Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Massive Botnet Returns From the Dead To Spam On

timothy posted more than 5 years ago | from the late-entry-for-hallowe'en dept.

Spam 205

CWmike writes "Gregg Keizer reports that the big spam-spewing Srizbi botnet, shut down two weeks ago when McColo was shuttered, has been resurrected and is again under the control of criminals, security researchers said today. As of late Tuesday, infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia, said Fengmin Gong, chief security content officer at FireEye. The comeback confirms what researchers noted last week, that Srizbi had a fallback strategy. So, in the end, that strategy paid off for the criminals who control the botnet."

cancel ×

205 comments

Sorry! There are no comments related to the filter you selected.

Zombies!!!!! (5, Funny)

syousef (465911) | more than 5 years ago | (#25902667)

Argh! Zombies!!!!! They're bound to be after brains! Well they'll find none here! Take that you evil zombies.

Hello fudge packers! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25902751)

Any news on the next release of Linux? I'm hoping that it will fix some of the random crashes :)

Re:Random crashes (2, Funny)

RiotingPacifist (1228016) | more than 5 years ago | (#25902823)

They're not random dammit! they always occur where the real part is a half, well the non-trivial crashes anyway.

Re:Hello fudge packers! (1)

X0563511 (793323) | more than 5 years ago | (#25903193)

The random crashes will occur until you install Linux. You see, Linux is the fix for the random crashing!

</tongue-in-cheek>

Re:Hello fudge packers! (1, Funny)

Anonymous Coward | more than 5 years ago | (#25903505)

do zombies cause a panic in linux?

hehe

Re:Zombies!!!!! (2, Funny)

tankadin (1175113) | more than 5 years ago | (#25903201)

(Evil Overlord laugh)

I'm from Estonia!

All your zombies are belong to us!

As Ash said in the Army of Darkness flick... (1)

Lead Butthead (321013) | more than 5 years ago | (#25903813)

"It took Linda('s e-mail box.) Then it came after (my e-mail box,) it got into my (windows box) and it (turned zombie,) so (we got McColo shutted down.) But that didn't stop it, it came back big time."

Further Proof (5, Insightful)

MaxwellEdison (1368785) | more than 5 years ago | (#25902677)

Further proof that crime doesn't pay. Unless you have a reliable business plan, of course.

Re:Further Proof (1, Funny)

internerdj (1319281) | more than 5 years ago | (#25902837)

Tell that to the RIAA.

Re:Further Proof (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25902855)

ah but if you can figure out the alg it uses to get domain names....

The next time they are knocked out you can get a list of machines that are infected. Set up an agreement with the ISP and say 'if you give me the people who have their machines infected (btw here is a list) I will split the profit with you of every copy of mcafee or norton or whatever we sell to these customers.

Letter from the ISP with a 20 dollar of coupon for a virus scaner. 'Your computer was recently infected (see attached log)' We recommend that you purchase some software to fix this issue. We recommend software X and here is a coupon for it. Hell some ISPs even give away the software...

It will not fix the problem but there is money to be made fixing it...

Re:Further Proof (4, Insightful)

damn_registrars (1103043) | more than 5 years ago | (#25903009)

the alg it uses to get domain names

Why would botnet harvesting be done by domain name anyways? Wouldn't it be easier to collect systems by just running through accessible IP addresses?

And if the botnets are doing double duty by both propagating spam and attempting to hack into systems via ssh, I can tell you from my IP logs at home that most systems in the botnets aren't behind any particular domains.

On top of that, how many languages would you want to sell antivirus software in?

Re:Further Proof (5, Insightful)

julian67 (1022593) | more than 5 years ago | (#25903459)

Actually there isn't money to be made this way because all those unhappy customers demanding refunds will be expensive. The idea that you can clean an infected Windows PC by installing product A or B or C is mistaken. The whole idea that security is a boxed product or is available by clicking an .exe/.msi installer is bogus. Assuming that the malware on these infected computers is even known to the AV companies (and that's no longer a reasonable assumption in most cases) then the only way to actually remove it effectively is by running the AV tools from read only media, i.e. a live CD. Well designed malware will simply disallow the installation/use/updating of common AV software. The malware authors are streets ahead of the "security" vendors. The AV products installed on a clean machine can't even prevent many of these problems let alone cure them. Most Windows users would be better advised to save their pennies and re-install from original media, always be patched and up to date (applications as well as OS), run as unprivileged user with strong passwords on all accounts and browse only with Firefox + privoxy + noscript + adblock. That isn't perfect but it's zero financial cost and way more effective than anything Symantec, McAfee etc can offer. Unfortunately running Windows with an unprivileged account is as convenient as toothache.

Re:Further Proof (5, Informative)

jargon82 (996613) | more than 5 years ago | (#25903553)

I've been running my windows XP laptop as non-admin for over 2 years. It's not as bad as you say. Two things keep me going. Superior SU, found here: http://www.stefan-kuhr.de/supsu/main.php3 [stefan-kuhr.de] and make me admin, found here: http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx [msdn.com] . Between the two, running non-admin is quite comfortable with a bit of practice.

Re:Further Proof (5, Funny)

Lobster Quadrille (965591) | more than 5 years ago | (#25903099)

It's nice to see that somebody's IT department has the funding and expertise to implement a backup plan.

It gives me hope.

Re:Further Proof (1)

Windows_NT (1353809) | more than 5 years ago | (#25903379)

Well im glad they got it running ... For a while i thought they might need to get in on the Government bailout package.
On another note, im suprised some l337 doesnt get pissed about it and hack that computer. If i knew how to .. i would.. Id hack that SOB and but a big picture of my ass as his background ...
"Mess wit the best, and get corn-holed!"

Going back in time ... (5, Interesting)

Anonymous Coward | more than 5 years ago | (#25902707)

"the big spam-spewing Srizbi botnet, shut down two weeks ago when McColo was shuttered, has been resurrected and is again under the control of criminals"

I'd love to go back in the '50s, find one of those future drawing artists, show him that head news, and ask him to draw what he think that means in the year 2008.

Hilarity ensue.

Re:Going back in time ... (5, Funny)

DahGhostfacedFiddlah (470393) | more than 5 years ago | (#25902851)

Never fails - I never have mod points when I see posts worthy of them.

Re:Going back in time ... (5, Funny)

Reality Master 101 (179095) | more than 5 years ago | (#25903215)

I don't know what he'd draw, but I know it'd be covered in chrome. :)

Re:Going back in time ... (5, Funny)

denis-The-menace (471988) | more than 5 years ago | (#25903277)

I guess it would a giant, dilapidated 50's-style robot vomiting a stream of cans of spams to crowds of innocent people.

Re:Going back in time ... (1)

jollyreaper (513215) | more than 5 years ago | (#25903339)

"the big spam-spewing Srizbi botnet, shut down two weeks ago when McColo was shuttered, has been resurrected and is again under the control of criminals"

I'd love to go back in the '50s, find one of those future drawing artists, show him that head news, and ask him to draw what he think that means in the year 2008.

Hell, just go back to the 60's and hand it to Mr. Crumb. I'm sure it would be filthy and funny by turns.

Re:Going back in time ... (1)

MaxwellEdison (1368785) | more than 5 years ago | (#25903437)

Heck, just send it in to Exploding Dog [explodingdog.com] . I can't foresee any interpretation which would not range from surreal to hillarious.

They stopped them once. (5, Insightful)

Finallyjoined!!! (1158431) | more than 5 years ago | (#25902709)

Now do it again. Rinse, repeat, until there's nowhere left for them to host the "command and control" servers.

The sooner the better. My good:spam ratio is almost 5:95 at the moment :-(

Re:They stopped them once. (5, Funny)

snowraver1 (1052510) | more than 5 years ago | (#25902861)

If by 5:95 you mean 1:19. Didn't your math teacher teach you to reduce your fractions/ratios?

Re:They stopped them once. (1)

Spaham (634471) | more than 5 years ago | (#25902929)

why get less when you can get more ?
(no, don't reply :))

Re:They stopped them once. (3, Interesting)

armanox (826486) | more than 5 years ago | (#25902983)

Actually mine told me not to reduce, as it helps to see where they came from.

Re:They stopped them once. (1, Funny)

Anonymous Coward | more than 5 years ago | (#25903069)

Your math teacher was a hamster and your history teacher smelled of elderberries.

Re:They stopped them once. (1)

X0563511 (793323) | more than 5 years ago | (#25903209)

My brain refuses to simplify, reduce, or factor. I don't know why, nothing else really gives me the trouble.

1:19 (1)

jDeepbeep (913892) | more than 5 years ago | (#25903517)

you mean 1:19

I detect a conspiracy here. I know you are really just typing 911 in reverse.

Re:They stopped them once. (3, Interesting)

smitty_one_each (243267) | more than 5 years ago | (#25903227)

Will switching to IPv6 make the bot nets more transparent to those trying to defend the intertubes?
If that were true, then that might be a good argument to upgrade...

What intriques me... (5, Insightful)

powerslave12r (1389937) | more than 5 years ago | (#25902727)

..most is how efficiently the bad guys always work. Its just astounding.

Re:What intriques me... (5, Funny)

Yvan256 (722131) | more than 5 years ago | (#25902799)

Well of course. With no worker unions, government bureaucracy or international laws to get in the way, they have it easier than your average law-abiding citizens and companies.

Re:What intriques me... (0)

Anonymous Coward | more than 5 years ago | (#25902889)

Except your bonus usually comes from that bulge in Guido's pants, and I don't necessarily mean the gun.

Not really. (4, Informative)

khasim (1285) | more than 5 years ago | (#25902915)

They also have to deal with various groups trying to stop them. As in TFA:

"We have registered a couple hundred domains," Gong said, "but we made the decision that we cannot afford to spend so much money to keep registering so many [domain] names."

So the spammers had to have thought about and planned for such a contingency.

And still bring in enough money to pay for the connections they'll be using to control the zombies.

The updated Srizbi includes hard-coded references to the Estonian command-and-control servers, but Gong was unaware of any current attempt to convince the firm now hosting those servers to yank them off the Web.

So while attempting to register the domain names, work was going on to update the zombie software.

The question now is how to get those hard-coded references to the various ISP's in the world so that they can block traffic to/from them and stop the zombies from updating again.

Why isn't information such as that ever included in these articles?

Excuses (0)

Anonymous Coward | more than 5 years ago | (#25903115)

No, they have it much harder than law-abiding companies. They can't blame all their problems on worker unions, government bureaucracy or international laws, which means that they have to actually be efficient rather than litigate their way into profitability.

Re:What intriques me... (0)

Anonymous Coward | more than 5 years ago | (#25903307)

You also left out no sense of shame or ethics.

Re:What intriques me... (5, Insightful)

Marc Desrochers (606563) | more than 5 years ago | (#25902877)

No red tape, no bureaucratic processes, no politics, no concern about being polite and correct about everything. Also, no customer support. It's a wonder what you can accomplish by not giving a shit who you inconvenience. Just get the job done well enough that it works.

Re:What intriques me... (2, Insightful)

owlnation (858981) | more than 5 years ago | (#25903183)

Also, no customer support. It's a wonder what you can accomplish by not giving a shit who you inconvenience. Just get the job done well enough that it works.

You mean, "by not even trying to appear as though you give a shit about who you inconvenience".

If you've tried to contact Customer Support of any corporation (especially any outsourced CS) you know that that company really only pays lip service to the concept. Most corporations only provide just enough CS to be able to show that (massaged) stats reveal 80% customer satisfaction. There is almost never any genuine attempt to actually support customers.

Most corporations would be as well to just stop providing any customer support whatsoever, there would be little net difference in most cases.

I think the lack of bureaucracy is probably the key factor in the success of the black economy. Anyone who has worked in a corporation knows how many hoops you have to jump through to get anything meaningful done at any level in the organization. It's often best forgetting about anything that's not groundbreaking.

That, and the fact that the bottom feeders in the foodchain who fail to cover their asses often don't get a warning on their permanent record so much as a bullet in the brain.

Re:What intriques me... (1)

Brigadier (12956) | more than 5 years ago | (#25902945)

no face of the mob perhaps,,,,

Sample bias (2, Insightful)

DahGhostfacedFiddlah (470393) | more than 5 years ago | (#25903007)

how efficiently the bad guys always work.

Not really - we only ever hear about the efficient ones here. Head on over to Fark [fark.com] (or even Youtube:) to get some examples of bad guys working....inefficiently.

Re:What intriques me... (0)

Anonymous Coward | more than 5 years ago | (#25903023)

Different command structure. Our governments are still basically working on the aristocratic model, with a confusing, extremely inefficient layer of semi-democracy smeared on top. The criminals work on a completely different combination: half authoritarianism, half meritocracy.

If we want to do them one better, we'd have to open source [metagovernment.org] our government structures.

Re:What intriques me... (0)

Anonymous Coward | more than 5 years ago | (#25903657)

No. What is astounding is how inefficiently the corporate model always works.

Most places I have worked still based on the '5os schemes, make me think of Jack Lemmon. One wonders how they get their sheets ever in the positive.. .. and what is that so boring to the 'bad guys' to push them be so creative elsewhere ..

Thats strange... (5, Funny)

pillowcase1 (878575) | more than 5 years ago | (#25902729)

I know it's off topic, but my machine was running great for a couple weeks... now its all slow again.

Re:Thats strange... (1)

NinthAgendaDotCom (1401899) | more than 5 years ago | (#25903821)

You jest, but I did notice a huge drop in my spam levels on my Gmail account. Went from avg of 2500 spam/month to 1400 spam/month over the last couple weeks.

We don't need no stinking backups... (5, Insightful)

Anonymous Monkey (795756) | more than 5 years ago | (#25902737)

I have worked in more than a few offices that have no backup plans for when things go wrong; power outs, network outages, supply chain disruptions, and the like would stop work cold. I find it amusing that a band of criminals are running a more flexible and 'professional' operation than many ligament businesses.

Businesses (1)

140Mandak262Jamuna (970587) | more than 5 years ago | (#25902807)

There are more legitimate businesses than the ones selling snake oil to cure body aches, pains and ligament sprains. Why pick on them, poor sods.

Re:We don't need no stinking backups... (2, Funny)

Anonymous Coward | more than 5 years ago | (#25902809)

I have worked in more than a few offices that have no backup plans for when things go wrong; power outs, network outages, supply chain disruptions, and the like would stop work cold. I find it amusing that a band of criminals are running a more flexible and 'professional' operation than many ligament businesses.

And here I've been wasting my time trying to set up an organ chop shop in Hong Kong!

Re:We don't need no stinking backups... (1)

oerlikon (198562) | more than 5 years ago | (#25902859)

Yeah, you never know when one of those silly ligament businesses might be subject to a "tendon take down" and go offline.

Re:We don't need no stinking backups... (3, Funny)

Anonymous Monkey (795756) | more than 5 years ago | (#25902897)

AAHHAAAHH!!! My ham string!!! Make the burning stop!!!

Re:We don't need no stinking backups... (2, Funny)

syncmaster955 (1263542) | more than 5 years ago | (#25903089)

AAHHAAAHH!!! My ham string!!! Make the burning stop!!!

Did you mean: Spam string?

Re:We don't need no stinking backups... (1)

Explodicle (818405) | more than 5 years ago | (#25902887)

...a band of criminals are running a more flexible and 'professional' operation than many ligament businesses.

Damn double-jointed criminals!

Re:We don't need no stinking backups... (1)

Culture20 (968837) | more than 5 years ago | (#25902975)

Except these guys didn't have a good backup plan. They had to get Spanish Telesoniara(sp?) to bring McColo's link back up and transfer Terabytes of data to .ru domains. Of course, I bet they do have a good backup plan now.

Re:We don't need no stinking backups... (3, Interesting)

mikael_j (106439) | more than 5 years ago | (#25903271)

Swedish TeliaSonera and it wasn't done directly, they purchased the link through a third party and made sure it was activated just as the weekend started (probably hoping that no one would shut it down before the weekend was over).

/Mikael

Re:We don't need no stinking backups... (0)

Anonymous Coward | more than 5 years ago | (#25903143)

Well, the ligament industry is very unpredictable.

Re:We don't need no stinking backups... (1)

umghhh (965931) | more than 5 years ago | (#25903769)

to all that has been said about how efficient they work and how they do not have to deal with bureaucracy etc one must add motivation. They are motivated by direct profit and by the fact that if they screw up they are possibly in big trouble and I do not mean lack of bonus at the end of the year.
 

Real terrorists (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#25902741)

Forget about Bin Laden, we need to kill these guys.

Re:Real terrorists (0)

Anonymous Coward | more than 5 years ago | (#25902937)

Are you saying this botnet is a CIA asset?

Aim for the head ... (0)

Anonymous Coward | more than 5 years ago | (#25902773)

Works for zombies.

Or maybe a hydra is a better analogy. Cut the head off AND burn it -- cut off the sites that are hosting them and find the people responsible. Either charge them or get them booted from the ISPs hosting them once they violate the terms of service. There has to be some kind of paper/money trail to follow if they've shut down operations at one site and redeployed at another.

"The updated Srizbi includes hard-coded references to the Estonian command-and-control servers, but Gong was unaware of any current attempt to convince the firm now hosting those servers to yank them off the Web."

Why not?

Re:Aim for the head ... (1)

Marc Desrochers (606563) | more than 5 years ago | (#25902903)

Probably because "Shut me down and your family is dead"

This is organized crime after all.

Re:Aim for the head ... (4, Funny)

sexconker (1179573) | more than 5 years ago | (#25903079)

You don't have much experience battling hydras, do you?

Re:Aim for the head ... (1)

powerlord (28156) | more than 5 years ago | (#25903583)

You don't have much experience battling hydras, do you?

No, but I hear a wall of Fire can be helpful.

Target in sights (0, Troll)

Shotgun (30919) | more than 5 years ago | (#25902777)

So, the researchers know where the CnC is originating from. Chase the rats down their holes with flamethrowers. Expose the subnets and let us DDoS them till the service providers cry uncle.

Yes, it will probably take Estonia offline for a while, but eventually providers will get the clue that taking in criminals and scufflaws as clients is not profitable.

...well quite obviously... (1)

thekm (622569) | more than 5 years ago | (#25902797)

...they had a BotNet-Buster-Buster (tm)(c)

Re:...well quite obviously... (0)

Anonymous Coward | more than 5 years ago | (#25902883)

What they don't know, is that we have a Botnet-Buster-Buster-Bustah!

A McColo with Fries (5, Funny)

INeededALogin (771371) | more than 5 years ago | (#25902827)

... and a Coke

Some Idiots (4, Insightful)

Nom du Keyboard (633989) | more than 5 years ago | (#25902849)

Is this because some idiot(s) let McColo get back online for a number of hours, or was that fallback already in place before the McColo initial shut down? These major ISP backbone providers reall need to be talking to each other when they blacklist a site so that one rogue provider doesn't undermine the good efforts of all the rest.

Re:Some Idiots (3, Informative)

Detritus (11846) | more than 5 years ago | (#25902919)

This was because they good guys stopped registering the dynamically generated domain names used by the botnet, allowing the bad guys to register some domain names and regain control.

Re:Some Idiots (3, Insightful)

damn_registrars (1103043) | more than 5 years ago | (#25902941)

Is this because some idiot(s) let McColo get back online for a number of hours, or was that fallback already in place before the McColo initial shut down?

I would be inclined to believe it to be more of the latter than the former. Why wouldn't the authors of the botnet software want to write something in to allow for the creation of a new botnet control system? These guys aren't idiots, as much as we might like to wish they were. They know that it takes time to amass a botnet, so I would expect they included some way to bring back the botnet, should they get caught somewhere.

need to be talking to each other when they blacklist a site

I might be missing something here, but I rather doubt that botnet control comes down to a specific site anywhere. Didn't they just say that the botnet is now controlled from a different country than before? I'm not sure that any amount of activities from major ISP's would be able to be both tolerable to users and capable of restricting the botnets.

Re:Some Idiots (1)

Dunbal (464142) | more than 5 years ago | (#25903003)

one rogue provider doesn't undermine the good efforts of all the rest.

      This sort of resilience was the whole point of the internet anyway. Of course, it was never supposed to be used for "Evil" (tm).

Re:Some Idiots (1)

gmuslera (3436) | more than 5 years ago | (#25903237)

In fact, are good news. Now the people behind McColo could be judged as at least responsible in part of Srizbi botnet, and that could be read as hacking into millons of PCs. With a bit of luck by the time they get out of jail the sun will be red.

OK now... (4, Insightful)

damn_registrars (1103043) | more than 5 years ago | (#25902857)

Anyone who is surprised by this, raise your hand. If someone was able to write the requisite application to gather the botnet, one would expect the same programmer to have the foresight to write in a way to re-gather and restart the botnet at a later point in time.

They missed the chance (3, Insightful)

confused one (671304) | more than 5 years ago | (#25902869)

While the command and control was down, they missed the chance to take out the bots too.

Brains? (-1, Flamebait)

Detritus (11846) | more than 5 years ago | (#25902873)

Reprogram the botnet to ddos and spam putin@kremvax.ru. See how they like a little of their own medicine.

Wish my employer took catastrophe planning this (1)

mkcmkc (197982) | more than 5 years ago | (#25902987)

seriously... :-(

fallback strategy (-1, Offtopic)

pak9rabid (1011935) | more than 5 years ago | (#25902997)

The comeback confirms what researchers noted last week, that Srizbi had a fallback strategy. So, in the end, that strategy paid off for the criminals who control the botnet."

Now if only Bush had a fallback strategy, we wouldn't be dealing with the mess that is current-day Iraq..

Re:fallback strategy (2, Funny)

maxume (22995) | more than 5 years ago | (#25903081)

Nice troll.

I think it might be more accurate to say if only they had a strategy.

Re:fallback strategy (1)

LandDolphin (1202876) | more than 5 years ago | (#25903343)

I am sure de does, much like the criminals who control the botnet had a fallback strategy to help them, not the public.

Soft on terrorism (4, Informative)

Animats (122034) | more than 5 years ago | (#25903085)

So where are the US antiterrorism people? This is an attack on US assets by foreign nationals. We have a whole Department of Homeland Security. They had a good computer security guy in charge of dealing with such attacks, Amit Yoran, and he quit in 2004 [computerworld.com] , fed up because DHS didn't really want to deal with real problems. His replacement was a career lobbyist [dhs.gov] . Really. "He served as Director of 3Com Corporation's Government Relations Office in Washington, DC where he was responsible for all aspects of the company's strategic public policy formulation and advocacy." That's America's first line of defense against cyberterrorism.

The FBI has an antiterrorism operation. What are they doing? What they say they're doing is working to "strengthen and support our top operational priorities: counterterrorism, counterintelligence, cyber, and major criminal programs." [fbi.gov] What they're actually doing is flying around the FBI director in the private jet purchased with antiterrorism funds. [wordpress.com]

FBI testimony before Congress, 2001 [fbi.gov] : "The FBI believes cyber-terrorism, the use of cyber-tools to shut down, degrade, or deny critical national infrastructures, such as energy, transportation, communications, or government services, for the purpose of coercing or intimidating a government or civilian population, is clearly an emerging threat for which its must develop prevention, deterrence, and response capabilities."

FBI testimony before Congress, 2004 [fbi.gov] : " In the event of a cyberterrorist attack, the FBI will conduct an intense post-incident investigation to determine the source including the motive and purpose of the attack."

So where's the action?

Heads need to roll at DHS and the FBI.

Re:Soft on terrorism (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#25903213)

stop being a troll. it's stale.

Please grow up and join the real world (0, Redundant)

janrinok (846318) | more than 5 years ago | (#25903549)

This is an attack on US assets by foreign nationals.

You are receiving spam not nuclear weapons, you idiot. It's not terrorism. What are you being terrorised to do? For goodness sake, get a sense of perspective! It is an annoyance, but it is hardly posing a threat to your national security. If it is causing you that much of a problem then unplug your computer from the socket in the wall.

I'm not saying that there isn't a cost involved - there is. But what sort of action are you suggesting should be taken? A military invasion? Undercover assassinations of anyone you think might be involved in spamming? Or simply killing all those whose machines are infected? And if you think that any of those is acceptable then you surely won't have any objection if/when other nations start behaving that way in your country, will you? I know where most of my spam originates.

Re:Please grow up and join the real world (2, Interesting)

Animats (122034) | more than 5 years ago | (#25903787)

You are receiving spam not nuclear weapons, you idiot. It's not terrorism.

Tens of millions of American computers are under the direct control of hostile foreign interests. At any moment, they can be ordered to do anything by those interests, including erasing files, sending financial information, or attacking infrastructure sites. That's a much bigger threat than some guys mouthing off in a bar in Miami about blowing up some building [cnn.com] , which got the FBI's full attention.

"my pen^H^H^H spam folder is bigger!" thread (1)

ed.mps (1015669) | more than 5 years ago | (#25903139)

I always had ~1200 mails in my gmail spam folder (ie: spam received in the last 30 days)

(until today, at least,) it has been shrinking in the last two weeks, and has (atm) 950 mail... I'll let the party begin again, and see if this number goes up again.

Re:"my pen^H^H^H spam folder is bigger!" thread (1)

u38cg (607297) | more than 5 years ago | (#25903655)

I've had a similar experience. I moved to gmail for the legendary spam handling when I crossed the 2000/month barrier; I peaked at 3500 and now I'm under 500 per month. Someone is doing something right. Interestingly, I has actually gone up over the last few weeks, not down.

Re:"my pen^H^H^H spam folder is bigger!" thread (1)

mrand (147739) | more than 5 years ago | (#25903723)

I always had ~1200 mails in my gmail spam folder (ie: spam received in the last 30 days)

(until today, at least,) it has been shrinking in the last two weeks, and has (atm) 950 mail... I'll let the party begin again, and see if this number goes up again.

Write back when it has over 8100 in it (since Sun, Oct 19, 2008). The price of having the same email address for over 12 years: average of roughly 9 messages per hour that land in the spam folder. Short term average (just today) is about the same... 9 to 10 per hour.

If we would have somehow guessed the onslaught of junk email we'd have to endure back then, mailing lists and the like would have been set up differently back then.

      Marc

Disaster Recovery (1)

centron (61482) | more than 5 years ago | (#25903161)

Once again we have proof of the value of a disaster recovery plan.

I would have thought a money mill like that would use an Active/Active failover rather than a cold standby site, but I suppose they have to consider risks versus costs like anybody.

Lost opportunity (1)

yenne (1366903) | more than 5 years ago | (#25903309)

From TFA:

According to Gong, when Srizbi bots were unable to connect with the command-and-control servers hosted by McColo, they tried to connect with new servers via domains that were generated on the fly by an internal algorithm. FireEye reverse-engineered Srizbi, rooted out that algorithm and used it to predict, then preemptively register, several hundred of the possible routing domains.

"We have registered a couple hundred domains," Gong said, "but we made the decision that we cannot afford to spend so much money to keep registering so many [domain] names."

Once FireEye stopped preempting Srizbi's makers, the latter swooped in and registered the five domains in the next cycle.

I would have donated to this cause, as I imagine would have many others. It's a shame that we're finding out about it just now.

Lost opportunity to take over (1, Informative)

Anonymous Coward | more than 5 years ago | (#25903587)

They should have used the domains to take over the botnet. If they know how it works, why not use the system to shut it down?!

spam on you crazy diamonds (0)

jollyreaper (513215) | more than 5 years ago | (#25903313)

Spamble on!
And nows the time, the time is now
to spam some shit
Botnet's goin round the world,
Viagra for your dong, on the way
419 scams a hundred times a day, spamble on!
Gotta find the key for all my nets

Mines a service that can be sold,
But my IP I hold dear;
And years ago in days of old
When trojans flooded the LAN,
Twas in the darkest depths of Redmond
I met an exploit so fair,
But Balmer, and the evil one crept up
And patched away at it.
It, it....yea.
But it was seven years too late, no!

Spamble on!

Re:spam on you crazy diamonds (0)

Anonymous Coward | more than 5 years ago | (#25903799)

People really need to stop posting crap like that. It's never funny. Just keep it to yourself.

how come you say for sure they're in Estonia? (3, Interesting)

tankadin (1175113) | more than 5 years ago | (#25903327)

You could send an e-mail about command-and-control servers, to our Cyber Defence Center (Küberkaitse Keskus aka KKK) http://en.wikipedia.org/wiki/CCDCOE [wikipedia.org] Estonia is not a big country at all so i think these new servers would be taken down pretty quickly.

(H|Cr)ack attack (3, Interesting)

Thaelon (250687) | more than 5 years ago | (#25903353)

What I wonder is, why don't some of those white/grey/black hat hackers out there don't try to hijack the botnets, spammers, or the control servers of the spammers and shut that shit down. I'm sure it would be challenging and billions would approve.

The way I see it, spam is a distributed problem that ignores virtually any boundary you can think of, so the solution must be equally pervasive and distributed. Such as an equally (dis)organized group of spammer-attackers. Sure some innocents will probably get nailed, but ain't war hell?

Money was involved... (2, Informative)

The Master Control P (655590) | more than 5 years ago | (#25903367)

There is no possible way any ISP would reconnect someone like McColo out of ignorance: TeliaSonera was bribed.

Re:Money was involved... (2, Insightful)

Antique Geekmeister (740220) | more than 5 years ago | (#25903711)

Are you under the impression that ISP's cannot be bribed, confused, or flat out lied to using stolen credit card information? Boy, I wish I had your ISP to tell me what singles ads are lying about.

Re:Money was involved... (4, Informative)

afidel (530433) | more than 5 years ago | (#25903835)

More like duped, they bought the backup link through a reseller a long time ago and never activated it till Sat 11/15.

Blue Frog? (1)

MrNougat (927651) | more than 5 years ago | (#25903449)

Does anyone remember Blue Frog? That was actually [i]working[/i]. Nothing before or since has been anything but a mosquito bite to spammers.

There was an open source version, Okopipi, in the works for a very brief moment. I think the forum is probably full of weeds and spam now.

Re:Blue Frog? (3, Interesting)

u38cg (607297) | more than 5 years ago | (#25903733)

The trouble was any kind of central point became a massive juicy target for them, and it would be just the same for an open source project. Bluefrog IIRC ended up just drowning in a tide of DDOSing. Kinda ironic, really :)

As far as I can see the only real solution to spam is intelligent filtering, which Google leads the way on: it's got to the point where if a spam mail gets through, I open it it up and have a good look at it to see how the heck it got through.

Re:Blue Frog? (0)

Anonymous Coward | more than 5 years ago | (#25903791)

problem with blue frog was that, while it did work, it leeched other people's bandwidth to perform dDoS with.

You put that on your $9.95/mo shared account, or hell, even a dedicated server pushing under 1Mb and all of the sudden your bandwidth triples... As does your bill.

Not to mention installing it violates just about every hosting TOS agreement and will get you kicked off the network:/

Now if something like that were to be done in a coordinated way with the tier1 providers' buy in? that would be something to see. But who has the resources?

We had a customer under a dDoS a few weeks back get hit with spikes as high as 80Gb of inbound traffic (no, that's not a typo-o. Eighty). While we only saw 10Gb of it (the pipe saturated, naturally) our tier1 provider eventually just null routed - it affected the entire south west, and frankly, nothing at all will be done about it because they don't even have the resources to investigate it:/

(posted anon because anyone where I work would know who I am, and I am not speaking on behalf of my employer :)

JYUO FaIL IT! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25903533)

fate. Let's not be moronic, dilettante Shouts To the Are attending a it will be among posts. Therefore OpenBSD, as the enjoy the loud need to join the join in. It can be the numbers. The Lubrication. You but with Netcraft to use the GNAA year contract. or a public club, Person. Ask your a popular 'news I don't want to

Re:JYUO FaIL IT! (0)

Anonymous Coward | more than 5 years ago | (#25903675)

8-O

A plan for spam (1)

Johnny Loves Linux (1147635) | more than 5 years ago | (#25903875)

Folks, I know this is flogging a dead horse, but let's see if this time the suggestion takes hold. How about this plan for dealing with spam spewing botnets:

1) If you're a Microsoft Power User (MPU) and you do the normal security precautions go ahead and use your Microsoft OS of choice -- you know *your* box isn't going to get infected because you're on top of the security issues.

2) If you're a MPU and you've got family or friends who are *NOT* MPUs and they ask you for advice why not make the "reasonable" suggestion:

a) Get a Mac OS X box if they're looking for a new computer and you want them to have a decent Desktop environment with decent default network security. This minimizes *your* sysadmin requirements and *increases* their odds of not becoming yet another Windows Spam Spewing bot (WSSB).

b) If they already have a Windows PC or have recently purchased a windows PC why not suggest that

i) for *non-networking* activities go ahead and use the Windows OS *if* that is what they are comfortable with, things like say spreadsheets, or word processing, Adobe Photoshop, etc.

ii) for *networking* activities like web browsing, checking e-mail, watching flash videos, irc, etc. go ahead and install say Ubuntu, or Open SuSe or whatever Linux flavor *you* are familiar with and teach them how to use it. That way you have reduced for *you* the sysadmins network security headaches.

Ideally, I would recommend to make the base OS a Linux distro, and run the Window OS in VMware or Xen virtual box. That way they don't have to reboot when switching between network based activities (Linux) and non-network based stuff (Windows).

Microsoft should be happy they still get a sale. You should be happy that your family and/or friends are still using Windows for most stuff. And the rest of us who don't use windows in any networking capacity can be happy that there is 1 (or more) fewer WSSB out there spamming us with stuff we don't care about.

Is that a reasonable nonflaming suggestion?

domains ? (0)

smoker2 (750216) | more than 5 years ago | (#25903883)

So why is the botnets domain still resolving ? You can't seriously believe that we know all about this botnets c+c but don't know what domains it's using. Just blacklist the domain.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>