×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

268 comments

Hmm (0)

kamatsu (969795) | about 6 years ago | (#22772302)

Is there a way to block these specific botnets!? First post yay.

Re:Hmm (5, Funny)

Anonymous Coward | about 6 years ago | (#22772332)

Is there a way to block these specific botnets!?
Yes. Unplug your computer. Or require every person who is stupid enough to run porn.exe that they found on some website to immediately jump off a cliff carrying their computer with them.

Re:Hmm (4, Funny)

unimatrixzer0 (1111335) | about 6 years ago | (#22772350)

Yes there is. We must activate Skynet to put an end to this Botnet/spam/virus that is spreading to our computers. Only then will we be rid of these Bots.

Re:Hmm (4, Funny)

liquidpele (663430) | about 6 years ago | (#22772356)

iptables -P INPUT DROP

Re:Hmm (2, Funny)

Anonymous Coward | about 6 years ago | (#22772728)

I did that in good faith but now I can't logon to the system. How do I get control of my system again? I host at a facility in Texas and I'm in London so I can't physically get access and part of me fears that I might've just fallen foul to a cruel and callous internet joke.

Re:Hmm (0)

Anonymous Coward | about 6 years ago | (#22772940)

If you're serious, you should be fired. Just reboot the machine to reset iptables.

Re:Hmm (2, Informative)

Just some bastard (1113513) | about 6 years ago | (#22772490)

Is there a way to block these specific botnets!?

No!?

Rejecting on invalid Helo, no rDNS and checking the Spamhaus zen RBL is quite effective. Improving on that requires an admin to explicitly block known residential blocks via rDNS and IP (grumble).

Blocking known residential blocks sucks (3, Insightful)

Nursie (632944) | about 6 years ago | (#22772590)

Blocking known residential blocks sucks as a solution as it removes some of the democracy of the net.

I (like others I'm sure, but maybe not so many of us these days) run a mail/web server from home. I just use it for personal mail. I have SPF and rDNS set up, I play by all the rules. Why block me because I use ADSL at home with a static IP ?

Whilst I appreciate that accepting mail from my IP is potentially a higher risk factor, blocking all residential blocks sems to me to be overkill.

Re:Blocking known residential blocks sucks (4, Insightful)

Corporate Troll (537873) | about 6 years ago | (#22772654)

Oh, I did that too. I resigned, I still have my own mailserver, but it simply sends everything through my ISPs smtp server. Even then, I sometimes get flagged as spam. This is, alas, a battle we have lost ages ago :-(

Re:Blocking known residential blocks sucks (1)

Just some bastard (1113513) | about 6 years ago | (#22772706)

I (like others I'm sure, but maybe not so many of us these days) run a mail/web server from home. I just use it for personal mail. I have SPF and rDNS set up, I play by all the rules. Why block me because I use ADSL at home with a static IP ?

Actually I agree with you, I should have said "dynamic residential blocks". Most residential users have dynamic IPs with rDNS in the form *.adsl.isp.net and it's safe to assume these can be blocked. If you're running an MTA using a static IP with a valid rDNS entry (that doesn't look like a dynamic), there's absolutely no problem.

Re:Blocking known residential blocks sucks (2, Informative)

domatic (1128127) | about 6 years ago | (#22773118)

I don't care for the sucky aspects of it either but ultimately I have to keep email useful for the users on my network. We usually have ~=1000 valid incoming emails a day. Likely many of those are spam too but I've cranked up the filters as high as I dare. Blocking off residential IP space spares us from having to filter and deliver 50,000 to 100,000 spams a day. That is a pretty good chunk of CPU and bandwidth saved right there. An immediate 50:1 to 100:1 reduction on incoming server load is hard to pass up. Furthermore, some percentage of the traffic that we DO let through turns out to be spam anyway. My best estimate is perhaps 50 spams get through a day. If I had to categorize botnet traffic, that would inevitably go up and get users barking at me.

Now, I COULD let the botnet traffic in and heavily penalize it in spam points. On the other hand, I whitelist maybe two or three servers on residential IP space a year. The tradeoff in bandwidth, server resources, and filter accuracy between "allow categorized residential" and "block residential minus whitelist" is simply too favorable in the blocking direction.

Functional democracies require ways to deter griefers or at least the very worst of griefers. The spammers have made SMTP their personal playground and there is no end in sight to it. It is they who should have the blame for mail servers being configured as fortresses. It is all the mail admins can do to keep on top of their shenanigans.

Re:Hmm (1)

PJ The Womble (963477) | about 6 years ago | (#22772758)

A dominant market position? Major players unwilling to share their source code? Smaller organisatons unable to gain a niche in a still-growing market? End-users don't really want to use the product but have little choice? I have the answer: EU Antitrust legislation.

Who needs 6? (5, Funny)

elrous0 (869638) | about 6 years ago | (#22772306)

Bet I could connect any one of these bots to Kevin Bacon in 3 or less.

Re:Who needs 6? (2, Funny)

Anonymous Coward | about 6 years ago | (#22772586)

It only takes one. I can't count the number of times I've received spam that tries to get me to "3nl4rge my K3v1n B4c0n".

Distributed projects (4, Funny)

sakdoctor (1087155) | about 6 years ago | (#22772328)

Srizbi is the largest contributor at 39%
I believe this figure could be much larger if the Trojan.Srizbi client was ported to Mac and linux
Anyone know what licence it's distributed under?

Re:Distributed projects (-1)

webmaster404 (1148909) | about 6 years ago | (#22772394)

I doubt it would be very much larger. Most non-technical Linux users only install software from Ubuntu/Debian/Mandirva/openSUSE/Fedora repositories. Very few of them would take the time to either compile it or install a package outside of Add/Remove Programs. And most technical users would know that it would be a virus either from reading Slashdot or from it not being a necessary program. As for Mac users, there could be a potential but Apple would probably take steps to block the virus.

Anti-bots? (0, Interesting)

Anonymous Coward | about 6 years ago | (#22772358)

Would it be possible to set up an anti-botnet? Release search_and_destroy police bots that would spread the same way the bad bots?

Re:Anti-bots? (4, Insightful)

ajs318 (655362) | about 6 years ago | (#22772488)

In theory, yes it would.

In practice, no it wouldn't.

You'd be opening yourself up to prosecution. Even in countries without specific "misuse of computers" laws, running a program on someone else's computer is trespass. You might think that, since trespass is a civil matter, you'd only need to worry about someone who has the money to sue you taking a dim view of what you were up to. And you'd be right. But the botnet-controllers have got enough money and would be bothered to take you to court.

And I haven't even touched on the really horrifying issue: what if your benign, anti-malware malware malfunctioned, or was subverted by the next generation malignant, anti-benign-anti-malware-malware malware? You could easily end up becoming even worse than the enemy whose dirty tricks you borrowed.

Re:Anti-bots? (1)

ozmanjusri (601766) | about 6 years ago | (#22772524)

What if Microsoft were to release it?

Re:Anti-bots? (1)

ajs318 (655362) | about 6 years ago | (#22772696)

Well, they already are worse than the spammers, in their own way.

Most of the shite legacy software that was written (using Microsoft's deliberately incomplete, and occasionally downright wrong, documentation) for Windows takes advantage for its legitimate operations of the exact same features that most malware uses for its nefarious ones, so it won't run as a non-administrative user.

You know what's worse? It'd be a quick half-hour job to fix it, if only the owners had thought to demand the Source Code.

Re:Anti-bots? (0)

Anonymous Coward | about 6 years ago | (#22772802)

Thanks! Good thinking- you're right. My brain isn't working yet today.

Ever since I heard of spam, started receiving it, and found out they can spoof all header info, I came to the conclusion that the only way to stop it is for each ISP and mail server to require correct sender IP info from the sender, or bounce the message right back.

It seems it should be easy to find spammers at the source; it's just that it's not being done enough.

Re:Anti-bots? (3, Insightful)

ajs318 (655362) | about 6 years ago | (#22772926)

I came to the conclusion that the only way to stop it is for each ISP and mail server to require correct sender IP info from the sender, or bounce the message right back.
Almost. Actually, if the HELO is incorrect, or the originating machine is not registered as an MX for the domain, the proper course of action would be to return an SMTP error code -- absolutely not bounce the message back. If it's genuine, there'll be a copy on the sending machine somewhere anyway; and the bounceback from failed spamming attempts is not pretty. (Domains of mine have occasionally been used as the purported originators of spam, and the floods of "returned" mail coming "back" from clueless ISPs -- hello? see where that HELO is coming from? is that machine an MX for my domain? then WhyTF do you think this message has anything to do with me? -- are as bad as anything else.)

If more people configured their sendmail to reject bad HELOs, it would be a lot harder to send spam.

Re:Anti-bots? (2, Insightful)

Just some bastard (1113513) | about 6 years ago | (#22773016)

An MX record isn't required for sending mail, for receiving mail there's a fallback to A if no MX is found. The problem you're describing (backscatter) is solved by SPF; if only more people configured their MTA to check that before generating a bounce :(

Re:Anti-bots? (1)

Andrzej Sawicki (921100) | about 6 years ago | (#22773282)

And I haven't even touched on the really horrifying issue: what if your benign, anti-malware malware malfunctioned, or was subverted by the next generation malignant, anti-benign-anti-malware-malware malware?
I think some anti-malware vendors might have dibs on the subversion part.

Re:Anti-bots? (5, Interesting)

MightyYar (622222) | about 6 years ago | (#22772972)

I was wondering whether it would help if Google (and maybe some of the other top 10) notified you when you showed up on one of the IP block lists with a big yellow box at the top of the page, like an IE alert: "Warning: Your computer has been reported to be a SPAM relay! Please clean up your computer with the following tools..."

Something like that. They could get the list of infected IPs from one of the black lists.

I'm not a network guy, so I don't know what kind of technical restrictions there would be... obviously this wouldn't work well with proxies - maybe NAT would be an issue as well? In any event, I personally would appreciate such a service, even if I got hit with false positives once in a while. Of course, the bots would eventually get wise and filter out the messages, but that's part of the fun of the war.

Re:Anti-bots? (1)

SanityInAnarchy (655584) | about 6 years ago | (#22773248)

It's not a bad idea, and I think it should be done.

You're right about NAT, though -- at least a few ISPs are starting to run NAT at the ISP level. We need IPv6 badly.

Since ISPs Love Filtering So Much... (4, Insightful)

blcamp (211756) | about 6 years ago | (#22772372)


Why can't they focus thier efforts and resources on shaping traffic to block this kind of nonsense, rather than Torrents?

Re:Since ISPs Love Filtering So Much... (2, Insightful)

AltGrendel (175092) | about 6 years ago | (#22772428)

1) There are "fewer" people using torrents than using email.

2) Email users include businesses that probably include a draconian SLA on the ISPs part and they don't want to mess with that.

3) And as always, it affects Profit!!!

Re:Since ISPs Love Filtering So Much... (0)

Anonymous Coward | about 6 years ago | (#22773104)

3) And as always, it affects Profit!!!

According to the spam I get it mainly affects my penis size.

Re:Since ISPs Love Filtering So Much... (5, Insightful)

Von Helmet (727753) | about 6 years ago | (#22772576)

Spam affects the little guy. Torrents affect (apparently) the big guy.

Re:Since ISPs Love Filtering So Much... (2, Informative)

gmuslera (3436) | about 6 years ago | (#22773106)

Torrents/p2p uses its own ports and protocols, and here you just target client machines. You can easily (?) filter them. Much different is something that is just mail, and there you get it from your mail server, whatever it is, whatever measure is taking. And one of the most used techniques to reduce spam (greylisting) is specifically targetted by Snzbi (the bot responsible back at the time this was published, almost 3 weeks ago, of 39% of the spam), so it dont stop this particular botnet.

How much spam do you actually get? (0)

Anonymous Coward | about 6 years ago | (#22772382)

Just wondering, how much spam do you actually get? I'm wondering because I don't seem to get much of it at all... I have some 'disposable' Email addresses that see a lot of spam, but I don't care about that. My "real" addresses are almost spam free, maybe one or two in months. So honestly, for me at least, there is not much of a problem. I understand the situation's different for people running mail servers, but they actually seem (from my position at least...) to be doing quite a good job at stopping it...

Re:How much spam do you actually get? (1)

Malevolent Tester (1201209) | about 6 years ago | (#22772460)

I *used* to get next to no spam at all - maybe 2-3 mails a month. Unfortunately, I then created a mod for Oblivion which included an obfuscated version of my email in the readme for bug reporting, feedback etc. Gamershell, Fileplanet and Filefront then very helpfully added my file to their servers, and included the readme with deobfuscated address on the download page. Now I get 500 a day at times - fortunately, all but 1 or 2 a week get caught straight so it's just a matter of emptying the Trash folder every now and then.

Re:How much spam do you actually get? (2, Interesting)

liquidpele (663430) | about 6 years ago | (#22772508)

Yea. that's why I set up a new gmail account for each new thing like that, obfuscate the address when posting is places, and have it forward all mail to my actual email account. Then if it starts getting spam, I just stop the forwarding and set a vacation message saying the account is not used anymore.

Re:How much spam do you actually get? (4, Informative)

shird (566377) | about 6 years ago | (#22772546)

rather than creating a new gmail account, you should look at spamgourmet.com. The email accounts are created and limited automatically. Just give out an email address, and it automatically is limited to x many emails. You need to have a read up on it, but its very easy to use.

Or you can put a prefix to your gmail address with a '+'. ie. "temp+john38@gmail.com" the mail still gets delivered to john38@gmail, but with 'temp+john38@gmail.com' in the 'to:' field, allowing you to filter it easily.

Re:How much spam do you actually get? (5, Informative)

Tacticus.v1 (1102137) | about 6 years ago | (#22772928)

I just checked this and i think you got the address round the wrong way.

you need to put it john38+temp@gmail.com for it to work as the other way round just goes to the wrong address

Most Spam Comes from just Six Bots, not Botnets (5, Informative)

Aaron Isotton (958761) | about 6 years ago | (#22772402)

What TFA says is that most Spam comes from the following six types of Bot:

Srizbi: 39%
Rustock: 20%
Mega-D: 11%
Hacktool.Spammer: 7%
Pushdo: 6%
Storm: 2%
Other: 15%

This doesn't necessarily mean that most spam comes from six botnets. Some of the bots could be used by multiple bot masters; OTOH some botmasters could control multiple botnets using different bots.

Something else I just thought of:

The botmasters are going to use the best bot available, i.e. the one enabling them to send most spam at the least cost. On the other hand, the "good guys" are fighting spam (and the bots). So whenever a certain bot starts taking over (currently Srizbi) all the good guys will focus on that one and try to shut it down. So the bot decreases in value and another, better bot will take over. Evolution at its best.

The Antivirus companies which are trying to fight the malware are also trying their best. The big difference is that while the success of a spambot can be easily measured by the customer (i.e. the botmaster), the success of an AV product is much harder to estimate. Also, the typical AV customer doesn't have the ability/time to find out which AV product is best for him. Moreover, AV products are some sort of subscription service (you buy the package and get 1 year of updates) which makes it hard to switch products. Often AV products are bundled with computers, selected by business principles and not by technical superiority.

In other words, the evolution process of malware is far superior to the one of AV products.

Re:Most Spam Comes from just Six Bots, not Botnets (0, Flamebait)

webmaster404 (1148909) | about 6 years ago | (#22772456)

You are forgetting something. And that is Windows. Even the absolute best AV product cannot block every threat, why? Because Windows is closed-source and MS has a monopoly. Whereas Linux distros are hurrying to be the quickest to create a package for the newest flaw that comes out, there is no competition in the commercial OS department so MS can take their time in patching it. Also, you are forgetting about how most AV products are commercial and therefore won't detect some threats such as the Sony Rootkits, government produced malware and might take bribes from the malware authors themselves to not be detected.

Re:Most Spam Comes from just Six Bots, not Botnets (5, Insightful)

Anonymous Coward | about 6 years ago | (#22772624)

Tinfoil hat much Mr. 404? An AV product can't block every threat BECAUSE Windows is closed source? That makes no sense.

The reason that they can't block every threat is that they are still signature based and have not completed the move to behavior based blocking and heuristics. The other problem - the main one - that you don't even mention is users. If someone bothered to write a 'SomeFamousPersonNaked.exe' for other OS'es - stupid users would still run it. (I do note that in today's world, the average Linux user is brighter about these things than their Windows counterparts - mostly because Linux is still in that niche role where it is dominated by computer savvy folks at least for now).

But, give that same Windows user who is stupid enough to run that EXE an Ubuntu machine and send him a version that runs on Linux AND HE WILL STILL CLICK IT. Switching OS'es doesn't make a dork not a dork. Doesn't even really matter whether the user is an admin or not on Windows or Linux - just sending mail doesn't require it and now that Vista is actually usable by many people as a standard user the malware writers will adapt and not try to own the whole machine right away.

I can see how this will be a problem for Linux users in the future if the user base continues to grow into that "stupid user" segment - at which point folks will be more than happy to write bot software for those users to run.

Re:Most Spam Comes from just Six Bots, not Botnets (4, Insightful)

rucs_hack (784150) | about 6 years ago | (#22772660)

how marvelously uninformed..

There are no major spam bots for linux because linux just doesn't have that all important desktop install base. However infected linux servers are frequently used to admin botnets. Badly configured linux servers are like treasure to the botnet guys..

Microsoft don't have more bots and virii in windows because their stuff is closed source, they have it because the underlying security model of windows is, and always has been, pretty poor. For years, normal users have run windows boxes in admin mode by default. This is INSANE!!, and yet it persists.
Adding UAC hasn't helped. It was implemented so badly that people just click through the new dialogs without reading the warnings most of the time. This wouldn't happen if it didn't question almost everything you do.

The sony rootkit couldn't be detected because of a flaw in windows that allowed it to hide even from most AV products.

Most AV companies don't 'take bribes' to keep bots going, they just aren't very good these days. The way virii are fought on the desktop needs to change, and that change is very slow in coming.

Re:Most Spam Comes from just Six Bots, not Botnets (1)

dc29A (636871) | about 6 years ago | (#22772774)

how marvelously uninformed..
Ah the irony ...

Microsoft don't have more bots and virii in windows because their stuff is closed source, they have it because the underlying security model of windows is, and always has been, pretty poor. For years, normal users have run windows boxes in admin mode by default. This is INSANE!!, and yet it persists.
What does the underlying security model have anything to do with idiots running Windows as administrator? No really, what? Please enlighten us. Do you have any idea about the Windows security model or you are just repeating the same old internet cliché "OMGZ WINDOZE IS NOT SECURE!!!1111oneoneeleventyone!!!!"?

How is your "poor Windows security model" different than someone running Linux as root? Just because the user is uninformed it doesn't mean the underlying OS is non secure. Windows is secure once you spend 1 minute creating a non administrator account.

Before I get flamed:
I ran Windows since Win2k without *ANY* anti-malware programs installed, it's easy and never had any issues. My second machine is running Kubuntu.

Re:Most Spam Comes from just Six Bots, not Botnets (1)

rucs_hack (784150) | about 6 years ago | (#22772848)

Anyone who routinely runs Windows using the admin account is an idiot, as is anyone who routinely runs Linux as root. There is no distinction.

Windows security model is so bad in part because most windows machines come with a user set up that has full admin rights, and that's what new computer users will just use without ever considering it as a bad idea, after all, that's how their machine was delivered...

Given that many users wouldn't even realise this is a problem, let alone know how to change it, this is a serious flaw. Microsoft sell to home users, they know this, it is their responsibility.

Re:Most Spam Comes from just Six Bots, not Botnets (1)

Ed Avis (5917) | about 6 years ago | (#22773094)

Anyone who routinely runs Windows using the admin account is an idiot,
Logging in as 'administrator' is a bit silly. However, running as an individual user who has full admin rights is often the only way to do things. I'd love to run as a non-privileged user but the sad fact is that you can't install software without administrator rights, even if you try to put it in your home directory. Other things like debugging also go wrong unless you have admin rights on your PC. By contrast, on Unix systems you rarely need to be root to get work done - you can install your own software in your own directory and not bother anyone else.

Re:Most Spam Comes from just Six Bots, not Botnets (4, Informative)

xZgf6xHx2uhoAj9D (1160707) | about 6 years ago | (#22772876)

What does the underlying security model have anything to do with idiots running Windows as administrator?

Everything. People run as administrator because they have to.

How is your "poor Windows security model" different than someone running Linux as root?

It's different in that a user does not have to run as root in Linux to get useful work done.

Ever tried to debug as an unprivileged user on W2K? Ever tried to install software? Just what is the Windows equivalent of sudo that ships standard with Windows XP?

Windows is secure once you spend 1 minute creating a non administrator account.

Let me correct that for you: Windows won't let you do anything of substance once you're running as non-administrator. That is the problem.

Disclaimer: this situation has changed somewhat in recent years. However, considering the number of Windows user still running W2K or Windows XP (and for good reason), it's still concerning.

Re:Most Spam Comes from just Six Bots, not Botnets (4, Informative)

dc29A (636871) | about 6 years ago | (#22773026)

Everything. People run as administrator because they have to.
Since when?

On my non administrator account I run the following programs (Windows XP):
- World of Warcraft.
- A few other games I play once every blue moon.
- Music player, video player, encoders, editing software.
- Office.
- VPN client for my job.
- Firefox with Flash, Java, AdBlock and NoScript.
- Azureus.
- Thunderbird.

I need administrator to run these:
- Windows update (Duh!).
- Various software updates (Duh!).

How is that different from a typical Linux usage? I still need root access (via sudo or root) to update my OS and installed programs. So where is this "Windows won't let you do anything of substance once you're running as non-administrator." problem?. I can play video games, do video editing, listen to music, surf the web, use office and work from home via VPN and all that without being logged in as administrator. Where is the problem?

I am perfectly aware that there are a few programs that have trouble running as non administrator most notably CD burning/ripping stuff. You can always run them "Run as administrator" or find one that works fine. Mind you, I never bothered finding one that works well, just picked up one from Sourceforge and run it as root.

The whole Windows security "issue" is strictly educational. The underlying OS has a very solid security framework that IMHO is better than Linux because it's more granular.

Updating software (1)

Nerdposeur (910128) | about 6 years ago | (#22773120)

I need to run as admin to update software, as I am regularly prompted to do. Switching over to admin is annoying, so mostly I just don't update software.

I wish I could specify that certain programs are allowed to update themselves without admin rights.

Re:Most Spam Comes from just Six Bots, not Botnets (0)

Anonymous Coward | about 6 years ago | (#22773224)

I have to run Windows in admin mode to get Eudora email to run between different user accounts. If I don't it can't see a shared mailbox.

Re:Most Spam Comes from just Six Bots, not Botnets (2, Interesting)

RulerOf (975607) | about 6 years ago | (#22773230)

Just what is the Windows equivalent of sudo that ships standard with Windows XP?

I doubt that a Windows equivalent to sudo would ever come about, not because it isn't necessary, but because the model that drives useful work in Windows isn't command line based (even from an Administrator's point of view). That may be changing with MS switching over to Powershell, but as it stands, what you're asking for may not actually be necessary.
 
Vista, though, is supposed to have that magic little password prompt when you need admin privileges on a non-admin account, but if it comes up as often as UAC does (before you disable it because it annoys the shit out of you), I wouldn't use it. Of course, this necessitates that Vista doesn't set you up as an Admin out of the box, which it has each time I've installed it.
 
Interestingly enough, I'd be willing to bet that if the only time UAC came up was in the context of a web browser or email app requiring admin rights (Attention: Hardcore Porn Video.exe is requesting to install "Botnet client." Cancel or Allow?), it'd probably be heeded much more seriously by average Windows users.

Re:Most Spam Comes from just Six Bots, not Botnets (2, Informative)

WK2 (1072560) | about 6 years ago | (#22773262)

Just what is the Windows equivalent of sudo that ships standard with Windows XP?

It's called, "runas". It is a Windows program that allows you to run an arbitrary program as any other user (if you know the password, of course).

Windows won't let you do anything of substance once you're running as non-administrator. That is the problem.

That's not what I've observed. Back when I was using Windows 2K, I regularly ran as an ordinary user. Most programs worked just fine. Almost all of the Windows programs worked under a regular user, except for the ones that genuinely needed Admin access.

Ever tried to install software ... as an unprivileged user on W2K??

You can install software as an unprivileged user if you don't require Admin access to write to the directory you are installing to. So for example, if you install into your "My Documents" folder, you do not need Admin access. If, however, you want to install to "Program Files", then you need Admin access, unless you have altered Program Files to be editable by everyone. It pretty much works exactly like it does on Linux.

Now that I've gotten your inaccuracies out of the way, I'd like to point out that Windows, and many of the program written for it, don't seem to understand Least User Authority. The main goof Microsoft did was give the regular user Admin privileges at install-time. Windows requires Admin privileges just to look at the clock/calendar. Many programs written for Windows need to be manually "finessed" after installing, so that they can work properly for regular user accounts.

Re:Most Spam Comes from just Six Bots, not Botnets (1)

Domint (1111399) | about 6 years ago | (#22773292)

Just what is the Windows equivalent of sudo that ships standard with Windows XP?

Shift + Right-Click, select 'Run As'. Select Administrator and put in the password. Granted not every single icon responds in this way, but there you go.

Re:Most Spam Comes from just Six Bots, not Botnets (2, Informative)

Ash Vince (602485) | about 6 years ago | (#22772852)

Adding UAC hasn't helped. It was implemented so badly that people just click through the new dialogs without reading the warnings most of the time.
No, what most people do is turn it off completely. They do this because it annoys them while they are setting up their machine and they do not understand its value.

When I first configure a linux machine, constantly having to enter the root password anoys me too. My solution is to just log in as root, do all the setup neeeded, then log in as a regular user. I have just been informed by a colleague that vistas implemantation of UAC doesnt really allow this. If this is the case it is a bit of a design flaw.

Re:Most Spam Comes from just Six Bots, not Botnets (4, Informative)

jimicus (737525) | about 6 years ago | (#22773020)

I've just spent the last week wrestling with Vista's implementation of UAC, and I agree with what you've been told.

For better or for worse, I administer a bunch of desktops and my current build process consists of a number of automated installations (most software installations can have all the mindless "click next next next" automated away fairly easily). I am at an awkward point where I have enough machines to want to automate the process, but not enough that I can easily just buy 100 identical systems and ghost the lot. And before you ask, I don't run Active Directory so rollout through group policy is out of the question.

It looks like this process will require substantial redesigning for Vista, as there doesn't seem to be an easy programnatic way to say "do everything below this point without bothering me through UAC". Neither is there an easy programmatic way to disable UAC altogether, even on a temporary basis. (Yes, I know about the registry setting from the command line. But that needs to run from an elevated command line which, guess what, you can't set up without interaction).

The way UAC works is that normal users still can't do a bunch of things. This doesn't change; they probably won't ever see a UAC prompt. Administrators can do everything they're used to, but by default if they want to do anything administrative, UAC steps in and says "Cancel or allow?".

I can understand from Microsoft's perspective that it's somewhat pointless to create such a system and then create an easy method to work around it, but I can't believe that in the whole corporation there aren't a few people with the brains between their two ears to realise that it's a very inelegant solution which adds hassle without really solving the problem.

Re:Most Spam Comes from just Six Bots, not Botnets (2, Informative)

Jeppe Salvesen (101622) | about 6 years ago | (#22773126)

Whoa.

Linux is indeed more secure because of the higher eyeball count that comes with open source software. However, if you really want security then make sure to use older versions with backports for security fixes. Programmers introduce security flaws all the time. We are fail constantly, and our failures are made right later on - in open source.

Even the absolutely best AV product possible cannot block every threat because that problem is currently NP complete, to the best of my understanding. Such a product would not be able to block every threat on Linux or OSX either.

The Sony rootkit worked because of incompetence in both Redmond and in the AV industry. However, most people would have clicked through the "install application" screen by habit anyhow.

Microsoft should indeed make a service like the one that is integrated into the iPhone SDK: Only allow signed binaries. Average Joe cannot be expected to figure out what software is secure. Asking him for confirmation of whether he would like to install a piece of software is very much a flawed approach. Use techies mostly know how to protect ourselves. But those root kits run on Average Joe's computer, and until we can prevent him from installing that piece of malware and until he is forced to upgrade his system software and until all his applications are automatically upgraded with the latest security fixes - then we'll have these botnets.

Re:Most Spam Comes from just Six Bots, not Botnets (1)

thedletterman (926787) | about 6 years ago | (#22772468)

If you really want to focus the discussion on business principles, then you would realize the cost of a satisfied, virus-free customer is far less than the profit derived from picking a anti-virus package to bundle. Don't underestimate or trivialize the amount of effort OEMs go through in picking out their software bundles. Some of the bundles are shit, some are for pure profit, and a lot is unnecessary for an individual user, but if you're selling to ten million people, one person's "bloat" is another's requirements.

Re:Most Spam Comes from just Six Bots, not Botnets (1)

Aaron Isotton (958761) | about 6 years ago | (#22772544)

Come on. The software bundles are *always* ludicrous. They typically include: - A crappy "Home User"-Antivirus with huge splash screens and big colorful dialog boxes pissing you off a few times a day. - A crappy toolbar for your browser (often Yahoo or Google, sometimes worse) - Some "software update center" which is usually far worse than even Windows Update - A CD Recording application which is ALWAYS crap. - A software firewall yelling "OMG PACKET" every time someone sends an UDP broadcast on your network. - A few "click here to sign up" icons of various services no one has ever heard of (or wants). - Half a dozen media players fighting for world domination (and stealing file extensions from each other all the time).

Re:Most Spam Comes from just Six Bots, not Botnets (1)

thedletterman (926787) | about 6 years ago | (#22772610)

Yes, you typically get a yahoo or google toolbar as well as those half a dozen "click here to sign up" programs. The bright side of these programs is that they subsidize part of the cost of the computer. Annoying, definately.. but certainly innocous at worst and benifical at best. CD recording software? Last bundle I had included Nero, which I already use by choice and have a purchased license for. My last bundle also included Norton Internet Security as a free bundle, but it was only a 90-day trial, but I have a full license through my employer already. Yeah, I hate leaving on the crappy OEM software update bundle, knowing that by leaving this product running 24x7 I won't miss a semi-annual driver update. What a loss, and yes, Windows Update will find the driver anyways, so nothing lost and nothing gained.

Re:Most Spam Comes from just Six Bots, not Botnets (2, Insightful)

Aaron Isotton (958761) | about 6 years ago | (#22772570)

(Same post as before, formatted properly)

Come on. The software bundles are *always* ludicrous. They typically include:

- A crappy "Home User"-Antivirus with huge splash screens and big colorful dialog boxes pissing you off a few times a day.
- A crappy toolbar for your browser (often Yahoo or Google, sometimes worse)
- Some "software update center" which is usually far worse than even Windows Update
- A CD Recording application which is ALWAYS crap.
- A software firewall yelling "OMG PACKET" every time someone sends an UDP broadcast on your network.
- A few "click here to sign up" icons of various services no one has ever heard of (or wants).
- Half a dozen media players fighting for world domination (and stealing file extensions from each other all the time).

Re:Most Spam Comes from just Six Bots, not Botnets (0)

Anonymous Coward | about 6 years ago | (#22772600)

So the bot decreases in value and another, better bot will take over. Evolution at its best.
Only for the people that need a larger m3mb3r.

Re:Most Spam Comes from just Six Bots, not Botnets (1)

networkconsultant (1224452) | about 6 years ago | (#22772732)

A list here [pcworld.com]
Some Required Reading [av-test.org]
The Wiki Entry with everything [wikipedia.org]

Now Those are just some places to start, however:
if you look here you'll get an idea [toptenreviews.com]
Finding a good vendor independent list that does not use adjectives, you know something with metrics on how many viri in the database, how fast does is scan files? How much Memory does it take up? all of these are becoming more and more difficult to find. AV software is supposed to do one thing, scan files, match them to heuristics and if they match the sig, move it to a sandbox or blow it away. Security is an evolving battlefield, polymorphisms brought way to new methods of infection and a few worms bounced about, then heuristics got better, now they rely on stupidity of which there will always be an ample supply.

its all spam (1)

FudRucker (866063) | about 6 years ago | (#22772404)

You have 11292 unread messages: Inbox(7803), Bulk(3489)

this is from a 10 year old yahoo account that i only visit once a month to keep it active, i log in and never open anything, i dont care = its not my harddrive all that spam is sitting on...

Spam, Spam, Spam, Spam, Spam... (0)

totallyarb (889799) | about 6 years ago | (#22772416)

...Spam, spam, spam, spam, spam, baked beans and spam.

But the baked beans are off.

Re:Spam, Spam, Spam, Spam, Spam... (1)

sjaguar (763407) | about 6 years ago | (#22772612)

I've always wanted to know why the wife couldn't have "egg and bacon" or "egg, sausage, and bacon."

Control Server? (1)

BaphometLaVey (1063264) | about 6 years ago | (#22772486)

These botnets have "Control Servers" and we haven't managed to isolate them? Surely such centralization is a weak core that could be exploited?

If I was building a botnet, every host would be preloaded with the address of every other host that was known about by whatever was doing the infecting. Once established, each host would go about randomly informing the whole list that it now existed, as well as starting to receive notices about newly established hosts so it can keep it's own list of hosts up to date. This way there would be no single point of failure.

It surprises me that botnets using even a large amount of central servers can't be isolated off networks. If ipX is a known Russian Control Server, and ISP finds Client Y connecting to it, it makes sense Client Y needs to be disconnected and contacted, or say, have access restricted to antivirus update / download sites for say an hour (arbitrary) and then full access restored. If the client then tries to reconnect to ipX again, it should have it's access restricted for longer.

I would imagine, that even a few ISPs doing this could at least make a reasonable dent on spam. They are always complaining about bandwidth, after they remove the spam from it they will have more for legitimate customers, which will mean they can give better allowances to people who like to download, making them a more attractive ISP, profit!

Never mind, the current solution seems to be working perfectly.

Re:Control Server? (3, Informative)

liquidpele (663430) | about 6 years ago | (#22772552)

It's more complicated than that. Most of the "control servers" are actually groups higher end bots themselves, so if one dies they just change the DNS to a new one to host the new config file. New config file might have new DNS names to use too. You'd have to simutaniously bring down several domain names and IP addresses, which just isn't possible. Plus, some of them (like storm) use other bots as DNS servers too!

Here is some info on the Srizbi [symantec.com]
Basically, it's a rootkit that downloads config files from one of several IP's or domains to then start sending spam.

You have overlooked a more permanent solution. (4, Funny)

Dimensio (311070) | about 6 years ago | (#22773306)

While it may be difficult to terminate entire networks and IP address ranges, a more effective solution would be to identify the individuals who are directly responsible for sending unsolicited just e-mail through "botnets" and the individuals who are responsible for providing access to these illegally hijacked "botnets" and then kill them. Such an action would be most effective if done brutally and painfully, through acts of torture, with videos and images of the events and the aftermath released to the public as a warning to others who might engage in the same behaviour.

Possible means of blocking spam? (1)

Gordonjcp (186804) | about 6 years ago | (#22772500)

Is it possible to identify a trojanned machine that's sending out spam, like maybe find if it responds to some "unexpected" port? If you could do this, you could quickly check "unknown" mail servers and see if they were really an 0wned Windows box spewing out spam.

Re:Possible means of blocking spam? (1)

liquidpele (663430) | about 6 years ago | (#22772602)

Okay, lets say you're right, and the "0wned" servers listen on port 666.
I'll leave you to reprogram every single smtp server in the world to check for that condition.
Just remember, the next version of the bot might use port 667 so you better hurry!

Re:Possible means of blocking spam? (1)

rcw-home (122017) | about 6 years ago | (#22773192)

I'll leave you to reprogram every single smtp server in the world to check for that condition.

Most SMTP servers have the ability to check a blacklisting service - so that's all you have to program.

Re:Possible means of blocking spam? (1)

Just some bastard (1113513) | about 6 years ago | (#22772626)

Is it possible to identify a trojanned machine that's sending out spam, like maybe find if it responds to some "unexpected" port?

Not since the late '90s. Due to increased use of firewalls and NAT, most malware will establish an outbound connection to some other compromised machine (see Fast flux DNS [wikipedia.org]).

Re:Possible means of blocking spam? (0)

Anonymous Coward | about 6 years ago | (#22773316)

At least recent iterations of the Storm bot react quite aggressively to attempts at probing it, and will automatically DDOS any host that tries to do so.

People need to take responsibility (1)

cdn-programmer (468978) | about 6 years ago | (#22772598)

You know... we don't let people drive without a drivers license and insurance. The general public has to start taking some responsibility here.

I would suggest some measures we can use:

1) static IP's. Then we can easily track down infected machines and take them offline.

2) Laws that require people to assume some form of responsibility when they connect a computer to the net.

3) Perhaps some form of compulsory insurance policy.

4) Laws that require ISP's to disconnect spam bots and take some responsibility.

If we had people throwing garbage from the windows of their cars we'd probably urge more enforcement of anti-littering laws. But what if these people were spewing porn? If we had a trespass issue as bad as the spam issue then we'd urge more enforcement of laws already on the books.

In the case of spam, we don't have the laws we need for the most part.

There are people who are responsible. I should think we can figure out ways to encourage them to clean up their act. The thing is this is not harmless. Many of these spams are NOT suitable for children and many children have net access. It is not even possible for most parents to screen this.

Perhaps we need enforcement of some of the child pornography legislation. A for instance is that if some adult is so irresponsible as to discard their used porn rags in a school yard then I don't think ignorance would be considered a suitable defense. Yet that same individual who allows his computer to remain part of a botnet which dumps porn into computers children have access to is somehow innocent? I don't think so.

It would take only a few cases and the public would wise up real fast.

Re:People need to take responsibility (4, Insightful)

CaptainPatent (1087643) | about 6 years ago | (#22772724)

What you have is a good idea in principle, but with potentially horrible consequences.

I would suggest some measures we can use:

1) static IP's. Then we can easily track down infected machines and take them offline.
Advertising companies are jumping for joy at this one. The more stable the IP address, the more they can bombard you with ads specially tailored for you. I like the fact that DHCP refreshes my IP every day or so, it means that sites that use web-bugs and other semi-devious methods of gathering information and (much worse) sell it to other companies, only have a very limited time frame to do so - and the fact that my IP does refresh makes them that much less able to make any profit off of me.

2) Laws that require people to assume some form of responsibility when they connect a computer to the net.
And what's going to happen if they don't "take responsibility?" By what metric do we judge responsibility? It sounds like the only way to enforce this is to dig into private internet usage information. I think the last thing I want is another person snooping around in the internet garbage bin for places my computer has been and is going to.

3) Perhaps some form of compulsory insurance policy.
Mainly see the above, but in addition the last thing we need is another mandatory insurance policy.

4) Laws that require ISP's to disconnect spam bots and take some responsibility.
This one may not be a terrible idea in practice, but ISP's are currently going nuts over things like bittorrent. What's to stop them from classifying bittorrent activity as "suspected botnet activity?"

I do like the spirit of the post, but I don't think there's a clear-cut solution to the problem.

Re:People need to take responsibility (1)

mrbah (844007) | about 6 years ago | (#22772804)

Static IPs are the closest thing to a silver bullet there is for spam but they will never get adopted, even with IPv6. Major ISPs back-asswardly see static addresses as an extra service they can charge extra money for, and as such will never offer them as standard with consumer broadband.

Static IP's (1)

cdn-programmer (468978) | about 6 years ago | (#22773010)

Yup. You are 100% correct that ISP's like to charge extra for a static IP. Since I run statics I know exactly what you are saying.

I was on the phone with my Bank's security people last week and suggested they look into static IP's as a method to guard against identity theft. They have a HUGE exposure. Moving to statics for the general population would really help them from two standpoints.

1) They could implement a white list for their clients.

2) In the case of unauthorized access the IP can be given to the cops.

There are probably other advantages as well.

Now the thing is the ISP industry will not offer them for the reasons you pointed out. However we can urge to have legislation passed and then they have to offer them. Sometimes laws can be used to good advantage to make good things happen.

As for the issue of the ISP lumping torrents in with spam? Spam is on a separate port. Problem solved.

Perhaps I'll call my MP's office and offer to work on a committee to address some of these issues. I'd urge others to as well. It might take a while to figure out what might work and what might not, but addressing the issue is unlikely to be negative.

I think one thing that is totally clear is that an ISP who offers a connection to a spammer is totally irresponsible yet this happens and while they denied it they were quite happy to cash the cheques.

It is totally unbelievable that an ISP would not be able to monitor traffic on a certain port from a certain IP address and note that its spam.

Getting laws to force ISP's to shut down spammers would be a really good start. It might even solve most of the problems. As for enforcement? Well - we have the source IP addresses. If we have the law on the books and the enforcement people in place then this becomes transparent. All we need to do is simply advise the enforcement people of the issue.

A quiet call can be made to the management of the ISP. If the problem continues then the ISP faces a fine for non-compliance. Eventually they will get the message or they will no longer be in business.

A side affect of legislation like this is that when the plug gets pulled this will create an incentive for the owner of the infected computer to do something about their problem.

What of overseas spam? I figure if one country does something like then then maybe most countries will follow suit. As for the ones who don't? I don't know. Perhaps other measures can be found to contain that problem. I'm reminded of the incident where Telstra in Australia was black-listed. Telstra cleaned up its act rather quickly.

The thing is that at this point we are leaving it to the individual to protect themselves and for the most part the vast majority of the population simply is not up to speed in this area and never will be. Furthermore the problem is getting worse.

Re:People need to take responsibility (0)

Anonymous Coward | about 6 years ago | (#22772866)

Your post advocates a

() technical (x) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
(x) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:People need to take responsibility (1)

UbuntuDupe (970646) | about 6 years ago | (#22772888)

Your post advocates a

( ) technical (x) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:People need to take responsibility (2, Informative)

ledow (319597) | about 6 years ago | (#22772898)

Let's ignore all your points for a second and cut to the crux of the matter. The country you live in could legally enforce all of your suggestions absolutely perfectly. It wouldn't make a dent. You could do it in twenty, fifty countries. You still wouldn't make a dent. Law is not universal. In my continent you can't HAVE software patents, they actually do not exist. You aren't going to make that change any time soon no matter what your country does. Similarly for any legal resolution to spam, viruses, botnets etc. Even if 50% of the world's botnets are on American PC's (for example), by definition even the owner's don't want them or even know they are there. Nor do the ISP's, or the transport carriers, or anyone else along the line. But it's like suing people because they gave you a cold - they didn't want to catch the cold in the first place and, yes, although there are measures they can take to lessen their potential exposure to the virus, nothing is guaranteed.

1) "static IP's" - we can already trace where all the stuff comes from - there are complete trails back to the sending machines and from there back to the perpertrators. But most of it generally comes from computers abroad, or from people attacking computers from abroad, or via proxies, all of which are subject to different laws and untouchable. Even ASKING for the details belonging to a particular IP that resides in a foreign country is unbelievably difficult. And you won't get them, but your law enforcement might. And you think you can shut them off before they cause damage because you have their IP address? Nope. It's too late. By that time, the botnet's already moved on to take advantage of the next exploit. We have dynamically updating realtime, very expensive blocklists with dedicate people to add new machines as they are found - they don't stop that much, really.

2) "Laws that require people to assume some form of responsibility when they connect a computer to the net." - in every country in the world. With similar provisions. Quickly. Not going to happen. EVER. And then you're into why do you have to take responsibility and how do you ensure it? Your kid put a virus on your machine? I'll sue you, then. No? You caught a spyware toolbar which send me spam? I'll sue you, again. You'd either sue people literally off their computer seats, everything would get thrown out of court, or you've just helped the government introduce legislation to make them monitor everything you do at your computer, with fingerprint ID required to logon.

3) "Perhaps some form of compulsory insurance policy." - For owning a computer? No. If you could tax people for being stupid, the world would be split between the bankrupt and the filthy rich.

4) "Laws that require ISP's to disconnect spam bots and take some responsibility." - So now they're responsible for their users actions? They won't let you do it. If you do, they will shut themselves down and get out of the business. They ALREADY disconnect bots - it is in their interests. They ALREADY have to deny all responsibility for your actions. And they are ALREADY in deep legal grey areas because of the burden of proof of doing such things and the expense of a mistake (Sorry, Company X, I thought you sent a spam. I've just cut off your Internet by mistake. Bye-bye online business).

But the fact is that none of your measures are sensible or practical, some are even impossible, and all of them are in place in one way or another today. The fact is that every country in the world has a different idea. If we can't convince them all that death by execution or torture might be a bad idea, how the hell do you think you're going to get them to shut down botnets?

Re:People need to take responsibility (1)

PJ The Womble (963477) | about 6 years ago | (#22773160)

Perhaps we can learn a lesson from another mode of communications: I understand that in the amateur radio field here in the UK we have changed our regulatory strategy from an outright ban on those who had not passed a written "theory and practice" examination from using radio transmitting equipment (ostensibly, this prevented the unskilled from causing RF interference to other radio amateurs or to RF-sensitive devices used by the general public). Instead, it's my understanding that the regulations now allow *anybody* to transmit on any amateur frequency, with no license or study at all, but with the provisos that: (a) they can't use any hardware which hasn't been pre-approved by the authorities (b) they can't modify that hardware in any way once purchased (c) they can't add amplifiers etc (even though legal to purchase) which would increase the power of their setups to a point where they might interefere with others. Anyone wishing to become a 'hobbyist' (ok, just think 'nerd'), and construct their own equipment/use more power, is required to undertake a period of study towards an examination, and to be supervised in the construction of eqipment by an existing licensed radio amateur. I think there's a parallel here between newbie users and newcomers to Ham radio. As somebody who used to teach introductory PC skills, I now regret using the well-worn phrase: "Software is anything that if you hit yourself over the head with it, won't hurt you" to my newcomers without any caveat. Nowadays, badly configured software can give you more of a headache than a hard drive with an imprint of your forehead on it any day of the week! That headache can also spread to others faster than sudden lumbago the Monday after Superbowl. I don't think it would hurt too many people to give them a 'locked down' PC to practice with for their first few months. Most universities already do that for their freshman computing students, don't they? And you never know, the position of town nerd might become sexy again with the general populace, after a while!

Only Six Botnets? (1)

RedRumRobot (1237340) | about 6 years ago | (#22772712)

: New pill will grown & strengthen yourBotnets
: As Seen On: Maxim, GQ, Esquire, FHM, Rolling Stone magazines
: Will increase your size permanently up to 8 botnets!

It's the demand, stupid. (1)

glomph (2644) | about 6 years ago | (#22772764)

This is just like the specious 'War on Drugs' that's been so remarkably successful over the past decades. The problem here is that there are morons who actually send money for bootleg Viagra pills, male-member enhancers, and other quality merchandise which these spams promote. Just say no!

Life on the internet was a lot simpler when all stupidity could be pinned on AOL users.

Now if we could only get rid of all those easily bot-ified Minesweeper/Solitaire boxes.....

Remind me... 20 years ago... (1)

starglider29a (719559) | about 6 years ago | (#22772766)

Did the Futurists predict this and we just didn't take heed*? Or did no one predict this? I've always heard "never underestimate the power of human stupidity", but I guess we shouldn't misunderestimate the power of money and the drive to get it. 20 years ago, if you had told Alvin Toffler that this great interconnected information system was going hijacked by pharmaceutical ads, he'd have told you that you were a lunatic.

*I just saw BladeRunner-TFC again this weekend. Ridley Scott gave us the Blimp with blaring music and spotlights to shine into your windows. That's pretty close.

Is this a surprise to anyone? (2, Informative)

damn_registrars (1103043) | about 6 years ago | (#22772772)

Seeing that six botnets propagate most of the spam really shouldn't be a surprise to anyone who is familiar with spamhaus. After all, why would the spammers want to reinvent the wheel and produce new botnets when each botnet is itself constantly gaining new zombie PCs?

Really, this is nowhere near as useful as the spam distribution data that is available through spamhaus, telling us who is behind the bulk of the spam, and what geographic parts of the world they are associated with. The botnet building and controlling seems to be the easy part of the spammers' game now, and we can all thank our neighbors and their new un-patched boxes on 24/7 DSL / cable connections for that.

Tomorrows Headline.. (1)

kabocox (199019) | about 6 years ago | (#22772798)

I predict tomorrow's headline to be "90% of x computers belong to one of six bot nets." where x is either a group of foreign countries, corporate computers, or home computers depending on the mood of the day.

Sue the companies who advertise (5, Interesting)

ThirdPrize (938147) | about 6 years ago | (#22772810)

While most of us treat spam as junk it is there to serve a very specific purpose. To get our money into the accounts of unscrupulous companies. A mate of mine (honestly) replied to spam and got some pills back. There are proper businesses behind them. Why can't we trace where the money goes and sue their butts off?

How many companies are actually advertising at any one time? Is all the spam for one company, ten companies, a thousand companies or a million?

Re:Sue the companies who advertise (4, Insightful)

oliderid (710055) | about 6 years ago | (#22773002)

Precisly...For example US mortgages debt. I guess the "real" businesses behind could be easily tracked but US police officers. All you have to do is respond to the SPAM and wait until you get a phone number, a bank account or whatever. Or those VIAGRA pills...If they are "officals", then you can track their production numbers to the last "official" resellers.

There are plenty of spams requiring real businesses behind. Most of these businesses are located in western countries. Why can't they track them?

Re:Sue the companies who advertise (2, Informative)

vsloathe (1257618) | about 6 years ago | (#22773168)

There's a very simple reason you can't sue the companies who advertise via spam. They are not the ones sending you spam. Most email spam you receive is the result of affiliates of these companies who get paid a commission to sell you their products. Most companies strictly forbid the use of non CAN-SPAM compliant marketing, but some allow it "off the record". The best you can do is send an email to the online pharmacy or mortgage company or retailer on the other end and let them know "xyz account" is using spam to promote their product. Best case, you will get said affiliate's account banned. Most likely though, even if that does happen, the spammer will have multiple other accounts set to other bank accounts and other PO Boxes, et al. Ostensibly though, these companies have no hand in or knowledge of the promotion methods being used to sell their product, unless customers complain.

Re:Sue the companies who advertise (1)

ThirdPrize (938147) | about 6 years ago | (#22773298)

Can't we go after the affiliates then? If the drugs company gets a enough red tape by using affiliates related to a particular person/company then, maybe they will start vetting their affiliates better.

International ban on trade of ivory (1)

microbox (704317) | about 6 years ago | (#22773180)

You are 100% correct. Going after the companies that profit from sale would cut of the air supply for the industry. It would be just like the internation ban on the trade of ivory that pretty much halted poaching.

Who is going to code the first FOSS "Cure" ? (2, Interesting)

Kylere (846597) | about 6 years ago | (#22773056)

That targets the top 5, 10 etc botnet issues so they can be addressed specifically without having to do broad spectrum AV searches (That fail depending on product)
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...