×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Aggressive Botnet Activities Behind Spam Increase

kdawson posted more than 7 years ago | from the spam-i-am dept.

194

An anonymous reader writes, "A spam-sending Trojan dubbed 'SpamThru' is responsible for a vast amount of the recent botnet activity which has significantly increased spam levels to almost three out of every four emails. The developers of SpamThru employed numerous tactics to thwart detection and enhance outreach, such as releasing new strains of the Trojan at regular intervals in order to confuse traditional anti-virus signatures detection." According to MessageLabs (PDF), another contributor to the recent spam increase is a trojan dropper called "Warezov."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

194 comments

Someone's making a lot of money from this (5, Interesting)

ShaunC (203807) | more than 7 years ago | (#16755147)

I think the Securities and Exchange Commission may turn out to be the most appropriate investigative body for SpamThru and its controllers.

Like many others, SpamThru first showed up on my radar a few weeks ago when a massive pump-and-dump stock spam [shaunc.com] campaign flooded the inboxes of just about everyone who uses email. They're still at it today, now pumping for ticker EGLY. There's no doubt in my mind that it's the same group of folks responsible for the initial run. All of these spam runs are coming solely through botnets, and the messages - and patterns of messages - share some obvious characteristics.

SpamThru and the recent barrage of stock scams are inextricably linked, I have no doubt about it. If and when the SEC investigates suspicious trading activity surrounding some of these stocks, they're likely to discover a trail that leads them straight to the folks responsible for SpamThru.

Re:Someone's making a lot of money from this (1)

From A Far Away Land (930780) | more than 7 years ago | (#16755191)

It makes me wonder if the Stock Markets of the world have a plan to deal with this kind of nearly untraceable pump-and-dumping? Will it be illegal to invest in whatever spammed stock you see in your inbox, and dump it before other suckers invest in it based on spams?

Re:Someone's making a lot of money from this (3, Insightful)

a_nonamiss (743253) | more than 7 years ago | (#16755485)

IANASB, but by the time you read the spam email, it's probably already too late. These people buy stocks before they blast out the spam, and sell them to the suckers that think they are going to get in early and dump later. Now, if you were really clever, you could probably figure a way to make money shorting them, but that would be unethical as well, not to mention very risky.

Re:Someone's making a lot of money from this (0)

Anonymous Coward | more than 7 years ago | (#16756593)

Isn't the best way to spam someone to just put their website address on slashdot?

http://www.f1newstoday.com/ [f1newstoday.com]

Sorry.. could'nt resist

enforcement@sec.gov (4, Informative)

RT Alec (608475) | more than 7 years ago | (#16755257)

Forward the message to mailto:enforcement@sec.gov [mailto]. Use Thunderbird or another mail client that does not strip or mangle the original headers (like Outlook does).

The SEC will devote significant resources investigating and often prosecuting the people who are behind these scams.

Re:enforcement@sec.gov (4, Informative)

XSforMe (446716) | more than 7 years ago | (#16755475)

If you are using outlook, you can use OLSpamCop to rescue the headers and report to pretty much anyone any spam (including enforcement@sec.gov). It is a free download available here: http://www.olspamcop.org/doc.shtml#install [olspamcop.org]

But I seriously doubt the SEC will be interested in origin of the SPAM. More likely they will do an audit on the fraudulent symbol. It usually is much more effective than tracing the origin of the spam, and it is more likely asses will get busted and the criminals (the people who proffit from the poor schmucks buying the stock) will get sent to jail.

Nevertheless, if you want to report and spam, use spamcop so we can mitigate the damage done from the source before it pumps more shit onto the net.

Re:enforcement@sec.gov (2, Interesting)

RT Alec (608475) | more than 7 years ago | (#16756491)

I am not familiar with OLSpamCop, as I do not use Outlook. I am familiar with SpamCop, and how they need the detail in the headers to be intact, so I would guess that this is a workable solution.

If we take the profit out of spam, we will see less spam. To date, pump and dump spam bombs work, so the scammers continue to hire spammers to flood our inboxes. Without getting caught, the risk to scammer and spammer is zero. With the SEC pursuing the scammers, the scam becomes less profitable due to the increased risk. With less profit, there is less to pay the spammers, and thus (hopefully) less spam.

I met an SEC investigator at a social event not too long ago, and it did not take long for the conversation to turn to this subject. She said they take this very seriously, and submitted P&D spam has allowed them to prosecute quite a few scammers [sec.gov]. The earlier into such a campaign, the better, so they can start monitoring as soon as possible.

Re:enforcement@sec.gov (1)

fimbulvetr (598306) | more than 7 years ago | (#16755543)

LOL! A government entity giving a fuck about something? That'll be the day.

Re:enforcement@sec.gov (1)

inviolet (797804) | more than 7 years ago | (#16755997)

LOL! A government entity giving a fuck about something? That'll be the day.

I understand the sentiment... but, isn't it usually our complaint that they poke thumbs into too many pies that would be better left to market forces?

Remember, market forces (and 'tit for tat' in general) have a tough time dealing with sophisticated frauds, especially when the perpetrators remain anonymous. Force and fraud are the very reason why we need a government.

(offtopic) sending attachments (1)

rduke15 (721841) | more than 7 years ago | (#16755617)

Use Thunderbird or another mail client that does not strip or mangle the original headers (like Outlook does).

It looks like your Thunderbird is configured to forward emails as attachments, but that is not the default setting, if I rememebr correctly.

In Thunderbird, others may have to go to "Message" -> "Forward As" -> "Attachment".

In Outlook 2003, I didn't find how to forward as attachment. You have to copy the headers from the properties window, and paste them in your forwarded message. Far too complicated to explain over the phone to someone who doesn't have a clue

Re:(offtopic) sending attachments (1)

_xeno_ (155264) | more than 7 years ago | (#16755901)

Tools, Options, Preferences (tab), E-mail Options, change "When forwarding a message" to "Attach original message."

Note that I haven't actually checked to see if that really does attach the entire message, but it sure looks like it did. (Clicking Forward created a new email with the message attached, and opening the attachment I was able to get the full headers via the View, Options ("Options?" WTF?) menu item.

Re:(offtopic) sending attachments (2, Informative)

secolactico (519805) | more than 7 years ago | (#16755919)

In Outlook 2003, I didn't find how to forward as attachment. You have to copy the headers from the properties window, and paste them in your forwarded message. Far too complicated to explain over the phone to someone who doesn't have a clue

Compose a new message, then drag the message you want to forward from the Inbox (or whatever folder) into the new message windows. That's it.

If you want to see the headers of a message, open it and select "View" and "Options".

I wish outlook had a "view source" like that of thunderbird or Gmail, where it lets me see the raw message in ascii (great for spamassassin testing).

Re:enforcement@sec.gov (0)

Anonymous Coward | more than 7 years ago | (#16755847)

Forward the message to enforcement@sec.gov

Wouldn't the good people at the SEC being getting enough examples delivered directly to their own work and home email addresses? The flood of this junk is getting pretty thick.

Re:enforcement@sec.gov (2, Interesting)

galaad2 (847861) | more than 7 years ago | (#16756639)

for reporting spam in thunderbird just use the Okopipi extension

https://addons.mozilla.org/thunderbird/2672/ [mozilla.org]

it's great for reporting spam that gets through the spam filters.

Can be used for reporting spam to SpamCop, the FTC, FDA, SEC, ACMA (Australia) and / or Knujon.com. It also allows you to put in your own custom addresses to report spam to such as your ISP or corporate abuse address.

What i like about it is that it bunches all the spam in a single report mail with all the spam messages as attachments.
Also, i filter my spam in separate junk folders for SEC / FDA / others and i report to them just the appropriate crappola.

Re:Someone's making a lot of money from this (1)

sjamisoRC (998351) | more than 7 years ago | (#16755323)

I agree with you. The SEC needs to get a hold of ANYONE who makes money on these stocks.
Eventyally and I mean eventyally they will follow the money trail back to someone they can nail.

Personally I think the SEC should forcably de-list or begin the de-listing process of any stock that shows up in a SPAM campaign like this.

-sjamisoRC>

Don't blame the victim! (4, Insightful)

NotQuiteReal (608241) | more than 7 years ago | (#16755761)

Personally I think the SEC should forcably de-list or begin the de-listing process of any stock that shows up in a SPAM campaign like this.

Um, and do you also think scantilly clad women deserve to get raped?

A pump and dump scheme simply selects a stock with the right combination of price and volume that they think they can manipulate.

Take the EGLY.OB example (heh, it's up 6% right now). It is a low priced (under a dollar) stock, so lots of shares are cheap. It has sufficient volume (100K shares/day) to be useful. If it is too thinly traded you can't accumulate shares on the cheap. If the volume is too high, the market will keep the dumpers shares low.

So, the spammers are doing a buy-low, "advertise" (pump it up), sell-high (dump) campaign. The particular stock selected was probably just a result of a screen for the desired trading properties.

The company whose stock is manipulated (most likely) had nothing to do with it.

Re:Don't blame the victim! (1)

advocate_one (662832) | more than 7 years ago | (#16756991)

Take the EGLY.OB example (heh, it's up 6% right now). It is a low priced (under a dollar) stock, so lots of shares are cheap. It has sufficient volume (100K shares/day) to be useful. If it is too thinly traded you can't accumulate shares on the cheap. If the volume is too high, the market will keep the dumpers shares low.

so when are we gonna see SCOX in these spam schemes???

Re:Someone's making a lot of money from this (4, Funny)

isometrick (817436) | more than 7 years ago | (#16755817)

Hmmm...

Hot Stocks-Investor ALERT!!!
SYMBOL: MSFT
Timing is everything!
Profits of 300-400 % EXPECTED
TRADING SYMBOL: MSFT
Opening Price: $28.93
10 Day Target: $66.66

Re:Someone's making a lot of money from this (0)

Anonymous Coward | more than 7 years ago | (#16756327)

Personally I think the SEC should forcably de-list or begin the de-listing process of any stock that shows up in a SPAM campaign like this.

So, you'd have no problem with Microsoft hiring a bunch of third world IT workers to send out spams touting RHAT, GOOG, IBM and LNUX just to get them delisted?

There's others making money too (1, Interesting)

goombah99 (560566) | more than 7 years ago | (#16755999)

Let's put a $500 tax on all copies of windows OS. Wait! this is not flamebait. Here me out.

The tragedy of the commons is what occurs when there is no limit on use of public resource but iindividuals do not bear the consquence of abuse in a way that would make them modify their behaviour for the common good. The historic solution is to put a fee for admission that promotes optimal use. Now as we have all heard over and over that most propose e-mail stamp plans all fail for one reason or another. Indeed there's that ubiquitous and hilarious form letter someone always posts on slashdot whenever the latest unworkbale plan is proposed that exaplains why it won't work.

So my plan is not to have some micro payment scheme but to simply tax the origin of abuse directly. Windows Operating systems are essentially responsible for all Spam. Now if microsoft had put more effrot into securing their system then windows would have cost more to develop. So instead they are getting rich off of this since the costs of the consequences are not being borne by microsoft. Therefore there is needed a fee. The fee would be applied to cover the cost of rigorous anti-spam actions by ISPs or whomever was the appropriate cop. Alternatively it could have the effect of detering excessive monocropong of operating systems, like Windows, that makes it ripe for epidemics like this

Now before someone says well it's not microsoft's fault, their software is just as good as Linux, mac, amiga, Beos..., let me say that does not matter. Microsoft gets a market advantage and cost structure advantage by meing the mono-crop operating system. Therefore regardless of whether there security is comparabel to some other, they have a greater responsibility and a greater finaincial wherewithall to make their software be more secure. It is precisley fair to treat a monopoly with a different set of stnadards if that monopoly position is 1) the source of the problem 2) they are getting financial gain from being a monopoly.

So rather than flaming me, tell me why this is not a proper anlaysis of the problem and a possible approach to solving it. Yes it's radical. But according to earthlink I get 2000 spam messages a week. and according to this article 3/4 of the mail out there is spam. Radical solutions are called for.

Re:There's others making money too (1)

goombah99 (560566) | more than 7 years ago | (#16756259)

To explain this further lets contrast this with an alternative implementation of the concept. Suppose instead of adding $500 to the price of all MS Windows OS (and I'm just pulling $500 out of my ass here to make it dramtic) we instead say it's a user responisbility. SO instead we let users forego the $500 tax as long as they post a bond of 10x the tax amount that they will forfiet if their computer becomes a spambot. They of course would not actually post the bond itself but instead would buy insurance.



Now in the end if this were a workable system, it should actually come out to be the same mostly since in the end the total amount collected as tax or forfietied has to be the same. that is insurance rate would turn out to be the same net cost to the average consumer as the tax. The difference is that careful users might decide to forego the insruance and would never have to pay and sloppy ones would pay for the rest. However in practice the bond idea is unworkbale. First people would cheat on it. It's impossible to enforce efficiently and would end up disenfrachinsing people for mistakes they could not afford to fix. It's analogous to the considerations that lead to no-fault car insurance systems. Sometimes just having everyone pay makes sense because it is easier to enforce.

Of course it would quicky occur that people would cheat and use bootleg tax free software. But this is not a problem per se. It just means that we would charge the tax at the source. MS would pay it directly not the retail store. If this made MS software probihitively expensive MS would be moved to solve the problem.

Re:There's others making money too (2, Informative)

LindseyJ (983603) | more than 7 years ago | (#16757107)

Saying the MS is "The source of the problem" is like coming to a murder scene where someone was stabbed with a kitchen knife, and then blaming the cutlery retailer for it. Both are patently rediculous.

MS does not have any 'responsibility' to make sure nobody using their OS is up to no good. Nor should they. If the precident is set that you are responsible for what people ultimately do with your product, nobody will every make anything ever again, fearing litigation. The fact that they are a monopoly is irrelivent. And as for the post you made after this one... That taxation and/or bond scheme might be the most backwards thing I have ever heard. OS's are prohibitively expensive to the home user as it is, without artifically inflating the price by forcing me to buy insurance (for what, I have no idea).

Yet another attempt to sidestep personal accountability, and of course it's modded up.

It's not the bots...it's the protocol (3, Interesting)

John3 (85454) | more than 7 years ago | (#16757135)

You can't tax Windows users unless you start clamping down on all the open relays and misconfigured email servers. SMTP is broken, and patchwork solutions like SPF are only helping a small amount. There are servers with no reverse DNS, no MX records, all sorts of invalid configurations. As an admin running several mail servers I have to choose between enforcing all the RFC's (and rejecting email from hundreds of legitimate but broken servers) or leaving the door open and being swamped by spam (which is then trapped by processor intensive sieve, filters, etc). If I turn up the security too high my users start complaining about rejected email from clueless organizations that are running perfectly good Linux/Mac/Windows mail server boxes that are not set up correctly.

IMHO it ultimately comes down to fixing SMTP.

John

Re:There's others making money too (1)

meeotch (524339) | more than 7 years ago | (#16757161)

Your post advocates a

( ) technical (*) legislative (*) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
(*) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(*) Jurisdictional problems
(*) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(*) Willingness of users to install OS patches received by email
(*) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
(*) Referencing the Slashdot Spam Form-Letter Response in your spam-related post will not save you from its wrath.

Furthermore, this is what I think about you:

(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Someone's making a lot of money from this (1)

argle2bargle (794789) | more than 7 years ago | (#16757075)

Darn, and I had thought some stranger was sending me great insider stock tips!

I guess I will be dumping my shares now, how will I be able to afford my v1agr1a now?!?!?!

I guess IncRease is spelled without R these days (0)

Anonymous Coward | more than 7 years ago | (#16755149)

Maybe it's the more streamlined version for our 24 hour on demand e-world... :P

Hold On Here (4, Funny)

eldavojohn (898314) | more than 7 years ago | (#16755161)

Now, I know what you're going to say, you're going to say this is a dupe of last week's story, Bot Nets Behind Recent Spam Surge [slashdot.org], but it's not. You see, this is Aggressive Botnet Activities Behind Spam Incease. And it's no longer recent--it's a week old.

So you can call this a dupe, but as you can see, this has clearly changed status from recent to aggressive. Or maybe like code orange to code red, DHS style.

But please, feel free to karma whore the comments from the old discussion into this one. Seriously, anyone get any new information on this? We've got a named virus but is there anything else new?

Re:Hold On Here (1)

happyemoticon (543015) | more than 7 years ago | (#16755263)

How about, "Non-geeks beginning to be aware botnets behind spam increase" ?

Re:Hold On Here (1)

Opportunist (166417) | more than 7 years ago | (#16755565)

This would require /. to be able to post from the future.

The FAR future.

How do you know a trojan threat is over? The "mundane" media covers it.

Re:Hold On Here (1)

StarfishOne (756076) | more than 7 years ago | (#16756599)

Perhaps we'll one day see some kind of 'internet weather' report just after the sports news and the real-live-outdoor-kind-of-weather report. ;)

Re:Hold On Here (1)

nine-times (778537) | more than 7 years ago | (#16755637)

Not only that, but one story was about bots being behind and increase in spam, while the other is about bots being behind an incease in spam. Totally different topics.

Could be a lot worst... (0)

creimer (824291) | more than 7 years ago | (#16755163)

You could've been slimmed instead of spammed! :P

Re:Could be a lot worst... (1)

taustin (171655) | more than 7 years ago | (#16755585)

You could've been slimmed instead of spammed!

Given how fat Americans are becoming, I'd think a little slimming would do us some good.

Oh, you meant slimed!

This needs a tag. (1)

edunbar93 (141167) | more than 7 years ago | (#16755167)

I recommend "Duh" for this article.

Re:This needs a tag. (3, Informative)

dch24 (904899) | more than 7 years ago | (#16755757)

If you don't like how everything is getting tagged itsatrap, you can tag it !itsatrap, and vote against the tag. Enough !itsatrap votes, and the tag will be taken off the story.

Re:This needs a tag. (1)

Rob T Firefly (844560) | more than 7 years ago | (#16755789)

I regret to inform you that all Slashdot tags are being aggressively converted to "itsatrap" starting today.

I don't know who.. (3, Insightful)

xENoLocO (773565) | more than 7 years ago | (#16755169)

...is getting only 75% spam.

Mine is more like 1 real email for every 200 spam messages...

Re:I don't know who.. (1)

networkBoy (774728) | more than 7 years ago | (#16755289)

Without filtering I would be in trouble.
it I get maybe 5% spam? not too much.
Every on-line contact has a unique e-mail address, i.e. slashdot.com.1@networkboy.net, once that is on too many spam lists I re-visit the address. If I still need that contact I update the profile and add a new address: slashdot.com.2@networkboy.net, and :blackhole: the old one.
Naturally if I no longer need the contact (was for a one-time download and such), then off to :blackhole: it goes. Works awesome!
All the addresses forward to a unique address that is never directly used.
-nB

Re:I don't know who.. (2, Insightful)

Scutter (18425) | more than 7 years ago | (#16755341)

Unfortunately, you may not receive the spam, but it's still sent. It's still consuming network resources in the form of bandwidth and CPU time required to filter it. Right now, my company is filtering around 20,000 messages per day, and we're fairly small, with only around 75 mailboxes.

Re:I don't know who.. (2, Interesting)

garcia (6573) | more than 7 years ago | (#16755493)

I *never* received spam (not even to SpamAssassin). Then, within the last 8 days I have seen it go through the fucking roof. Not only is SpamAssassin ignoring these e-mails (they are registering 1.0 and 2.0) but many of them seem like worthless spam to me.

If you're going to spam me at least try to sell me something.

The best is that I'm getting the exact same spams, within seconds, on several mailboxes on different domains at once (work, GMail, and home).

I can't ban their IP ranges fast enough and when I do I end up blocking stuff like my wife's work IPs.

Re:I don't know who.. (1)

isometrick (817436) | more than 7 years ago | (#16755937)

... when I do I end up blocking stuff like my wife's work IPs.
You're sleeping on the couch tonight!

Re:I don't know who.. (2, Interesting)

CodeBuster (516420) | more than 7 years ago | (#16756129)

If you're going to spam me at least try to sell me something.

The worthless messages are an attempt to poison your spam filters by using many common business, home, and lifestyle related keywords (whether or not these messages are actually effective at confusing the Bayesian filters is an open question). The pitch for "Vla6|2a" and that can't lose stock market "opportunity" will be in a follow on message. It is sort of like in football where there is a lead blocker and fake handoffs to confuse the defense while the ball carrier follows behind them.

The best is that I'm getting the exact same spams, within seconds, on several mailboxes on different domains at once (work, GMail, and home).I can't ban their IP ranges fast enough and when I do I end up blocking stuff like my wife's work IPs.

Witness the effectiveness of the Bot Net strategy combined with spamming. It is impossible to filter the spam based upon IP addresses if the spam zombies are extremely well distributed among the different networks on the public Internet. One cannot simply block Nextel, Verizon, and the like because some of their customers have been hijacked into the bot network by a spam trojan. This is why this new strategy is of such concern, because it is a major escalation on the part of the spammers. These asshats need to be dragged out of their dens and pistol whipped by the men in the black with the MP5s and the telescoping batons.

Re:I don't know who.. (1)

fractalus (322043) | more than 7 years ago | (#16755521)

Well, I've got only a dozen or so mailboxes, and I routinely get 20,000 spams every day. SpamAssassin catches the bulk of them, but 20-50 get through each day and have to be manually sifted.

I'd love to describe my ideal spammer punishment, but it's NSFW.

Re:I don't know who.. (1)

AaronW (33736) | more than 7 years ago | (#16756739)

Only 20K? For a while I was getting 80-100K bounced emails a day because some spammer decided he liked my domain name. Anyway, I only have a handful of accounts I use. Fortunately, all the bounces were blocked by postfix as undeliverable and I didn't even notice the load on my super fast 333MHz Pentium 2 server (no, not fast but my load hovered around 0.05). Sadly, it did kill a couple firewall routers... I think all the logging killed the flash in one router, and the new one would usually crash and burn after 5 minutes (Netgear) until I replaced it with a real router.

It also looks like RBL is highly effective. It seems to block about 90% of the spam. DSpam then catches at least 90% of anything that makes it through so I maybe see 1-2 spams per day instead of hundreds.

I also frequently report spam to Spamcop and notify the FEC of the pump and dump scams. I just wish they'd put some serious effort to go after these guys and fine them into oblivion and/or put them in jail.

-Aaron

Re:I don't know who.. (1)

networkBoy (774728) | more than 7 years ago | (#16757315)

My server is not spending the time filtering it. That's the point of :blackhole: no processing at all. comes to that address? gone.
I realise that the bandwith is consumed, but I can't really help that. What I can do is ensure that it consumes as few other resources as possible.
-nB

Re:I don't know who.. (1)

misleb (129952) | more than 7 years ago | (#16756195)

I never really understood why people go out of their way to create, delete, and otherwise hassle with "spam" accounts or dummy accounts when you can just have one address with good spam filtering. It just seems like a lot of unnecessary work. I run a Spamassassin gateway that catches nearly all SPAM (80% of all email is blocked). I don't have to worry about keeping my address secret. I use it all over the place. Forums, online transactions, and even Usenet. I see almost no spam. How could some convoluted account manipulation scheme be better?

-matthew

Re:I don't know who.. (1)

SillyNickName4me (760022) | more than 7 years ago | (#16756685)

I never really understood why people go out of their way to create, delete, and otherwise hassle with "spam" accounts or dummy accounts when you can just have one address with good spam filtering. It just seems like a lot of unnecessary work. I run a Spamassassin gateway that catches nearly all SPAM (80% of all email is blocked). I don't have to worry about keeping my address secret. I use it all over the place. Forums, online transactions, and even Usenet. I see almost no spam. How could some convoluted account manipulation scheme be better?

By using such 'spam' accounts to trap spam and feed it to your spam filter for learning?

Re:I don't know who.. (1)

Octorian (14086) | more than 7 years ago | (#16756957)

Reminds me of when I first installed SpamAssassin on my mail server :)

Of course today, no matter what I do, the majority still gets through.

Re:I don't know who.. (0)

Anonymous Coward | more than 7 years ago | (#16756501)

but what happens when your personal email address, the one these dummy accounts are being forwarded to, gets on the spam lists?

Re:I don't know who.. (1)

networkBoy (774728) | more than 7 years ago | (#16757427)

but what happens when your personal email address, the one these dummy accounts are being forwarded to, gets on the spam lists?
Excellent question. Easy asnswer: I change it. I have a small script that updates all the forwarders that don't already point at :blackhole: to point at the new root address, then all I do is change thunderbird and I'm good to go.
only have to do that about once a quarter or so.
-nB

Re:I don't know who.. (1)

vertinox (846076) | more than 7 years ago | (#16755615)

...is getting only 75% spam.

Depends. On personal accounts I don't, but on generic emails like info@ and sales@ I get flooded. Keep in mind I've never used these emails to send people emails or register for forums or lists. The simply exist for automation for other things. Spam messages that don't match those automations don't come through.

I should more than likely change them to something like sales-something123@ but the need isn't really there.

Re:I don't know who.. (1)

krebs junge (1021933) | more than 7 years ago | (#16756411)

Where'd you get 75% from? No mention of that in the summary or FA.

Did you read "increased spam levels to almost three out of every four emails" as 75% spam to each email?

Re:I don't know who.. (0)

Anonymous Coward | more than 7 years ago | (#16757101)

Are you an idiot or just bad at math/stats?

Re:I don't know who.. (1)

Pontiac (135778) | more than 7 years ago | (#16757339)

We are running about 90% spam here.. up from 80% a few months ago.

Latest stats from the servers are
5.5 connections a week.
3 million rejected on Block Lists
2 million caught by spam filters
500,000 messages let through (still some spam in there too)

dupe checking (2, Insightful)

minus_273 (174041) | more than 7 years ago | (#16755287)

sites like freerepublic avoid dupes like this by having a rule that the subject of the article be used for the posting. Then, checking for a dupe is just a matter of a search for the exact same subject. Its simple and works a lot better.

Re:dupe checking (2, Funny)

sootman (158191) | more than 7 years ago | (#16756895)

Actually, there are protections in place, but Aggressive Botnet Activities are Behind this Dupe Increase. You just can't fight numbers!

What i don't get (1)

Programmer_In_Traini (566499) | more than 7 years ago | (#16755349)

What i don't get is why spam is still an issue in this day and age of the internet.

The reason behind spam is simple : it works.

i mean.... it just goddamn works... why otherwise would company pay hundreds of thousands to defend themselves legally and invest in various ways to get to our inbox ?

There are stupid people out there buying from those guys, or whatever product they are advertising.

If you cut the money income, you cut the spam...

instead of spending $$$ and time trying to prevent spam from arriving in our inbox we should spend that money and time educating the crowd that "spamware" is most of the time just a way to get money out of your pocket with no real return value.

You ... you ... you COMMUNIST! (4, Insightful)

Opportunist (166417) | more than 7 years ago | (#16755649)

You mean educate people so they don't fall for scams? So they think for themselves? So they know that offers that are too good to be true can't be true?

Are you nuts? Are you aware that this would mean to the market? People able and willing to compare prices before buying, people having used cars inspected before buying them, people informing themselves about the appliances they buy and who don't blindly believe the ads.

Do you know just how many jobs hang on the fact that 99% of the people around are suckers, incapable of sorting out their own life?

Re:You ... you ... you COMMUNIST! (1)

Programmer_In_Traini (566499) | more than 7 years ago | (#16756581)

haha, good reply there...

there will always be a margin of idiots, that's just a fact of life, I myself am a complete idiot in the domain of (for instance) sailing so any seasoned sailor could probably tell me anything and I'd just take his word for it.

but in the same way i p4wn my parents at gaming i get p4wned by my nephew (and niece...sigh). there are things that just transmit themselves with time.

I agree with several replies to my post actually but i was trying to say that people just take spam as a part of the internet without really trying to fight it (ok ok OK!!! i know some are fighthing but most are happy just watching)

but ....meh.... ive always been a dreamer, i guess theres no way to educate the current suckers.

another idea i had once was to make a website with all the products advertisement i received by mail and list them on the web, to give the "spamware buyers" a one stop shop to buy it all, hoping to "steal" business from the spammers but my logical side of the brain tells me to not open that can of worm....

Re:You ... you ... you COMMUNIST! (0)

Anonymous Coward | more than 7 years ago | (#16756953)

With a pump and dump stock scheme, you can still make money even if it is a scam. Look at it like this, I get a spam email that I know is a scam. I reason that people will fall for this and the price will get inflated so I buy some. I only need to sell before the dumper dumps and the bottom falls out of the price. I don't know if legit traders trade do this.

I also would like to think that this type of thing does not work but I took a look at an old spam I received twice on 7/31/06 for swnm.pk (note the pk because they wouldn't try this stuff on stock listed on a major exchange or one that has to file with the SEC; sometimes the "pumpers" could be the company themselves and they don't need to "dump"). Anyway, looking at the historical prices for this company, the volume was generally in the 10s of thousands and low hundreds of thousands. Three days before I got the email, the volume was over 2 million and the day I got it? 7/31/06, the volume was 5.7 million. http://finance.yahoo.com/q/hp?s=SWNM.PK&a=05&b=1&c =2006&d=07&e=31&f=2006&g=d [yahoo.com]swnm.pk on Yahoo Finance

Re:What i don't get (0)

Anonymous Coward | more than 7 years ago | (#16755815)

I think you are only half right...

"If you cut the money income, you cut the spam..."

I think you are totally right on this one. Spam exists because there is money in it.

"The reason behind spam is simple : it works."

Again, I agree, but not in the way you think.

It doesn't necessarily work for the advertisers - it works for the spammers! Spammers get paid money to send out advertisements for someone else. The more they send, the more they get paid. It doesn't matter much if there are actually any sales made from that barrage.

So, a new business wants to jump on the viagra clone market, it hires a spammer, the spammer sends out 5 million e-mails (by whichever means possible - hijacked mail servers, bots, whatever). Now, if the sleazy viagra clone makes some sales, it might send out another barrage if there was enough income. But if it decides not to, guess what? There is another new viagra clone company waiting in line to pay the spammer to send out another barrage of spam. Were any sales made? Maybe, maybe not. But there are always idiots out there who think they can jump start their new business by sending out spam. And THAT'S where the money is.

Re:What i don't get (2, Insightful)

rduke15 (721841) | more than 7 years ago | (#16755845)

instead of spending $$$ and time trying to prevent spam from arriving in our inbox we should spend that money and time educating the crowd

I see you don't know much about that part of "the crowd" who falls for the spammers/phishers/etc. tricks.

Even if you could educate them all, new suckers are born every day.

The sad thing about it is that among them, there are even nice and clever people, who just have the particularity to be ignorant and naive in front of a computer...

Re:What i don't get (1)

jfengel (409917) | more than 7 years ago | (#16755913)

You're trying to hold back the ocean with a broom on this one. Spam works only because the margins are so small. The emails are essentially free because they're using somebody else's computer to do the work. So it takes only a trivial response rate to make it worth their trouble to annoy every single person on the planet. (Well, at least the 20% or so of them with net access.)

It is astonishing that anybody with an IQ high enough to operate a computer would buy v1@.gra, but the fact is the bell curve goes way, way off to the left. Experience is the best teacher, so I hope whoever that dipstick is he at least won't do it twice. It's not very fast, but I don't know how you educate somebody that dumb in the first place.

Meantime, we're going to have to spend time and money getting the crap out of our own inboxes, and diverting that money to education projects is going to be aggravating in the short run with no guarantee of help in the long run.

Spam not just in email anymore (1)

British (51765) | more than 7 years ago | (#16755501)

Everyone's aware of the excessive spamming on myspace. Hell, I almost think the powers at be at myspace are getting a kickback with the incredible abuse.

But just yesterday I got a 419 email(but with French context, instead of Nigerian) on my Youtube messaging system. He/she even wrote back, regardless of the fact I posted a comment on the account saying "best 419 scammer ever!", that everyone can see.

I'll be expecting facebook spam sometime soon. Er, maybe not.

Re:FB (1)

Enoxice (993945) | more than 7 years ago | (#16756263)

There was already a wave of FB spam...that may still be going on. It's mostly in those "omgz this grup is huuuge! 100,000,000 awesome beer" groups, though, so I don't see it much. Also, they've got "sponsored" news feed items now.

Facebook is starting to degenerate into myspace parte deux.

Not so much regular spam, but 419 (2, Interesting)

dr_dank (472072) | more than 7 years ago | (#16755517)

Personally, I haven't seen an influx of the viagra/mortgage spam as much as I've seen a sharp increase in the number of 419 scam emails of varying degrees. One of them is an account that used to get spam only very rarely. I theorize that someone else on the email service fell for the scams and word got around that there are plenty of mugus ripe for the plucking if you spam this domain.

Has anyone else seen a rise in the amount of this type of spam?

Re:Not so much regular spam, but 419 (1)

otacon (445694) | more than 7 years ago | (#16755691)

You know I had only got one 419 scam maybe 4 years ago on hotmail. Then just recently I've got maybe half a dozen on a gmail account that hardly gets spammed at all. I thought it was just me.

Re:Not so much regular spam, but 419 (1)

dr_dank (472072) | more than 7 years ago | (#16756067)

The email address I originally mentioned is also used for my Monster.com account and gets its own share of scammers: MLM/Amway/Quixtar, Primerica (where they misleadingly identify themselves as Citigroup Financial Services), and check wire scammers.

The latter poses as a legit job doing payment processings where checks come in with the understanding that they are deposited, a percentage skimmed as a commission, and the remainder wired back to your "employers". Never mind that the checks are either bogus and you're out money or they're payments from fraudulent activities that you'll take the fall for once the authorities come knocking.

Apparently, people are falling for them if they keep sending them.

Time to pull the plug (4, Insightful)

JohnnyGTO (102952) | more than 7 years ago | (#16755573)

Its time we force ISPs to pull the plug on infected client machines or block entire ISPs. There is no valid argument to support end users who refuse to clean up their machines. The argument that either they are not responsible for the infection or are unable to clean their own machines is crap. If end users don't know how to maintain their equipment then perhaps they should be off the net.

Look at a car as an example. If I refuse to do or pay for routine maintenance it will begin to create more and more pollution and use more and more fuel. Is it the manufactures job to fix it, no, is it the road builders job, no, is it the jerks that sold me crappy fuel, only if I can catch them. So when I fail smog tests I need to either quit using the car or pay to fix it. Might not be the best analogy.

Re:Time to pull the plug (2, Insightful)

Anonymous Coward | more than 7 years ago | (#16756439)

We've had this argument OVER and OVER again. ISP's WILL NOT start knocking people off their nets. Why would they? They are the CUSTOMER !!! Let's see... I'm an ISP. I have LOTS of customers with spyware on their machines. They end up sending tons of emails. So I'll shut them off, lose some significant portion of them as customer, STOP GETTING PAID by them? And how exactly does this benefit me?

It doesn't. If they are on dialup, the just sign up with another company. DSL? Sign up with another DSL provider, or Cable...

Why would my business model include the stopping of service to my own customers???

Re:Time to pull the plug (1, Interesting)

Anonymous Coward | more than 7 years ago | (#16757031)

Hence legislation is needed to force all ISPs to do this. Yeah it's more intrusive than I'd ideally like, but it seems there's no other realistic solution. Some big Nordic ISPs already do this, infected machines are 'quarantined' to an internal web page with an explanation and links to tools to try and remove the trojan/worm/whatever.

Re:Time to pull the plug (1)

cr0sh (43134) | more than 7 years ago | (#16757261)

Read the TOS of your provider - most have language to the effect that if you (which I read as "the machine(s) which you control") use their service to send malicious or illegal content, or to use the system in a way which is detrimental to the network as a whole, that your service can be cut off. Sadly, despite this claim in the TOS, they rarely enforce it (because as you note, AC, it makes them money - even though bandwidth for such activity must be through the roof).

Re:Time to pull the plug (1)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#16756659)

Look at a car as an example. If I refuse to do or pay for routine maintenance it will begin to create more and more pollution and use more and more fuel. Is it the manufactures job to fix it, no, is it the road builders job, no, is it the jerks that sold me crappy fuel, only if I can catch them. So when I fail smog tests I need to either quit using the car or pay to fix it.

If most cars using a component from one manufacturer, say Visteon, began failing emissions tests three minutes after you started it following the instructions in the owners manual, there would be a recall, regardless of whether or not the driver noticed how bad it was before their warranty expired. If half of all cars on the road did not meet emissions standards, do you think the government would or could force all of them to stop driving those cars?

Re:Time to pull the plug (1)

CohibaVancouver (864662) | more than 7 years ago | (#16757081)

Its time we force ISPs to pull the plug on infected client machines or block entire ISPs.

Who compensates them for lost revenue? Let's say they have 1000 infected machines @ $30 / month and they kill them - That's over one-third-of-a-million dollars in lost revenue in one year.

Re:Time to pull the plug (1)

mcrbids (148650) | more than 7 years ago | (#16757461)

You sir, have rediscovered the principle long known as the "blacklist", or "Realtime Black List" or RBL. There are quite a number of these: a quick google search [google.com] turns up well over 4 MILLION PAGES devoted to the subject of "rbl".

Yes, us Mail Admins have been using these for years. And they work well, probably reducing load by some 70% or so. But they have their problems, and aren't 100% effective. If you block 70% of spam from a source of email that's 85% spam, you still have 50% of your inbox being spam. And that's about what I see...

PS: Your analogy is awful. Next time you aren't sure, there's this neat button called "Del" you might want to pay attention to...

Incease Aggressive Behind Activities (1)

Zabu (589690) | more than 7 years ago | (#16755645)

* This article submitted by spam botnet
* Intentional misspellings to fool slashdot spam filter

I havent noticed (0)

Anonymous Coward | more than 7 years ago | (#16755683)

CRM114 still beats whatever they throw at me.

"Almost" three out of four? (1)

misleb (129952) | more than 7 years ago | (#16755853)

I've been seeing over 80% SPAM in the last couple months. And that is just what is being blocked (spamassassin). The actual number is a little higher. Sad, really.

-matthew

Re:"Almost" three out of four? (1)

Palefrei (773895) | more than 7 years ago | (#16756281)

I'm running Ironports all over my environment.

In may I had 167,045,434 emails, 96.3% blocked as spam/virus

I just looked at Octobers' stats... 230,975,517 emails, 97.7% block rate.

Thank G*d the accuracy of that 97.7% is spot on, or the whitelisting/maintenance would make my life a living hell.

OT: why is everything a trap today? (2, Informative)

Mateo_LeFou (859634) | more than 7 years ago | (#16755917)

Is there a joke I'm not in on?

Re:OT: why is everything a trap today? (2, Informative)

necro2607 (771790) | more than 7 years ago | (#16756905)

This page [x-entertainment.com] explains the "it's a trap" inside joke well enough, although I don't know what the deal is behind tagging comments with itsatrap today in particular.

seriously (0)

Anonymous Coward | more than 7 years ago | (#16755939)

Can whomever keeps saying itsatrap to every single slashdot post bugger off? I know this is off topic but comeon, this is seriously annoying!!!!

"Itsatrap" tagging (1)

A beautiful mind (821714) | more than 7 years ago | (#16755951)

[Note, this post is referring to the tags that can be found amongst others, on this article, so this is a general-issue post not an offtopic one. Thank you.]

It's getting annoying that every article without any relevance gets tagged with "itsatrap". The "fud" tag is grossly overused aswell, but at least it can be perceived as mostly applicable. I'm suggesting, to conform with slashdot grammar, to counter-tag every article that has an irrelevant "itsatrap" tags with "notsatrap".

is it just me? (0)

Anonymous Coward | more than 7 years ago | (#16756227)

..or is the PDF link in the story dead? Anyone got a mirror, I'd really like to see that.

easy detection (0)

Anonymous Coward | more than 7 years ago | (#16756469)

The developers of SpamThru employed numerous tactics to thwart detection and enhance outreach

I can't believe they write this! I find it very easy to block most of those botnets AT THE SMTP LEVEL. No need to even get to the DATA phase, they normally betray themselves by protocol violations before that.

I love the way.... (1)

superskippy (772852) | more than 7 years ago | (#16756531)

I love the way they say spammers are gearing up for the holiday season. Man, if I get nothing but viagra and penny stocks for Christmas, I'm going to be upset.

oh wow, breaking news (1)

felosi (986666) | more than 7 years ago | (#16756537)

Oh wow, botnets and trojans responsible for spam? Oh, this is such breaking news, we would have never known. /sarcasm

Wrong Way? (1)

Clazzy (958719) | more than 7 years ago | (#16756999)

A spam-sending Trojan dubbed 'SpamThru' is responsible for a vast amount of the recent botnet activity which has significantly increased spam levels to almost three out of every four emails

Sounds like a decrease in spam for me, where do I sign up?

96% of my mail is spam (1)

McSpew (316871) | more than 7 years ago | (#16757069)

I've been inundated so heavily and for so long, I don't remember a time when I only got three spams out of every four emails. I recently tried outsourcing my anti-spam filtering to a third-party supplier. That supplier proxies the SMTP connections and closes them when it detects spam, as opposed to most outsourcers, who store-and-forward the messages.

Because my mail gateways couldn't handle the crushing load of spam I was seeing, I'd hoped that this outsourcer would save me. I was wrong. It turned out that my inability to handle the load at my mail gateways ended up causing DDOS problems for the outsourcer.

I got a call from the product manager who was in Sweden on a business trip, begging me to change my MX records back to my own gateways, because otherwise, his IT folks were going to shut me down in order to save themselves.

I'm currently testing MessageLabs, and it's looking good so far. They're catching nearly a million spams a day for me.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...