Requiring stronger passwords works because there are an amazing number of websites that have registration algorithms that prohibit a password of MORE than 8 characters (or one containing special characters). The spambots that use the same password everywhere have to choose one or the other, and the 8-character-and-under-password websites are the low hanging fruit.
It would be nice if ignoring them made them stop. For instance, I will never reply to anything advertised in spam. I report quite a lot of spam, and spammers know it. (I've seen my email address posted in spammer forums on a list of "antis.")
Yet the spammers keep mailing to that same address, and my spam volume keeps growing. I used to think 50 spams a day was a lot. Now I get more than that in an hour, as the spammers try to compete for the attention of the few people who will respond to their messages. Making it hard for them to get noticed only makes them increase the volume.
I believe the article said he spent four years contacting the owners of the forums to try to educate them that they are displaying advertising for stolen credit card data, and that he then tried notifying the hosting services, also with no response. Sounds like he agrees with your stipulation and followed it.
Actually, it wouldn't help to email him to unsubscribe. He's not the one sending you email. He just sets up a vacation message on a spambot's email account. In effect, you're sending yourself email when you autorespond to a spambot with an autoresponder. The best suggestion is the one above, to set up a filter to autodelete any random digilante emails if you don't want them. It's not like he's changing or obfuscating them to outwit your spam filters.
What I'd like to know is whether he can confirm his assertion that once a forum has instituted a strong password requirement -- so even the initial attempt at registration fails -- that forum is removed from Xrumer's preloaded list of forum URLs. If so, the reduction in bandwidth ought to make that a much better strategy than permitting registrations and subsequently deleting/sandboxing the bots.
I think every country in the world has an agency that would be an appropriate choice to take over for Bobbear's role in catologing and publicizing scams. It's called "law enforcement."
Bobbear has done an invaluable service cataloging and publicizing these scams. But these are crimes that take advantage of the interconnectedness of modern banks, and the only way to effectively fight them is through cooperation of banks and law enforcement agencies around the world. They should be baiting these guys -- not to get embarrassing pictures of the scammers, but to gain intelligence on their upcoming thefts. A banking-law enforcement liaison team could set up dummy bank accounts which would sound an early warning as soon as money was transferred in. By alerting a victim's bank immediately, the scam can be aborted and the money returned before the mules' banks opened in the morning.
The scammers recruit mules through spam sent to millions of recipients. It would be an easy thing to flood them with responses, so there are so many responses from undercover investigators that the scammers are unlikely to indentify real mules.
Actually, ThePlanet and SoftLayer are probably pretty good at responding to complaints about pirated content, because the people filing the complaints are doing so on law firm stationery and are prepared to get punitive damages against any firm which fails to take action... The people suffering harm from C&C servers are the people whose computers are infected and the people whose inboxes are full of spam. It's not a single wealthy copyright holder who can justify an expensive legal fight. In general, the victims of botnets are not rich, not powerful, and often not clueful about the internet. And when larger entities -- like ISPs whose servers are clogged with spam sent to their customers -- have tried to use the legal system, they have run into problems with judges who didn't understand the issues.
If you report something to Google, they take action very quickly. It's just a pain to report to them, via web form, one URL at a time.
When they are getting abused by criminals, it takes them a while to fix the ineffective captchas or to scan their docs/blogs for clones of ones that have already been reported a few hundred times. They do eventually get their act together.
They really need a better system for accepting bulk submissions. Currently, they're on top of the Blogspot and Google Docs abuse. But when Microsoft finally gets its act together and boots the spammers off Live Spaces, they'll be giving Google another try. Then we'll be starting all over trying to get the attention of someone with authority to shut down more than one user registration at a time based on the pattern of abuse, without waiting until the spam has already been sent.
Do you get any spam for "My Canadian Pharmacy," "Canadian Health&Care Mall," "International Legal Rx Medication," "Men+ Health," "US Drugs," or "VIP Pharmacy ('Viagra + Cialis')?" Those are all hosted on hijacked Unix servers. They also use other hijacked Unix servers to load their images and host their nameservers. The professionals that monitor those servers can't find the files because they load, execute, and delete commands as called for. The admins don't notice the "tirqd" trojan, whose name looks too much like a process that belongs there.
Oh, and the thousands of domain names for their websites are registered with stolen credit/debit cards, but Visa doesn't see that as any reason not to allow them to have a merchant account to sell their Viagra. (And Visa has been informed; Mastercard apparently thought that was good enough reason to drop the scammers, but you can still use Visa on their sites.)
Americans are pretty ignorant about Russia, too. Most schools don't even offer the choice of studying Russian in secondary school. When Sting wrote a song about nuclear war with the line, "I hope the Russians love their children, too," his point was that most people in the West weren't thinking of Russians as people just like themselves. We were building up nuclear arsenals in the belief that Russians would be willing to start a war if they thought our firepower weren't enough to obliterate the planet when we inevitably retaliated against such an attack. I am sure Russians thought the same about us, all the while we couldn't understand why they didn't like us.
The US needs better relations with Russia. We saw things improving for a while. But Putin seemed to think that former Soviet republics and allies becoming friendly with Western Europe meant that they were turning against Russia.
People in the US were hoping relations with Russia would improve to the point where war between our countries would become inconceivable, just as it is inconceivable we would go to war with UK, a country whose army once looted and burned the White House in Washington.
It would help immensely if Russian citizens and US citizens communicated freely. Our countries are making policies based on what we're imagining people in the other country think, instead of actually listening. But instead, discussion forums in the US are blocking all visitors from Russia due to the number of forum spammers and hackers from those ranges.
There are some Russian internet companies that seem to have made a real commitment to shutting down spammers. Reports about spam for free hosting sites on pochta.ru sites are dealt with very promptly, for instance. We need to make sure their IP ranges are not blocked, so that companies that take their responsibilities seriously aren't held back by criminals on other networks, just because they're in the same country.
And then maybe we can use that to shame some of the US DSL and cable companies to get serious about hijacked hosts on their own networks.:roll:
That's very true, so it is "operations" that you need to shut down. One reason the feds seem so slow to act is they wait to collect information on multiple co-conspirators before they raid. And you can be sure that besides the eleven who were indicted, they have enough information to get wiretap warrants on quite a few more.
"200 Known Spam Operations responsible for 80% of your spam."
And I'd say the bulk of it is from a much shorter list. Looking at one hour of spam recorded by Abuse Butler, the most common 100 domains advertised in spam were
39 different domains for Elite Herbal/Express Herbal/Megadik/VPXL (allegedly spammed by Shane Atkinson) -- and this does not take into account multiple different spams for the same domain, a typical pattern with this spam brand
15 domains that were duplicates of the same domains above, but which had shifted to new hijacked servers and were counted as new domains by Abuse Butler
1 Elite Herbal that was already shut down but was still being spammed
16 Canadian Pharmacy (allegedly spammed by Leo Kuvayev)
5 throwaway domains redirecting to a single domain for Canadian Health&Care Mall (attibuted to a spammer who goes by the alias "Alex Polyakov")
3 Las Vegas Casino
2 Penis Enlarge Patch
2 Exquisite Replica
1 Casino Club VIP
1 Diamond Watches
1 Prestige Replicas
1 US Pharmacy
and the remainder miscellaneous non-branded or non-Roman character spam
By shutting down only three spam operations, you could dramatically reduce spam
As far as whether people who fall for these scams deserve what they get, remember that in the US there are truth in advertising laws. Most people who are new to the internet are surprised to find out that blatant scams can be carried out without the government having any easy way to stop them. And spam filtering can make matters worse: It's easier to see that 500 copies of stock spam aren't real stock recommendations from 500 different stock analysts that just happened to land in your inbox by accident on their way to someone else -- but if only one arrives, you might be fooled.
Slashdot Mirror
Requiring stronger passwords works because there are an amazing number of websites that have registration algorithms that prohibit a password of MORE than 8 characters (or one containing special characters). The spambots that use the same password everywhere have to choose one or the other, and the 8-character-and-under-password websites are the low hanging fruit.
It would be nice if ignoring them made them stop. For instance, I will never reply to anything advertised in spam. I report quite a lot of spam, and spammers know it. (I've seen my email address posted in spammer forums on a list of "antis.")
Yet the spammers keep mailing to that same address, and my spam volume keeps growing. I used to think 50 spams a day was a lot. Now I get more than that in an hour, as the spammers try to compete for the attention of the few people who will respond to their messages. Making it hard for them to get noticed only makes them increase the volume.
I believe the article said he spent four years contacting the owners of the forums to try to educate them that they are displaying advertising for stolen credit card data, and that he then tried notifying the hosting services, also with no response. Sounds like he agrees with your stipulation and followed it.
Actually, it wouldn't help to email him to unsubscribe. He's not the one sending you email. He just sets up a vacation message on a spambot's email account. In effect, you're sending yourself email when you autorespond to a spambot with an autoresponder. The best suggestion is the one above, to set up a filter to autodelete any random digilante emails if you don't want them. It's not like he's changing or obfuscating them to outwit your spam filters. What I'd like to know is whether he can confirm his assertion that once a forum has instituted a strong password requirement -- so even the initial attempt at registration fails -- that forum is removed from Xrumer's preloaded list of forum URLs. If so, the reduction in bandwidth ought to make that a much better strategy than permitting registrations and subsequently deleting/sandboxing the bots.
I think every country in the world has an agency that would be an appropriate choice to take over for Bobbear's role in catologing and publicizing scams. It's called "law enforcement." Bobbear has done an invaluable service cataloging and publicizing these scams. But these are crimes that take advantage of the interconnectedness of modern banks, and the only way to effectively fight them is through cooperation of banks and law enforcement agencies around the world. They should be baiting these guys -- not to get embarrassing pictures of the scammers, but to gain intelligence on their upcoming thefts. A banking-law enforcement liaison team could set up dummy bank accounts which would sound an early warning as soon as money was transferred in. By alerting a victim's bank immediately, the scam can be aborted and the money returned before the mules' banks opened in the morning. The scammers recruit mules through spam sent to millions of recipients. It would be an easy thing to flood them with responses, so there are so many responses from undercover investigators that the scammers are unlikely to indentify real mules.
Actually, ThePlanet and SoftLayer are probably pretty good at responding to complaints about pirated content, because the people filing the complaints are doing so on law firm stationery and are prepared to get punitive damages against any firm which fails to take action... The people suffering harm from C&C servers are the people whose computers are infected and the people whose inboxes are full of spam. It's not a single wealthy copyright holder who can justify an expensive legal fight. In general, the victims of botnets are not rich, not powerful, and often not clueful about the internet. And when larger entities -- like ISPs whose servers are clogged with spam sent to their customers -- have tried to use the legal system, they have run into problems with judges who didn't understand the issues.
If you report something to Google, they take action very quickly. It's just a pain to report to them, via web form, one URL at a time. When they are getting abused by criminals, it takes them a while to fix the ineffective captchas or to scan their docs/blogs for clones of ones that have already been reported a few hundred times. They do eventually get their act together. They really need a better system for accepting bulk submissions. Currently, they're on top of the Blogspot and Google Docs abuse. But when Microsoft finally gets its act together and boots the spammers off Live Spaces, they'll be giving Google another try. Then we'll be starting all over trying to get the attention of someone with authority to shut down more than one user registration at a time based on the pattern of abuse, without waiting until the spam has already been sent.
Do you get any spam for "My Canadian Pharmacy," "Canadian Health&Care Mall," "International Legal Rx Medication," "Men+ Health," "US Drugs," or "VIP Pharmacy ('Viagra + Cialis')?" Those are all hosted on hijacked Unix servers. They also use other hijacked Unix servers to load their images and host their nameservers. The professionals that monitor those servers can't find the files because they load, execute, and delete commands as called for. The admins don't notice the "tirqd" trojan, whose name looks too much like a process that belongs there.
Oh, and the thousands of domain names for their websites are registered with stolen credit/debit cards, but Visa doesn't see that as any reason not to allow them to have a merchant account to sell their Viagra. (And Visa has been informed; Mastercard apparently thought that was good enough reason to drop the scammers, but you can still use Visa on their sites.)
But that's the point -- we don't want two military alliances in the first place. We don't want Russia to be an enemy at all.
Americans are pretty ignorant about Russia, too. Most schools don't even offer the choice of studying Russian in secondary school. When Sting wrote a song about nuclear war with the line, "I hope the Russians love their children, too," his point was that most people in the West weren't thinking of Russians as people just like themselves. We were building up nuclear arsenals in the belief that Russians would be willing to start a war if they thought our firepower weren't enough to obliterate the planet when we inevitably retaliated against such an attack. I am sure Russians thought the same about us, all the while we couldn't understand why they didn't like us.
This is what bothers me about this.
:roll:
The US needs better relations with Russia. We saw things improving for a while. But Putin seemed to think that former Soviet republics and allies becoming friendly with Western Europe meant that they were turning against Russia.
People in the US were hoping relations with Russia would improve to the point where war between our countries would become inconceivable, just as it is inconceivable we would go to war with UK, a country whose army once looted and burned the White House in Washington.
It would help immensely if Russian citizens and US citizens communicated freely. Our countries are making policies based on what we're imagining people in the other country think, instead of actually listening. But instead, discussion forums in the US are blocking all visitors from Russia due to the number of forum spammers and hackers from those ranges.
There are some Russian internet companies that seem to have made a real commitment to shutting down spammers. Reports about spam for free hosting sites on pochta.ru sites are dealt with very promptly, for instance. We need to make sure their IP ranges are not blocked, so that companies that take their responsibilities seriously aren't held back by criminals on other networks, just because they're in the same country.
And then maybe we can use that to shame some of the US DSL and cable companies to get serious about hijacked hosts on their own networks.
That's very true, so it is "operations" that you need to shut down. One reason the feds seem so slow to act is they wait to collect information on multiple co-conspirators before they raid. And you can be sure that besides the eleven who were indicted, they have enough information to get wiretap warrants on quite a few more.
"200 Known Spam Operations responsible for 80% of your spam."
And I'd say the bulk of it is from a much shorter list. Looking at one hour of spam recorded by Abuse Butler, the most common 100 domains advertised in spam were
39 different domains for Elite Herbal/Express Herbal/Megadik/VPXL (allegedly spammed by Shane Atkinson) -- and this does not take into account multiple different spams for the same domain, a typical pattern with this spam brand
15 domains that were duplicates of the same domains above, but which had shifted to new hijacked servers and were counted as new domains by Abuse Butler
1 Elite Herbal that was already shut down but was still being spammed
16 Canadian Pharmacy (allegedly spammed by Leo Kuvayev)
5 throwaway domains redirecting to a single domain for Canadian Health&Care Mall (attibuted to a spammer who goes by the alias "Alex Polyakov")
3 Las Vegas Casino
2 Penis Enlarge Patch
2 Exquisite Replica
1 Casino Club VIP
1 Diamond Watches
1 Prestige Replicas
1 US Pharmacy
and the remainder miscellaneous non-branded or non-Roman character spam
By shutting down only three spam operations, you could dramatically reduce spam
As far as whether people who fall for these scams deserve what they get, remember that in the US there are truth in advertising laws. Most people who are new to the internet are surprised to find out that blatant scams can be carried out without the government having any easy way to stop them. And spam filtering can make matters worse: It's easier to see that 500 copies of stock spam aren't real stock recommendations from 500 different stock analysts that just happened to land in your inbox by accident on their way to someone else -- but if only one arrives, you might be fooled.