would be to cripple functionality (would work for a lot of users, actually)
  Actually, I'm all for that. Why not give people locked-down machines for starters, and once they've shown they can handle it, let them have a real one? Most wouldn't even need that last step.
  
  The power users wouldn't be happy, though.
  Who ever said that one size needs to fit all? Apple is on the right track here - most people really want an appliance, not a general-purpose computer. 90% of computer users do probably less than 10 different tasks on their machine. Websurfing, E-Mail, word processing, managing their photo and music library, gaming, and after that there probably are a bunch of specialized tasks and that's it.
  But still, some of us want a full-blown computer. Nobody said that one excludes the other.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
43. Re:Impressive by Tom · 2011-03-29 09:24 · Score: 1
  
  Well, having personally seen spam spewing from an open relay on a linux box, seems like pretty decent evidence.
  
  A single data point does not make a trend.
  
  The Linux and MacOS system that spit out spam now are do not disappear if Windows goes away.
  
  True, but we're talking volume here. Do you really think that 98% of e-mail would be spam if it weren't for the botnets?
  
  Now, do you have any supporting evidence to the contrary? Not guesses, theories, thoughts, I mean evidence.
  Pretty much any statistics you want to dig up show a massive difference between exploited windows machines and any other OS. Even if you adjust for market share. Even if the other OS is leading, as in the case of LAMP vs. windows webservers.
  OS X currently has a market share of - depending who you ask - somewhere between 5% and 15% in the consumer market. The percentage of malware available for OS X compared to the amount available for windows is nowhere even near that share. It's not even in the stadium. The numbers are something like 2 vs. 150,000.
  All the major botnets run on windows exclusively. You would think that at least one of them would've taken another target. The most logical explanation is the botnet makers think rationally - as long as one very easy target is available, breaking into a harder target would be a waste of time.
  But a harder target also means less penetration, even if the easy target were to go away.
  Linux has had its share of exploits. Despite that, no Linux botnet is known. In addition to better security, there is more diversity making it harder for automated exploits to spread. I've actually written a paper on that 10 years or so ago, it's somewhere on my website.
  I've done my research. Now show yours your shut up.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
44. Re:Impressive by gad_zuki! · 2011-03-29 09:47 · Score: 1
  
  Actually, he turned out to be right. I don't think he or MS was claiming to stop all SMTP traffic that you might call spam, but to have filtering technologies that worked well enough where it wasn't a problem for the end user.
  I remember the late 90s and early 00's. Spam was a big issue. You could randomly get 100+ spam emails in an hour. No one had good filters. It was all client-side and big mess. By the mid 00's it was just this thing to worry about when you checked your quarantine and only the occasional message got through instead of 100+ a day. Of course, it wasnt MS that did all the work. Postini, spamassassin, barracuda, various server-side technologies, blacklists, greylisting, etc.
45. Re:Impressive by Dahan · 2011-03-29 10:11 · Score: 1
  
  66% is 66 parts per hundred. 660 parts per million is 660/1000000, or 0.066%.
46. Re:Impressive by DriedClexler · 2011-03-29 10:18 · Score: 1
  
  Bah! I meant to put 660 K (thousand) ppm, thereby completing the similarity to "640 K ought to be ...".
  Double phail.
  
  --
  Information theory is life. The rest is just the KL divergence.
47. Re:Impressive by rastoboy29 · 2011-03-29 11:12 · Score: 1
  
  umm...you do realize it's their crappy OS that allowed the botnet to be so large in the first place, right?
  
  --
  expandfairuse.org
48. Re:Impressive by Belial6 · 2011-03-29 12:18 · Score: 1
  
  A single data point does not make a trend.
  No, it doesn't make a trend. It does show it is possible though, and unless you are claiming that spammers would refuse to spam from anything but Windows, we must come to the conclusion that the spamming would continue on another system. The claim that spammers would refuse to work on other system that meet their needs is an extraordinary claim that would need extraordinary proof.
  
  True, but we're talking volume here. Do you really think that 98% of e-mail would be spam if it weren't for the botnets?
  There would continue to be compromised systems. People install botnet clients all the time. There is nothing in Linux or OSX that prevents users from installing software that sends email, so your making a false assumption that there wouldn't be botnets without Windows.
  
  Botnets are automated Social Networks. Just like social networks, greater membership brings more members which increases membership. You want some research that supports my position? Here is a link for you to read http://web.lemuria.org/
  
  If you will excuse the dead links, the papers that are posted there point out that there are far more vectors than just Windows, and that if all else fails, it is simple enough to just get users to install your botnet software. Go ahead. Read the articles. What is in them might seem familiar to you, even if they contradict what you are saying here on Slashdot.
  
  I've shown you yours, so now come up with something that contradicts me or YOU shut up.
49. Re:Impressive by Kalriath · 2011-03-29 14:20 · Score: 1
  
  I'm inclined to disagree. A botnet really doesn't have to live in kernelspace - userspace is more than good enough to spew out thousands of spam messages an hour. Jest all you like about drive-by downloads and the like, but the majority of botnet software is executed by the user, deliberately because it claims to give them cool smilies in MSN, or a little monkey hiding by the clock (or Jessica Alba). Even Linux, BSD and OS X do nothing to stop that sort of behaviour (and they don't claim to try). If they were popular enough that you could guarantee enough penetration by developing botnets for them, we'd see far more BSD-targeted "cursor packs". The problem isn't the system, it's the user.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
50. Re:Impressive by Quirkz · 2011-03-29 16:24 · Score: 1
  
  I was wondering if that was a 640k joke, but then I thought I was being crazy and didn't want to ask.
  
  --
  The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
51. Re:Impressive by Tom · 2011-03-29 22:47 · Score: 1
  
  It does show it is possible though,
  Wrong discussion. Nobody here claims that all other OSs are perfectly secure and nothing bad could ever happen on them. "Possible" is not what the problem of Spam is even about. "Massive enough to drown everything else" is what the problem is. For that, it has to be more than possible, it has to be so easy that it is economically feasable to root systems on a large scale.
  
  the papers that are posted there point out that there are far more vectors than just Windows
  Yes, I know. However, you ignore the point that in those approaches I was simply assuming the existence of a remote root exploit that would work on the target system. Also, that is not spam botnet research. A spam botnet wants to stay undetected and it wants to stay up and running. That requires a different approach. But of course you know all that.
  Again, this is not a black-white claim I'm making. I don't say spam would stop if windows were to vanish tomorrow. This is an argument about economics. If the effort to build a botnet on Linux or OS X systems is higher than for windows systems, the economies for the botnet creators change. Spam works by massive volumes due to the tiny return percentage. It needs to send out millions of mails to be profitable. If you are a spammer, you can calculate how much spam on average a rooted system sends before it gets taken down. You can calculate how much it costs to root a system. If either of those variables change, your profit calculations change. If windows were to be replaced by something that is twice as hard to crack and twice as likely to detect a break-in, then your costs suddenly increased four-fold. Is your operation still profitable?
  
  --
  Assorted stuff I do sometimes: Lemuria.org
52. Re:Impressive by Belial6 · 2011-03-30 03:26 · Score: 1
  
  "Possible" is not what the problem of Spam is even about. "Massive enough to drown everything else" is what the problem is.
  That is a false dichotomy. If it is possible, and it can make money then someone will do it. Your cost calculations are irrelevant when you factor in the third world, although it is unlikely to become so expensive that it needs to go to the third world. Of course, your own papers point out that remote exploits are totally unnecessary to propagate malware. What you say in this thread directly contradicts the papers you wrote and published on your website.
53. Re:Impressive by Tom · 2011-03-30 09:43 · Score: 1
  
  You've not heard of different angles to a problem, have you? I haven't done a paper about economics of spam so far, so how could I contradict something I haven't said?
  Cost calculations are not irrelevant. The third world is not by default cheaper. Some things are, like manual labor. Many things aren't, and some things are even more expensive. Unless you do a detailed cost analysis, it isn't as simple as "let's move to a cheap country". Heck, even companies that did do cost analysis learnt the hard way that it can be more expensive in a "cheap" country.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
54. Re:Impressive by Belial6 · 2011-03-30 14:08 · Score: 1
  
  Malware will continue to target the weakest link, which will often be the human user. Anti-Malware products have partial success in containing known threats. Both sides have thus far avoided entering a technology arms race, and are instead fighting the easier war of attrition. Security products sell a lot. Malware apparently sells quite good, too.
  
  The third world is not by default cheaper
  This is a straw man. Your right that it isn't always cheaper. When you need infrastructure and they don't have it, it can be more expensive. When you have a company reputation on the line that can be damaged by a few failures, it can be more expensive. When you have to worry about liability for faulty products, it can be more expensive. We are not talking about these kinds of businesses though. You fail at your strawman.
  
  I would have thought that someone who is an expert on social engineering would be better at twisting the discussion. Apparently your skills are not as good as you believe.
55. Re:Impressive by Tom · 2011-03-31 07:04 · Score: 1
  
  We are not talking about these kinds of businesses though. You fail at your strawman.
  
  So the hungry kids in Africa are all computer experts just waiting for someone to come along and give them a few bucks so they can write the next botnet? Yeah, right.
  These botnets aren't run by kids, they are run by organized crime. Last I checked, the mafia didn't relocate to India because it's cheaper there. You have your people, your networks of influence and power, your ties to the local community and law enforcement, your thugs - all stuff that's not so easy to transport and not so easy to set up someplace else.
  
  someone who is an expert on social engineering
  Your claim, not mine. I can connect you to experts in that field if you have business for them, I merely know about it what you pick up when you work in information security for a decade.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
56. Re:Impressive by Belial6 · 2011-04-01 06:22 · Score: 1
  
  So the hungry kids in Africa are all computer experts just waiting for someone to come along and give them a few bucks so they can write the next botnet? Yeah, right.
  Did you really just try to counter me calling you out on your strawman argument by making a strawman argument? Let me reread that just to be sure. Yep. You sure did. You are fully aware that not every kid in Africa would need to be a computer expert for there to be enough computer experts in the country to make the system profitable. I hope you don't lie to your customers as transparently as you lie to readers on Slashdot.
  
  These botnets aren't run by kids, they are run by organized crime. Last I checked, the mafia didn't relocate to India because it's cheaper there. You have your people, your networks of influence and power, your ties to the local community and law enforcement, your thugs - all stuff that's not so easy to transport and not so easy to set up someplace else.
  Now you are trying to tell us that it is difficult to find corruption in Africa? Wow.
  
  Your claim, not mine. I can connect you to experts in that field if you have business for them, I merely know about it what you pick up when you work in information security for a decade.
  Since you post 'facts' about social engineering on your site from seminars that you have given, it is NOT my claim. Unless, of course, you are going to claim that you were totally unqualified to be giving those talks. Quite frankly, given that social engineering is the BIGGEST threat to security, if you cannot claim to be an expert in that part of it, you cannot claim to be an expert in security at all.
Who cares by afidel · 2011-03-29 03:49 · Score: 4, Insightful

The organized criminals who are raking in the money are well protected in their home countries so this is essentially a big game of whack a mole until people better protect their computers (good luck with that).

--
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
1. Re:Who cares by Jahava · 2011-03-29 04:02 · Score: 2
  
  The organized criminals who are raking in the money are well protected in their home countries so this is essentially a big game of whack a mole until people better protect their computers (good luck with that).
  Agreed, kind of. Users can only do so much, especially when zero-days are frequent targets of vulnerabilities and vendors do lazy and irresponsible patching and damage control.
  We need well-enforced international criminal penalties for both the spammers themselves, as well as the corporations that hire them. Remove the monetary incentive and both the motive and means drop significantly. This also reduces the overall incentive to infect others' machines as a nice side effect.
  What would also be interesting is legislation holding a corporation accountable (to an extent) for damages caused by infections that leveraged their products as a vector. I imagine that would light a fire under Adobe's feet to actually patch responsibly.
2. Re:Who cares by _|()|\| · 2011-03-29 04:16 · Score: 5, Informative
  
  this is essentially a big game of whack a mole
  
  The last couple of times a story like this was posted, I went straight to SpamCop's statistics for corroboration. You're right: the touted decrease in spam is real, but temporary. However, the yearly chart does seem to show a downward trend.
3. Re:Who cares by damn_registrars · 2011-03-29 04:19 · Score: 2
  
  so this is essentially a big game of whack a mole until we do something about the economic forces behind spam
  
  There, fixed that for 'ya. No amount of patching and filtering will make spam go away - ever. Spam will continue to be sent out as long as spammers can make money by sending out spam. The only way we can ever end spam for good is to either make it too expensive to send (which would not be palatable for most users) or take serious steps to interfere with the money train that keeps the spammers paid.
  
  Everything else is reactionary, futile, or just a feel-good step (or a combination thereof).
  
  --
  Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
4. Re:Who cares by SlippyToad · 2011-03-29 04:45 · Score: 1
  
  I don't know why we don't start boxing in nations who do not control their spammers and hackers. Telling the USSR, just for an example, to shut down their known, easily-found spamming operations or get blackholed right off the fucking face of the planet would go a long way towards ending this stupidity.
  I'm sure somewhere in the Wikileaks memos someone could find evidence that all of our world leaders are polishing each others' fucking knobs on this issue . . . sometimes I think the world is run by toddlers who've escaped the daycare.
  
  --
  One day I feel I'm ahead of the wheel / the next it's rolling over me / I can get back on / I can get back on
5. Re:Who cares by Belial6 · 2011-03-29 05:41 · Score: 2
  
  It would also destroy the software industy and stagnate it with the few companies that could afford the insurance or were "too large to fail" and making sure that the three companies still producing software didn't do anything new for fear of creating a hole.
6. Re:Who cares by Tom · 2011-03-29 06:59 · Score: 1
  
  Why, then, does my own statistics show a very strong upwards trend? Is the volume getting lower, but it bypasses the filters better?
  Seriously. I have as much spam in my inbox now as I used to do 10 years ago, when it started to piss me off enough that I installed spam filters. Except now there's little more I can do. :-(
  
  --
  Assorted stuff I do sometimes: Lemuria.org
7. Re:Who cares by Tom · 2011-03-29 07:06 · Score: 1
  
  And unfortunately, this will not happen for a very, very long time.
  You see, spam is just the ugly part of some deep beliefs of our culture. Tackling spam means asking questions few people really want to have asked seriously.
  For example: Isn't almost all advertisement unsolicited? I certainly didn't opt-in to any of the billboards I encounter every day on the street.
  Or: Where do we draw the line to unethical business practices, and can we really draw it - in an official, as in on-the-book, way - without declaring half of our major corporations unethical?
  
  --
  Assorted stuff I do sometimes: Lemuria.org
8. Re:Who cares by Tom · 2011-03-29 07:16 · Score: 1
  
  sometimes I think the world is run by toddlers who've escaped the daycare.
  It's worse than that. It's run by people with an adult mind and toddler ethics. I'm not kidding, kids have an early phase in their development where they simply can not fathom the concept that there could be a part of the world that does not revolve around them, and can not be easily classified as threat or source-of-food-and-security - or as one of the famous people with that mindset put it "you're either with us..."
  
  --
  Assorted stuff I do sometimes: Lemuria.org
9. Re:Who cares by blair1q · 2011-03-29 08:17 · Score: 1
  
  How well protected?
  Like, say, if the government advertised their names and addresses, would it be impossible to bribe their nefarious cohorts to impose a little discipline on them?
10. Re:Who cares by afidel · 2011-03-29 08:53 · Score: 1
  
  Yes, that well protected. They are part of well armed organized gangs with protection from local and state police and often the military. The Russian mob makes the guys from Sicily and NYC look like rank amateurs, as do many of the groups in other former eastern block countries. The guys in China could be touched if they pissed off the wrong party boss who wasn't being enough to look the other way.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
11. Re:Who cares by sjames · 2011-03-29 20:23 · Score: 1
  
  It's worse! Toddlers can be taught that cheating and hitting are bad. World leaders are impervious to those lessons.
12. Re:Who cares by eriqk · 2011-03-30 02:28 · Score: 1
  
  Telling the USSR, just for an example, [...]
  I hate to break it to you, but the USSR hasn't been around for about two decades.
Form letter time by DriedClexler · 2011-03-29 03:50 · Score: 5, Funny

This same old "silver bullet" for spam is yet another lame attempt to solve an intractable problem. Here we go...
Your post advocates a:
wait, one third you say??? Holy shit, never mind! Good work!

--
Information theory is life. The rest is just the KL divergence.
This is really good news... by Tigger's+Pet · 2011-03-29 03:53 · Score: 2

Now I can get my spam-bot service up and running with much less competition in the marketplace. Some penis-enlargement companies just don't want to spread their money around.
1. Re:This is really good news... by cobrausn · 2011-03-29 04:24 · Score: 1
  
  Hmmm. Penis Enlargment. Spread. I can't help but feel there is a joke in there somewhere...
  
  --
  How does it feel to be a liar with pants constantly on fire?
2. Re:This is really good news... by blair1q · 2011-03-29 08:19 · Score: 1
  
  No, and now that there's less traffic your operation will be more visible, hence more vulnerable. Hence the PECs will be negotiating to pay you less since the risk of losing your services to interdiction just went up.
3. Re:This is really good news... by Chris+Tucker · 2011-03-29 14:33 · Score: 1
  
  "Taxes: Redeemable only for Warfare, Welfare, and more Taxes. Offer not valid in Puerto Rico." Some dumbass Randroid Teabagger.
  "I enjoy paying taxes. With them I buy civilization."
  Oliver Wendell Holmes.
  
  --
  Guaranteed! This comment 100% Anthrax free!
4. Re:This is really good news... by cobrausn · 2011-03-30 02:49 · Score: 1
  
  You're replying to a sig? What a fucking loser. I'm also pretty sure you're replying with someone elses sig.
  
  Also, you don't know a fucking thing about me and you failed to really get what the sig is saying. I would gladly pay taxes if I felt that it wasn't going to be used to wage pointless wars (this coming from a military vet) and if I got anything out of the socialist programs they institute. Instead, we get American style welfare, where the successful pay and get nothing and those who don't pay shit get everything. You may now return to your mother's basement you fucking liberal binarian twit. I have never actually read any Rand, but considering how it makes fucking idiots like you froth at the mouth I might start quoting her everywhere, even when it's not relevant. Oh, and since we're being retarded here...
  
  Guaranteed! This comment 100% Intelligence free!
  FTFY.
  
  --
  How does it feel to be a liar with pants constantly on fire?
5. Re:This is really good news... by Chris+Tucker · 2011-03-30 04:14 · Score: 1
  
  This. Is. SLASHDOT, Slappy. You drop a sig like that, expect to get called on it.
  I love it when people like you flip out. Shows me that I was dead on target.
  I particularly love the instant resort to obscenities, not to mention the cite of a COMIC STRIP.
  So you're ex-military. So what? I'm to be impressed that you joined the ArmyNavyAirForceMarinesCoastGuard? I'm to be impressed that you became a member of an organization that goes and kills people because some Rear Echelon Mother Fucker in D.C. says so? When CHimp McCokespoon said to overthrow Saddam, did yo leap to your feet and yeah "OOHRAH! GET SOME! GET SOME!"?
  Yeah, ex-military. Big Fucking Whoop! Got both eyes, all your limbs and fingers and no PTSD or TBI? If yes, you're lucky.
  But, I digress.
  What REALLY pisses you off is that your Teabagger quote didn't get the reaction you were expecting.
  You got a response that almost made you think, but your brain, overfed on GOP/Rightwing/conservatarded propaganda couldn't process the Holmes quote.
  "What The Fuck? I can't understand this, so I must hate it and the person that said it!"
  Oliver Wendell Holmes, Jr. . Hate away.
  The successful pay and get nothing.
  400 people in the US have more wealth than 155 million have combined. Let's make that even clearer for you:
  400 people in the U.S. have more money than HALF the population of the U.S. has if all the money in that half were added together.
  And you, Slappy, YOU are part of that group of 155 million Americans. As am I. Pretty much everyone you will see at work, on the street, etc in the next 24/48/72 hours/12 months will be part of that 155 million.
  I hope you have a job that can't (yet) be moved to China.
  Because when it is, give me a call so I can laugh in your face for thinking that you were someone special, when you were just another sucker that got played by the GOP/Koch-financed Teabaggers/Fox News Conservatards.
  Oh, FYI, I live in a very cozy little apartment on the 4th floor of a building in Boston.
  Oh, P.S. When you were in the military, my taxes fed you, clothed you, and equipped you. When you get sick, my taxes pay for your care at a V.A. hospital. When you get old and retire, your Social Security benefits will likely include some of the money from my my taxes. The roads you drive on are paid for by my taxes. The air traffic controllers that keep planes from crashing into each other are paid for with my taxes. The EPA that strives to insure that you have clean water and air. Yep! My taxes help pay for that. They also help pay for the FDA and CDC. Wholesome food and medicines, along with disease prevention.
  You're welcome!
  When you die, your burial in a Veteran's cemetery will be paid for by taxes, as was the cemetery itself, and the care of your grave will be paid for by taxes paid by people much like myself.
  People who pay for civilization.
  
  --
  Guaranteed! This comment 100% Anthrax free!
6. Re:This is really good news... by cobrausn · 2011-03-30 04:29 · Score: 1
  
  Instantly resort to obcenities? The first fucking line of your reply called me a dumbass. I didn't read the rest of your post, as the first couple lines were a pretty good indication of the kind of dumbshit I'm dealing with, and the rest will likely just annoy me and make my day that much worse.
  
  Before I go though, one last troll.
  
  Government "help" to business is just as disastrous as government persecution... the only way a government can be of service to national prosperity is by keeping its hands off. Read more: http://www.brainyquote.com/quotes/authors/a/ayn_rand.html#ixzz1I6JtufZD
  
  --
  How does it feel to be a liar with pants constantly on fire?
7. Re:This is really good news... by Chris+Tucker · 2011-03-30 09:54 · Score: 1
  
  Would you like some cheese with your w(h)ine?
  "
  Government "help" to business is just as disastrous as government persecution... the only way a government can be of service to national prosperity is by keeping its hands off. Read more: http://www.brainyquote.com/quotes/authors/a/ayn_rand.html#ixzz1I6JtufZD "
  Funny, GE seems to be prospering .
  "The company, led by Immelt, earned $14.2 billion in profits in 2010, but it paid not a penny in taxes because the bulk of those profits, some $9 billion, were offshore. In fact, GE got a $3.2 billion tax benefit. "
  Randroid teabagger says what?
  
  --
  Guaranteed! This comment 100% Anthrax free!
Licensed copy of Windows 7 by aaaaaaargh! · 2011-03-29 03:56 · Score: 1

This outcome could have been easily prevented if they had used licensed copies of Windows 7 for their spam net.
Re:Agreed, 110%... apk by Anonymous Coward · 2011-03-29 03:58 · Score: 3, Funny

Don't forget about the spam that contains an /etc/host attachment. Some of them are hundred of megabytes in size.
Typo in article? by RealGrouchy · 2011-03-29 03:59 · Score: 1

FTA (emphasis added):

Shortly after the news of the Rustock botnet takedown broke, Adam Wosotowsky, principal engineer at McAfee Labs told SecurityWeek: âoeWe have seen a decrease in Rustock levels, however it by no means has disappeared. This could be due to the botnet still running on old commands, or that lawsuits against botnet owners and associated hosting are proving successful. We are also expect the reseeding of botnets, such as McColo, as botnet operators rebuild their networks."
How do successful lawsuits against the botnet owners prevent the spam from disappearing?
- RG>

--
Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
1. Re:Typo in article? by wiredmikey · 2011-03-29 05:21 · Score: 1
  
  Not a typo, here is an example of a recent prosecution -- http://www.fbi.gov/news/pressrel/press-releases/fbi-slovenian-and-spanish-police-arrest-mariposa-botnet-creator-operators -- Andy many more are behing hunted down Brian Krebs writes about: http://krebsonsecurity.com/2011/03/microsoft-hunting-rustock-controllers/#more-8707
2. Re:Typo in article? by RealGrouchy · 2011-03-29 05:26 · Score: 1
  
  Yes, but the quote cites recent prosecutions as a reason why the botnets have not reduced output entirely.
  - RG>
  
  --
  Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
I've gotten less spam myself by sandytaru · 2011-03-29 04:11 · Score: 1

Went from 4-5 spam messages a day in gmail to just one today. That is awesome.

--
Occasionally living proof of the Ballmer peak.
Not for long... by damn_registrars · 2011-03-29 04:13 · Score: 4, Insightful

Sure the spam volume dropped, but anyone who thinks this is anything but temporary is either crazy or an idiot. Naturally as soon as one botnet goes down another one ramps up to take its place; this is exactly what the prime motivating factor behind spam - money - will do to the situation.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:Not for long... by creamy_red · 2011-03-29 05:54 · Score: 1
  
  I don't know about you, but the amount of spam I'm receiving is decidedly higher in perhaps the last 2-3 months. Not sure what it is - Gmail used to be really good about catching it.
2. Re:Not for long... by EvilIdler · 2011-03-29 07:13 · Score: 1
  
  My spam volume is pretty much unchanged. I'll get a handful at the weekend (off to SpamCop it goes), and since registering a business some local companies using foreign servers have been sending me one or two unwanted comical e-mails per week. All my spam is either 419-scams or somebody trying to sell me somewhat legal business products these days. The old pharmaceutical spam doesn't even reach my inbox (thanks, Zimbra filters!).
  I do have a very old and easily guessed e-mail account that I don't actually use, and just use to train filters. Whenever I activate it I can enjoy 100-200 new e-mails per day for the filters to chew on. This amount has not changed since the botnet went down, either.
3. Re:Not for long... by blair1q · 2011-03-29 08:21 · Score: 1
  
  Prosecution is the prime demotivator behind reducing crime, so it should be done as loudly and crudely as possible.
Hm. by JustAnotherIdiot · 2011-03-29 04:18 · Score: 1

Who else stopped reading as soon as it said "According to Symantec"?

--
What do I know, I'm just an idiot, right?
Re:Unrootable by TaoPhoenix · 2011-03-29 04:31 · Score: 2

Amiga OS 5!
"Never heard of it? Precisely!"

--
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Wouldn't it be great if the ISPs could play a part by Marrow · 2011-03-29 04:31 · Score: 1

Perhaps by just informing people that their machine may be infected? Perhaps by using another medium like an automated phone call or a note on their bill that says that traffic from their computer conforms to traffic seen by infected computers? Perhaps giving them some stats each month that says: this is how many email were seen to be sent by your Internet connection; hey this is pretty high for a home computer, have you updated your virus scanning?
I do not necessary suggest that they block port 25 or insert means of cutting off users. But the users could be warned/informed of what the network was seeing.
Re:To give it a slightly different twist... by hedwards · 2011-03-29 04:40 · Score: 1

It's a matter of motivation back in the 70s and 80s and through much of the 90s, the number of computer users was small enough that you could do that, but a lot of people that make up the growth aren't motivated to learn, which is why even extremely simple things are beyond their grasp.
MS, Apple and some of the Linux distros aren't helping anybody by discouraging people from experimenting and looking to get better at it.
Re:To give it a slightly different twist... by rgbatduke · 2011-03-29 04:46 · Score: 1

The battle to give humans actual brains? There's an actual battle?

Bear in mind that 1/2 of the world's population has an IQ less than 100. Even allowing for the Flynn effect, what that essentially means is that roughly 2/3 of the world's population isn't going to be able to learn to use complex tools, especially when they have the lazy choice of using simple ones. Either the computer provides the missing intelligence, or the user will have to do without.

In the case of MS's many operating systems post DOS (which required some intelligence to operate) they simply have done without. In the case of Apple's operating systems pre-OSX -- they also did without. Indeed, remember the adage "You can learn to use a Mac in a day, and pay for that knowledge the rest of your life". OSX retained a lot of the brainless simplicity of the GUI, but at least it does have an expert-friendly upwardly mobile path for those whose intelligence is somewhat above the mean.

Either way, one cannot blame users of Microsoft systems for its appalling security. It was insecure by design. I don't know whether or not this still is true -- MS apologists are now asserting that W7 is finally all secure and everything, something that I have little empirical evidence to validate but hey, it COULD be true and if one day I ever try it perhaps I'll find out. You know, when hell freezes over?

rgb

--
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
MS Spam by ruthless+reader · 2011-03-29 04:47 · Score: 1

Kudos MS! Now we can expect e-mails about MS Live, Office and other MS products.
Re:Wouldn't it be great if the ISPs could play a p by characterZer0 · 2011-03-29 04:54 · Score: 1

Does the ISP need to look far enough into the packet to see that it is SMTP traffic, or even that it is TCP?
It could be an option when you sign up though.

--
Go green: turn off your refrigerator.
Awesome... by hesaigo999ca · 2011-03-29 05:01 · Score: 1

Hope that M$ continues this great venture into closing down the infected pcs or whatever they did to stop the spam, they could help the price of internet to go down if all spam ceased, and the ISPs did not have to spend extra for all that filtering....might give us cheaper internet???
1. Re:Awesome... by blair1q · 2011-03-29 08:33 · Score: 1
  
  Maybe we should start a fund to help MS defray the cost of the effort. In case they have trouble paying...for fixing...the problem they...caused...
Can't Fix Stupid by Anonymous Coward · 2011-03-29 05:04 · Score: 3, Informative

Actually, MS is a highly secure OS. It is the users that are not secure. I have hundred of windows servers and been running them for years on the internet. So have many others. They don't turn into zombies. I have had several PC's, all windows none of them zombies. I have a sister who has to have every toolbar she comes across and any free software that tells her the weather or what ever. She turns a PC into a zombie in usually a weeks time. I have a neighbor, running a mac, little old lady. Found hers to be running as a zombie. Have a niece and a nephew that are constantly downloading torrents and things, all their PC's zombies. The more amazing thing, you can tell them they are zombie and explain it to them, they just don't care.
So you really need to put the blame though where it deserves users. While we are at it, I am hoping all the windows user do go buy macs. I will let you have those users all you want.
1. Re:Can't Fix Stupid by rsborg · 2011-03-29 09:51 · Score: 2
  
  Actually, MS is a highly secure OS. It is the users that are not secure.
  Typical blame-the-victim (btw MS is a company, not an OS).
  Years of Microsoft's poor security practices in the service of extraction of greater profits and margins has led to this situation.
  
  I have a neighbor, running a mac, little old lady. Found hers to be running as a zombie.
  
  Let me match your anecdotal evidence with some of mine (equally valuable):
  I have numerous (dozen or more) relatives that have migrated to Mac who prior to the migration would always have some spyware or virus on their Windows system, even a botnet client or two. Post migration, I have yet to hear of any slowdowns, erratic behavior or even systems problems (aside from meatspace issues like wrist pain from computer use, etc). My cousin lost a Mac HD, back in '07 and Time Machine (new back then) didn't save his data.... that's about it.
  The fact that Vista/7 is more secure than XP does little to counteract the habits and ecosystem of malware that exists to exploit people. Everyone I know would rather focus on setting up their backup software and dealing with how best to configure their keyboard than worrying about running MS security essentials (good on MS for that one, btw) or malwarebytes.
  
  --
  Make sure everyone's vote counts: Verified Voting
2. Re:Can't Fix Stupid by Actually,+I+do+RTFA · 2011-03-29 12:12 · Score: 1
  
  have numerous (dozen or more) relatives that have migrated to Mac who prior to the migration would always have some spyware or virus on their Windows system, even a botnet client or two. Post migration, I have yet to hear of any slowdowns, erratic behavior or even systems problems (aside from meatspace issues like wrist pain from computer use, etc)
  See that, even the malware on OS X is better written!
  
  --
  Your ad here. Ask me how!
3. Re:Can't Fix Stupid by mjwx · 2011-03-29 14:22 · Score: 1
  
  The fact that Vista/7 is more secure than XP does little to counteract the habits and ecosystem of malware that exists to exploit people.
  
  You think that Mac's do?
  
  You've proven the GP's point. Bad user habits are the cause of spam, not MS's operating system and I dislike Winblows as much as the next person with half a brain.
  
  However bad Windows is at supporting bad user habits, OS X actively fosters them. The Mac advertising gives people a false sense of security by telling them that they are magically secure. In actual fact the same kind of malware that is so prevalent on Windows systems also exists on OS X, the only difference is that Mac users beleive they are automatically protected by virtue of using a Mac.
  
  The biggest infection vector in malware has never been technical (the OS), it's always been social (the user) and Mac's don't help this. In fact they make it worse.
  
  Here are the six dumbest ideas in computer security,
  Windows and OS X cover major dumbs 1, 2 and 3 as well as minor dumbs 3, 5 and 6.
  OS X on it's own covers minor dumbs 1 and 2 as well as actively working against major dumb 5 (educating users).
  
  Of those dumbest ideas, number 5 (educating users) is the most important because it's the only long term fix. But it's impossible to educate a user who believes they are magically protected. At least the overwhelming majority of Windows users acknowledge that there is a danger.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
4. Re:Can't Fix Stupid by sjames · 2011-03-29 20:17 · Score: 1
  
  Until Microsoft made email and documents executable against the advise of every security expert, the very idea of an email virus was nothing more than an in joke/urban legend. Then, they trained millions of users to click OK without reading or thinking about it. That's not what I would call a good security record.
Ok Apple by Barlo_Mung_42 · 2011-03-29 05:06 · Score: 1

It's your turn to do something useful.
secondary support for the evidence by fifedrum · 2011-03-29 05:11 · Score: 1

I work at a top 20 email provider and can concur that spam levels are down since the November, 2011. We were rejecting 96% at the perimeter back then, today we're rejecting around 73% with the same % making it to the inbox and getting marked as junk. Not a crazy reduction in spam, just a reduction in spam.
1. Re:secondary support for the evidence by rsborg · 2011-03-29 09:54 · Score: 1
  
  I work at a top 20 email provider and can concur that spam levels are down since the November, 2011.
  
  Care to tell me what MSFT and AAPL are trading for in your current time? I'll even be happy with a ballgame score or two.
  
  --
  Make sure everyone's vote counts: Verified Voting
2. Re:secondary support for the evidence by fifedrum · 2011-03-30 05:44 · Score: 1
  
  I'm caught. My son's science fair project tonight is about time travel, interestingly enough. I may as well answer. $12. Each. The Yankees win the world series. Again. It was hell being in the time machine in the rented storage locker for so long, but I slept through most of the waiting and, well, you know, for the rest.
Re:To give it a slightly different twist... by digitig · 2011-03-29 05:32 · Score: 1

MS, Apple and some of the Linux distros aren't helping anybody by discouraging people from experimenting and looking to get better at it.
Yeah, sure, that's why MS give away express editions of Visual Studio for free.

--
Quidnam Latine loqui modo coepi?
I noticed by hduff · 2011-03-29 05:56 · Score: 1

I noticed a drop, but it's back up now with messages telling me how my "business" is an award winner and the usual Nigerian-influenced stuff
Are people really that stupid?

--
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
1. Re:I noticed by Tom · 2011-03-29 07:11 · Score: 1
  
  Yes. As every con-man knows: A sucker is born every minute
  
  --
  Assorted stuff I do sometimes: Lemuria.org
2. Re:I noticed by blair1q · 2011-03-29 08:34 · Score: 1
  
  A sucker is born every minute
  Said the man selling a get-rich-quick-off-suckers scheme...
and they should "throttle" email traffic as well? by dndk82 · 2011-03-29 06:02 · Score: 1

it seems possible, but giving ISP the right to inspect my data doesn't sound safe to me. The prospect won't be good as they can tamper with my data header and later with the data itself. Once they can make one step onto your data, they'll go further.
Eat your words, "Pro-*NIX Troll", vs. these facts by Anonymous Coward · 2011-03-29 06:35 · Score: 1

EAT YOUR WORDS:

"Microsoft's poor record at building a somewhat secure operating system." - by cpghost (719344) on Tuesday March 29, @12:09PM (#35654070) Homepage
See below... & if you're going to talk? Don't do it out your ass!
---
Vulnerability Report: Microsoft Windows 7: (03/29/2011)
http://secunia.com/advisories/product/27467/?task=advisories
Unpatched 10% (6 of 59 Secunia advisories)
AND, of those 6 vulnerabilities, yes... 3 are "remote". HOWEVER, they're in subsystems (like FAX) that aren't installed "by default" (means I don't use it here), or have work-arounds (mhtml bug), OR, are caused/utilized by faulty 3rd party apps (e.g., & of ALL things? Apple stuff triggers one, ITunes another, iirc, etc. but no other apps are KNOWN to - go figure, eh?).
I.E.-> "NO PROBLEMO!"
---
Vulnerability Report: Microsoft Office 2010: (03/28/2011)
http://secunia.com/advisories/product/30529/?task=advisories
Unpatched 0% (0 of 4 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2008: (03/28/2011)
http://secunia.com/advisories/product/21744/
Unpatched 0% (0 of 4 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
http://secunia.com/advisories/product/17543/
Unpatched 0% (0 of 6 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2010:(03/29/2011)
http://secunia.com/advisories/product/30853/?task=advisories
Unpatched 17% (1 of 6 Secunia advisories)
(The single 1 here also, like Windows 7 above, has an EASY work-around, & thus? Again, "NO PROBLEMO"!)
---
Vulnerability Report: Microsoft Internet Explorer 9.x:
(03/29/2011)
http://secunia.com/advisories/product/34591/
Unpatched 0% (0 of 0 Secunia advisories)
---
So, that "all said & aside"?
For a "poor track record", MS has practically INVULNERABLE systems out there in their current stuff (& recent lesser versions also)... & NOT JUST THE OS, but the entire "gamut" of what you need to do business online, today (and, as you can see? QUITE safely!)
I.E.-> They're doing a HELL OF A GOOD JOB on the security front!
APK
P.S.=> So, shall we compare a NIX/Open SORES OS in Linux's "latest/greatest"? Lets, & here goes:
---
Vulnerability Report: Linux Kernel 2.6.x (03/29/2011)
http://secunia.com/advisories/product/2719/?task=advisories
Unpatched 7% (19 of 259 Secunia advisories)
---
LMAO - THAT? That's more than 3x as many as Windows 7 has that are unpatched, & I'd wager there aren't workarounds for them (or as many as MS has shown above)...
Plus?
ROTFLMAO - THAT'S ONLY THE LINUX KERNEL MIND YOU, not the entire 'gamut/array' of what actually comes in a Linux distro that has (such as the attendant GUI, Windows managers, browsers, etc. that ship in distros too that have bugs, and yes, THEY DO) THAT ADDS EVEN MORE BUGS that COMPOUNDS THAT # EVEN MORE!
(It gets even WORSE when you toss on ANDROID (yes, it's a LINUX variant too), because it's being shredded on the security-front lately, unfortunately)
BOTTOM-LINE:
What this all comes down to, is all the "Pro-*NIX propoganda straight outta pravda" practically doesn't stand up very well against concrete, verifia
Re:To give it a slightly different twist... by Anne+Thwacks · 2011-03-29 06:35 · Score: 1

Its a vicious circle: If you are dumb, MS is a pretty good choice. (OpenBSD is not :-)

--
Sent from my ASR33 using ASCII
Not only Microsoft by farhan_quazi · 2011-03-29 06:41 · Score: 1

Its not only Microsoft that participated in this operation. International Secure Systems Lab also associated with this. http://blog.iseclab.org/2011/03/24/the-underground-economy-of-spam-a-botmasters-perspective-of-coordinating-large-scale-spam-campaigns/ And they are continuing further down the road.
Re:I get more by GameboyRMH · 2011-03-29 06:50 · Score: 1

I get between 0 and 2 a day (and maybe one per month slips past the filter).

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
Re:Eat your words, "Pro-*NIX Troll", vs. these fac by IRWolfie- · 2011-03-29 07:01 · Score: 1

all unpatched the Linux vulnerabilities you show are marked non-critical by the adversaries where as some of those from windows are marked critical.
Really?? by Tasha26 · 2011-03-29 07:13 · Score: 1

I got 12 spam in my Inbox this morning and another 5 in the afternoon. Given past levels, that's a spike in my case.
Re:To give it a slightly different twist... by cavreader · 2011-03-29 07:21 · Score: 1

Believe it or not most users just want to USE their computer not dither over the underlying abstract architecture endlessly.
Re:Wouldn't it be great if the ISPs could play a p by blair1q · 2011-03-29 08:32 · Score: 1

I've recently discussed with my ISP the sort of thing they could do to identify packets trying to get into my network (lots of extra blinkenlights on the cable modem, occasional access attempts at the router), and their response was basically that it's illegal for them even to tell me the IP addresses in the incoming or outgoing packet headers.
Yup. They may be routing them, but they're not allowed to log them or even to see them on a screen, and they're certainly not allowed to tell me what they are.
I'm not sure they have a basis for saying that it would be illegal, but they certainly don't want to do the simplest of things to tell me what's going on.
My router logs most access attempts (about 90% of which are IPs allocated to a certain semi-communist meganation in the Far East), but I suspect it's not logging everything and the ones it doesn't log are of course the ones I'm most curious about. So I'm still considering escalating the issue until they prove they're forbidden to do enough inspection to block the offending interlopers entirely.
But it suggests to me that if I asked them to watch my link to see if it ever starts botting, that they'd tell me they aren't allowed to, but not why.
So I guess it's time to front a more sophisticated standalone firewall, maybe get a cable-modem (DOCSIS) analyzer, though that is unlikely to be cheap, unless I can hack up a modem... hmm...
whack-a-bot by solune · 2011-03-29 08:56 · Score: 1

Seems I've seen this story before...'bout once every couple months, on Slashdot, If I'm not mistaken:
http://slashdot.org/index2.pl?fhfilter=botnet
Rather like whack-a-mole, no?
Oh here we go.... by bmo · 2011-03-29 08:58 · Score: 1

>Since then, Bagle, a botnet that wasn't even on MessageLabs' top ten spam-sending botnets at the end of 2010, has taken over from Rustock as the most active spam-sending botnet this year."
Yeah, and guess what?
Bagle runs spectacularly under Wine. As in, it behaves itself quite nicely and you don't notice it until you receive mail in your mailbox that is coming from yourself.
Bagle is truly cross-platform malware.
All it needs to do is attach itself to Gnome's or KDE's startup folder or .bashrc or .login.
Any of these will do the trick, and if you've got Wine installed, your machine instantly becomes a botnet slave.
--
BMO
1. Re:Oh here we go.... by PCM2 · 2011-03-29 09:46 · Score: 1
  
  All it needs to do is attach itself to Gnome's or KDE's startup folder or .bashrc or .login.
  Indeed. From what I've read, Bagle might run under Wine, but only when you run it. Unlike on Windows, it doesn't have any way to make it auto-start after a reboot. To expect a Windows virus to know how to rewrite a .bashrc or .login file on some random version of Linux, which might be running Gnome or might be running KDE, etc., sounds pretty far-fetched.
  
  --
  Breakfast served all day!
2. Re:Oh here we go.... by bmo · 2011-03-29 12:22 · Score: 1
  
  >it doesn't have any way to make it auto-start after a reboot.
  Didn't I just mention 4 different ways to start at login? Once root status is attained, there's another way - add it to the init scripts. It's not as if local privilege escalation doesn't exist.
  >To expect a Windows virus to know how to rewrite a .bashrc or .login file on some random version of Linux, which might be running Gnome or might be running KDE, etc., sounds pretty far-fetched.
  When I ran Bagle, it was smart enough to fetch my address book from Thunderbird and mail me from the list, which is how I found out I had been running Bagel for 10 minutes. Because Wine is smart enough to interpret the Linux file system hierarchy for Bagel.
  When is the last time you checked your .bashrc for odd stuff? The windows idiots keep saying that once Linux becomes popular on the desktop, it'll be just as big a target. While they are wrong in certain respects because the statement ignores security models, it's true in a way. Adding Wine can make you "just another Windows machine."
  I'm ringing an alarm bell here, buddy, and you ain't listening. A lot of people who I tell this to just simply plug their ears and cry out "BUT IT'S A WINDOWS WORM" without ever recognizing that you install a form of Windows on your computer when you install Wine. And a lot of Linux users do, to play games.
  Your complacency is going to be your downfall.
  --
  BMO
3. Re:Oh here we go.... by AnfieldSierra · 2011-03-30 15:20 · Score: 1
  
  OK, so what is the infection vector exactly ? How does it attach to .bashrc or .login ? Did some user save it to the Gnome/KDE startup folder ? You're a moron.
Re:Wouldn't it be great if the ISPs could play a p by Tom · 2011-03-29 09:00 · Score: 1

You don't need to do any packet inspection. A blackhole server, a tarpit, or just the logs on your own mailserver would be enough to identify customers that have a botnet problem.

--
Assorted stuff I do sometimes: Lemuria.org
99.8% improvement for my domain by KeithH · 2011-03-29 09:40 · Score: 1

The spam-hose has abruptly gone limp. The flow petered out from one spam every 4 seconds to one every 30 minutes. My spam dropped from 226000 in the past month to about a dozen per day since these dicks were cut off. I'm impressed and grateful for the 99.8% improvement.
Re:To give it a slightly different twist... by cavreader · 2011-03-29 13:02 · Score: 1

There are a lot of things you can criticize MS about but their development tools have been first rate, not counting SourceSafe of course. I know the pre .NET Visual Basic offends everyone on this site but that one product was responsible for giving a lot of marginal developers a way to grind out apps quickly. What better way to promote their OS then make it as easy as possible for people to develop apps for that OS? Free Visual Studio is just another way to lure developers to their platform.
Re:Here's some research, jackass by Tom · 2011-03-29 23:00 · Score: 1

You make no sense, it's really hard to understand what the heck you're trying to say, but I'll give it a try:

because your 10 yr. old research? It's ANCIENT... today is TODAY,
You must be really young if you think the world changes that quickly. Technical details do. Basic principles don't.

Same with MacOS X once it was more utilized - it became more of a "prime target" because more folks use it now...
That argument has been debunked hundreds of times, get a new one. If prominence were the deciding factor, then all the Linux/Apache webservers would all be rooted while the more obscure windows/IIS servers would all be save. Funny thing is, we don't see that in the real world.

[Android rambling]
I fail to see the relevance of that. This is a discussion about spam, and so far Android systems aren't known as a major source of spam. So either you have data that nobody else has, or you're just dragging in a point that has no relation to the argument for what reason, exactly?

NOBODY USES THEM by comparison to Windows

Yeah, right. That was 10 years ago, today is today and OS X has a market share of 15% in many places of the world, that is considerably more than nobody. Even if you assume a power law, you'd expect about 4% of the botnets to be OS X botnets. Hm, strangely, they aren't.

& malware makers target the SINGLE largest body of users there is

The real world is not instanced. For years, malware has fought over control of rooted PCs, various malware kicking the competition out, etc. - you'd think at least one of them would branch out to a system with less competition. Just one. Strange, doesn't happen. Why? Economics.

why would Apple put out a security hardening guide on their website,
I have no idea what kind of thought processes you have, but they appear confused at the very least. There are similar hardening guides for all variants of windows right on the Microsoft website as well, so your point is what, exactly?
Sorry to say it this honestly, but if there is any point in your drivel that could've been worth my time then it is well hidden in the ghastly grammar and structure.

--
Assorted stuff I do sometimes: Lemuria.org
Well to be fair... by DarthVain · 2011-03-30 02:40 · Score: 1

Well to be fair, probably like 90% of those are pirated versions of Windows XP and as such never got any security updates. Not sure MS is responsible for large number of people around the world ripping off their software and not paying for it...
Just sayin'
Don't worry MS is still evil. Just that these botnets are predominately made up of pirated software to begin with.
Phone It In by jman.org · 2011-03-30 03:58 · Score: 1

Glad this was done, but wondering when IT cops are going to move to the current century.

The authorities went physically to data centers & pulled the plug on suspect servers.

Yes, you'd want to confiscate the offending machines, but why not start by simply updating iptables on the core router(s) serving the DC(s), effectively and simultaneously shutting them off from the outside world?

Timing the takedown would be much better controlled, as it could be scripted and run from a central location. Just set it up and click the "Die Monster Die" icon (or run DMD from your shell) and all the heads of the Hydra get cut at once. Plenty of time for cleanup after you know for sure none of the C&C boxes can shoot out some last-minute instruction before getting shut off.

(Sure, there would be some tug of war on allowing one entity all those logins. That's what ACL's are for. They'd be updated as well after the takedown is complete.)
Re:Quoting you: PUT UP OR SHUT UP! by Tom · 2011-03-30 09:56 · Score: 1

I don't have the mind for this discontinuous drivel. As you wrote those guidelines, you can write better than that, I'm sure your editor wouldn't have accepted a jumbled mess of incomplete sentences. So if you want to make a point, make it in a way that makes sense.

They're a LINUX, Tom... & proof of a "portent of things to come" for Linux, on "things security"...
Fine, so your point really is about Linux and the mentioning of Android is - I don't know, but apparently we can ignore it. So where are the Linux botnets? Oh yes, I forgot, nobody uses Linux. Except almost all of the Fortune 500 companies, the vast majority of web-, mail-, DNS and other Internet servers, tons of WLAN routers and other devices... we don't even have to count in the desktop machines, even if your "nobody" argument were anywhere near the truth regarding that, there are still millions upon millions of Linux servers out there, connected to the Internet 24/7. So where are the Linux botnets? Where are your facts?

--
Assorted stuff I do sometimes: Lemuria.org
Pirated Windows receives security updates. by pH4 · 2011-03-30 10:38 · Score: 1

Not only do all security updates go to all users' systems, but non-genuine Windows systems are able to install service packs, update rollups, and important reliability and application compatibility updates. In addition, the users of non-genuine Windows systems can also upgrade a lot of the other software on their computer. For example Internet Explorer 8 has numerous security- oriented features and improvements, and it is available to all users.
http://windowsteamblog.com/windows/b/windowssecurity/archive/2009/04/27/who-gets-windows-security-updates.aspx
1. Re:Pirated Windows receives security updates. by DarthVain · 2011-03-31 02:08 · Score: 1
  
  Well I ran pirated Windows XP for years (to replace the crap ME that came pre-installed), and never enabled auto updates, nor tried to ever do an update. Your running illegal software and connecting to MS serves for updates? Not if you think MS might disable your OS, or do something about it. Anyway I would bet that MOST do not update their security, and I am not sure it was always this way, and that is a recent development in order to fight spam. I had no idea til just now. I can even recall trying to DL service packs and installing them manually.
  Anyway it got so bad with virus, malware, trojans, adware, etc... that my PC would become unusable. For awhile I would do clean installs and backups every so often, but over time it just became compromised so quickly to make it a pain. In the end I install Linux and used that until I finally bought a new computer, and bought a copy of Vista to use (ya I seem to always buy the OS too soon apparently) which I use today with auto updates.
  Anyway I would bet the majority of pirated XP out there isn't getting updated security patches on a regular basis.
Re:Where's your "10 yr. old security research" by Tom · 2011-03-31 07:07 · Score: 1

I think I'll leave you to your bridge, there's no content in this anymore. Bye.

--
Assorted stuff I do sometimes: Lemuria.org