×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

260 comments

FP (-1, Troll)

dizzy_p (66204) | more than 10 years ago | (#7076878)

FP

Goodbye (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7076887)

Karma--;

Forbearance (-1, Offtopic)

AllenChristopher (679129) | more than 10 years ago | (#7076888)

You know, I clicked on the article and was surprised to see no posts. Rather than FP, I sat here reloading the page to see how far ahead I was of the FP. I twas a strange few seconds, like staking out a freshly painted blank wall in Harlem.

Sobig (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7076879)

I, for one, welcome our new Aattacking [sic] overlords.

I posted this so you dont have to!

taking have blows (2, Funny)

eadz (412417) | more than 10 years ago | (#7076894)

We don't come here for have grammar

Re:taking have blows (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7076915)

how clever! I don't want to smash your face in with a brick anymore

What about Aattacking (2, Funny)

HidingMyName (669183) | more than 10 years ago | (#7077223)

While grammar may be an issue, the title has a misspelled Attacking as Aattacking (or perhaps it is a Dutch spelling, since they are generous with vowels, at least we know it isn't Welsh, since if it were Welsh there wouldn't be any vowels :-)).

Aattacking (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7076895)

Aattacking

The editor-in-chief posts this story.

Trolling Begin

DDoS (2, Interesting)

lbruno (114856) | more than 10 years ago | (#7076896)

Everyone on the various anti-spam mailing lists and newsgroups were thinking that these worms were creating a network of spam proxies.

Maybe they were creating a network of DDoS zombies.

Re:DDoS (1, Interesting)

Anonymous Coward | more than 10 years ago | (#7076957)

I wonder if there's hope of a distributed/P2P anti-spam network? People are willing to offer cycles for SETI and folding, why not spam fighting? The advantage would be a non-centralized setup (hard to (D)DoS), the disadvantage would mainly be getting people to monitor and service everything (accepting a system into the network, monitoring activity, preventing abuse etc etc), though creation of the software would be a pain as well.

Decentralize the anti-spam setup...IMHO the only way to prevent DoS effectiveness.

Re:DDoS (1)

CvD (94050) | more than 10 years ago | (#7077036)

This has been discussed before [slashdot.org]: there is the issue of trust. People who use the RBLs trust them to mark the spammers as spammers, and not blacklist innocent people. Who determines who goes on the RBL? If you have a central repository, it is still vurnerable to attack.

Of course, maybe it should be done in such a way that the central repository makes the RBLs and hands them out to clients. And clients can query eachother for the file, using some sort of crypto signatures of course, for authenticity. In this case if the central repository cannot be reached, you can query other clients or something.

Or perhaps it's not possible...

Re:CvD's .sig (1)

More Karma Than God (643953) | more than 10 years ago | (#7077324)

>Only skydivers know why birds sing, only birds know why skydivers smile.

It too bad that the birds don't know why birds sing and that the skydivers don't know why skydivers smile.

Re:CvD's .sig (1)

CvD (94050) | more than 10 years ago | (#7077364)

:-)

If you look at the statement in a truly logical way, yes, you are correct. :-)

Re:DDoS (1)

BrokenHalo (565198) | more than 10 years ago | (#7077188)

People are willing to offer cycles for SETI and folding, why not spam fighting?

Actually, that's quite an interesting idea; but a stumbling block here is the acceptable-use policy which binds most denizens of the internet. While there are apparently plenty of providers around who are willing to overlook the use of their services for spamming, a lot of providers will happily pull the plug on anyone who can be shown to be participating in an attack.

Re:DDoS (1)

WanderingGhost (535445) | more than 10 years ago | (#7077197)

I wonder if there's hope of a distributed/P2P anti-spam network? People are willing to offer cycles for SETI and folding, why not spam fighting?

Yes, people are thinking about that. Check NANAE.

Re:DDoS (0)

Anonymous Coward | more than 10 years ago | (#7076964)

Maybe it's their open source businessmodel?

1: Write free software.
2: ?
3: Make a network of DDoS zombies.
4: Profit!

Re:DDoS (0)

Anonymous Coward | more than 10 years ago | (#7077049)

"Maybe it's their open source businessmodel?"

Maybe the people defending spammers should consider that they're highly likely to be the people behind recent viruses which are doing so much damage to critical infrastructure?

So much for the police pretending that they're investigating terrorists, when they don't even act against the people who are known to be using SoBig to run their business.

Useless links (1, Insightful)

Karamchand (607798) | more than 10 years ago | (#7076897)

Why do you have put a link to spamhaus into this story? Readers might expect something new, special on their page, click on it and help using up spamhaus' valuable bandwidth.

No point in providing useless links..

Re:Useless links (0)

Anonymous Coward | more than 10 years ago | (#7076961)

Maybe we've found the causal link between DDOS attacks on a number of anti-spam lists and the presence of the Sobig virus! It woz articles on /. wot dun it!

CmdrTaco: Time to sign up for English 101 (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7076900)

Or are you too busy Aattacking Michael's anus with your two-inch penis?

Crackpipe Moderators (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7076912)

How is this offtopic?

The topic is:
Sobig Worm Aattacking on RBL Lists?

My post is talking about Aattacking. Where is the beef?

Re:Crackpipe Moderators (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7076982)

Like you said, the beef is in Timothy's anus

Keep Censoring ME (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7077028)

I will not go away until my posts about this blatant and unfair censorship are allowed to stay.

Wow, flaimbait (0)

Anonymous Coward | more than 10 years ago | (#7077257)

Moderation - where cowards who can't reply hide behind.

Blatant censorship

And how could they win? (3, Insightful)

Alien Conspiracy (43638) | more than 10 years ago | (#7076901)

If they 'win', people will stop using SMTP email as it would be useless. So even if they 'win', they 'lose' in the end anyway.

Re:And how could they win? (4, Insightful)

Drakon (414580) | more than 10 years ago | (#7076937)

When?
do you actually think SMTP would get supplanted in the near term (>5 years) with an incompatible solution?
Do you think there won't be new and better anti-spam solutions before SMTP is supplanted?
(if you answered yes to either of the above, your world view is distorted and you need to stop drinking so much ;-)

Re:And how could they win? (3, Interesting)

The_DOD_player (640135) | more than 10 years ago | (#7076972)

This is a very valid point. To many users, the absence of spamfilters would pretty much render the email system unusable.

If the spammers are able to shut down spamfiltering services in this way, there will be a significant demand towards getting SMTP replaced by a smater protocol, that will not allow spamming in the form we see it today = spammers lose.

To install new software on all mailservers is quite a task. This is likely to take time, and be quite an interruption = everyone lose.

There's also a great danger that Microsoft would take advantage of the situation, and try to create a new propritary mail protocol based on Palladium, for Windows users only = everyone not using Windows lose.

Re:And how could they win? (2, Insightful)

Drakon (414580) | more than 10 years ago | (#7077014)


This is a very valid point. To many users, the absence of spamfilters would pretty much render the email system unusable.

We're not talking about spamfilters, we're talking about RBLs, which are usually more of a problem than a solution.
Granted that spamhaus provides more services than an RBL does (like providing names of those who should be crucified), but both the original parent of this thread and the article summary are refering to RBLs.


If the spammers are able to shut down spamfiltering services in this way, there will be a significant demand towards getting SMTP replaced by a smater protocol, that will not allow spamming in the form we see it today = spammers lose.

Granted, that if there was no way to filter spam there would be a strong demand for the replacement of SMTP. ignoring Bayesian filtering for the moment (which generally has less false positives, less false negatives, and does not usually trash anything outright), it would be MUCH simpler, and easier to implement spam filtering on top of smtp, or to mearly require that all mail be signed, (etc, ad nausium) than it would be to write a new protocol, and have it implemented, especially if it is incompatible with the existing protocol (which has 100% market penetration)
To install new software on all mailservers is quite a task. This is likely to take time, and be quite an interruption = everyone lose.

Very good! you've covered one of the reasons that this ISN'T GOING TO HAPPEN.

There's also a great danger that Microsoft would take advantage of the situation, and try to create a new propritary mail protocol based on Palladium, for Windows users only = everyone not using Windows lose.

This wouldn't happen because Microsoft is not entirely stupid. This would be akin to Windows Media Player only playing WMA, or Internet Explorer only working with IIS sites.

Re:And how could they win? (1)

roystgnr (4015) | more than 10 years ago | (#7077243)

There's also a great danger that Microsoft would take advantage of the situation, and try to create a new propritary mail protocol based on Palladium, for Windows users only = everyone not using Windows lose.


This wouldn't happen because Microsoft is not entirely stupid. This would be akin to Windows Media Player only playing WMA, or Internet Explorer only working with IIS sites.

It would also be akin to Windows supporting Win32 instead of POSIX applications, or to new versions of MS Office having new file formats that other suites can't read. The main difference between your examples and mine are that my two are Microsoft's cash cows, and two of the three programs in your list have to be given away free.

Re:And how could they win? (0)

Lost Penguin (636359) | more than 10 years ago | (#7077247)

The thing is spammers have no long term goals, they live for todays profit, at the expense of anyone and everything.

Re:And how could they win? (2, Insightful)

squiggleslash (241428) | more than 10 years ago | (#7077004)

I think most people are moving away from using third party detection spam filters and moving towards more destination-classification systems, such as Bayesian filtering. This, in my view, is probably a good thing, as many of the third party "methods" were, to say the least, fairly scattergun, and some of their louder advocates actively hostile to criticism.

What would be really nice would be for ISPs to give users domains, like Demon Internet does in the UK, which means solutions like mine [slashdot.org] (I believe there's an open source project to do something similar) would be available to everyone, not just geeks who can run their own SMTP servers who have access to DSL/Cable ISPs that do not block incoming port 25. That system is 99% spam proof - the 1% being the very first spam to hit an address allocated to clueless company that thinks it can get away with spamming or selling email addresses to spammers.

Either way, the spammers can DDoS the anti-spammers without it really destroying SMTP email.

I hope so! (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7076904)

are the spammers actually winning the battle by using viruses?"

I most certainly hope so! Blacklists are a cure far worse than the disease, and I'm completely rooting for the spammers here. What with bayesian junk filtering and using uniquely generated email addresses whenever I give them, I never see any spam, and the bandwidth it's costing me is minimal. Blacklists however make it nearly impossible for me to communicate with quite a few people (my ISP has found itself on one blacklist, and no matter what they're doing, they can't get off).

And of course, if the spammers are indeed using viruses, afterwards whn the blacklists are gone, we can nail them for having used those viruses, and we'll be rid off to pests, with an internet that's once more in nearly pristine condition.

PARENT MODERATED DOWN UNFAIRLY (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7077020)

How in the holy fsck is this a troll?

Its true. Blacklists only hurt innocent people who have nothing to do with spam.

the blacklist owners claim that spam costs people moeny, but what about the money people lose do to inaccurate or overzealous blacklisting?

Re:PARENT MODERATED DOWN UNFAIRLY (0, Insightful)

Anonymous Coward | more than 10 years ago | (#7077065)

"the blacklist owners claim that spam costs people moeny, but what about the money people lose do to inaccurate or overzealous blacklisting?"

This from the country which bombed three whole countries because of the actions of a handful of people?

Re:PARENT MODERATED DOWN UNFAIRLY (0)

Anonymous Coward | more than 10 years ago | (#7077213)

>> Its true. Blacklists only hurt innocent people who have nothing to do with spam.

Not only do they do so, this is their entire fucking *PURPOSE* - pissing off enough people that they'll complain to the ISP which will then take action. But after that the ISP still isn't removed from the blacklist.
Y'know what I call that? Fucking terrorism!

Spam ostrich (5, Insightful)

fmaxwell (249001) | more than 10 years ago | (#7077138)

I most certainly hope so! Blacklists are a cure far worse than the disease, and I'm completely rooting for the spammers here.

Publishing spam blacklists is a form of free speech and what you're advocating is the use of illegal means (DDoS) to suppress free speech. You suck.

What with bayesian junk filtering and using uniquely generated email addresses whenever I give them, I never see any spam, and the bandwidth it's costing me is minimal.

Grandma isn't going to be able to install and use bayesian filtering or generate unique e-mail addresses, so your solution sucks. Any "solution" which doesn't keep the spammers from getting their messages to the vast majority of people is just some geek doing mental masturbation. The spammers will continue to spam, using up bandwidth and storage, while costing ISPs, their subscribers, and businesses huge sums of money. And you'll sit there at home patting yourself on the back (or elsewhere) even though the spammers used your bandwidth, your ISP's bandwidth, your ISP's storage, and your storage. Not seeing the spam means that you can't complain about it, so that means that the spammer has less chance of being shut down.

You're just a spam ostrich. You have your head buried in the sand so that you don't see the spam -- even though it's still there.

Re:Spam ostrich (0)

Anonymous Coward | more than 10 years ago | (#7077182)

Grandma isn't going to be able to install and use bayesian filtering

"if a message is spam, click the nice big "junk" button that mozilla mail provides. if a message is marked as spam while it isn't, click the "this isn't junk" button that is prominently displayed." not only _can_ I teach my grandmother that, I _have_ taught her that

Re:Spam ostrich (1)

fmaxwell (249001) | more than 10 years ago | (#7077269)

"if a message is spam, click the nice big "junk" button that mozilla mail provides. if a message is marked as spam while it isn't, click the "this isn't junk" button that is prominently displayed." not only _can_ I teach my grandmother that, I _have_ taught her that

So she couldn't install it on her own and needed personalized training on its use. Not everyone has a tech geek to install software and give them personal lessons in its use. Many people sign up for AOL or Earthlink, put in the CD that's mailed to them, and call tech support to ask "now what do I do"? Most people don't ever update their e-mail client and use whatever was installed on their Dell/Compaq/HP/Gateway/etc. when they bought it -- or what came on the CD from AOL. They don't have bayesian filtering and the spammers know that. So the spam keeps flowing because the spammers know that for every grandmother like yours there are 200 that will see the message.

Re:Spam ostrich (1)

OeLeWaPpErKe (412765) | more than 10 years ago | (#7077385)


Publishing spam blacklists is a form of free speech and what you're advocating is the use of illegal means (DDoS) to suppress free speech. You suck.


There is at least one gaping hole in your argument, namely that blacklists are also suppressing free speech. You Suck.

Re:Spam ostrich (0)

Anonymous Coward | more than 10 years ago | (#7077439)

That's a stupid argument. It's like saying that not answering your phone is supressing free speech. Get back on the short school bus, moron.

Wrong! (3, Interesting)

fmaxwell (249001) | more than 10 years ago | (#7077484)

There is at least one gaping hole in your argument, namely that blacklists are also suppressing free speech. You Suck.

That's an idiotic statement. Blacklists don't suppress speech. No one forces you or your ISP to use the blacklists or to refuse e-mail from IP addresses listed on them. I use blacklists and my server may reject messages from you. So what? You have no Constitutionally guaranteed right to use my server to deliver your message. It's my private property, just as your ISP's server is their property.

Suppose your ISP started blocking all e-mail from ISP X after reading a New York Times article that ISP X hosts spammers. Would you accuse the New York Times of suppressing free speech? If not, then why would you accuse a blacklist provider of suppressing free speech? Because it's easier to search their database than to search the NY Times archives?

You need to take a class in Constitutional law.

Re:I hope so! (1, Informative)

Anonymous Coward | more than 10 years ago | (#7077161)

Blacklists are a cure far worse than the disease

I agree with you on that one. Not only does the traditional open-relay lists make it easy to find open relays to abuse, but the newer broadlisting of spam-sources, which hurts unbelievably many besides the spammer, doesn't have any impact on the amount of spam I see in my mailbox every day. So you have something which doesn't work as it is expected to, which actually aids the spammers, and which is run by people so fanatically thick-sculled and narrow-minded to fix it when they make a mistake, we do have something that is far worse than the disease. If only the blacklists were run according to clear rules which includes ways to appeal or review listings, they would be somewhat better than the vigilante lists we have today.

Yes, it's me with the unfair SPEWS and SpamHaus listing... We are still listed despite having done what we're supposed to: Discovering the spammer, warning the spammer, booting the spammer and informing SPEWS and SpamHaus. They goofed and made an error in their listings (to include a different customer that never has spammed) and now they can't see that the spammer is long gone. No spam involving our networks for over 9 months now which should be evidence enough but they still haven't delisted us.

Yes, I hope those blacklists are gone soon. We don't want fanatics with a God-complex and a grudge to have the power to drive people out of business without clear justification.

Re:I hope so! (3, Informative)

fmaxwell (249001) | more than 10 years ago | (#7077231)

I agree with you on that one. Not only does the traditional open-relay lists make it easy to find open relays to abuse, but the newer broadlisting of spam-sources, which hurts unbelievably many besides the spammer, doesn't have any impact on the amount of spam I see in my mailbox every day.

I run several domains and use multiple blacklists. The blacklists are incredibly effective, especially those which are country-wide like taiwan.blackholes.us and china.blackholes.us. I, and the other users of my domain, don't communicate with people in China or Taiwan. If I disable the blacklists, the ONLY thing that comes to us from those countries is spam.

How do you know that the use of blacklists "doesn't have any impact on the amount of spam" you get? It has a tremendous impact on the amount that I get. Because of those punitive "broadlists", many ISPs like AT&T and PSI who used to write "pink contracts" and host spammers no longer will. The broadlisting makes harboring spammers unsafe. AT&T is not going to piss off their entire subscriber base just to get one big pink contract from some spam house. It's not worth it to them. Many ISPs, especially dial-up ISPs have blocked outgoing port 25 so spammers can't use them for throwaway accounts from with to spam. No ISP wants to risk some spammer paying $9.99 for a month of service which will get the ISP blacklisted.

We are still listed despite having done what we're supposed to: Discovering the spammer, warning the spammer,

Any ISP which "warns" spammers deserves to be permanently blacklisted. What spammer doesn't know that spamming is against their ISP's terms of service and is an annoyance to the recipients? I hope that someone beats the sh*t out of you and gets a warning for it. Then maybe you'll understand why anti-spammers get so pissed off with ISPs who warn spammers.

Where's the hard evidence? (3, Interesting)

bersl2 (689221) | more than 10 years ago | (#7076919)

Has anybody done a disassembly of Sobig? How is it even distributed, as a binary or as a script? I don't think we should attribute Sobig to the spammers just yet.

OTOH, I have no friggin' idea what I'm talking about...

Re:Where's the hard evidence? (1)

Hi_2k (567317) | more than 10 years ago | (#7076983)

Sobig is a trojan. It allows other applications to be installed on the compromised system. That could easily be used to allow a DDOS attack.

Re:Where's the hard evidence? (1)

GoneGaryT (637267) | more than 10 years ago | (#7077031)

Sobig is a trojan.

It is (was) not itself a Trojan; the worm itself self-destructed on 10th September.

Re:Where's the hard evidence? (5, Interesting)

GoneGaryT (637267) | more than 10 years ago | (#7076999)

There have been a number of comments on this topic on a closed list for academic sites here in the UK and the analyses point to Sobig DDoS attacks, specifically against spamhaus.org in these cases. Sobig-F was a very well written piece of binary code, encrypted and compressed to 76k AFAIR, and a description of its functionality [sophos.com] shows this. In particular, the possibility that it could act as a portal for Trojan downloads reinforces the claim.

I was trapping infected workstations by monitoring perimeter firewall logs for DNS calls to the root servers, as this is a feature of its activity. Pity I didn't have time to find out what it wanted to resolve, because that could have been interesting.

I tend to think that spam is a virus... (1)

timelady (566419) | more than 10 years ago | (#7076928)

Look at it - virii tend to clog up systems, waste resources, and are bandwidth hogs. They are unwanted, and often involve mass mail outs from email addresses harvested without consent. They can cause the collapse of recipient mail systems by sheer volume.
Now replace the word 'virii' with 'spam'. See?

Re:I tend to think that spam is a virus... (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7076940)

sure, spam is a virus! except that by definition IT ISN'T.. DIE MOTHERFUCKER

Re:I tend to think that spam is a virus... (1)

Llywelyn (531070) | more than 10 years ago | (#7077059)

It also works if you substitute "college students" for "virii" (though they tend to be on the receiving end of said mass mail-outs, rather than the giving).

Viruses - not necessarily. (1)

chromie (92741) | more than 10 years ago | (#7076938)

In the short term, the mailing viruses are willing. I think it's to early to say that the spammers are going to benefit from this in the long run. True -- anti-spam services (especially those that are poorly funded or inadequately scalable) have been shutting down recently. They've been taxed, incredibly taxed, but the last two months' virus activity -- like the rest of the mail infrastructure. Add in some highly publicized ddos attacks, and, hell, many services would buckle under that kind of pressure. I think the real lesson is that many centralized spam services are inflexible and not hardened enough to meet the task (and the resistance). Maybe, generally speaking, that's the wrong idea. Maybe. In an even longer term, I think things are even less clear. Technologically, right now, it's spam/viruses 1, civiliam e-mail 0. But the troubles have been so well publicized, and so generally annoying, that already institutions are finally starting to implement basic hygiene [umich.edu] measures, in some cases overcoming substantial status-quo / administrative pressure.

going postal on spam (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#7076949)

The only way things will change, is when someone finally goes postal, and walks with guns drawn and wipes out a bunch of people. Then they will have to make a law to stop spam

Re:going postal on spam (1)

SUB7IME (604466) | more than 10 years ago | (#7077093)

Woohoo, you said postal in a reference to spam. Get it... e-mail... postal...

Damn, I'm lame today.

Not really surprising, is it? (5, Funny)

borius (711380) | more than 10 years ago | (#7076951)

With the efficiency of spam filters and widespread use of blacklists and such, how can the spammers actually make any money? It's logical that they (the spammers) should try to bring attrition to the defenses of mail servers.

Btw, I have a novel idea for bringing spammers out of business. OK, here goes: spammers want to sell you penis enlargement programs, viagra, and pr0n right? Well, what if someone sets up a company solely dedicated to selling these things at the lowest price possible? People could just go to AllMyPerverseNeeds.com and get their fix cheaply and securely. Obviously we can't compete with Nigeria type spams, but it would bring down a lot of spam I think. So, anyone in favor of starting a non-profit Viagra depot?

Re:Not really surprising, is it? (1)

Trigun (685027) | more than 10 years ago | (#7076971)

Your idea, although novel, is flawed. Even if you were to sell these products at a loss, you would still have to get your name and policy out there, and using the same medium as your competition. So to put the spammers out of business, you will have to spam to do it.

And spammers don't care about how the Internet works, or what will happen to the internet based upon their actions. They will abuse the medium until it's taken away, then abuse the new medium.
It's that simple.

Re:Not really surprising, is it? (1)

borius (711380) | more than 10 years ago | (#7077470)

Your idea, although novel, is flawed. Even if you were to sell these products at a loss, you would still have to get your name and policy out there, and using the same medium as your competition. So to put the spammers out of business, you will have to spam to do it.

I don't see why. Most people know about Google for instance, does Google spam people to get attention? If a place on the 'Net becomes the de facto standard for something the word will spread around

Re:Not really surprising, is it? (1)

Niksie3 (222515) | more than 10 years ago | (#7076974)

That sounds like a great idea! I'm not sure how we should advertise for a service like that though.. its a pretty niche market.

How about we try Direct-Marketing via email? I hear it works pretty well for other businesses like ours

Oh, wait.

Re:Not really surprising, is it? (2, Informative)

Anonymous Coward | more than 10 years ago | (#7077005)

Except that selling prescription drugs without a prescription, including viagra, unapproved drugs, and counterfeit drugs is illegal in the US and many other countries. Many of the other things you see advertised by spam are also illegal many or most places. Not only is the spam annoying and often illegal, so too are the products being advertised, which are often hazardous. By selling these products openly you would be taken down very quickly. Doing business outside the US helps somewhat but shipping these things to a US address is still illegal, and anyone who does it enough to be important will find himself in hot water quickly.

Re:Not really surprising, is it? (1)

jonbryce (703250) | more than 10 years ago | (#7077041)

Another idea is this ...

Spam the spammers

Every time you receive a spam, you place an order for whatever it is using fake details. Then the spammers won't be able to tell the real orders from the fake ones.

There are two types of spam this won't work for - premium rate phone calls, and stock pumping scams.

Re:Not really surprising, is it? (0)

Anonymous Coward | more than 10 years ago | (#7077095)

Every time you receive a spam, you place an order for whatever it is using fake details. Then the spammers won't be able to tell the real orders from the fake ones.

This doesn't work. Spammers can buy complete address checking solutions just like everyone else for just a few cents per checked address (the source material is sold straight from the postal service).
You'd have to sent a very high number of fake orders to make a difference in their profit margins, and when you start doing that, they'll just filter on ip first or something.

Re:Not really surprising, is it? (1)

Trigun (685027) | more than 10 years ago | (#7077108)

That really isn't an option either. Fake orders can be weeded out rather easily, as a valid credit-card is needed to place the order.
Also the spammers generally act as a third party, away from the companies who are selling the products. They get paid when the company gets paid. They have little other involvement in the "service". You have to target the companies selling the goods. Make it impossible for them to sell their products in the country. The U.S. market would be the biggest blow to the companies, as this is where the majority of spam I receive is targetted. Even if the company is offshore, make it difficult or impossible for them to ship this stuff to the U.S. Make other, valid shipments difficult to ship to the U.S. as well, in an attempt to catch the ones you want. Be very public about this. Contact foreign trade ministers, put everything on the table. Once they start playing nice again, loosen things up. Target one or two countries to start, big time players. The higher you go on the trading ladder, the bigger the economic impact on the targetted countries, the more reason they have to comply with your junk products policies.
This can only be done on a governmental level. It would be costly, and have little benefit on the economy, which is why it hasn't been done yet.

Attempted slander against anti-spam services also (5, Insightful)

Ricin (236107) | more than 10 years ago | (#7076968)

Look what I got yesterday (with forged headers):

---- quote --------------
Dear Internet user.

We are an organization dedicated to stopping spam. Please help us as we are
funded solely by private donations.

visit www.spamcop.net for full details. Or you can send your donations to:

Julian Haight
PO Box 25732
Seattle, WA
98125-1232

As you can see by this message unsolicited e-mail is an invasion of your
privacy. As you can also see it can be sent anonymously

We will continue our efforts until all spam is eliminated.

To join please visit www.spamcop.net or contact
jkdom@mail.julianhaight.com

We will continue to send out this message until we convince all ISP's to
stop all spammers.

!!!Stop low-lifes from invading your inbox with their junk!!!
---- end quote ------------

If they spew out fake spam which can only be meant for slanderous purposes, would you really expect them to *not* be in the virus game. Almost all these Windows viruses, if you hexdump them, have smtp capability. It's quite thinkable that a fair amount of them are really experiments rather than 'bad things done to innocent users because the virus writer likes doing that'.

There must be a lot of money involved in the art of spamming still. I wouldn't be surprised if spamhauses are partially means of laundering money as well (think about it). Either way, these people *are* criminals and one should consider them as such.

Nothing new (1, Funny)

Rosco P. Coltrane (209368) | more than 10 years ago | (#7076976)

are the spammers actually winning the battle by using viruses?

Just look at the godawful appearance of the meat, and smell the nasty stench from the can : how can you *not know* there are viruses in spam?

Yuk ...

What about netstat? (2, Insightful)

DWormed (711488) | more than 10 years ago | (#7076979)

If the sobig worm were attacking RBLs, wouldn't someone have done a "netstat" on an infected machine and found it? I've netstatted a couple of infected machines; seen nothing even close. Maybe it's just the mail _servers_ killing the RBLs, checking all those thousands of spam mails (sometimes 4 or 5 per server PER SECOND).

Re:What about netstat? (0)

Anonymous Coward | more than 10 years ago | (#7077378)

Sobig spreads as a virus and doesn't attack anything, at first. When it's done spreading, it becomes a zomie under the control of spammers. They've been using these zomies for relaying spam and for attacking anti-spam people.

You just didn't leave your machine infected long enough. :-)

3 of my servers has been hit (0)

Anonymous Coward | more than 10 years ago | (#7076985)

All 3 located in 3 different. country's, but all involved in anti-Spam activity's in SE Asia This is not a Joke, only funny part is the low and dumb DDOS, as I'm now able to just block IP by IP, and the general hit rate is as low as 1 pr, 20 sec. (thank god for the bade routing setup in most of Asia)

Simple solution (2, Informative)

Anonymous Coward | more than 10 years ago | (#7076989)

Install p0f [coredump.cx] on your firewall and block all SMTP access from windows machines. How hard was that?

no SMTP? (1)

neilb78 (557698) | more than 10 years ago | (#7076997)

I know it sounds like an impossible task, but does anyone think we'll ever be able to move away from SMTP based email? If so, won't spammers find a way to spam no matter what email system/protocol we use...or maybe with a new protocol at least we'd have a better more reliable way to block spam.

Next question... who's going to buiild this new protocol, and who would trust it and prompt a widespread which to it. It would, it seems, have to be backward compatible with SMTP for some time.

Re:no SMTP? (0)

Anonymous Coward | more than 10 years ago | (#7077052)

There is nothing wrong with SMTP and everything wrong with Spammers. These people threaten our online freedom in the same way that terrorists threaten our liberty in the _real_ world (reality is becoming a work of great fiction but thats another story).

No mercy for spamming scum, it is not an activity that can be defended. We should brand them as being part of a subhuman caste, strip them of their ill gotten wealth and subject them to long periods of public beatings. For the worst offenders we could remove their intestines and watch them wither and die on a reality TV show. Why should western society be so willing as to let a minority of self-serving shitheads ruin it for everybody else? Oh wait...

ode to slashdot (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7077003)

here I am, with my hive mind
I cannot think, drink pickle brine
repeat and deplete, for queen nerd
repeat and deplete, for queen nerd

Chorus
Princess, Dancer, Fair Weather
Princess, Dancer, Fair Weather
Princess, Dancer, White Feather

make the joke, funny like an abacus
create the insight, before hit by bus
all of the things, shiny, glistening, ring
SEEK THE FOREST

Chorus
Princess, Dancer, Fair Weather
Princess, Dancer, Fair Weather
Princess, Dancer, Black Feather

More Harm Than Help (-1, Insightful)

Anonymous Coward | more than 10 years ago | (#7077046)

The spammers are actually doing everyone else a favor by taking these sites down.

Blacklists are the equivalent of the guilty until proven innocent paradigm in the justice system. While they might stop spam by quickly blocking computers that have been hacked into by spammers, they cause problems for the poor people who got hacked. Yeah, it lets them know that they were hacked, but sometimes the people have already found out and fixed the problem. Yeah, they might stop a lot of spam, but they also generate a bunch of innocent victims in the process.

Bayesian filtering has been very successful and has none of the negative affects of the aggressive blacklisting.

Re:More Harm Than Help (1)

WanderingGhost (535445) | more than 10 years ago | (#7077183)

Blacklists are the equivalent of the guilty until proven innocent paradigm in the justice system. While they might stop spam by quickly blocking computers that have been hacked into by spammers, they cause problems for the poor people who got hacked.
Yes, but people just don't know what to do anymore. I know bosses who go really mad at admins when spam gets into their mailboxes. It happened to me too. Of course it's not the right solution, but we need some solution, and we need it now. It's sad, but what can we do?
Also, think about people/small businesses who have a bandwidth cap, or those who pay for the connected minute. No matter what filter they use (including Bayesian), they'll be paying for spam. Blocklists will certainly help them.

Bayesian filtering has been very successful
Yes, but it depends on the filter being trained periodically. And it works better for individuals than for groups (because the ham stats are very different for different people).

Re:More Harm Than Help (1)

Paulo (3416) | more than 10 years ago | (#7077260)

Bayesian filtering has been very successful and has none of the negative affects of the aggressive blacklisting.

Except for the bandwidth costs, which are a big part of the spam problem.
As for the rest of your comment, it's so outstandingly stupid that I won't even bother to comment. And now that I think of it, this is the second anonymous comment that I've seen in this thread slandering RBLs for no reason. What, do spammers read Slashdot too?

Spammers and viruses (1)

Orion Blastar (457579) | more than 10 years ago | (#7077047)

Look at it this way, if they use a Virus it covers their tracks as to who is sending the spam. They can claim they didn't send it, that the infected system sent it which they don't own. The same for DDos attacks, they can claim other systems did it.

Spammers use Viruses to not only send out Spam, but also to launch DDoS attacks on Anti-Spam sites. I imagine they control them remotely by IRC or some other way to contact the Zombie to do their bidding.

You see by Spamming they already are breaking the law and doing something unethical. Why stop there? Why not create viruses that act as zombies that can send Spam and also launch DDoS attacks at will?

I hope that someone catches these Spammers in the act of spreading viruses and shuts them down.

This would mean that Spammers are Terrorists: (3, Funny)

burgburgburg (574866) | more than 10 years ago | (#7077077)

Thus, the US would feel free to invade Spamodia to free the oppressed Spamodians from the evil Spammer overlords. During the invasion, though, the major Spammers would escape, allowing them to continue their spam attacks against the anti-spam coalition forces. And other pro-spam zealots would flock to Spamodia to aid the effort.

Two can play that game! (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7077079)

I don't know if spammers are responsible for the SoBig virus, I would guess that they aren't but I can seriously believe that they are in control of a number of zombies and are capable of "defending" themselves using DoS attacks.

But this can be fixed through cooperation. All we need is a few hundred, or peraps a couple of thousand blocklist hosts and a method of coordinating them.

This is easier than it seems. The method already exists. It is called Newsgroups. The only problem that needs to be solved is a method of proving authenticity. Those solutions are also already available.

List updates could be delivered quickly via IRC too. May as well use the enemy's weapons against him.

Do they go after the companies that use spammers (3, Interesting)

ziaz (542344) | more than 10 years ago | (#7077084)

I'm guessing this has already been said, but... Instead of focusing on just the spammers themselves, why not target the companies or individuals that from time to time benefit from the spam. I'm assuming there must be some way to track those people receiving money for viagra, enlargements, etc.

Typo or am i not 1337 enough? (0)

Anonymous Coward | more than 10 years ago | (#7077111)

is an "Aattack" and Attack or is it like Ddos ????

overlords (-1, Offtopic)

arabagast (462679) | more than 10 years ago | (#7077115)

I, for one, welcome not our new spam overlords.

-If life is a stage, I want some better lighting.

Spammers as cyber-terrorists (3, Insightful)

Anonymous Coward | more than 10 years ago | (#7077131)

Finally this is our chance to make Congress liken spammers to cyber-terrorists, and for a reason politicians fear and know well enough to do something about it: "Now some of the spammers are even building a network of worm-ridden computers [slashdot.org], possibly at the fingertips of a madman who is willing to do anything for money, and may only be waiting to turn them into Weapons of Mass Disruption, wreaking havoc to the Nation, the Internet, and e-mail as we know it..." (spooky, huh? ;-))
Outlaw spammers, put an end to spam. Sometimes it's as simple as that. (And it works: Haven't seen much fax spam for years...)
Just be "Mr. Concerned Citizen" for once and send articles like this [theregister.co.uk] to your congresscritter [loc.gov] now. Let them know what spammers have already done "to your kids" (rather omit the "to your p...s" part even if you've ordered their pills and pumps) "and to your computers".

"Secure" network.. (2, Informative)

CooCooCaChoo (668937) | more than 10 years ago | (#7077179)

A secure network needs to be created where by ISPs create a special network which only allows emails to be sent to and from each other. Any email coming from relays not from the list of "acceptable" senders, the message is instantly deleted.

It is unfortunate, however, that the majority of the spam I am receiving is from low lives who run a virus and now I get 143K size attachments being rammed to me.

If they are going to do something there has to be a concerted effort by ISPs to work together to kill of open relays and people who spam rather than getting a real job; 8 to 6, crappy holidays and unreasonable pay. If 95% of people out there can live their lives like normal adults, I think that these spammers can too.

Re:"Secure" network.. (1)

pe1chl (90186) | more than 10 years ago | (#7077216)

And how are you going to certify the ISPs allowed on that network, so you won't get any spammers on the list of acceptable senders?

Re:"Secure" network.. (1)

CooCooCaChoo (668937) | more than 10 years ago | (#7077327)

Easy. Negotiate between ISPs. The only mail servers allowed on the "network" are ISPs who conform. The ISPs who sign up, sign a legally binding contract.If they fail to abide, they are kicked out.

Re:I get 143K size (1)

Technician (215283) | more than 10 years ago | (#7077361)

Change e-mail clients if this is a problem. Get one that can receive header information only. Delete the ones with 143K attachments on the server instead of downloading. My policy is even simpler, delete all executibles and HTML. Loosing a pretty style sheet doesn't make the message hard to read. Most of the time it makes it easier.

Re:I get 143K size (1)

CooCooCaChoo (668937) | more than 10 years ago | (#7077462)

Unfortunately I have tried to set it up with Mail (MacOS X), Lotus Notes 6 and Entourage, however, each of them download the message first them strip off the attachments. I've changed email addresses now, however, it is rather annonying that such a large number of people send attachments, HTML messages and run attachments thus I end up getting 134K *.exe files crammed in my inbox.

What do spammers have to loose. (1)

jellomizer (103300) | more than 10 years ago | (#7077219)

Most Spammers are Criminals, Scam Artiest and possible Terrorist anyways. So if they are caught they go to jail. So why not make a virus to stop the spam blocking sites. What is the worst that can happen, They get caught and go to jail. That is the problem of dealing with criminals when their back is to the wall they will do whatever. What they should do is a full media blitz explaining the dangers of Spam and also putting a lot of real pressure on people who keep their relays open, force them to fix it, or shell out cash for a qualified consultant [timcomputer.com] to fix it. Spammers need to be in a situation where there is to much risk and work to be profitable.

Huh ? (2, Insightful)

phoxix (161744) | more than 10 years ago | (#7077233)

and spamhaus.org is taking have blows

English ?

And if such a site is under attack, why on earth are you linking it on slashdot's front page ?

Sunny Dubey

How cool?! (3, Funny)

scovetta (632629) | more than 10 years ago | (#7077263)

How cool would it be if there was evidence that the Direct Marketing Association [the-dma.org] was behind the SoBig worm? We could sick the RIAA on them, and maybe tell SCO that the DMA was using Linux to develop it. With any luck, they could all come together and ignite like a small star, ridding the world of the lot of them!

Only in my dreams...

monkeys.com? (0)

Anonymous Coward | more than 10 years ago | (#7077334)

What happened to monkeys.com anyway? Last Thursday I started bouncing messages because I was using their RBL and didn't notice it until I started to see an absence of messages from mailing lists. What is it with these fucking RBL's just starting to reject everything? Just shut it off and let it timeout.

They killed news groups and email's fading fast. (1)

crovira (10242) | more than 10 years ago | (#7077348)

I haven't used a news reader since the groups got bloated with spam and porn.

My main corporate email account is bloated with spam and with moron viruses sent to "all Microsoft Customers," of which I am not. It has got so bad that I just let the account bump against its mail box limit and bounce messages off.

Unfortunately, I have to use email for the auditability otherwise...

If it wasn't for spam, I'd have no traffic at all most days.

just respond in kind (1)

DuckWing (19575) | more than 10 years ago | (#7077391)

I think the solution here is to respond with the same kind, but more forceful DDoS attack on the systems that are trying to shut the anti-spam sites down. I should think we as good network admins, code hackers, et al can do a much better job that these spammers that are obviouslly loosing the battle since they are resorting to this kind of tactic. Find the IPs of the sites, and flame back!

How the attack works (4, Informative)

Skapare (16644) | more than 10 years ago | (#7077420)

Before the SoBig virus, each mail server receiving mail would, in the course of a day (about how long DNS black list records would be cached), get SMTP connections from a certain set of other mail servers. Most of those mail servers would be the ones from which email regularly comes in. Although people would have lots of email addresses in their address books, and even more in other files, most only regularly exchange mail with a small subset.

Enter the SoBig virus. It gathers up email addresses, not only from the address book, but also from email contents, web cache, documents, and just about everything else. Then it sends email to them in a probably uniform distribution of selection. The number of different domains being sent to from one computer in a day is now much larger than normal (in addition to the increased traffic). At the receiving mail servers, the number of different mail servers the SoBig spam is coming from is also much larger than normal. Now mail servers are getting mail from just about every mail server that has any user with any instance of a user email address that names that receiving server.

With the same mail servers sending mail over and over, the receiving server's DNS cache will have hits very frequently. With an increase in diversity of mail servers trying to deliver the SoBig spam, the number of cache misses goes up. Each cache miss means a query that recurses back to the DNS blacklist servers. Thus the query load on those servers goes up, effectively a DDoS.

Additionally, most DNS servers out there are "open recursive name servers". That means they let anyone, anywhere, do a recursive lookup. Spammers can drive even more load on the DNS blacklists by sending out DNS queries (with forged source addresses, of course, so they don't have to deal with the bandwidth of the answers) to those open recursive name servers, forcing more and more queries to focus in on the authoritative servers for the DNS blacklists.

This attack can be successful because spammers have far more network access from a wide variety of places than there are authoritative name servers for DNS blacklists (the ultimate target). And since recursive DNS lookup only has that server for a source address, all the DNS blacklists will see are queries from those open servers.

One way to address some of this problem is to close off recursive lookups. But given that millions of networks are run by incompetent or non-existant administrators, that isn't likely to happen on the scale needed to prevent the abuse. And it won't stop lookups by the receiving mail servers trying to check out all the different SMTP connections due to the spam from the viruses.

Blacklists will most likely end up having to be done by a means other than DNS, unless blacklist operators can manage to acquire sufficient bandwidth and server power to ride out the loads (which could very well be even greater than the GTLD servers that host "com" and "net" would see). Some form of distributing a static list file will probably happen. And, unfortunately, that means whoever gets listed will have a much harder time getting out of all those distributed lists, as many people won't be updating them as often as they should. The original reason to use DNS was to have a relatively quick means to remove a listing and have it take effect throughout the internet. By breaking the DNS mechanism, the ability to remove a listing is what suffers the most.

What I hope will end up happening is that spammer networks and generic (dialup, cable modem, DHCP, etc) addresses get listed in distributed files, and the more transient cases still get handled by DNS. The listings in DNS would be the ones that won't be so important to big time spammers, so they would be less attractive targets of attack, and if attacked anyway, would not open up the major points spammers find easy to use (e.g. their own networks and the generic networks where open proxies are found all over the place).

I've said it before... (4, Insightful)

terrencefw (605681) | more than 10 years ago | (#7077458)

...and I'll say it again.

The main problem here is that we have millions of hosts connected to the Internet that just aren't robust or secure enough to be connected to a public network (I'm mostly talking about Windows machines here, if you hadn't guessed).

There was a discussion last week on slashdot about ISP's doing egress filtering home users's connections and I'm all in favour of that.

Unless you're hell-bent on running a mailserver on your DSL line, there's no reason for you to go out on port 25. Even if you do run a mailserver, you should have your box forward all outbound mail to your ISP's mail relay. AOL and some other large ISPs won't accept mail from you if you don't anyway.

IMHO ISPs have a responsibility to protect the backbones from their lame-ass customers with compromised machines.

Reply rather than mod if you think I'm talking out of my outbound relay.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...