Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spam is Back With A Vengence

CmdrTaco posted more than 7 years ago | from the bring-me-my-bazooka dept.

Spam 510

Ant writes "The Red Tape Chronicles reports that just last December (2006), the FTC published an optimistic state-of-spam report. It cites research indicating spam had leveled off or even dropped during the previous year. It now appears spammers had simply gone back to the drawing board. There's more spam now than ever before. In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now."

cancel ×

510 comments

Spam spam spam spam. Lovely spam! Wonderful spam! (0, Redundant)

tedgyz (515156) | more than 7 years ago | (#17701624)

Wife: Have you got anything without spam?
Waitress: Well, there's spam egg sausage and spam, that's not got much spam in it.

Re:Spam spam spam spam. Lovely spam! Wonderful spa (4, Informative)

Smallpond (221300) | more than 7 years ago | (#17701716)

Score:1, Redundant

By definition, shouldn't any post about spam be marked redundant?

Anyway, I run a mailserver. What I see is surges of email for whatever happens to be the current scam. Last year it was mostly mortgage offers (Get a cheap, misspelled mortqaq3 today!!!) Spamassassin + RBLs eliminate about 70% of the flood. Image-only email is flagged by spamassassin. Now random text is added to get past the Bayesian filters. The arms race continues.

BTW, if you are the type to send copies of spam to abuse addresses, I advise you to remove identifying info and post it through an anonymous account to avoid retaliation. ISPs tend to forward it to the spammer.

Re:Spam spam spam spam. Lovely spam! Wonderful spa (2, Insightful)

Conspiracy_Of_Doves (236787) | more than 7 years ago | (#17701718)

The thing that always bothered me about that skit was that the first two things that the waitress mentioned didn't have spam. Egg and bacon, and Egg Sausage and Bacon.

Maybe I think about this stuff too much.

Stock scam spams - 3n14rge yur SC0X ... (3, Interesting)

tomhudson (43916) | more than 7 years ago | (#17701626)

And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is now stock spam

Until the SEC hasn't gone aggresively against one of the most blatant pump-and-dumps. nothing will change.

Re:Stock scam spams - 3n14rge yur SC0X ... (0)

Anonymous Coward | more than 7 years ago | (#17701682)

The SEC already hasn't done anything. In fact, If you think this will help, I'd say that the SEC really is the best hope. They reliably do nothing at all about almost anything. Think insider trading (pick some random innocent because she does really annoying cooking programs); think SCO group etc. etc.

Incidentally, I believe that one of the major European banks has a (profitable) department which analyses email pump and dump schemes and trades in the right way to profit from them. Basically, this is one of the places where people who trust spam probably do deservedly suffer.

Re:Stock scam spams - 3n14rge yur SC0X ... (3, Interesting)

smallfries (601545) | more than 7 years ago | (#17701684)

I don't see why image spam should be such a problem. While accurate OCR is difficult, detecting the presence of text in an image is quite easy. Given that 0% of images with text on them are genuine it shouldn't be hard for a spam filter to detect these messages and dump them. As long as the error-rate is low this can be done on the server, rather than the client and cut down on the bandwidth used.

Re:Stock scam spams - 3n14rge yur SC0X ... (3, Informative)

that this is not und (1026860) | more than 7 years ago | (#17701798)

The images are being 'peppered' with background noise.

Re:Stock scam spams - 3n14rge yur SC0X ... (4, Funny)

tomhudson (43916) | more than 7 years ago | (#17701830)

I don't see why image spam should be such a problem.
  • 1000 text-only spams - 20k
  • 1 image spam - 200k
  • Your mail quota and network responsiveness - pricelessly f*cked over

The solution (-1, Troll)

nurb432 (527695) | more than 7 years ago | (#17701638)

There are 2 steps to stop this ( well 3, actually )

1 - death ( yes, death, not jail ) for conviced spammers ( oh, and make it painful and long too )
2 - any company caught knowingly using spam as a way to advertise is forced to shut down and they lose all thier assets ( including personal )

Optional:

3 - anyone caught buying from a spam ad should be humiliated in public.

Re:The solution (2, Insightful)

bcmm (768152) | more than 7 years ago | (#17701656)

The problem with punishing the firms advertised is that it is very hard to prove. It could be that they hired an advertising firm which represented itself as legitimate. It could even be that someone spammed in their name to try and damage their reputation.

Re:The solution (0)

Anonymous Coward | more than 7 years ago | (#17701692)

I do not like spam. Or their tactics or their polution of our servers.

But I got to say,
Thank God nobody has EVER been "conviced" yet.

I think you meant "Convicted."

I think death is a little harsh, although I have spent many a night, greping log files, and running trace, on many domains outside the USA; While Drunk and screaming, " die you fuckin spammer. " adding their /8 or /24 to the iptables.

There's probably some smartass geek out there that will say, but there's ways to kill spam now, it 2007 not 1996! Yeah, guy there may be ways, but they do not work on ALL systems!

Doh! (1)

nurb432 (527695) | more than 7 years ago | (#17701770)

Ya, i noticed i left out the 't' as i hit send..

I must get in the habit of proofreading :)

Re:The solution (1)

DodgeRules (854165) | more than 7 years ago | (#17701722)

All of the above!

Re:The solution (1)

kaufmanmoore (930593) | more than 7 years ago | (#17701736)

You dont have to kill them, just chop their hands off.

Re:The solution (5, Interesting)

eMbry00s (952989) | more than 7 years ago | (#17701750)

1 - death ( yes, death, not jail ) for conviced spammers ( oh, and make it painful and long too )
Please try to size the punishment to the size of the crime. Most civilized countries don't even have death sentence for serial murder. Also, your American laws don't carry much power over other jurisdictions, and convincing others to share death penalty for something like this would be hard.

2 - any company caught knowingly using spam as a way to advertise is forced to shut down and they lose all thier assets ( including personal )
Well then I know what to do about my pesky competitors, just have some spammers send spam in their name! Problem solved!

3 - anyone caught buying from a spam ad should be humiliated in public.
So who do you want to monitor everybody's commerical actions? Actually, to know that the person bought a product because of spam, we'd need to monitor them whenever they check their email. Big Brother go! :DDDDDDD

In the name of Karl Popper, though, I appreciate your proposals.

Re:The solution (1)

nurb432 (527695) | more than 7 years ago | (#17701846)

1 - I think it is fitting for the crime. It is not my fault the punishment is not fitting for others.
2- i said *prove* they used spam, so 'joe jobs' wouldnt apply here ( yes i know its hard to do, we are just dreaming here anyway )
3 - the goverment already does that..

Re:The solution (1)

eMbry00s (952989) | more than 7 years ago | (#17701902)

Sorry, I wasn't aware that we were dreaming. I thought we had a serious discussion. I have no intention of participating in dreaming with you, so I guess that ends our communications for this time.

Re:The solution (0, Troll)

suso (153703) | more than 7 years ago | (#17701868)

1 - death ( yes, death, not jail ) for conviced spammers ( oh, and make it painful and long too )

Please try to size the punishment to the size of the crime. Most civilized countries don't even have death sentence for serial murder. Also, your American laws don't carry much power over other jurisdictions, and convincing others to share death penalty for something like this would be hard.

Ok, I think you're missing something. You're trying to apply morality to this situation and I don't think spammers derserve that. At least not the worst of them. Spammers are a dime a dozen, and they all think that what they are doing is ok and that there are no consequences to it. I know this because I've talked to some directly. They don't have anything that is really scaring them into stopping what they are doing. And for every spammer that goes down there are 2 to replace that one.

What we really need is something like the Boogy Man is to children. Maybe not a vigilante that kills spammers (although I've said that this is a possible solution before), but something that would scare the living shit out of spammers and make them really worry that what they are doing is going to come to get them. And also makes new spammers realize what kind of risk they are getting into to.

Because all the anti-spam, laws, humiliation tactics that we are using now are doing practically nothing to prevent the problem from the beginning. Its time for more extreme tactics.

Re:The solution (5, Insightful)

eMbry00s (952989) | more than 7 years ago | (#17701928)

Just like with the war on drugs, eh? Yeah I see how raising the punishment really helps. No wait. Shit, it doesn't. I guess we're fucked now.

What I think would help is ISPs taking confirmed zombie machines offline. It's done in Sweden by some ISPs, and most people don't seem to have a problem with that.

Re:The solution (2, Interesting)

Snarfangel (203258) | more than 7 years ago | (#17701874)

Please try to size the punishment to the size of the crime.

I'd settle for ten seconds of jail time and a penny fine per spam. That would (very roughly) approximate treble damages for time wasted. A million spams would yield a 4 month sentence and a $10,000 fine.

Of course, if they sent a billion spams, they might as well get the death penalty, since they wouldn't be getting out in this lifetime.

Also, your American laws don't carry much power over other jurisdictions, and convincing others to share death penalty for something like this would be hard.

The reverse is also the case, of course.

Re:The solution (1)

tomhudson (43916) | more than 7 years ago | (#17701974)

I'd settle for ten seconds of jail time and a penny fine per spam. That would (very roughly) approximate treble damages for time wasted. A million spams would yield a 4 month sentence and a $10,000 fine.

Unfortunately, $10,000 is less than the cost of keeping someone in jail for 4 months ...

Also, why not go to the REAL root of the problem - Windows and the zombies that run it. Anyone connected to the net with an pwn3d box pays $100 for the first incident, doubling each time. People would learn to dual-boot really quickly.

Re:The solution (1)

/ASCII (86998) | more than 7 years ago | (#17701816)

Two words: Joe jobs.

Re:The solution (Just My 2 Cents) (1)

biomech (44405) | more than 7 years ago | (#17701820)

Seriously, however, who and how to punish is the issue.

I have little trouble with spam getting through filters either on my webmail accounts or on the POP accounts I access on my system and I suspect that's true with most /. readers. What I draw from this is that filtering software on various levels is fairly effective, but that has nothing to do with the volume increase which I've certainly noticed.

Since I suspect that a good deal of this trash is sent from people who move electronic locations frequently, perhaps there's some way of developing a protocol whereby the first receiving server refuses acceptance of messages which display specific chracteristics found in spam or might even be able to trigger the equivalent of a DOS against the offending system. Widespread acceptance of such a protocol could go a long way towards reducing the volume of spam.

Re:The solution (1)

erroneus (253617) | more than 7 years ago | (#17701880)

I too think there should be a much heavier punishment for spam or any form of fraud or deceptive advertising. And I think it should definitely be fought with more aggression. In the U.S. we have very strict rules for print and broadcast media with noteworthy punishments. But in the case of spamming, most of this is anonymous in most ways making this pretty difficult.

However, as someone pointed out, it's pretty hard to make a firm connection between the spammer and the activity being advertised. However, working out plea testimony of reduced sentencing, I'm sure the spammer would be likely to produce the evidence a prosecutor would need.

I hate to say it, but before the hard-core enforcement we beg for will happen, there will have to be some lobbying done.

Punishment to fit the crime (1)

mangu (126918) | more than 7 years ago | (#17701904)

I'm sure many people would agree with the punishment you propose for spammers, but when punishment becomes too harsh it stops being effective. Do you know how the Russian Mafia started? By supplying merchandise through the black market in Stalin's Soviet Union. They faced the most ruthless police organization in the world and survived.


A basic fact of life is that any law enforcement officer is corruptible, it's just a matter of price. An extremely harsh punishment only makes the perpetrator willing to pay more, until the price level of the officer is met. A fair punishment is one that's enough to inhibit crime, but less than what the criminal is willing to pay to avoid.

Use FuzzyOCR and be mostly done with image spam (4, Informative)

BigJim.fr (40893) | more than 7 years ago | (#17701642)

Last month I installed the FuzzyOCR on my Spamassassin setup it and I can now testify that rare is the image spam that gets through. I wrote a article about it if you want more detail : http://serendipity.ruwenzori.net/index.php/2006/12 /19/fuzzyocr-hits-debian-unstable-and-eradicates-i mage-spam [ruwenzori.net]

Re:Use FuzzyOCR and be mostly done with image spam (1)

Professor_UNIX (867045) | more than 7 years ago | (#17702088)

Last month I installed the FuzzyOCR on my Spamassassin setup it and I can now testify that rare is the image spam that gets through.


Enjoy it for the few months that it'll last you. I'm already getting CAPTCHA-style image spam that confuses the OCR programs (not to mention I can't read it either). So, this new spam is usually that image and some random paragraph out of a book or something. Clearly the spammers know what they're doing is unwanted and they continue to escalate their attacks against the spam defenders and yet our lawmakers continue to ignore it. Why not make it a $500,000 fine PER SPAM message and give the fine to the person that got spammed?

bluesecurity had the right idea! (1)

Don Giovanni (300778) | more than 7 years ago | (#17702108)

and now okopipi is going to be reborn: http://www.okopipi.org/article/129 [okopipi.org]

When ? Who knows.

Failure Notice (Mail Sub-System) (5, Funny)

CheeseburgerBrown (553703) | more than 7 years ago | (#17701650)

I'm sorry but your message from articles.slashdot.org was REJECTED because it has been flagged by our system as spam. You may not be the source of the spam, but our servers do not respect SPF flags and therefore accept, process and then bounce almost any old slutty slice of bits that get hucked our way. We blame you, the owner of the spoofed domain.

To get a hard copy of this message please send $1 to Happy Dude, 742 Evergreen Terrace, Springfield.

Promotional consideration has been provided by the Russian Mob.

Failure Notice (Moderation Sub-System) (2, Insightful)

enharmonix (988983) | more than 7 years ago | (#17702106)

How to tell a message is NOT flamebait

1. Satire: Perhaps the most confounding form of humor, note the subtle reference to the discussion embedded in a story about something else. This wasn't flaming slashdot, it was about how spam that appears to originate from your domain (but doesn't) can get you blacklisted by site admins as clueless as the moderators who flagged the parent as flamebait. Here is a good example of satire:

I'm sorry but your message from articles.slashdot.org was REJECTED because it has been flagged by our system as spam. You may not be the source of the spam, but our servers do not respect SPF flags and therefore accept, process and then bounce almost any old slutty slice of bits that get hucked our way. We blame you, the owner of the spoofed domain.

For further reading, see the wiki [wikipedia.org] .

2. Obligatory references to The Simpsons [wikipedia.org] :

To get a hard copy of this message please send $1 to Happy Dude, 742 Evergreen Terrace, Springfield.

Hint to poster: Next time, just go with the "overlords" joke.

3. Relevancy: Recent news stories highlight that most spam is coming from botnets under the control of Eastern European and Russian criminal organizations. Had you bothered to read anything on /. about spam prior to moderating just now, you'd probably know this. Hence the following is, in fact, funny:

Promotional consideration has been provided by the Russian Mob.

Thank you for moderating today! We hope you enjoyed your crack!

SpamAssassin still works (3, Informative)

CRCulver (715279) | more than 7 years ago | (#17701660)

In spite of the rise in spam, you can still keep everything but the stray message or two a day hitting your inbox if you configure SpamAssassin [apache.org] well. Get a guide like McDonalds' SpamAssassin [amazon.com] and follow the steps for the usual configuration based on examining headers and referring to Razor. Then, take a massive collection of all sorts of spam, from text pump 'n' dump to image spam, and feed it into sa-learn, SpamAssassin's Bayesian training system. A good setup with extensive Bayesian training will cut out almost everything. And it's not too hard. If you can install a Linux distro, you can configure SpamAssassin.

However, this is obviously only to filter spam coming into your own box. When I am travelling, I try to force myself to leave my laptop behind in order to truly relax, but that means that I have to use my e-mail provider's web interface. And when I see that my Inbox has 500 messages after just 36 hours, then I start to understand the grumbling that SMTP is broken and we need a drastically reformed protocol.

Re:SpamAssassin still works (4, Informative)

antifoidulus (807088) | more than 7 years ago | (#17701762)

SpamAssasin is great, but it only solves part of the problem. We installed SpamAssasin where I work in July and it's a good thing we did it then, we have seen the spam we receive on a daily basis rise at an exponential rate starting in August(we have maybe 100 or so users). It does solve the spam problem from the end users point of view, SpamAssasin has almost no false positives or false negatives, but the increased volume of spam has still caused headaches. The bandwidth is obviously one, but another is that we installed spamassasin on an older server, naively thinking we wouldn't see said exponential increase in spam. However, now that 90+% of the messages that we receive are spam, the machine is starting to struggle. We are still ahead, but the fear is that if this rate of growth keeps up, the messages will come in faster than we can process them, which means more spent on hardware, manpower, electricity etc. The costs of spam are really being forced on the users of email.....

What can I say? (0)

Colin Smith (2679) | more than 7 years ago | (#17701666)

I simply don't get any.

 

Re:What can I say? (5, Funny)

robably (1044462) | more than 7 years ago | (#17701724)

That applies to most guys on Slashdot.

Re:What can I say? (0)

Anonymous Coward | more than 7 years ago | (#17701792)

I simply don't get any.


I don't get any either, but that's why we're on Slashdot. Now could you please get back on topic, please?

what spam? (1)

p51d007 (656414) | more than 7 years ago | (#17701800)

my ISP (AT&T) filters it. In a month, I might have one or two hit the inbox.

Re:What can I say? (1, Funny)

Anonymous Coward | more than 7 years ago | (#17701876)

Post your email address for a complete explanation.

Re:What can I say? (1)

Hymer (856453) | more than 7 years ago | (#17701890)

...and that's the exact problem. I don't think any real geeks/nerds do get much spam... and as long as we do not get spam we will not do anything to stop spam... and we are the only ones that really CAN fix the problem for good (redesign SMTP and servers)...

Re:What can I say? (0)

Anonymous Coward | more than 7 years ago | (#17701940)

Even if we had an authentication system to prevent from address spoofing (and a peer to peer trustworthiness index - decentralized continuous RBL), it wouldn't help without fixing the zombie problem. That's going to be very hard. So it's not just the servers and SMTP that has to be redesigned, OS privilege handling [wikipedia.org] will have to be, . [wikipedia.org]

Re:What can I say? (0)

Anonymous Coward | more than 7 years ago | (#17701922)

What's you email?

My email address? (1)

Colin Smith (2679) | more than 7 years ago | (#17702046)

Sure, why not.

tungstenband@mytrashmail.com

Which may be why I don't get any spam. Is it my fault that most people are as dim as a 5 Watt bulb?

 

Comment Spam (4, Interesting)

Anonymous Coward | more than 7 years ago | (#17701674)

Akismet [akismet.com] is what a lot of Wordpress users (and many other bloggers) use to prevent comment spam. They've got a pretty neat stats [akismet.com] page that shows the volume of spam they have blocked from their creation. They are relatively new, so the fact that the graph trends upwards so quickly also has to do with the fact that their userbase is still growing. But it's unquestionable how large a spike I saw in the end of November and December. Particularly over the Thanksgiving/Christmas holiday weekends. I have a personal server in my house that was MELTED by the amount of hits to my dinky little blog. It would go up and then 30 seconds later would be unresponsive and have to be forcefully rebooted. It even killed my D-Link router.

I'm posting AC so slashdot doesn't melt my server again...

eeeerh... (0)

Anonymous Coward | more than 7 years ago | (#17701678)

One entry found for vengeance.

Main Entry: vengeance
Pronunciation: 'ven-j&n(t)s
Function: noun
Etymology: Middle English, from Anglo-French, from venger to avenge, from Latin vindicare to lay claim to, avenge -- more at VINDICATE
: punishment inflicted in retaliation for an injury or offense : RETRIBUTION
- with a vengeance
1 : with great force or vehemence
2 : to an extreme or excessive degree

What's a ... (1)

Killjoy_NL (719667) | more than 7 years ago | (#17701680)

What's a Vengence?

Re:What's a ... (0)

Anonymous Coward | more than 7 years ago | (#17701964)

The stuff from "Die Hard 3"...

Re:What's a ... (0, Troll)

cculianu (183926) | more than 7 years ago | (#17702078)

I have no clue. I looked up "vengence" on m-w.com and it suggested a bunch of alternatives. Amongst them was the word vengeance . Perhaps the /. editor meant vengeance and not 'vengence' (whatever that means)?


Seriously, this glaring spelling error completely distracted me and I was unable to even read the article. It annoys me that despite /. being a big commercial site now, they still lack the professionalism of even a small-town newspaper.

Too bad e-mail isn't "Store at sender" (0)

Anonymous Coward | more than 7 years ago | (#17701706)

If I can bring up a webpage within a second just by typing the URL, I should be able to bring up an e-mail by sending an equivalent request. By making the protocol *push* rather than *pull* you set the stage for such spam. "Store at sender" would also verify the location the email is coming from.

Re:Too bad e-mail isn't "Store at sender" (1)

tomhudson (43916) | more than 7 years ago | (#17701870)

f I can bring up a webpage within a second just by typing the URL, I should be able to bring up an e-mail by sending an equivalent request. By making the protocol *push* rather than *pull* you set the stage for such spam. "Store at sender" would also verify the location the email is coming from.
That really opens you up for all sorts of attacks, because now you're not even semi-anonymous - they will know both your email and exactly when you're online and connected. Great way to remote a machine.

Besides, how do you get the notification that you have email waiting on another server? Ping them every so often to see if they have some email stored for you?

Re:Too bad e-mail isn't "Store at sender" (1)

Valdoran (887940) | more than 7 years ago | (#17702068)

That's like snail-mail, but being forced to collect the letters at the sender's house...

Try again?

Re:Too bad e-mail isn't "Store at sender" (1)

tomhudson (43916) | more than 7 years ago | (#17702126)

"That's like snail-mail, but being forced to collect the letters at the sender's house..."

And if its spam, we can all wget the same message a couple thousand times ... that'll teach them!

Stock Spam (3, Interesting)

inode_buddha (576844) | more than 7 years ago | (#17701708)

Well, spam is a technical issue driven by human nature and social ills, IMHO. So I think it would be good to have the various trade and exchange regulators deal with it, at least somewhat. For example, the SEC or various national/international trade blocs could have a task force which more actively does something about stock spam. For example, company XYZ appears in a spam message in country ABC. If the company originated the spam or paid for it, then they are barred from trading in country ABC for a length of time. If they did *not* originate the spam, then the task forces would track down the originators with assistance from local law enforcement. The overall idea is to remove the incentive to spam.

Re:Stock Spam (2, Insightful)

archen (447353) | more than 7 years ago | (#17701924)

Are you referring to the pump in dump scams in which the company has nothing to do with the spam email, because I don't see how that's going to help them. It also sounds like a great way to limit your competition by sending spam emails on behalf of your competitors.

Re:Stock Spam (1)

inode_buddha (576844) | more than 7 years ago | (#17702008)

Nah, I figure the spammers get nailed anyway, regardless of whether it originates with a company. It wouldn't necessarily limit competition if investigators let it slide while going after the spammers themselves under various financial regulations instead of technical measures. Bonus points for being able to prove that a competitor was connected to it. It's not much different from what's going on already, it just needs to be quicker to react IMHO.

Re:Stock Spam (5, Interesting)

beakerMeep (716990) | more than 7 years ago | (#17701984)

While it's nice to think regulators would fix it I found there were a few reasons why this wouldnt happen. I did a little research on those stock spams. since there had been so many, it got me curious as to what was going on to stop them.

1) many of the companies that are promoted in the pump and dump schemes are not involved and often dont know for months that they are also victims of the spam. basically its hard to know who really is (spam coming from open relays etc)

2) most of these stocks are what they call pink slip or OTC (over the counter) stocks not traded on exchages like the NYSE or CME, thus not falling under the SEC (i think, please correct me here im no stock expert)

3) it appears that these spams are more of a scam to drive people to brokerages, or stock advisors. if you google one of the symbols in the spams, you will find very shady looking, hastily constructed sites who's sole purpose is to grab the #1 google ranking for the word "spam" and the symbol in the email.

I could be wrong about the purpose but I think there is more to this scam than pump and dump. ymmv.

Re:Stock Spam (1)

inode_buddha (576844) | more than 7 years ago | (#17702036)

Hrmmm, yeah you maybe right. I have to think about that. All the same, it makes me wonder who is really behind it all, and why? What do they gain, and how to remove the incentive?

Re:Stock Spam (1)

smurfsurf (892933) | more than 7 years ago | (#17702120)

> it makes me wonder who is really behind it all,

Some individuals, or some guys working together.

> and why?

To make money.

> What do they gain,

1) Buy some stock
2) Praise it as the next coming via SPAM to make folks buy this stock
3) Prize of the stock raises do to a higher demand
4) Sell the stock at the now higher prize
5) Profit

> and how to remove the incentive?

Now that is the difficult part.

Moo (2, Interesting)

Chacham (981) | more than 7 years ago | (#17701714)

Obviously this won't work, i just don't know why, or at least not clearly.

There are only a few ISPs that connect at cross-network access points. All other ISP, buy their service from up-level ISPs.

As has been suggested before, why can't every ISP have a policy (start at the top (the access points), and the rules will trickle down) that any ISP sending spam has to turn off access within a few hours or be shut down.

Ultimately, the low-level ISP, who actually connect to the users would be forced to recognize the individual computers sending the spam, and shut down their access. These users can even use a virus cleaning program, or never come back on.

When "innocent" computers are turned off, it really isn't that big of a deal. There are free tools to remove viruses, and i'l bet they will be *happy* to know they're a problem, and how to get better.

At first they would be inundated with calls, but then we'd have a clean inter-network.

And noone can just start a new top-level network, because they would be denied entry to the access point, of which there are only a few.

Seriously, why won't this work?

Re:Moo (0)

Anonymous Coward | more than 7 years ago | (#17701760)

Seriously, why won't this work?

uhm... because of the vast amounts of money made with spam?

Re:Moo (5, Interesting)

HairyCanary (688865) | more than 7 years ago | (#17701840)

and i'l bet they will be *happy* to know they're a problem, and how to get better.


I can see you've never worked at an ISP. A customer who is cut off could not care less about why, all they want is to be reconnected immediately and with no work on their part. They will threaten leaving your service, lawsuits, and practically death threats if you do not reconnect them.

Seriously, why won't this work?

Primarily it becomes an issue of volume. One call to a customer with an abusive machine will eat up the profit from that customer for months. You can't just call them and say "fix it", you have to handhold them through the process or you will almost certainly lose their revenue altogether.

Re:Moo (1)

Watson Ladd (955755) | more than 7 years ago | (#17701992)

You could just install Ubunto on their computer and problem solved. Or install restrictive firewalls unless they are clean.

Re:Moo (2, Insightful)

metamatic (202216) | more than 7 years ago | (#17702150)

One call to a customer with an abusive machine will eat up the profit from that customer for months.

Sounds to me like your pricing scheme is part of the problem.

Re:Moo (1)

terraformer (617565) | more than 7 years ago | (#17702006)

Seriously, why won't this work?
Define "spam"... That is why. I have had devs on the SA list look at legitimate commercial email and call it spam. The ISPs are a good source of info to help stave off the problem but to shut off people automatically is a big mistake. The ISPs should be monitoring for odd and unusual behavior and notifying the users when their machines are doing something that is suspicious. This way there is some human intervention into the process.

new spam methods (3, Insightful)

edxwelch (600979) | more than 7 years ago | (#17701726)

There's an interesting artical at Extreem tech about the wave of spam that hit us last year:
http://www.extremetech.com/article2/0,1697,2060277 ,00.asp [extremetech.com]

Most admins were able to find ways to eliminate that eventually: http://blog.fastmail.fm/?p=580 [fastmail.fm]

but now I notice a new trend. Some spammers are actually putting news headlines in the subject field.

On top of that the black hats are now finding ways to spam emule search results.

Every search you make in Emule will return a fake hit... something like *_using_emule_multimedia_toolbar.exe. If you exectute that program your machine will be infected with a virus.

Re:new spam methods (3, Funny)

Cairnarvon (901868) | more than 7 years ago | (#17701768)

Viruses and spam? On a filesharing service? The devil you say!

Re:new spam methods (1)

that this is not und (1026860) | more than 7 years ago | (#17701838)

Don't you mean that if I execute that .exe file, the little virtual drive I bring from an image file will be infected with a virus, until I shut it down without saving the virtual drive to an image file?

People don't actually still run world-accessable email clients on Windows in this day and age, do they? Windows is for the happy-smiley machines that aren't routed out past the intranet these days.

Re:new spam methods (1)

edxwelch (600979) | more than 7 years ago | (#17701936)

Few people would be stupid enough to download the exe, but you still get your search results spammed, which is the thing that is annoying.

Spam filters can still cope (5, Informative)

gvc (167165) | more than 7 years ago | (#17701734)

The volume of spam is definitely up, and most of it is pump and dumps from a very few distinct sources. In December, about 20% of the 30,000 spams I received were for one particular stock.

http://it.slashdot.org/article.pl?sid=06/12/21/231 4241 [slashdot.org]

But it is wrong to say that this new spam requires radical new filtering techniques. That's what the spam solution vendors (whose press releases drive these /. articles) want you to believe so you'll buy their products. In general, word salads, obfuscated words and image spam do not defeat state-of-the-art statistical filters.

See, for example, the recent TREC tests: http://plg.uwaterloo.ca/~gvcormac/trecspamtrack06 [uwaterloo.ca]

These results show that filters achieve about the same results on 2006 spam as on 2004 spam, and those results are pretty good. Ongoing tests show that the effectiveness of filters is unchanged for 2007. In general, the volume of spam has increased, and spammers have tried various methods of defeating spam filters. But their efforts have not been particularly successful against statistical filters.

Make money from spam without spamming (3, Interesting)

sygin (659338) | more than 7 years ago | (#17701738)

I think an interesting study would be to harvest spam,
scan for pump and dump, and buy stock based on verious
factors. If you refined you algorithm perhaps you could get
an application that would buy and sell pump and dump
stock on your behalf, and make money in the process

I would practice with virtual stock at first.

Could an application buy and sell stock without
human intervention?

Re:Make money from spam without spamming (1)

kaufmanmoore (930593) | more than 7 years ago | (#17701794)

The pattern of you buying and selling all the stocks that are involved in pump and dump scams would make you look like you were part of orchestrating it and would catch the SEC's eye

Re:Make money from spam without spamming (1)

tomhudson (43916) | more than 7 years ago | (#17701894)

The pattern of you buying and selling all the stocks that are involved in pump and dump scams would make you look like you were part of orchestrating it and would catch the SEC's eye

I doubt it. How many people have bitched about SCO's pump-and-dump, and nothing, nada, zip, squat, zero, rien ...

Re:Make money from spam without spamming (1)

mce (509) | more than 7 years ago | (#17701962)

It would indeed. But the original question was: would it work for making money. That's a study I'd like to see as well.

In the end, if you're not orchestrating these things yourself but observing what's going on and making good choices based on that, all you are doing is exploiting publicly available information better than the next guy. And that, after all is the core of the entire stockmarket idea. So while the SEC may decde to have a close look at you, as long as you're not involved in the scam itself, nobody can convict you of anything. That is: until somebody proves that the idea actually works and an appropriate law is passed, making it illegal to strategically base your investment decisons on what you know to be obvious scams. Until then, the SEC's investigations may have some undesired side effects, but as long as the rewards are higher...

Re:Make money from spam without spamming (1)

ChrisMaple (607946) | more than 7 years ago | (#17701918)

The stocks used in spam pump-and-dump are usually thinly traded penny stocks. Your own purchases and sales will affect the stock price, making your virtual trades inaccurate. You'll need to see bid/ask prices and quantities, not just price history, to make a more nearly valid test.

Adopt SPF and Spamassassin (1)

canuck57 (662392) | more than 7 years ago | (#17701758)

Adopt technologies like Spamassassin and SPF.

Use polices that check the senders address and validity. Seems to work on my hobby system. Oh, I get some, but the kill rate is quite good and the false positives are quite low to non-existent. I virtually get none of the botnet spam, which is a big chunk.

block .gif images? (3, Insightful)

spacemky (236551) | more than 7 years ago | (#17701766)

Why not just block e-mails that contain .gif attachments?

Re:block .gif images? (1, Informative)

Anonymous Coward | more than 7 years ago | (#17702024)

Go on try that... and your boss will shoot you. Mails from financial sites use gif attachments.

In /. before (2, Informative)

pilsner.urquell (734632) | more than 7 years ago | (#17701774)

This shouldn't come as a surprise to anyone One Last Spamhaus Warning Before The End [slashdot.org]

Re:In /. before (2, Interesting)

Hymer (856453) | more than 7 years ago | (#17701950)

Just FYI: that blocking is only a DNS blocking, you can use Spamhaus' "real" dns instead or use their ip-addr... and they have launched one service more recently.

Re:In /. before (1)

Hymer (856453) | more than 7 years ago | (#17702112)

hmmm... sorry... I've just checked and it seems that they have removed their .uk blocklists, propably because ICANN's statment on the mentioned case.

The cancer (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17701788)

The cancer that is the stock market poisons everything it touches, I'm surprised it took this long for it to affect (NOT impact, affect) efficient e-mail.

The problem goes far deeper than spam here. I have concluded that it is impossible to fix, it must play itself out to its ultimate and so very final conclusion.

It is sad, but I am cheered by the statistical probability that intelligent life somewhere in the universe will not have fallen into this obvious self destructive trap. Life will go on, just not here.

What I just don't get.. (5, Insightful)

ParraCida (1018494) | more than 7 years ago | (#17701818)

Who is even dumb enough to make their purchases based on spam mail. I mean, surely everyone must know what spam is by now? How can one be so dense as to trust a completely random, badly worded, illarticulated e-mail full of spelling mistakes from someone you don't know to make informed decisions about what stock they should buy?

It simply makes no sense to me. As long as people remain so completely clueless that they will fall for spam, there will be spam.

Yep, I don't get it either (1)

DZR (581320) | more than 7 years ago | (#17701900)

I don't understand the economics of spam. Apparently these people do make money. But how? In order to get their messages past all the anti-spam measures around these days, these guys have to send out almost totally undreadable misspelt nonsense with completely misleading subject lines. I can't beleieve that people receive these things and then go on to purchase something. It doesn't make sense.

Re:What I just don't get.. (1)

Snarfangel (203258) | more than 7 years ago | (#17701920)

Who is even dumb enough to make their purchases based on spam mail. I mean, surely everyone must know what spam is by now? How can one be so dense as to trust a completely random, badly worded, illarticulated e-mail full of spelling mistakes from someone you don't know to make informed decisions about what stock they should buy?

Maybe the government can advertise V14GR4 and C14L15 via spam, but actually supply birth control pills. In a couple of generations, the average intelligence of the planet would go *way* up.

Re:What I just don't get.. (2, Insightful)

Orange Crush (934731) | more than 7 years ago | (#17701970)

Who is even dumb enough to make their purchases based on spam mail.

Apparently, plenty. It only takes a few suckers to justify the time and effort to set up a spam campaign. I'd like to think that some day everyone will be aware enough that pump-and-dumps, nigeria scams, and the myriad other flavors of spam simply won't work any more because nobody will fall for them. Unfortunately, I do not believe that is a likely outcome [wikiquote.org] .

Solution is simple... (0)

Anonymous Coward | more than 7 years ago | (#17701850)

Make the punishment for the crime extremely severe. And if someone does it from a 3rd world country or something, they can be executed. Problem solved.

I get a lot of stock spam for viagra companies (1)

Rogerborg (306625) | more than 7 years ago | (#17701860)

And I'm wondering; how do I bill these companies for my time? Would there be a government department willing to help me out with that, or perhaps a friendly lawyer (apologies for the oxymoron) interested in starting a class action suit? These fucknuts will only cease when it starts costing them to do this.

How often do you hear of spammers getting busted? (4, Interesting)

BillGatesLoveChild (1046184) | more than 7 years ago | (#17701882)

It happens, but not that often. When they catch one, law enforcement does a dog and pony show and we applaud wildly. But they just keep coming.

Arrests don't seem to happen that often. Do a google for "spammer arrested", and most of the hits are about the Buffalo spammer. He was arrested back in 2003 to much fanfare. However my mailbox is still full of. Maybe there is more than one of them out there?

I'm guessing spammers spam because they know the chance of them being caught is nigh on zero. Yet, this is a criminal racket just like any other criminal racket. If some serious money is put into law enforcement, then spammers might finally get the shakes. Apart from pump-n-dump stocks (get off yer asses SEC), spammers aren't hard to catch. Consider Mortgage spammers. If you reply to a Mortgage spam (I am told) you will later be called by a seemingly unrelated mortgage agency. They have bought your contacts off the spammers. Everything can be traced, and if we have the feds seeded spammers with 1-use-only phone numbers, buying stuff and tracking it just like they do any other illegal contraband, of course they can bust it. Make receiving spammed contact details an offence too: The recipient must be reasonably confident that the leads they received are not spam. Harder to prove, but if there is a reasonable chance of prosecution buyers of spam harvests will become shyer and the market dry up. Lets make it a legal requirement that ISPs have to report spamming users to the feds.

And let's get beyond "fines" for offenders. Fines for any profitable business are merely an operating expense. What really scares company directors is Jail time. This has been used in L.A. to force companies comply with laws they'd otherwise have simply paid out. If a spammer thinks there is a 0.0001% chance of him being caught (and then let off with a warning), they will do it. If they think they probably can't sell their harvest, have a 50% chance of being caught and will definitely go to Jail, they won't!

So why isn't this happening? (1) It's not an issue for politicans. I want to see Obama/Hillary/McCain arguing about Spam!!! and so... (2) The money isn't budgeted for law enforcement. With some Elliot Nesses on Spam, I reckon we can crack this. How do we let the politicians know this is an issue for us?

We need something New. (0, Flamebait)

Benaiah (851593) | more than 7 years ago | (#17701884)

Email simply isnt working.
We need something new. Nuff said.

We register websites. You pay. You should have to pay to forward emails. Say 1c per email. And all the money taxed goes to me for thinking of the idea. I will have eliminated spam and become a billionaire! Everyone is happy!

Re:We need something New. (1)

SteveAyre (209812) | more than 7 years ago | (#17702028)

But you don't pay 1c per visit/visitor to a domain name.

Thunderbird works well for me (0)

Anonymous Coward | more than 7 years ago | (#17701910)

A quick click in the spam column of the messages window and I have Thunderbird configured to flag and delete spam automatically. I have 1295 spam emails in the last 2 weeks, vs 8 real emails. Almost all were sent directly to the spam folder without any intervention from me thanks to the adaptive spam filter.
(Kudos to Mozilla Thunderbird team).

I only wish people would configure their mail server to not bounce spam email back to the 'sender'. Half of the problem would go away if they bothered to check the SPF record and see it was a spoofed sender address.

1p per email (0, Flamebait)

zaax (637433) | more than 7 years ago | (#17701930)

If 1p was changed per email with the 1st 30 free per day it would stop spam dead.

Re:1p per email (2, Insightful)

pilsner.urquell (734632) | more than 7 years ago | (#17702102)

If 1p was changed per email with the 1st 30 free per day it would stop spam dead.

I can go one better. 1-Charge the $0.01 (or $0.005 or whatever) per piece of email, prepaid.

2-When the email reaches the other end monies are returned to the sender. However, at the recipients discretion the postage return can be stopped.

The end result would hopefully be that spammers pay, optimally through the nose, and compliant users still get to use the system for free or next to free.

FTM - Follow the Money (1)

hughk (248126) | more than 7 years ago | (#17701934)

The first rule is that spam is an advertisement that benefits an advertiser. To advertise something secret is an oxymoron - there is a product that is being promoted and somehow the spam recipiant must be persuaded to buy the product.

Broadly speaking, I see three types of spam at the moment creeping past the filters:

  • Drugs (usually sex or diat linked)
  • Penny shares
  • Money laundering

For the first, I'm being invited to buy something, and I have to pay by credit card. If the use of spam to advertise is illegal then why not void the credit card payments? The credit card companies will drop them like a hot potato. The second is more interesting. You don't actually have to be directly connected with the issuing company to benefit. All you have to do is to have a number of the shares. If the SEC wanted to, it wouldn't be that hard to close down such scams. The last is what interests me particularly. This is an advertisement for a sideline job that people could do from home to handle offshore payments. Allegedly this is to help people buying or selling via services such as eBay but with an address in Russia. It fails to mention that opening a bank account for a third party without declaring the fact is very illegal and may even give you trouble (think PATRIOT act).

In other words, there is a lot of legal ammunition to go after these people. It seems that many are just not interested.

Not just Email Spam here (2, Informative)

erica_ann (910043) | more than 7 years ago | (#17701998)

Not only am I seeing more Spam hitting my inbox.. I am seeing more spam on WordPress Blogs. This is where I am seeing the most problems.

The email server I use tags and filters spam, but the WordPress Blogs are filling up with Spam, plus it is clogging up MySql databases for comment spam that it uses all the processing power up - so the other services on the box as well as the webserver crawl to a slow. Even with other programs such as Akismet marking the comment psots as spam, the problem lies in the database being tied up.

SPAM-NET became self-aware at 2:14am EDT August 29 (1)

tomhudson (43916) | more than 7 years ago | (#17702012)

"SPAM-NET became self-aware at 2:14am EDT August 29, 2007 .."

If you think that spam is a problem now, consider this ...

... spam is motivated by the universal lubricant - money. The first AI will probably come, not from a uni lab, but from spammers. Anyone coming up with an AI spammer can make a million a week.

all those "I for one welcome our self-aware spam overlords" and "in soviet russia SPAM deletes YOU" jokes won't be so funny if that happens.

Solution to stock spam? (2, Informative)

Jon Abbott (723) | more than 7 years ago | (#17702072)

Perhaps the SEC could require stock brokers and other companies issuing penny/OTC/pink sheet stocks to log whoever buys or sells them. There should be a discernible pattern among pump-and-dump traders that the SEC could backtrace to identify the perpetrator. I would imagine the perpetrator would not purchase the stock too far in advance, as market fluctuations during that time could make their scheme fail. They probably buy the stock only a few days or maybe weeks beforehand, and then sell immediately after the spike. Their initial purchase is probably sizable as well, more than your average investor. For most people who never deal with OTC stocks, their privacy is ensured. For those who do choose to deal with these types of stocks, it would be part of the cost of business for dealing in such a risky and crime-ridden market. The SEC needs to figure this one out sooner rather than later...

How to stop spam (1)

tuxicle (996538) | more than 7 years ago | (#17702118)

Spam designed to get past Bayesian filters usually has deliberate spelling mistakes. Convince your local congressman that these spelling mistakes are ruining childrens' english education. In closing, add an ominous, but pleading "think of the children!!!one!!!" Watch in amazement as several swift, but ineffective laws (most with catchy acronyms) are passed against spam.

What are ISP's doing? (1)

Rageon (522706) | more than 7 years ago | (#17702122)

Rather than forcing thousands, if not millions, of people to filter spam at the server level, wouldn't it make sense to do the filtering at the ISP level? I'm talking about the major providers. If most (non-virus) spam is coming from outside the U.S., why isn't it being blocked by the tele-co's when it gets to the U.S. ISP's?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...