Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Malicious Spam Spikes To 'Epic' Level

samzenpus posted about 3 years ago | from the whack-a-mole dept.

Spam 130

Trailrunner7 writes "There has been a huge spike in spam volume in the last few days, including a massive amount of malicious spam with infected attachments, and researchers say that levels of junk mail are now far higher than they were before the takedown of the notorious Spamit affiliate program last fall. The huge spike comes at a time when spam should, in fact, be dropping because of the takedown of the Rustock botnet, the Spamit network and other botnets. 'From the beginning of August, we have observed a huge surge of malicious spam which far exceeds anything we have seen over the past two years, including prior to the SpamIt takedown last October. The majority of the malicious spam comes from the Cutwail botnet, although Festi and Asprox are among the other contributors,' M86 researcher Rodel Mendrez said."

cancel ×

130 comments

Sorry! There are no comments related to the filter you selected.

If you tear it down (2)

Osgeld (1900440) | about 3 years ago | (#37121350)

they just build it back up again, you can do this for the rest of history and still be in the same place, much like the war on drugs

Re:If you tear it down (1)

blair1q (305137) | about 3 years ago | (#37121376)

So fight fire with fire.

Send out anti-spam spams with botnet-killer attachments.

They'll hit the same lusers with relatively high certainty.

Re:If you tear it down (1)

Nethemas the Great (909900) | about 3 years ago | (#37121472)

Send out anti-spam spams with botnet-killer attachments.

Except that that is illegal. It also wouldn't solve the problem, just postpone it.

unless (1)

Anonymous Coward | about 3 years ago | (#37121554)

Yup, send out massive amounts of mails to people that automatically
whipes all Windows-partitions and installs Linux.

People will cry and booo, until they realize their machines suddenly works. Forever.

Re:unless (1, Informative)

blair1q (305137) | about 3 years ago | (#37121632)

you think linux can't be hacked. that's so cute.

Re:unless (3, Funny)

EraserMouseMan (847479) | about 3 years ago | (#37121950)

Whindows partitions getting whiped and their machines whork? Suddenly? I can't whait!

Re:unless (0)

Anonymous Coward | about 3 years ago | (#37121964)

You don't know what the word "hacked" means. That's not cute anymore.

Re:unless (-1)

TheRaven64 (641858) | about 3 years ago | (#37122040)

They probably can't. Your average user won't be able to connect their new Linux install to the Internet, so their machine will be safe. At least, until someone comes and installs Windows for them...

Re:If you tear it down (0)

Anonymous Coward | about 3 years ago | (#37121782)

Why do we have to worry about fighting Spammers in a legal way? They are attacking us (we who are going about our business) like 9/11. Our freedom is at stake and we are worrying about the legalities of fighting spammers?

Re:If you tear it down (1)

ccguy (1116865) | about 3 years ago | (#37122164)

Well, I don't want to go to jail you know.

Re:If you tear it down (0)

Anonymous Coward | about 3 years ago | (#37122372)

Illegal in which countries?

Re:If you tear it down (0)

Anonymous Coward | about 3 years ago | (#37122048)

Don't make me post the form letter again!

Re:If you tear it down (0)

Anonymous Coward | about 3 years ago | (#37121568)

Oh, and they think they can stop online piracy too.

Re:If you tear it down (1)

couchslug (175151) | about 3 years ago | (#37122044)

And like the War on Some Drugs, both sides are making a massive profit while furthering their personal agendas.

not according to my graphs (5, Interesting)

fifedrum (611338) | about 3 years ago | (#37121374)

my graphs show a steady decline in spam capture rates since October, 2010. we're measuring an average daily rate about 1/2 of this time last year. (millions of mail boxes, dozens of MX servers, decent antispam filtering) We're blocking around %91.2 of mail at the perimeter as opposed to %98.8 last year.

Re:not according to my graphs (0)

Anonymous Coward | about 3 years ago | (#37121446)

Amazing how much of email traffic is spam, mind boggling.

Re:not according to my graphs (2)

SwedishChef (69313) | about 3 years ago | (#37121496)

What is even more amazing is that with all the blocking and getting information out to users apparently spam is still profitable enough to keep on doing it. I have *never* responded to email spam but enough people must. Truly amazing.

Re:not according to my graphs (2)

cratermoon (765155) | about 3 years ago | (#37121602)

Spam isn't so much about getting the recipient to buy things any more, it's about getting the recipient to give up a credit card number, bank account password, or something similar that can then be used to either directly rip off the individual or in an attack to compromise a higher value target.

The spammers don't need to convince users to buy pills or whatever, they just need them to be gullible enough to give up enough information to get ripped off.

Older people (2, Informative)

Anonymous Coward | about 3 years ago | (#37121634)

What is even more amazing is that with all the blocking and getting information out to users apparently spam is still profitable enough to keep on doing it. I have *never* responded to email spam but enough people must. Truly amazing.

I volunteer in a call center for consumer help.

Many older people (that call us, anyway) think of email offers or anything via email for that matter, on the same level as regular mail. In other words, if they get an offer in their email inbox, it has the same weight as something they get in their regular mail - is the best way I can explain it.

It's the same with the email spam from certain lobbying organizations that claim that their Social Security and Medicare are going to be cut and they need to RESPOND NOW and DONATE to stop this! - regardless of the merits of the claim.

If someone in an email says they "checked it out and it's TRUE" they believe them, too.

We need to tell our parents and grand parents to treat all unsolicited email as scams and even have serious doubts about emails from organizations that they do deal with.

Re:Older people (1)

omnichad (1198475) | about 3 years ago | (#37122478)

And if people that age have domain names, they're probably customers of Domain Registry of America

Re:Older people (0)

Anonymous Coward | about 3 years ago | (#37123018)

We need to tell our parents and grand parents to treat all unsolicited email as scams and even have serious doubts about emails from organizations that they do deal with.

We need to set up a separate internet just for clueless users (parents, grandparents, /. wannbes) and require they only connect to it. It will only have a few web pages, and only emails from registered users will be allowed. Anyone who tries to break out of the network will have to answer to Obama's death panels.

Re:Older people (1, Funny)

hairyfeet (841228) | about 3 years ago | (#37123520)

Oh it ain't just the old folks, you can get the others just by changing up the tactic. Back in the day my admin buddy Glenn ended up getting hauled before the regional head of the bunch he was working for by a PHB that wanted to have him fired because, and I quote "You have NO RIGHT to tell ME who I can and can't speak to! You WILL allow my emails from Melissa [wikipedia.org] through this very minute!". That's right folks, he was actually fighting for the right to get infected!

Oh and for the moron that ALWAYS ends up posting some "Give them Linux!" total horseshit? Won't work dumbass. number one Linux is a fiddly little bitch so unless you are gonna pay an army of admins to go out and do the forum dance to fix all the fucked drivers with all that funky Chinese hardware, which BTW on consumer goods most likely NEVER had a Linux driver ever written, certainly not by the OEM? good luck Chuck.

Second as a social experiment I actually tried that with a "Must click on teh porn password emails!" type of dumbass. I gave him either Mepis or PCLOS, I can't remember which. So what happened, was it him and RMS dancing through the flowers? Nope he broke that sucker in less than a week, had Linux completely unbootable. How did he do that? Simple he didn't like that whole package management bullshit so he went and Google'd what he wanted, downloaded a bunch of shit off of Freshmeat, and promptly put the machine in dependency hell.

So can we please quit the "give them Linux!" crap already? the people that are infected by shit like this simply don't have the skills to deal with the 6 month upgrade deathmarch, the forum dance where you do the two step looking for fixes, nor have the ability to tweak said fixes because they were written for hardware f rev g and they have hardware h rev k. And the people that DO have the skills? Well they ain't clicking on stupid email attachments so they have no problem running Windows. Maybe when you make a Linux where drivers don't break, the OS don't need to be upgraded every six months, and the CLI has been permanently removed, maybe then Linux will work for the people in TFA. Yeah and when that day comes I'll be riding a purple pony with She-Ra.

Re:not according to my graphs (3, Funny)

ccguy (1116865) | about 3 years ago | (#37122176)

Amazing how much of email traffic is spam, mind boggling.

Indeed. I just can't get my boss to stop.

Re:not according to my graphs (0)

Anonymous Coward | about 3 years ago | (#37121480)

That's kind of the point. Spam which is getting through is the metric to look at.

I blame Facebook because of its wanton proliferation of social info coupled with new powerful social data mining tools.

Re:not according to my graphs (3, Insightful)

Hatta (162192) | about 3 years ago | (#37121546)

The fact that you are blocking less spam is not necessarily evidence that there is less spam.

Re:not according to my graphs (5, Interesting)

fifedrum (611338) | about 3 years ago | (#37121704)

you are correct, the missing data point is the volume of email considered "not spam".  This line in the graph stayed the same over the range, or within a minor fraction of a percent of the same. it's the spam counts that have dropped since 10/2010. The customer base also represents a large number of domain names, hundreds of thousands of domain names. One of our largest customers has been offering email since 1995, with many accounts in their domain being around for over a decade. I think it's a pretty solid sample of email accounts.

Re:not according to my graphs (3, Funny)

Anonymous Coward | about 3 years ago | (#37122036)

Am I the only person who reads this in a robot voice?

Re:not according to my graphs (1)

ginbot462 (626023) | about 3 years ago | (#37122454)

No.

Re:not according to my graphs (1)

Dogtanian (588974) | about 3 years ago | (#37122088)

Out of curiosity, what's your reason for posting in the fixed-space "tt" typeface like that? Is there a good excuse or is it just an attention-grabbing tactic?

Re:not according to my graphs (1)

fifedrum (611338) | about 3 years ago | (#37122166)

sorry, just hit reply, and that's the font that came up after preview/submit. I'm not normally a LOOK AT ME!!! type of guy. Well, I am. Just in this case it was inadvertent.

Re:not according to my graphs (1)

Dogtanian (588974) | about 3 years ago | (#37122266)

Out of curiosity, what's your reason for posting in the fixed-space "tt" typeface like that? Is there a good excuse or is it just an attention-grabbing tactic?

sorry, just hit reply, and that's the font that came up after preview/submit. I'm not normally a LOOK AT ME!!! type of guy. Well, I am. Just in this case it was inadvertent.

So you're claiming there's a bug in Slashdot that causes all your posts to appear in that typeface? Strange, because I've never heard anyone here actually complaining about that, despite you being far from the only person that does it. :-/

Re:not according to my graphs (1)

OverZealous.com (721745) | about 3 years ago | (#37122688)

I'm not saying what you are saying is false, but if I did the math right, you are saying that you are only seeing about 13.5% as much email (total) as last year?

I got this by assuming that non-spam mail was constant, and calculating the difference between a body of mail that was 98.8% spam and 91.2% spam.

For example, using a fixed value of 1 email for non-spam, you should be getting 83.33 spam messages at 98.8%, and only 11.36 spam messages at 91.2%. (83.33/(1+83) = .988)

To me, a reduction down to 13.6% (11.36/83.33) of your previous amount of spam in one year seems more amazing than anything else.

Re:not according to my graphs (1)

seifried (12921) | about 3 years ago | (#37123422)

There may be more blocking/filtering prior to actual attempted email delivery, i.e. blacklists of IPs, grey listing, DNS/IP based reputation, etc.

Re:not according to my graphs (2)

damn_registrars (1103043) | about 3 years ago | (#37121684)

And how is that going for you long-term? How much time and money do you have invested in this strategy? How often do you have to adjust it?

You may be happy with the end result, but you should also be aware on some level that what you are doing is not sustainable in the long-term. If people continue to insist on filtering only, they will never win the war on spam.

Re:not according to my graphs (2)

fifedrum (611338) | about 3 years ago | (#37122070)

long term, we've been allowing into the environment roughly the same volume of email per customer for 10 years. Some spam gets through, most does not, and there are few false positives. those that are labeled false positives are most often bulk mail that people mark as junk. So IMO, it's junk mail.

We use rules at the protocol level, DNS responses, RBLs (combined into one large RBL with miltiple return values), external reputation lists, internal dynamic reputation lists, rate limitations, and multiple feedback systems to provide this level of protection, that's before content filtering and personal white/black lists.

Just today, on the protocol layer, we're blocking 60% at banner (RBLs, bad DNS) , %14 of the remainder at HELO, %3.5 of the remainder Mail From (fake domain names) and finally a good chunk of what's left is blocked because it's destined to bad email addresses (which feeds back into the reputation lists).

Customer feedback helps stop those who are newly spewing spam, and since the feedback systems are widely distributed over many different email service providers, a massive spike at one translates into a blocked email at the others (whether by IP or content).

Better still, we do the same thing on the outbound side of things. If a customer catches a virus, they're cut off from email pretty fast and the feedback system is a very very tight loop internally.

But you are right, it's an ever escalating war, and if we could skip a few steps and jail (permanently, with broken hands) the spammers and bot coders, we wouldn't have to spend the money on the filtering and RBLs and feedback loops and hardware. We adjust the rules slowly over time, the feedback systems are maintained by the "trusted" customer, we're spending hundreds of thousands of dollars a year to protect against junk mail. I'm not certain of the math here, but an educated guess, this translates to around %5 of the cost to serve a user's mailbox. That's just operations staff time, and datacenter space for the extra hardware, the hardware itself, the subscription fees to the antispam service, wasted bandwidth etc.

Re:not according to my graphs (2)

kwark (512736) | about 3 years ago | (#37121726)

Well I'm running systems a lot smaller but still for a fairly decent amount of corpotate customers. Though overall spam has been down since sep-oct last year (to about 1/4 of that time). Last couple of weeks there have been huge spikes in attempted deliveries, but 90% is stopped by using simple mail sanity checks (like a wellformed HELO) and DNS blacklists. The other 10% is stopped by greylisting.

Re:not according to my graphs (2)

Albanach (527650) | about 3 years ago | (#37121870)

Or your filters could be less effective?.

This stuff with infected attachments tends to get caught. Of course the consequences of any getting through are higher than for run of the mill spam.

Still, I've seen a lot of spam recently containing random links to hijacked websites and sent from valid MTAs. That stuff can be hard to filter out without collateral damage.

Re:not according to my graphs (1)

arth1 (260657) | about 3 years ago | (#37122746)

Or your filters could be less effective?.

After being tired of all the malicious spam that spamassassin with razor, pyzor and dkim let through, I added a simple rule:

if $h_content-type contains "5601-1987"
or $h_content-type contains "windows-1251"
then
  logwrite "$tod_log $message_id FOREIGN-SPAM sender=$sender_address \
    subject=$h_subject: recipients_count=$recipients_count \
    recipients=$recipients"
  fail text "Nobody speaks your language here"
endif

That simple rule cut down the spam getting through spamassassin here by at least 80%.

The first test blocks Korean, the second Cyrillic (and a LOT of spam from Ukraina).

Re:not according to my graphs (1)

Delgul (515042) | about 3 years ago | (#37124254)

Strange... I run a anti-spam business and we only see spam rising on our end. Perhaps you are missing something? Like you are blocking IP ranges (which you shouldn't) and therefore not counting those attempts as spam if at all? This mistake is made by many spam 'experts' in the field at the moment. Our servers accept every message, from every source, because we can learn from large volumes and I can say for sure: The volume only dropped for a few weeks after the takedowns. After that we were back up where we were before....

Huh? (0)

Anonymous Coward | about 3 years ago | (#37121392)

What's this "email" thing I keep hearing about? Does anyone use it?

Re:Huh? (0)

Anonymous Coward | about 3 years ago | (#37121456)

so you use facebook messages instead?

Re:Huh? (0)

Anonymous Coward | about 3 years ago | (#37121504)

What's a face book? Never heard of it. Is it like IRC?

Re:Huh? (1)

Xtifr (1323) | about 3 years ago | (#37121928)

It's something that people with actual jobs are generally forced to use. People who live in their parent's basement playing video games non-stop may be unfamiliar with the concept.

It's also something that provides the backbone of many large free software projects. The Linux kernel and the Debian project, for example, mainly run on email.

Re:Huh? (1)

TheRaven64 (641858) | about 3 years ago | (#37122196)

It's the thing old people in Korea use instead of IM.

Obvious (5, Insightful)

Arancaytar (966377) | about 3 years ago | (#37121430)

Apparently, most of the current spam is aimed at building new botnets. Which is sort of what you'd expect after a lot of botnets are taken down.

Noticed it (1)

mariushm (1022195) | about 3 years ago | (#37121476)

Yeah, I noticed it... I only have 3 email accounts and get batches of 15-20 emails every 5-10 minutes with the Win32/Kryptik.RAM trojan virus (ups notifications and invoices) ... they go straight to spam

Re:Noticed it (0)

Anonymous Coward | about 3 years ago | (#37121676)

Thanks! I got an e-mail claiming to be from UPS a couple of days ago. The anti-virus stripped the attachment off so I was wondering what they were attempting. Still that's the first spam I've seen in ages and was enough to spark my curiousity; thanks for telling me what it was attempting to do.

Re:Noticed it (1)

stephathome (1862868) | about 3 years ago | (#37122420)

Same here. I don't check my emails much, but the infected spam rate is atrocious right now. Overall spam is about normal, I think, but more of them have infected attachments.

Lazy Spammer Grammar (3, Funny)

seven of five (578993) | about 3 years ago | (#37121544)

If these knuckleheads ever learn correct English, we're screwed.

Absolutely true (1)

Kamiza Ikioi (893310) | about 3 years ago | (#37122014)

If they ever learned correct English (non-copied, random, yet intelligent looking grammar), we'd lose a valuable tool in both machine AND human filtering of spam.

But, at that point, SkyNet will kill us all anyways, so I'm not too worried just yet.

Re:Lazy Spammer Grammar (1)

CAPSLOCK2000 (27149) | about 3 years ago | (#37122086)

Most people in the (western) world speak English to some degree, but not very good. When you work in an international environment you'll get used to poor English to some degree.

Re:Lazy Spammer Grammar (0)

Anonymous Coward | about 3 years ago | (#37122430)

well* FTFY

Re:Lazy Spammer Grammar (0)

Anonymous Coward | about 3 years ago | (#37122672)

Most people in the (western) world speak English to some degree, but not very good. When you work in an international environment you'll get used to poor English to some degree.

We're very used to people not using English well.

Re:Lazy Spammer Grammar (1)

TheRaven64 (641858) | about 3 years ago | (#37122212)

They're not even trying anymore. The last few things to get through my spam filters have been in Thai (and, apparently, not very good Thai).

Re:Lazy Spammer Grammar (1)

ginbot462 (626023) | about 3 years ago | (#37122480)

Mmm... spicy spam.

providers (0)

Anonymous Coward | about 3 years ago | (#37121580)

Maybe if the ISPs put forth even the smallest effort at notifying users that their computers appear to have been comprimised some of this would drop off in a meaningful way.

Re:providers (1)

Jeng (926980) | about 3 years ago | (#37122148)

Time Warner did cut off a co-worker of mine when their computer got infected.

Re:providers (1)

EXrider (756168) | about 3 years ago | (#37122254)

I've actually had Cox call to tell me that one of our satellite offices was spewing out spam that appeared to be from a machine infected with the Cutwail bot. Turned out that it was someone's personal laptop they brought in on our guest wifi. Granted, it was a "business class" connection and they were responding to a complaint from someone else.

Re:providers (0)

Anonymous Coward | about 3 years ago | (#37122828)

Yeah, everytime I get an email from my ISP telling me I've been compromised, I open it. All I have to do is click the link in the e-mail, and ISP approved software will download and clean the machine for me. (end sarcasm).

Even more spam then before? (2)

93 Escort Wagon (326346) | about 3 years ago | (#37121608)

They must've turned it up to 11.

It's not the botnets. (0)

Anonymous Coward | about 3 years ago | (#37121630)

It's "Micro$oft. [msversus.org]

This is what we get... (3, Interesting)

damn_registrars (1103043) | about 3 years ago | (#37121650)

When our anti-spam activities center on filtering received mail and chasing down the spammers themselves. Eventually someone else comes in and comes up with a different way to send spam so it gets around existing filters, which just starts a new round of whac-a-mole.

Until we do something about the motivating factors behind spam - that is, the economics of spam - we will continue to get nowhere, while wasting more time and money on the problem.

Re:This is what we get... (1)

Arlet (29997) | about 3 years ago | (#37121682)

Sounds great, except there's not much you can do about the economics of spam.

On the other hand, filters have become pretty good. I'm only getting a few spam messages a week that manage to get past the filters.

Good luck with that. (1)

khasim (1285) | about 3 years ago | (#37121860)

Until we do something about the motivating factors behind spam - that is, the economics of spam - we will continue to get nowhere, while wasting more time and money on the problem.

The problem with that approach is that the economics of spam are totally slanted in favour of the spammer.

One machine can send out MILLIONS of spam messages per day.

And it only takes a couple of people purchasing something to make it profitable.

Instead, focus on understanding the spam process. I was able to reduce 99%+ of spam at one place I worked using SpamAssassin, clamAV, a Bayesian filter and lots of spam trap email addresses on a smart host.

Re:Good luck with that. (2)

Jeng (926980) | about 3 years ago | (#37122226)

Much like an advertising campaign, spamming does not have to be profitable to those who employ spam. It only has to be profitable to the organization that is being paid to spam.

The only people who have to buy anything are the people who buy the spamming service.

Re:Good luck with that. (1)

damn_registrars (1103043) | about 3 years ago | (#37122240)

Until we do something about the motivating factors behind spam - that is, the economics of spam - we will continue to get nowhere, while wasting more time and money on the problem.

The problem with that approach is that the economics of spam are totally slanted in favour of the spammer.

We seem to view the economics of spam differently. Your view seems to be focused on the return on investment, which is certainly one aspect of spam. From my vantage point I see the important factor in spam being the ease of the spamvertised in paying the spammers, coupled to the various middlemen who also take a cut on the action.

Spam is a very imperfect machine (thankfully). There are plenty of ways that one can approach it that would have a more meaningful and lasting impact on spam than just adjusting filters (and swallowing the costs of the same).

In a similar vein others have identified that there is a very short list (say around 3) of credit card processors who handle the transactions for >90% of all spamvertised "pharmacy" sites. Interfering with them can have lasting and dramatic effects on who spammers will spam for, as they won't be getting paid anymore.

After all, the most important - and perhaps most overlooked - fact about spam is that spammers send spam to make money. Many people seem to have convinced themselves that spam is sent out to piss them off personally, and that attitude does not accomplish anything. The correct view is that spam is sent out because spammers make money doing it, there are no more complicated driving forces behind it.

Re:This is what we get... (0)

Anonymous Coward | about 3 years ago | (#37121918)

What we need to do, is to drop the bots of the net. They shouldn't exist in the first place, and second an infected computer shouldn't be allowed internet access.

"Luckily" measures are being taken to restrict internet access. It's being done to appease the **IAA but it could easily be used against those spammers.

Re:This is what we get... (1)

StillNeedMoreCoffee (123989) | about 3 years ago | (#37123852)

Ok lets say you ban user from the Internet that has an infected computer. Lets say you have a techy friend that likes pranks or is out to get you because they didn't like your opinion on something. They hack your system and install a bot (or something that looks to the censors like a bot) and bam your taken off the Internet and have to go through hoops to get connected again. Not unlike the article I just read about people that get identified as Dead to Social Security, Their checks stop and their credit gets distroyed, etc, as bad as Identity theft. Or lets say you get put on a no-fly list, or a sex offenders list. The bathtub ring of that kind of trouble can last a long time.

I'm not in favor of putting hostages in jail, its not their fault.

Your logic is close to the logic that says, their PC should get a virus if they don't protect it, or she deserved it because of the way she dressed. You can get into some dangerous logic if you don't think of the consequences to the innocent.

Re:This is what we get... (1)

damn_registrars (1103043) | about 3 years ago | (#37124218)

Your logic is close to the logic that says, their PC should get a virus if they don't protect it, or she deserved it because of the way she dressed.

No, my logic is nothing like that whatsoever. I'm not sure how you reached that conclusion, so I will rephrase my aim for you.

Filtering spam doesn't work as a long-term solution, because it only creates an arms race with the spammers, that the people who are setting up filters cannot ever win. They will invest more time and more money and eventually the collateral costs will be too high and they will need to find a different way to address the problem.

I do not seek to punish the people who receive spam, or even the people who purchase items that are spamvertised. What I do seek to do is to interfere with the prime motivation behind spam - money.

There are many places where the flow of money between the spammer, the spamvertisted, and all the middlemen can be interrupted and real effects on spam will be realized. Ultimately it is only through economic actions that spam can ever be defeated because it is at its root an economic problem. Anything else is a band-aid for a gushing head wound.

Were you perhaps intending to reply to a different message on here and accidentally clicked on mine?

Re:This is what we get... (1)

Bob the Super Hamste (1152367) | about 3 years ago | (#37121966)

Is that like the economics of narcotics, other illicit drugs, illegal firearms? As much as I wish that spam was the same as those economies (I don't have to deal with it unless I wanted to) it isn't because it actively tries to harm me or take my stuff. It is more like that of the meth head who tries to break into you house than the drug king pin. Too bad the castle doctrine doesn't extended to spammers and virus writers.

Re:This is what we get... (1)

bughunter (10093) | about 3 years ago | (#37124456)

the economics of spam

About $3 a can [google.com] , or $4/lb.

China (1)

Anonymous Coward | about 3 years ago | (#37121674)

I run a SMTP server, and have noticed a lot of SPAM traffic and hacking attempts coming from China. In addition to running OSSEC's "active response" (firewalling), I've added blocking whole ranges of IP addresses from China. Cut down on my bogus traffic by "2/3rds".

Re:China (1)

jekewa (751500) | about 3 years ago | (#37122004)

Word. I use the IP blocks from http://ipdeny.com/ [ipdeny.com] to configure ip-filter to stop systems in the top ten malicious countries (http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/) from getting SSH and SMTP access to my servers. This dropped the amount of relay-attempted e-mail to practically nothing (by three orders of magnitude, from 10Ks of attempts to 10s of attempts), and unknown user attempts to less than a quarter of what they had been.

Yeah, I might miss a little bit of legit e-mail, but if they really need me, we can work out a specific allowance or they can use an otherwise accepted (and content-filtered) server.

A radical solution (1)

Synerg1y (2169962) | about 3 years ago | (#37121678)

If everybody stopped clicking on the spam, opening the attachments, etc... suddenly it wouldn't be profitable and it would stop.

Finished reading? Good job you didn't click on spam while u were reading this, now just do it, now just keep at it... baby steps... no viagra ftw.

Re:A radical solution (0)

Anonymous Coward | about 3 years ago | (#37122142)

Sure, lots of people click on the attachments and get pwned, but nobody really buys anything advertised by spam!
But they don't have to.
Spammers make their money by convincing dummies that spam is an effective marketing technique.

USE FOR THE LESS PRIVILEGED (1)

Anonymous Coward | about 3 years ago | (#37121794)

Good day,

This is an important message to you.The lord directs me to share this with you. As you read this comment, you should sympathize with my current situation and assist me. My name is Isabella Carmel the only survivor from family of four. I was narrowly escaped from the tsunami disaster which affected my spinal cord and also my ear drum and claim the lifes of my entire family, husband (Denis caromel) and two sons (Ugo and Tom) who went for holidays in Sri-Lanka.

Right now I am currently in Kuala Lumpur Malaysia. After staying a week in my family hospital, I was disabled by the catastrophe and now on a wheel cheer after all the treatment.This has defiled all forms of medicine and right now I have only about a few months to live, according to medical experts.I have not lived my life so well as my primary interest and focus was only on my late fathers business. Though my father is very rich and was never generous. But now I regret all this, as I know that there is more in life than just wanting to have or make all the money in the world.The bible says what shall it profit a man to wine the whole world and loose his soul. I believe when God gives me a second chance to come to this world I will live my life a different way from how I have lived before. I have willed and given most of my fathers properties to the less privileges because I want God to be merciful to me and accept my soul. I have decided to give arms to charity organizations and give succor and comfort to the less privileged in our societies. I want this to be one of the last good deeds I do on earth since my father has never recognized that.

So far I have to distribute money to charity organizations now that my health has deteriorated so badly,I cannot do this myself anymore that is why am soliciting your assistant to make this donation through you. The last of my late fathers money that am willing to donate to the less privileged right now is the huge sum of $10.6M USD that is concealed in a consignment and deposited in (OVERSEA CREDIT COMMISSION ABROAD) for safekeeping which he intends to invest on profitable factory.

I want you to help me claim this funds where is deposited and disburse it to charity organizations and the less privileged in the society.Please I will appreciate you to indicate interest for the disbursement and also include your contact telephone/fax numbers that I will forward to the(OVERSEA CREDIT COMMISSION ABROAD) to be able to contact you as the appointed beneficiary. I will provide you the certificate of deposit and the letter of authority to enable you claim the consignment of the funds.

If you are willing and ready to assist with this project, please follow this link without delay [5z8.info] , while I wait to hear from you. Thanks once again for your kindness may God guide and reward you in all your endeavors as you make me realize my last dreams and wishes.

Remain blessed,
Mrs.Isabella Caromel

Re:USE FOR THE LESS PRIVILEGED (0)

Anonymous Coward | about 3 years ago | (#37121994)

+1 for starting with "Good Day", although "Good Day Sir" would have been better.
+1 for the brilliant URL in the link
+1 for appearing religious
-1 for near-perfect spelling and grammar

I'd give you my account info for sure!

Re:USE FOR THE LESS PRIVILEGED (1)

LordSnooty (853791) | about 3 years ago | (#37123988)

Must be a good parody of spam, because I scanned it for about four seconds and thought, "that's enough for me".

Cutwail, Festi and Asprox (1)

roguegramma (982660) | about 3 years ago | (#37121802)

Obviously, these are names fit for medicine:

Cutwail - a pain blocker
Festi - makes soft muscles hard again
Asprox - makes your bowels work faster

Re:Cutwail, Festi and Asprox (1)

ilsaloving (1534307) | about 3 years ago | (#37121942)

I was expecting Festi to be an antibiotic for treating infected wounds.
Or possible something to repair a fistula.

correction in the summary: (5, Funny)

nimbius (983462) | about 3 years ago | (#37121848)

A security company with 11 products designed to solve your spam problem, has made a picture showing a bombastic and ludicrous increase in spam the likes of which you cannot possibly cope with. This spam targets your genitals using african money laundering transfers to smuggle a dirty bomb into your new nike jordans and boochi bags at 80% discount, and free shipping.

It is imperative you believe this un-renound seldom-published security engineer working for a vague corporation that runs its main website on a dated version of microsoft IIS 6.0 with ASP. this company worked hard to ensure its pretty pictures had maximum market placement, and slashdot is no exception.

Re:correction in the summary: (1)

EXrider (756168) | about 3 years ago | (#37122110)

Say whatever you want about the company who published the article, I didn't even RTFA. I can vouch for what they're saying though; I've seen a massive uptick in quarantined viruses lately, the most I've seen in years since the Pre-XP SP3 days. Most of them are password protected zips or exe's with multiple extensions. Overall spam volume is still lower than last year however.

Re:correction in the summary: (1)

Clsid (564627) | about 3 years ago | (#37122470)

I second what the parent post is saying. I kind of thought somebody was trying to hack my accounts or something since I started receiving lots and lots of fake UPS and FedEx emails. In my particular case, the first e-mail I received made me call a company that was sending me a product, since I was already having shipping issues with them. After closer examination of the email I realized it was fake but after that day, I have been receiving 2 or 3 of those fake emails per day with a variety of themes.

The money's still there (1)

HalAtWork (926717) | about 3 years ago | (#37121850)

There's still companies willing to pay for it, so there's still some greedy fucks willing to take it. The desire/benefit of getting the extra edge will prompt the greedy to distort laws/policies in order to profit from having something that others with more scruples (or who simply aren't in a position to cover their ass with expensive lawyers, to compete in terms of what they can get away with) won't have. It needs to become undesirable to carry out this practice, and for that there needs to be severe penalties, or consumer awareness such that it gives those who practice a negative enough perception that it causes sales to drop. Spam is usually delegated and it is not obvious who is (indirectly) behind it, so the latter will probably not happen any time soon.

Hydra (1)

Bob the Super Hamste (1152367) | about 3 years ago | (#37121882)

Does this really surprise anyone. It is like a damn hydra. Chop off one head and 2 new ones grow in its place.

Re:Hydra (1)

gewalker (57809) | about 3 years ago | (#37123928)

You have to burn the stump after you cut off the head. This step is effective when applied to spammers too.

spamassassin + bogofilter (1)

hedley (8715) | about 3 years ago | (#37121912)

First spamassassin, then whatever it thinks is ham gets fed through bogofilter (Bayesian). What comes out of that is almost pure ham. Some stragglers get through but its not a major deal.

H.

Re:spamassassin + bogofilter (1)

ShaunC (203807) | about 3 years ago | (#37122078)

That you aren't seeing the spam doesn't mean it isn't a major deal. Someone's bandwidth, drive space, etc. has to be used (even if in an ephemeral sense) long before SA shitcans the message.

Re:spamassassin + bogofilter (1)

SCHecklerX (229973) | about 3 years ago | (#37122742)

Spamassassin is the last thing I use in my arsenal. It's too processor intensive. I use Mimedefang and sendmail checks as the first line of defense (spoofing, bad rcpt throttling, mail to system accounts, invalid helos, trustworthy RBL listings, etc.) On a typical day I *REJECT* about 5000 messages before going beyond 'HELO', 'MAIL FROM', and 'RCPT TO'. Of the rest that come though, I drop maybe 50 via spamassassin, and another 50 get flagged as spam. That's 100 things analyzed versus 5000.

If you are using nothing but SA and Bayes, you are doing it wrong.

I'd post this week's stats from my servers, but slashdot's junk character detector is a piece of shit.

"Malicious" Spam? (0)

Anonymous Coward | about 3 years ago | (#37122068)

As opposed to the cute, warm and fuzzy kind that people just love receiving?

Not spam volume, just malicious attachments (2)

Tony Isaac (1301187) | about 3 years ago | (#37122082)

Overall spam volume is down, based on M86 Security and others. http://www.m86security.com/labs/spam_statistics.asp [m86security.com]

My own spam rates via GMail, and my own domain, show spam rates down by 50% since last year.

It might depend on who you read. Try googling "spam statistics" and you'll get quite a mix of "spam is up," "spam is down."

Epic level? (1)

Chris Mattern (191822) | about 3 years ago | (#37122306)

So, then...they're purple?

Spammers have changed tactics (1)

SCHecklerX (229973) | about 3 years ago | (#37122596)

They are compromising accounts now, using, in part, the data collected by the lulzsec breaches. I have several friends using yahoo who have now sent me spam messages. Their old tactics have been rendered ineffective by spam fighting efforts, so now they are doing this.

Spam! Spam! Spam! (1)

spaceyhackerlady (462530) | about 3 years ago | (#37122834)

I'm currently getting mountains of spam exhorting me to remodel my home, buy a new patio deck, buy business cards, even find a new apartment. Stuff that looks like junk mail I'd get on paper, except that it's cluttering up my email. Lots comes from some filth calling themselves Eclipse Media Online, who hope I enjoyed receiving their garbage. Yeah, right.

I actually do like getting email from companies I do business with, everybody from Mouser [mouser.com] to Sephora [sephora.com] . Emails from Barefoot Tess [barefoottess.com] tend to be hard on my bank account. :-)

...laura

More about Malicious Attachments than spam (0)

Anonymous Coward | about 3 years ago | (#37123234)

After reading TFA, it clearly shows why this is NOT an issue us... we don't allow zip attachments with the same types of files in them which can have viruses in them in the first place. We don't allow type files matching what would be extensions of: cmd com js reg chm cnf hta ins scf sct vbs vbe wsc wsf wsh xnk mad maf mag mar mas mat mav maw bat pif scr exe wmf.

Been doing this since 2003 and missed most of the virus fun that others have had.

The only viruses we ever see are possible web links in email that point to a site/file download. And we get most of those too.

Malicious Spam (1)

PPH (736903) | about 3 years ago | (#37123380)

I was right!

I knew that lunch meat was up to no good. I could swear it was eying me suspiciously every time I opened the fridge. I should be wearing the aluminum foil, not the foodstuffs.

Yeah... it was nice for a while. (1)

rnturn (11092) | about 3 years ago | (#37123908)

I'd open my Inbox and only find legitimate emails in it. Then the current spike in spam started. Deadly? No. It's nithing that Ctrl-click-click-click-...-Delete can't handle. Annoying? Yep. And a little insulting. Do these bozo spammers really think I'm -- or anyone for that matter -- going to open an attachment from an email that has the same Subject: line as eight other emails in my Inbox? And do they really think that all of my UPS shipments have been going to the wrong address? Or that I would be expecting invoices from 17 different companies per day? (And I'm not even counting the daily Cialis, Viagra, and fake Rolex watch come-ons.) Come on you idiots. You're going to have to try harder than that.

Four Point Plan (1)

Eric Damron (553630) | about 3 years ago | (#37123938)

I have a four point plan that I guarantee will eliminate spam once and for all:

1. Find the spammers and kill them.
2. Find anyone buys spammer's services and kill them.
3. Find anyone who is stupid enough to allow their PC to become infected more than twice and kill them.
4. Find Steve Ballmer and Darl McBride and kill them.

Okay its actually a three point plan. I just added Ballmer and McBride because I don't like them.

We want delicious (0)

Anonymous Coward | about 3 years ago | (#37124394)

When is the delicious spam going to be delivered? I'm tired of the malicious sort.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>