Slashdot Log In
Bot Nets Behind Recent Spam Surge
Posted by
CmdrTaco
on Wed Nov 01, 2006 09:10 AM
from the we-hates-it-so-much dept.
from the we-hates-it-so-much dept.
gsslay writes "Everyone must have noticed a surge in spam recently, particularly for stock pump 'n' dump scams. The Register reports that anti-spam companies have seen a 30% increase in the last two months and, more worryingly, more of this spam is getting through to mailboxes due to the spammers' change in tactics. Rather than use unsecured mail relays spammers are using bot nets, making spam harder to identify and eliminate. Bounced spam is also on the up, and some experts reckon it's past time to start worrying. "
This discussion has been archived.
No new comments can be posted.
Bot Nets Behind Recent Spam Surge
|
Log In/Create an Account
| Top
| 389 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Not noticing the increase (Score:4, Informative)
(http://suso.suso.org/ | Last Journal: Tuesday March 09 2004, @12:03AM)
I also haven't really noticed this increase that people have talked about lately. On average I receive over 11,000 spam messages a month to my primary email account. Here is the count per month for the past two and a half years:
2004-07: 9088
2004-08: 9057
2004-09: 8990
2004-10: 14318
2004-11: 9910
2004-12: 11521
2005-01: 11251
2005-02: 9381
2005-03: 10843
2005-04: 10084
2005-05: 11785
2005-06: 10987
2005-07: 10505
2005-08: 9333
2005-09: 9704
2005-10: 12329
2005-11: 12394
2005-12: 14934
2006-01: 13764
2006-02: 13235
2006-03: 14562
2006-04: 11946
2006-05: 14204
2006-06: 13801
2006-07: 9671
2006-08: 10395
2006-09: 11373
2006-10: 12221
Smarter Spammers (Score:4, Interesting)
(http://slashdot.org/~eldavojohn/ | Last Journal: Tuesday October 16, @03:26PM)
Are your mailbox counts filtered or unfiltered? If so, what strategy is used?
Re:Smarter Spammers (Score:4, Insightful)
(http://www.theworldwidewebguy.com/)
despite all their shortcomings, somewhere, someone is obviously making money, so they continue.
Re:Smarter Spammers (Score:4, Informative)
1) Spelling is not a skill they possess.
Spammers don't have to even try to be intelligent about the content of their e-mail, because the people they're looking to make money off of aren't the kind of people who have decent spelling skills.
3) The idea of 'doubling the flood' all the time, choking the internet and making email unusable, is plain dumb and equivivalent to sawing off the branch you're sitting on - if nobody can use email, nobody will be seeing your next spam.
Two thoughts: Classic prisoner's dilemma, and selfishness. (ie, "Who cares if I broke the internet? I made this fat stack o' cash!")
4) Doing business that annoys 99% of everybody else and breaking the law in the process is both dumb and asking for trouble. You will be shut down, you will lose your money and you will not get much sympathy anywhere, including from the courts. Wonder whether spammers or pedophiles are getting the worst treatment in the slammer these days...
If that were the case, then how come nobody has been able to curb spam, spammers routinely get away with extremely blatant practices like DDoS attacking antispam servers and using viruses to create zombie armies? How come spammers are continuing to make money almost unchecked?
5) Seeing interviews with spammers usually reveals that they're really stupid in every way of the word. Some may have a certain extent of technical knowledge, but as people they're bordering on the moron/retard level.
???
6) Smart people can strike it rich using regular sales methods with no need for spamming. Only those too dumb for that have the need for spamming.
A good number of folks feel that regular sales methods - annoying advertisements, billboards everywhere, planting "I'm ugly" mind viruses in children's brains so they'll buy more beauty products and who cares if it's also creating an eating disorder epidemic, planned obsolesence and congenital wastefulness, squeezing every penny you can out of workers in 3rd world sweatshopss, etc. are at least as troublesome and unethical as spam.
AI to Stop the Spam (Score:5, Interesting)
(http://slashdot.org/~eldavojohn/ | Last Journal: Tuesday October 16, @03:26PM)
But this Bayesian strategy has been overcome by the spammers. They use hilariously strange word ordering trick the spam filter and lower their threshold (see Graham's Lisp code) down to an acceptable range. Here's a piece of text from some spam that made it into my mailbox this morning: And it goes on for about 7 paragraphs with absolutely nothing to do with its pitch. It's because of this nonsense that it makes it into my mailbox in the first place.
How do we eradicate this problem? What strategies do we use next?
Well, I would suggest that we stick to the Bayesian approach but instead of tokenizing via Paul Graham's proposed algorithm, we could investigate tokenizing the text based on letter groups (divide 'words' into 2-3 letter groups and test for those frequencies) or even natural language parsing. Yes, I know it sounds absurd but I really think that an engine could be written in Prolog using WordNet or another dictionary with some basic English rules in an attempt to parse and analyze incoming text.
Who knows? Perhaps our need for a spam filtering engine could breed innovation in the AI community?
Re:AI to Stop the Spam (Score:5, Funny)
Re:AI to Stop the Spam (Score:5, Funny)
(http://www.blingo.co...1sXZWjTfxLx32--V5fZQ | Last Journal: Friday March 03 2006, @02:25AM)
(X) technical ( ) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(X) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Bayesian Has Failed (Score:5, Interesting)
(http://obsessivemathsfreak.org/ | Last Journal: Friday June 09 2006, @08:15PM)
No. Bayesian filtering has failed, just like every other filtering method before it. Modifying it will not work. Adding OCR for image text will not work. Creating a new filtering mechanism will not work. The spamming will continue, more and more of it will get in.
Frankly, given that both processing power, disc space, bandwidth etc, are all increasing, I for one foresee the current spam/ant-spam arms race continuing indefinitely, with the amount of spam sent slowly increasing, and the amount caught by the filters being just enough to keep the amount of spam you get into your inbox at in and around a constant level. It's an endless cycle.
I say, turn it all off. All of it. The filters, the blacklists, the whitelists, Spamhaus, the lot. Let every single spam sent reach its destination, if just for one day. Let Joe Sick Pack finally realise the scale of the problem and just how much strain is being placed on mail servers. It will be both terrible and beautilful at the same time.
Then take off and nuke the site from orbit. It's the only way to be sure.
Current Problems (Score:3, Interesting)
(http://world.std.com/~herwin/ | Last Journal: Monday September 22 2003, @03:18PM)
SPAM processing - server meltdown (Score:4, Interesting)
Re:SPAM processing - server meltdown (Score:4, Informative)
It would certainly solve your load problem.
There are a couple of providers who can provide the lists commercially for heavy load mailservers.
See my post earlier today at: http://ask.slashdot.org/comments.pl?sid=203971&ci
(Ps. I'm just a very happy blacklist user)
Original article (Score:3, Informative)
(http://frobnosticate.com/ | Last Journal: Friday October 26 2001, @10:05AM)
http://www.securityfocus.com/news/11420 [securityfocus.com]
Image to text (Score:3, Interesting)
(Last Journal: Thursday December 09 2004, @09:25AM)
I think law enforcement should be working harder at catching spammers (internationally, if necessary) than they are at tracking down copyright infringers. Not because of any moral posture, but because I suspect the total economic impact of spam is greater than infringing use of content. I also think the prohibition against cruel and unusual punishment should be lifted.
Hey, now that I come to think of it, maybe spam is a bigger issue than oil. I say we start invading countries with spammers!
New Sophisticated eBay Phising Spam Scam Wrinkle (Score:5, Informative)
(http://home.austin.rr.com/lperson/ | Last Journal: Saturday July 16 2005, @01:52PM)
Most of the eBay phising attempts I get are pretty laughable, but this was good enough to be worth warning about, as someone has finally written a sophisticated enough phising bot to send these out based on listings.
So, if you weren't already doing this before, to answer eBay mail, go in through your MyEbay link rather than any mail link to answer eBay mail.
bot wars (Score:5, Interesting)
Maybe we need bots to fight the bots. Bot Wars. In a galaxy far, far, away...
Email is a broken protocol (Score:4, Interesting)
(http://www.cydeweys.com/blog/ | Last Journal: Tuesday April 06 2004, @12:42PM)
sendmail w/Joe Jobs (Score:3, Informative)
(http://nuintari.net/)
By default, sendmail uses a single queue runner. We found this, and not amavis, was our bottleneck. The single queue runner is fine for low and medium volumes, but fails miserably when presented with a huge volume of mail. So we fired 4 queue runners instead, and increased the number of available amavis children to compensate. The queue runners each have a behavior:
1) the default sendmail queue runner, starts at the front of the queue, and runs serial through it, then starts over.
2) tries to find the oldest members of the queue and process them first. Keeps stuff from being left alone for very long.
3) tries to find letters that are all going to the same mail server, and send them together. This one is awesome, as it opens a single tcp connection, and sends as many letters as it can. No time waiting for tcp handshaking per letter.
4) hops around the queue at random, and sends messages.
The combination of these four queue runners, and we have seen a huge increase in the load average on our mail servers, but we have also seen a great boost to performance. We are still seeing tons of postmaster bounces from Joe Jobs, but we aren't being slugged out by them anymore. If your mail server seems to be under performing, try this, it really does help.
Email Weaknesses and Compromises (Score:3, Interesting)
Allofmp3 sold their email address list (Score:3, Informative)
Re:How to they make money (Score:4, Funny)
(http://roo.no-ip.org/fish/)