Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Gang Behind the World's Largest Spam Botnet

Posted by samzenpus on from the who's-to-blame dept.

tsu doh nimh writes "A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. Brian Krebs uncovers fascinating information about a hacker named 'GeRa' who is supposedly behind the Grum botnet, which is currently sending about one out of every three spam emails worldwide. The story also points to several possible real-identities behind the Internet's largest spam machine."

8 of 58 comments (clear)

  1. Priorities by SJHillman · · Score: 5, Insightful

    MegaUpload: Some people love it, some people hate it. Most of their damage (much of it alleged) is limited to a single industry and affects a tiny percentage of their bottom line

    Global Botnets: Universally hated with very real damage caused in terms of time spent, infrastructure upgrades, spam filtering, etc, plus I'm sure a lot of that spam is also used for phishing and other activities that cause further damage. It affects pretty much every company and individual with any sort of online presence. I don't have any numbers, but I imagine the cost of spam botnets cause damage that's at least an order of magnitude greater than what copyright infringement is even claimed to be (nevermind the smaller amount it actually is).

    But hey, glad we took down the one that also served legal uses.

    1. Re:Priorities by SuricouRaven · · Score: 4, Insightful

      It shouldn't even be that hard. The spam-botnet itsself can't be easily taken down, true - decentralised C&C, that sort of thing - but they are using it for pharmacutical scams. That means the spam is there to promote a website. Remove the website - which must be hosted *somewhere* and the spam ceases to be profitable. Where is the megaupload-style international police operation to shut that down? Instead we have a bunch of vigilantee hackers, hardly an ideal solution.

    2. Re:Priorities by Peter+Simpson · · Score: 4, Insightful

      Yeah. You know, if the CC companies *really* wanted to shut these guys down, it seems like they could do it by identifying the stream of transactions that trace back to one or two payment processors in their network. But there's money involved, so I guess that's not going to happen.

    3. Re:Priorities by KiloByte · · Score: 4, Insightful

      Spammers can use flux hosting for their websites so this part is not easy to target. Accepting payment, though, is something that's trivial to block -- if there was any will to do so.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    4. Re:Priorities by Hentes · · Score: 5, Insightful

      So next time a company will spam in the name of a rival, thus baiting authorities to take it down. Just because they are the ones advertised is no proof that they ordered the advertisement and if they did that they know that it's being achieved by illegal spam.

    5. Re:Priorities by Zocalo · · Score: 5, Insightful

      Chances are the website is also hosted on the botnet, thousands of times over, across possibly as many domains and sub-domains. The spammers can then use Fast Flux DNS to cycle between random selections of hosts every few minutes or so. That means you need to take out the C&C servers to take down the website(s) as well, and even then there's no reason that the bots could not keep on operating in autopilot while the operators try to regain control.

      Realistically, there is only one way to stop spam and that's to disrupt the money flow between the people that buy products from spam and the spammers to such an extent that it is no longer profitable. That's certainly not going to be easy, but for all its faults SOPA would have provided some of the necessary muscle needed to force Mastercard and Visa to try and prevent payments to known spam operators through its provisions to block financial flow to such sites (it's potential use for preventing sales of fake Viagra is why Pfizer is on the SOPA supporter's list). Another avenue of attack is blacklisting banks that can be shown to be processing spam related payments, especially since research has shown that there may only be a handful of banks prepared to deal with spammers in the first place.

      --
      UNIX? They're not even circumcised! Savages!
    6. Re:Priorities by Splodgey · · Score: 4, Funny

      Destroying this botnet could have detrimental effects on men with tiny penises worldwide!

      --
      Sigs are for losers....oh wait...damnit
  2. 80k sales and $6m in revenue by Cid+Highwind · · Score: 5, Insightful

    Over a 3-year period, GeRa’s advertisements and those of his referrals resulted in at least 80,000 sales of knockoff pharmaceuticals, brought SpamIt revenues of in excess of $6 million, and earned him and his pals more than $2.7 million.

    ...and that's why we will never be rid of spam: because at least 80,000 people are dumb enough to buy boner pills over the internet from someone who spammed their inbox with poorly-spelled sales pitches.

    --
    0 1 - just my two bits