Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Another Worm Targets Anti-Spam Sites

timothy posted more than 10 years ago | from the heads-on-sticks-please dept.

Spam 538

kevinvee writes "Yahoo! is reporting about the next battle of Spam Houses versus Spamhauses. This time, its W32/Mimail-L receiving the attention. "It's the third Mimail variation to come after us, except this one is trying to do more," said Steve Linford, founder of The Spamhaus Project. Apparently this reincarnation comes as an attachment offering naked photographs. Once infected, a follow-up e-mail is sent to the user stating that a CD containing child pornography will be delivered to their postal address. "These guys write trojan (viruses), they carry out DDOS attacks and they get their money through selling stolen credit cards and spamming," Linford said."

cancel ×

538 comments

first post! (-1, Offtopic)

garfdotca (657358) | more than 10 years ago | (#7618433)

first post!

Re:first post! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7618442)

well now don't you feel special

Re:first post! (0)

Anonymous Coward | more than 10 years ago | (#7618618)

Wake up, GNAA!

Slashdot these days is quite pathetic and the only redeeming comments are trolls. I need my daily Goatse/GNAA/Katz trolls! Let's get moving!

What happened to the /. Spam in a can icon? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7618673)


I just noticed that slashdot has replaced the little Spam Can icon with ... a pig?? Remember when slashdot had a little blue can of Spam [tinyurl.com] that they used for this article set? What, some sort of copyright problem?


A new low (4, Funny)

CleverNickName (129189) | more than 10 years ago | (#7618443)

I didn't think that it was possible for me to hate spammers more than I already do.

Turns out I was wrong.

Re:A new low (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7618465)

[Picard]Shut up, Wesley.[/Picard]

Re:A new low (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7618466)

alt.wesley.crusher.die.die.die

err . . I mean alt.spammers.die.die.die

Re:A new low (0)

Anonymous Coward | more than 10 years ago | (#7618535)

Why is that whenever CleverNickName posts, at least five or six people have to post replies pointing out that hey, look, it's Wil Wheaton everybody! Hey, Wil played Wesley Crusher in ST:TNG everybody! Gee, look at that! Of course that was more than decade ago, and Wil isn't exactly the fresh faced youth he once was, and Wesley is a fictional character anyway so why does it matter how annoying he was?

As though we didn't know any of this. Or as if we should care.

Now, will the real Bruce Perens please stand up?

Re:A new low (2, Funny)

.Bruce Perens (150539) | more than 10 years ago | (#7618570)

Now, will the real Bruce Perens please stand up?

Certainly. All you had to do was ask.

Re:A new low (5, Interesting)

Saint Aardvark (159009) | more than 10 years ago | (#7618525)

No kidding.

It's absolutely insane. They won't stop 'til they've destroyed email.

It's melodramatic, but: spammers really have declared war on email, and the Internet and its users as a whole. They're fucking with email, they're fucking with DNS, they're sending out viruses to infect users and spread more filth, and they're trapped in this huge positive feedback loop that I'm desperately afraid won't end. They pump out millions of emails which get ignored so they pump out more which gets them blocked so they pump out more to get around that and they start attacking their opponents and now the volume of spam is so high they need to pump out even more just to get any sort of return...

Rationally, I think the only way around it is to attack the economics of spam, as has been suggested by many much smarter than me.

But really, what I want is revenge.

Re:A new low (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7618547)


Spammers have been taken to court over this [tinyurl.com] here in Ohio. Unfortunately is amounted to little more than a slap on the wrist. This should have been a ground-breaking case, but sadly just an example of how the justice system doesn't always work.

Re:A new low (5, Insightful)

Uma Thurman (623807) | more than 10 years ago | (#7618568)

There's a term for a coalition engaged in the act of making money through the use of intimidation and illegal acts: organized crime.

The spammers are exactly the same as the mafia.

Re:A new low (4, Funny)

johnkoer (163434) | more than 10 years ago | (#7618702)

I thought you were going to say RIAA, but organized crime works too.

Hey, look, it's Wil Wheaton everybody!!!!!@1231313 (-1)

(TK)Max (668795) | more than 10 years ago | (#7618697)

SLASHTREK, THE NEXT MASTURBATION
a screenplay from the library of Trollkore.

SCENE 1: ABOARD THE STARSHIP ENTERPRISE - A worried L.T. Commander Data addresses Captain Picard.

Data: Captain, sensors indicate a de-cloaking Slashdot ship one hundred meters off the starboard bow.

Picard: On screen!

Worf: Captain! We are dealing with a highly idiotic, ignorant and Linux-using species. They have been known to attack those who have superior social skills and official Microsoft qualifications in computer literacy out of fear and confusion - I recommend we attack them before they do us!

Picard: That is not the way the federation do things, Mr. Worf. When dealing with such mindless slashbots there is only one course of action to take. Ensign Wheaton hail the Slashdot ship.

Wheaton: Yes sir... but are these slashbots really so bad, according to my knowledge the open source community is a highly developed and sophisticated race of people - it would be unfair to discriminate against them just because of their foul stench and greasy complexion.

Picard: Shut up Wesley!!!

Data: The Slashdot ship has responded to our hail.

Picard: On screen.

--- Cut to a dark and lifeless ship, featuring posters of Kathleen Fent engaging in all manner of sexual acts upon the walls, with a barely visible silhouette of Michel Simms vigorously beating his cock in the background.

CMDRTACO: Captain, you are encroaching on our space, leave our territory at once and never return.

Picard: We are on an important scientific mission, studding a collapsing star - I can offer you goods in exchange for passage trough your space.

CMDRTACO: -1, Redundant. You have nothing you can offer us... End Trans...

Picard: WAIT! I have... Goatse. [goatse.cx]

CMDRTACO: Then it is agreed, your safe passage trough our space in exchange for the image. End Transmission.

--- The view screen turns off and TACO looks over to his first mate, Cowboy Neil.

CMDRTACO: Put the image on main screen.... I wish to ejaculate.

Sue the software companies (0, Interesting)

grub (11606) | more than 10 years ago | (#7618444)


If the government can go after the tobacco companies for killing people with their second hand smoke, why can't they go after the software companies that have obviously turned a blind eye to security in the name of profit and the after-market anti-virus industry? It's their shoddy software that allows this to be possible yet they make billions while costing ISPs and end users billions more.
Hell, some US states are even going after gun manufacturers..

Re:Sue the software companies (1, Insightful)

NetJunkie (56134) | more than 10 years ago | (#7618460)

WHAT? Who? Where? These viruses don't use some security exploit. They get the user to run the attachment..plain and simple. If the user runs a file that is no ones fault but the user.

Re:Sue the software companies (3, Insightful)

grub (11606) | more than 10 years ago | (#7618479)


The fact that when opened this software is allowed to execute code, crawl through the address book, copy itself and send itself out to others is a fault with the system.

I've never had a problem when opening an attachment with Mutt.

Re:Sue the software companies (1)

BenjyD (316700) | more than 10 years ago | (#7618558)

If it's an executable and the user runs it, then it can do anything the user can do. If I emailed you "hot_nekkid_chicks.sh", you saved it using mutt, ran it without thinking and it did rm -rf ~/ , you wouldn't blame Mutt.

The fact that MS software makes it so easy to run an attachment and to hide its executable nature is the problem.

Re:Sue the software companies (1)

grub (11606) | more than 10 years ago | (#7618588)


If I just look at "hot_nekkid_chicks.sh" in Mutt I would only see the script. Just looking at these things in Outlook lets them run. With mutt I would have to save the script, chmod it +x, then run it.

Which is safer?

Re:Sue the software companies (1)

BenjyD (316700) | more than 10 years ago | (#7618643)

That's what I said - the ease of execution is the problem, not the fact that code can crawl your address book as the grandparent post states.

Re:Sue the software companies (0)

Anonymous Coward | more than 10 years ago | (#7618689)

I have two comments:

1) If it is actually that difficult to run a program in Linux then it will never take off for the home users.

2) There is nothing that says that this virus is activated by opening or previewing the email but only when actually executing it.

Just face it. You are a low digit troll.

Re:Sue the software companies (0)

Anonymous Coward | more than 10 years ago | (#7618726)


1) If it is actually that difficult to run a program in Linux then it will never take off for the home users.

You (wrongly) assume that I run Linux.

2) There is nothing that says that this virus is activated by opening or previewing the email but only when actually executing it.

I suggest you re-read the article then:
  • "Clicking on the attachment activates the virus. Once triggered, the worm forwards itself to other e-mail users."
Clicking on the attachment is all that's needed. Granted that's the same as executing the thing but that's still deplorable security.

Re:Sue the software companies (0)

Anonymous Coward | more than 10 years ago | (#7618567)

If more than 20 people used Mutt, there might be some reason to write an exploit.

Re:Sue the software companies (1)

Kombat (93720) | more than 10 years ago | (#7618581)

So if I email you an ELF binary as an email attachment, and you save it and run it, that executable will not be allowed to crawl through your address book and send itself out to others?

Linux prevents it from doing that, eh? Really? Which distro might that be?

Re:Sue the software companies (0)

Anonymous Coward | more than 10 years ago | (#7618608)

Read above. I'd have to save the attachment, chmod it then run it. Most unix people are smarter than that and any worm that requires all that intervention would just die on the vine.

Re:Sue the software companies (1)

Kombat (93720) | more than 10 years ago | (#7618731)

I'd have to save the attachment, chmod it then run it. Most unix people are smarter than that

Exactly my point! It's not the system, it's the users.

Re:Sue the software companies (0)

BrianPM (729224) | more than 10 years ago | (#7618712)

Because people don't write viruses to exploit Mutt. It's not saying that they can't. They don't because Mutt has about the same market share as the Kia Sorrento.

Re:Sue the software companies (1)

Malc (1751) | more than 10 years ago | (#7618603)

If I misslead you and get you to hand over your life's savings, then it's your fault, right? I won't have to worry about being hunted down by the long arm of the law and prosecuted for being a con man?

These viruses prey on the ignorant. It's easy to make comments like yours when computers are a key part of your life. Perhaps we should have a minimum competence level before letting people on the internet, a so-called computer driving licence. That way we can hold the users responsible.

Or perhaps you're responsible. You know what the problems are, but you haven't done enough to educate others.

Re:Sue the software companies (0)

Anonymous Coward | more than 10 years ago | (#7618640)

Alright. Well let's say, for the sake of argument, I send you a package in the mail. It says it's a free copy of an encyclopedia or something like that, and asks you kindly to open it. You open it, and it explodes in your face.

Whose fault is it that you just got your head blown off? Is it yours? Well, you did open the package. The bomber shouldn't be held responsible, you were stupid enough to read the sign and open the box anyway. It's your fault, isn't it?

NEW FROM OSDN (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7618462)

ITCockSmokers.com [itmanagers.com]

Mission critical decisions demand massive amounts of polesmoking and salad tossing before you just break down and buy the Microsoft product you should have bought weeks ago in the first place, cockgobbler. But, nooo.., you had to try to fix the square peg of OpenSores into the round hole of Reliability and Integration.

No one ever got fired for buying Microsoft. But you'll soon be fired for this latest fuckup, jagoff. Enjoy your source code. Make sure you print it out before they fire your ass; it will make great toilet paper while you search for your next job you clueless fuckknob.

*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
g_______________________________________________g_ _
o_/_____\_____________\____________/____\_______o_ _
a|_______|_____________\__________|______|______a_ _
t|_______`._____________|_________|_______:_____t_ _
s`________|_____________|________\|_______|_____s_ _
e_\_______|_/_______/__\\\___--___\\_______:____e_ _
x__\______\/____--~~__________~--__|_\_____|____x_ _
*___\______\_-~____________________~-_\____|____*_ _
g____\______\_________.--------.______\|___|____g_ _
o______\_____\______//_________(_(__>__\___|____o_ _
a_______\___.__C____)_________(_(____>__|__/____a_ _
t_______/\_|___C_____)/______\_(_____>__|_/_____t_ _
s______/_/\|___C_____)__OSDN_|__(___>___/__\____s_ _
e_____|___(____C_____)\______/__//__/_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
g____|__\______________\_______/____________/_|_g_ _
o___|______________/____|_____|__\____________|_o_ _
a___|_____________|____/_______\__\___________|_a_ _
t___|__________/_/____|_________|__\___________|t_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|_________/_/________|____|_______|_________|e_ _
x__|__________|_________|____|_______|_________|x_ _
*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_


Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account.

Re:Sue the software companies (0, Redundant)

cbreaker (561297) | more than 10 years ago | (#7618469)

Because we can't tax the spammers.

Re:Sue the software companies (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7618483)

HAHAHAHA. Nice troll. Let me summarize your post:

I didn't read the article but I am going to use my boiler plate rant to try and score some Karma Whore points.

Re:Sue the software companies (0)

Anonymous Coward | more than 10 years ago | (#7618504)

I did read the article ~15 minutes ago (subscriber, eh)
Please show me where I've used this "boiler plate" before. Ahh.. you can't, begone troll.

Re:Sue the software companies (0)

Anonymous Coward | more than 10 years ago | (#7618622)

Of course I can't. Slashdot doesn't have the ability to search posts and only shows the last 20 or so. Your post, however, is hardly original. If I had the energy I could search through every virus story to see where a post just like yours existed.

Re:Sue the software companies (0)

Anonymous Coward | more than 10 years ago | (#7618722)

Cripes, don't be so lazy. It took me three seconds to find this guy shouting off his bullshit [tinyurl.com] on forums other than slashdot with a google search. He states the same thing over and over outside this little corner of the 'net, apparently.

Here's a hint, grub. If you're going to push an agenda, change your nick everynow and then.


Re:Sue the software companies (1)

spankyzone (91582) | more than 10 years ago | (#7618499)

Beyond all the normal inferences of why you can't target spammers... there is one fundamental thing to note. There has yet to be a proven case, directly or indirectly, of email spam causing death. :)

Yeah, it costs people time, lots of money, and probably some hair; meanwhile someone profits from the exploits good and bad. Hell, that happens all over the place, not just here.

Re:Sue the software companies (1)

www.sorehands.com (142825) | more than 10 years ago | (#7618616)

Actually, there was a 419 spam victim that killed [unspam.com] . The ironic part is that is was a Nigerian diplomat.

Re:Sue the software companies (0)

Anonymous Coward | more than 10 years ago | (#7618516)

If the government can go after the tobacco companies for killing people with their second hand smoke, why can't they go after ... the after-market anti-virus industry?

Be reasonable! When's the last time a virus effected your health? ;)

Re:Sue the software companies (0)

Anonymous Coward | more than 10 years ago | (#7618529)


FLAMEBAIT? Billy must have his sandbaggers working on slashdot today.

hmm.... (4, Funny)

frodo from middle ea (602941) | more than 10 years ago | (#7618453)

I always though the money making scheme from "Lock stock and two smoking barrels" was very practical and doable..This looks preety similar to that.<P>
In case you don't know what I am talking about, Go see the movie before you mode me down.

Re:hmm.... (1)

Space cowboy (13680) | more than 10 years ago | (#7618555)

If you're talking about the "mail order" scheme, I agree. If you mean the dope scheme, I think that's out of my league - far too (expletive deleted) dangerous :-)

Simon.

Re:hmm.... (1)

frodo from middle ea (602941) | more than 10 years ago | (#7618666)

Yep the mail order scheme. Can't be too elaborate from work place ;)

Re:hmm.... (1)

IWorkForMorons (679120) | more than 10 years ago | (#7618669)

What? You don't think growing copious amounts of ganga in an old castle in the middle of Britain with two braindead potheads is good safe money-making opportunity?

Re:hmm.... (0)

Anonymous Coward | more than 10 years ago | (#7618617)

"Go see the movie before you mode me down."

chmod 777 type-o

Re:hmm.... (0)

Anonymous Coward | more than 10 years ago | (#7618681)

Three hundred dollars per wank! Oh wait, that was "Way of the Gun."

baseball bat (5, Insightful)

Clay Pigeon -TPF-VS- (624050) | more than 10 years ago | (#7618457)

What we need to do is find out the physical addresses of these nice individuals and try to reason with them using advanced negotiation tools, such as baseball bats and tire irons.

Re:baseball bat (0)

Icarus_SFX (173267) | more than 10 years ago | (#7618510)

And if we all do that we give them a tast of their own medicine.

A CBoS(tm) attack :-)
(Collabarative Battering of Spammer)

Re:baseball bat (0)

Anonymous Coward | more than 10 years ago | (#7618559)

Why is such an insightful post modded funny? No one is going to stop these spammers if we don't take matters into our own hands!

This is insightfull, not funny! (1)

FatSean (18753) | more than 10 years ago | (#7618580)

I mean, imagine a few busloads of geeks bumrushing and stomping the crap out of a few spammers? Wear masks and run like hell...few will be ID'ed and caught.

Re:baseball bat (0, Insightful)

mirko (198274) | more than 10 years ago | (#7618602)

Whoever modded this "Funny" has a big problem.

Get a life : it's email, it won't kill you.
Just use a decent mailer, some antispam filter and update it.

Why would you just physically hurt somebody ?
"He" may spam you but there is justice, after all, so let it do its job and contact your representative to get this point on top of the next government deliberation list.

Re:baseball bat (0)

Anonymous Coward | more than 10 years ago | (#7618664)

As if your congressman is actually going to do something constructive on the subject. Most congressmen only know as much about computers as Microsoft, the RIAA, MPAA, and Intel tell them.

Re:baseball bat (1, Informative)

lexluther (529642) | more than 10 years ago | (#7618662)

What we need to do is find out the physical addresses of these nice individuals

I looked it up for you:

Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052

Yeah... (4, Insightful)

Kirk Troll (729217) | more than 10 years ago | (#7618458)

Apparently this reincarnation comes as an attachment offering naked photographs.

Yeah... apparently, people are still STUPID enough to open these things. Does ANYONE out there still beleive you can get "100% free porn, just click here!" from some sleezy, unsolicited email that just redirects you to a credit card entry, despite the "free"?

I guess so...

Re:Yeah... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7618477)

You are a traitor to all of troll kind with your topical, pertinent posts.

Re:Yeah... (3)

cbreaker (561297) | more than 10 years ago | (#7618491)

Unfortunately, some people do..

If you send out a million e-mails, and only .5% click your thing, then you are still getting 5,000 people to your site.

It sucks. I hate it. People are so dispicable.

Re:Yeah... (4, Insightful)

IWorkForMorons (679120) | more than 10 years ago | (#7618562)

people are still STUPID enough to open these things

Because, for some people, curiousity is just too strong to resist. They know it can't be true, but they'll click it anyways "just in case". Then they'll call me to ask why their computer is all of a sudden slow, at which point I clean their system and buy a new pair of boots because my old left boot is embedded in their ass...

They should've known better (0, Redundant)

fred_sanford (678924) | more than 10 years ago | (#7618464)

The virus is sent as an attachment to a anti-spamming company yet they open the attachment anyway and get infected? I'm just as against spam and viruses as the next person but you figure a tech-savvy company that's supposed to stop unwanted e-mail would be more cautious in opening attachments.

Re:They should've known better (2, Insightful)

arkanes (521690) | more than 10 years ago | (#7618480)

The virus installs a DDOS zombie that attacks Spamhaus. It's not that Spamhaus got infected.

Re:They should've known better (1)

fred_sanford (678924) | more than 10 years ago | (#7618485)

sorry to respond to meslef. just realized that it was the users running attachments not the company. my bad for jumping the gun.

NO! (1)

www.sorehands.com (142825) | more than 10 years ago | (#7618497)

They should know better than to use such an insecure e-mail application as outlook.

Re:They should've known better (2, Informative)

kefoo (254567) | more than 10 years ago | (#7618523)

I think you misunderstood. The virus sends an email about the shipment of the porn CDs with a spoofed return address that's actually the address of an anti-spam organization, so they get bombarded with emails from users who think they're sending them child porn.

Re:They should've known better (1)

mercan01 (458876) | more than 10 years ago | (#7618574)

Um...maybe you and I read a different article, but the article linked here talks about a DDoS from external sources.

How does he know ??? (0)

mirko (198274) | more than 10 years ago | (#7618470)

These guys write trojan (viruses), they carry out DDOS attacks and they get their money through selling stolen credit cards and spamming

Who are "these guys" ???

Re:How does he know ??? (1)

ePhil_One (634771) | more than 10 years ago | (#7618526)

Who are "these guys" ???

These guys are directly opposed the "They" in "They say ...",
who are not to be confused with "The man",
which is a common misconception

Re:How does he know ??? (1)

Neophytus (642863) | more than 10 years ago | (#7618688)

These guys [spamhaus.org]

Good (4, Interesting)

Karamchand (607798) | more than 10 years ago | (#7618482)

I think this is actually a good thing because it links spammers with viruses and therefor reinforces the association "spammer = evil". Perhaps sooner or later more people (and gov. agencies and companies) see spam not just as annoyance but as attack.

Re:Good (4, Interesting)

southpolesammy (150094) | more than 10 years ago | (#7618598)

Worse yet for them, it associates spammers and virus writers with child pornography, which is considered among the lowest of the low for crimes. If this doesn't get those in a position of power to realize the depths of depravity that these people are willing to go to, I wonder if anything will.

What proof do they have? (2, Interesting)

Steve 'Rim' Jobs (728708) | more than 10 years ago | (#7618484)

Seriously, I dislike spammers as much as the next guy, but immediately saying this is the work of a spammer is stretching it just a bit. For all we know the person behind the worm has nothing to do with spam.

Re:What proof do they have? (0)

Anonymous Coward | more than 10 years ago | (#7618556)

Your mom

Linux + Apache is vulnerable (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7618486)


Don't go screaming that "See! IIS sucks! just yet." This is a documented a subsequently ignored [tinyurl.com] problem with Apache. I like the concept of open source as much as anybdoy around here, but this is one regrettable case where we dropped the ball. We should have patched this the day it was released. Still, we have substantiall less black eyes than Microsoft, but a black eye nontheless.

Beware.... goatse troll (0, Offtopic)

sean.peters (568334) | more than 10 years ago | (#7618520)

Someone with mod points please blow away this post. The tiny url redirects to goatse...

Sean

Anti-DDOS (4, Interesting)

Angram (517383) | more than 10 years ago | (#7618487)

Isn't there some way to distribute the anti-spam sites/lists so that a DDOS attack can't take it out? All that's needed is a simple neural net-style system - redundancy and distributed content (which the internet makes simple) could solve this sort of problem, at least for now.

Re:Anti-DDOS (-1)

Anonymous Coward | more than 10 years ago | (#7618546)

Well you're pretty hot with the technobabble "All that's needed is a simple neural net-style system - redundancy and distributed content (which the internet makes simple)"

You design it then

(Then you'll learn just how hard that really is)

Re:Anti-DDOS (1)

Angram (517383) | more than 10 years ago | (#7618613)

Perhaps you misparsed that - I intended "simple" to mean "basic," as opposed to implying that it was an easy task (i.e. "simple to design"). I have no idea how easy it would be to create, however I think it's worth pursuing. If normal computer programmers are having a hard time, perhaps they should consult with people who program AI systems.

Re:Anti-DDOS (0)

Anonymous Coward | more than 10 years ago | (#7618587)

Perhaps the computers are sending out the emails in order to persuade us to create such a system. Who knew that it would be spam that would cause us to build Skynet, not US defense.

Re:Anti-DDOS (1)

Nasarius (593729) | more than 10 years ago | (#7618693)

Maybe you could explain how neural nets (an AI programming construct) relate to a network of distributed content.

Re:Anti-DDOS (1)

liquidsin (398151) | more than 10 years ago | (#7618699)

I'm definitely not an expert on this topic, but hey, this is /. and everyone gets their $0.02, so here goes. A spam blacklist needs to be up to date. Every time someone tries to add to that list, the update would need to be pushed out to all of the nodes on the net. And all of the machines using that blacklist would still need to get the updated blacklist from one of those nodes, so they'd need to connect to some central server to at least be redirected to one of those nodes. So some central server still has to exist to tie all the nodes together, or so I'd assume. And that central server is the one that would get raped. And now, time for everyone who knows more about this than I do to tell me I'm wrong!

Re:Anti-DDOS (1, Interesting)

Icarus_SFX (173267) | more than 10 years ago | (#7618701)

You could have a look at :
http://www.agk.nnov.ru/drbl/en/index.html [agk.nnov.ru]
They have a distributed network.

Also a while ago I saw a document describing a form of P2P network with Blocklists. Dunno the URL anymore but it was a kind of nice idea, it included Signatures. So that the network could not be injected with false information.

But from that point of view you could also use web of trust structure.

Most Anti-Spam sites use servers located at diffrent sites/parts of the internet.

Example spamcop.net:
# dig bl.spamcop.net ANY
; <<>> DiG 9.2.1 <<>> bl.spamcop.net ANY
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45125
;; flags: qr; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 8

;; QUESTION SECTION:
;bl.spamcop.net. IN ANY

;; ANSWER SECTION:
bl.spamcop.net. 172800 IN NS blns9.spamcop.net.
bl.spamcop.net. 172800 IN NS blns7.spamcop.net.
bl.spamcop.net. 172800 IN NS blns10.spamcop.net.
bl.spamcop.net. 172800 IN NS blns11.spamcop.net.
bl.spamcop.net. 172800 IN NS blns6.spamcop.net.
bl.spamcop.net. 172800 IN NS blns8.spamcop.net.
bl.spamcop.net. 172800 IN NS blns5.spamcop.net.
bl.spamcop.net. 172800 IN NS blns4.spamcop.net.

;; ADDITIONAL SECTION:
blns9.spamcop.net. 172800 IN A 208.39.222.166
blns7.spamcop.net. 172800 IN A 216.234.115.20
blns10.spamcop.net. 172800 IN A 206.67.234.112
blns11.spamcop.net. 172800 IN A 209.92.188.201
blns6.spamcop.net. 172800 IN A 209.198.142.146
blns8.spamcop.net. 172800 IN A 66.6.205.130
blns5.spamcop.net. 172800 IN A 198.145.240.35
blns4.spamcop.net. 172800 IN A 194.109.6.147

;; Query time: 3617 msec

Enough is enough (4, Funny)

gxv (577982) | more than 10 years ago | (#7618509)

If law enforcements agencies cannot handle the problem it's time for the Wild West solutions. And it seems we have to be the sheriffs. Let's fight those bastards with their own methods. They claiumed OUR network, they use it for their own dirty purposes. And they try to 'kill' those who fight with them. We're the majority. Law & order people! DDoS DDoSers. Kill spammers!

Ok. This is bad idea. But what else we can do?

Re:Enough is enough (2, Funny)

musikit (716987) | more than 10 years ago | (#7618714)

yes it is a bad idea.

it's the double edged sword. if you go after them you get sued (see SPAM-rage from a couple of days ago) and they get nothing against them.

do what i do. when someone blindly asks you to "fix" their computer install AV, Ad/spy removal SW, and net nanny. you could even go a bit further and install anti-SPAM SW and a firewall. or if your overly zealous remove the administrator right from that user. Or just add a reg key entry to stop outlook, outlook express, and IE from running and replace accordingly with your favorite SW.

congress isn't gonna do squat but as soon as you do something they'll arrest you. so watch your backside.

Focus (2, Interesting)

Space cowboy (13680) | more than 10 years ago | (#7618527)


Virus experts said the outbreak was light compared to the rash of worms and viruses that plagued the Internet last summner. "We have had reports in the dozens, not in the hundreds," said Graham Cluely, senior technology consultant for Sophos

Yes, but when those virii are targetting one machine instead of the internet as a whole, it makes something of a difference, Graham...

Simon

It gets worse - (5, Interesting)

m4ilm4n (574136) | more than 10 years ago | (#7618544)

I've just received a fake "mailer daemon" rejection message with a viral attachment; although my a/v program caught it, I can see this tactic catching even the most suspicious of us...

Block Everything (1)

Anonymous Coward | more than 10 years ago | (#7618554)

For a while I had netblocks from all of Asia, Africa, and South America in my access.db. This was pretty effective at blocking spam.

When I finally decided to start resubscribing to some high traffic and international lists, this draconian technique proved problematic.

So just hang a sign on your door that says, "Assholes are not welcome." I am all for whitelisting select mail servers who would be willing to subscribe to some good housekeeping standards.

Balkanize the internet to save it!

Later,
JC the AC

A honeypot credit card for spammers.... (5, Interesting)

LilJC (680315) | more than 10 years ago | (#7618571)

We all know the practice of creating an email account, leaving it hidden online somewhere or posting it and telling people not to use it in an effort to get email we are sure is not legitimate. If this works, let's take it a step farther.

Mastercard, wait, even better AmEx issues a card with the same idea. The card is used once in response to a single spam. The card is then cut up but not cancelled. Hand the card numbers and the billing address over on a platter.

When the card is used again, set your phasers to sue. The beneficiary of the card's usage can either be charged with fraud, etc. or roll on their superior. Pass the buck up the ladder until you can jail a spammer not on the basis of spam but of felony(ies).

Of course, this assumes that you can find a "member magnifier" offer that isn't even looking to send you Sucrosa. Still, it might be worth a shot as a low-cost investment with a good potential for a high yield.

The same idea could be used for eBay and PayPal scams. It's not as if none of us have gotten those "Please enter your password in this email and click submit button" spams. I wonder if this is already done. I'm a smart guy, but I'm still just another geek on /.. It seems some well-compensated theft prevention exec would have started doing this a long time ago if it would work. Though honestly, I don't see any problems with it myself.

Re:A honeypot credit card for spammers.... (4, Insightful)

duffbeer703 (177751) | more than 10 years ago | (#7618639)

Great idea!

Now try to find a team of lawyers that can successfully prosecute such a case in Romania, China or Russia!

These sorts of scams generally do not originate in places like the US or UK.

Eeks! (1)

Walterk (124748) | more than 10 years ago | (#7618583)

Another nasty virus. Of course I personally am not worried one bit, since I don't run any MS software on any of my computers, but my mother's business depends on Windows. She uses Word and Finale [codamusic.com] for her music ventures. However she also uses Outlook for her mail.

Is now a good time to upgrade to OS X? I would like this, since it would allow for better remote administration for when her system goes "loopy". Or should I just make her use Mozilla for mail?

I don't get it (0, Redundant)

Dredd2Kad (667310) | more than 10 years ago | (#7618593)

I don't get the whole point of SPAM. Out of curiosity, have you ever visited any of the websites the SPAM maikls refer you to, so you can buy your viagra, insurance, credit cards or whatever..... Many of them don't even work. They flood the system with junk mail, hoping to make a sale...and they can't even make the sale because more often than not, the point of sale they refer you to is broken. It is so stupid... And what pisses me off the most is I still have to drive to the drug stores Mexico to get my drugs!! Damn them for getting my hopes up! Damn them all to hell!! hehe... ;)

Funny (3, Interesting)

wampus (1932) | more than 10 years ago | (#7618607)

As much as I hate spam and worms and such, that is too funny. Some dumb bastard tries to get the free pr0n from the email, gets infected, then gets scared to death because they lock you up for a LONG time for possessing kiddy pr0n.
Maybe this is vigilante spam, using the scared straight theory. Next time Joe Sixpack tries to look at the free pr0n, a little voice will pop up and remind him of what happened LAST time.

Naive users are part of the problem (4, Insightful)

orangenormal (728999) | more than 10 years ago | (#7618609)

Once infected, a follow-up e-mail is sent to the user stating that a CD containing child pornography will be delivered to their postal address.

This would scare the living daylights out of my mother if she were infected by this trojan/worm.

I think part of the problem with computer security nowadays is that home users believe that anything is possible. Computers are still far too mysterious to the average user; I'll bet you dimes to dollars many users will think this CD mailing scare is real. Unless email and antivirus vendors do something to educate homes users, what's to stop the next virus from saying "open this attachment or we'll send illegal merchandise to your door?"

Spammers, even benign ones, thrive on the naivety of home users. I still haven't received my cheque from Bill Gates and Walt Disney Jr...

Why is it so hard to track these guys? (3, Interesting)

Kombat (93720) | more than 10 years ago | (#7618612)


What they're doing amounts to terrorism (at least, under today's NewSpeak definition of "Terrorism"). Why are the authorities not trying to track these guys down? How hard can it be? It is extremely difficult to completely cover your tracks on the net. You find out where an email came from. Track it back to the ISP. Find out where it came from. Track it back to the next ISP. Check their logs. Continue until you get to a modem pool/DSL connection. There's your guy.

Are they all outside the country? Will those foreign ISPs not cooperate? Why is this so common?

ISP's need to block egress port 25!! (3, Interesting)

RT Alec (608475) | more than 10 years ago | (#7618629)

This is getting ridiculous. All of these worms/viruses of late have their own SMTP engine built in, and connect directly to external SMTP servers to spread their payload. ISP's (and businesses that provide access to internal workstations) need to block access to external SMTP servers! In particular, block egress port 25 from the network.

So you will ask, "But then how will I use my company's or other SMTP servers from home?" Easy, the port used for initial mail submission (IMS) should be set to a different port altogether. IMS and mail transport are different activities and should be treated as such. Use SMTP+AUTH+SSL, run it on port 465, and everybody is happy (except spammers and virus authors).

"But I want to run my own server on my dial-up or other consumer level account!" Contact your ISP and see if you can get a static IP address. SMTP servers should be on static IPs, that way bounces and other system messages can be routed properly. Check the AUP of your ISP, you might be prohibited from running a server on your account (find another ISP, or use the tip above to use a different SMTP server).

To do otherwise is to continue to be part of the problem, not part of the solution.

I love this.. (1, Flamebait)

DroopyStonx (683090) | more than 10 years ago | (#7618634)

Am I the only one who finds this constant "cyber battle" between good and evil absolutely entertaining?

I mean, first you get the good hackers doing things like hacking Madonna's website because she thought she'd be all slick and release those "What the fuck do you think you're doing?" Mp3s. You also have the wonderful folks who are so good at defacing the RIAA's site because they're such ridiculous pricks.

Then you have the "bad" guys: people who target the so-called "good" sites like these Anti-Spam deals, or the people who make these worms that cause millions of dollars worth of damage because the folks at MS are too lazy to fix their stuff.

The fact that Anti-Spam sites are now being targetted makes it that much better because those sites have actually caused me a lot of personal headache by labeling me as a spammer even though I've never touched the stuff in my life!! I've sent countless emails explaining to them that they have no proof or reason to even remotely believe I was ever a spammer, they don't listen. I guess this is what they get, hehe.

Man, I love it. I personally can't wait for the next "Code Red" to hit so I can laugh at the damage it's caused.

Re:I love this.. (0)

Anonymous Coward | more than 10 years ago | (#7618709)

I'm glad you are enjoying the show.

I find that my small domain has been blocked by AOL because some jerk has been forging my domain name as the "From" for spam. You'd think AOL would have a small clue that the From address is often forged. (I certainly get enough spam with a forged AOL return addresses.)

Why not just go with their model, at least..partly (2, Interesting)

zippity8 (446412) | more than 10 years ago | (#7618659)

I never really understood why someone didn't just contact the CC companies and get a really low limit on their credit cards. Hell, even TELL them that you're going to use it for "verification purposes" online, so that you'd want to know who tried to charge money to it. I don't know if you can, but ask them to keep track of where it was rejected.

Enter the number once, and watch the traceable info for spammers / people that buy this information just ROLL in.

It may be time-consuming, but so is this battle with attempting to blacklist spammers.

For once we can't blame software companies. (4, Insightful)

doon (23278) | more than 10 years ago | (#7618671)

As others have pointed out, this attack vector isn't persea the software that user is running. The attack vector is the user, the old PEBKAC (Problem Exists Between Keyboard and Chair), which has been showing up as the resolution to many tickets in our troubleticket system.

The problem is no matter what we do, we can't prevent our users from shooting themselves in the foot. We rename attachments (.exe becomes _exe). We deny .com, .pif, .bat, tell them to keep their anti-virus software up to date, don't run strange attachments, and still we get this. At least we have started running all our outbound mail through AV scanning, and that cuts down on a bunch of the crap, but we still can't keep them from going "ooh shiny...." Click!. Until our users figure out that the computer is a little more dificult to use than their VCR (I don't want to get started on ease of use/convience vs security etc.. but when was the last time you played a movie, and you DDOS'd M$), and they actually need to be mindful of what they use/do on it, "bad people" will always be able to do bad things.

Then again these users are the same people that would call up the phone company complaining of $600+ phone bills to the Caribbean, etc... When you ask them if they have downloaded any programs that offer free "porn" they get all defensive, etc... A quick look at their computer shows tons of those dialer type apps that are making the equiv of 900 (in the US) type calls over seas, and they don't realize it.

For the record, my users would be the users of the ISP that I admin for...

bullowing more&more ?pr? ?firm? smoke up yOUR (0)

Anonymous Coward | more than 10 years ago | (#7618676)

already smoking/flaming .asps?

The proposal was among the earliest outgrowths of the Bush administration's strategy for securing cyberspace. The plan was heavily influenced by technology lobbyists when it was formally adopted earlier this year. Now lobbyists and others are getting a chance to rewrite the SEC legislation to make it more palatable.

Some observers are impressed with the behind-the-scenes influence of industry groups like the Information Technology Association of America and the Business Software Alliance in shaping the administration's most important computer-security policies.

``They've driven it in many ways. They've been very, very effective,'' said James Lewis, the technology policy director for the Center for Strategic and International Studies, a Washington think-tank.

Homeland Security officials are sensitive to suggestions that the largest U.S. technology companies -- concerned about the potential costs of new regulations -- have exerted undue influence. But they defend working closely with executives, noting the industry's ownership of most computer networks and the U.S. government's hands-off preference toward most Internet concerns.

``We're clearly not catering to special interests,'' said Amit Yoran, the newly appointed director of the department's National Cyber Security Division and a former executive at the antivirus firm Symantec Corp., He added, ``To not allow for industry associations to provide us with their input and their opinions would not be prudent. It would be irresponsible.''

http://www.nytimes.com/aponline/technology/AP-Co mp uter-Security-Lobbying.html

fauxking fraudulent last gasper georgewellian fuddite corepirate nazi stock markup execrable, giving US the 'business' AGAIN? tell 'em robbIE?

The "spam lord" demographic... (1)

Purist (716624) | more than 10 years ago | (#7618679)

...would appear to be a great place to uncover a broad array of illicit activities. The mentality that these people have is consistent with people who lead the field in all kinds of fraudulent activities. If you're involved in one of these operations, my vote is that your profile just got a huge red flag.

Naked photographs (0, Offtopic)

jimm (5532) | more than 10 years ago | (#7618716)

Quick, someone clothe the photographs. At least stuff them into an envelope or something.

Mailinator (1)

iggychaos (631769) | more than 10 years ago | (#7618727)

I wonder how far this will go? What about the free disposable email services? Mailinator [mailinator.com] or jetable [jetable.org] next?

Good! (1)

Tom (822) | more than 10 years ago | (#7618735)

Sad but true: People in general don't care until the disaster is there, not just predicted.

I've been trying to get my company to do something about spam (we're an ISP). The more serious, offensive, and aggressive spammers become, the higher my chances that someone up in management will get off his lazy ass and decide that it just might be worth it to do something.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...