Writing Viruses for Fun and Profit

JMPrice writes "There's a short article over at zdnet that explores a future synergy between viruses and spam, i.e. international crackdown on spam and open relays makes spammers opt to use infected computers instead as relays, and speculates a relationship between the virus writers and spammers."

I've seen the future..

[Dynamoo]

..and it stinks. Last week there was a massive "joe job" attack on Doxdesk.com [doxdesk.com], a site detailing browser parasites, porn diallers and other nasty plugins. The aim of the joe job was to generate fake spam supposedly advertising the site so it would get shut down.

The spam was being generated from multiple locations simultaneously, and from IP addresses that looked like standard ISP subscribers, mostly in the US and Western Europe. It looks suspiciously like the spam was being sent from Trojanised PCs.

Bearing in mind that the people most likely to want to force Doxdesk.com off the web were browser parasite writers, it seems to me that there is a definite link now between these parasites, certain viruses/trojans/worms and spammers. Just another bit of proof that these people have no respect for the law.

Re:What cash flow?

[skurk]

Quite a few, I'd guess.

Some spammers make serious cash, for instance this fellow [oregonlive.com], who claims to have earned $1k each week.

Composing another Outlook virus is trivial. Download an existing source (either from usenet [source.code] or some web page [bismark.it]), modify, and start spreading it.

Any 13yo kid with some programming experience can do this, and if it pays $500, it probably beats mowing lawns for several weeks!

Re:Really?

[stefanvt]

Not really, if you make sure it only sends out spam for a limited amount of time the chances of being detected are much lower.

More like a hit and run technique it is much harder to defend and act against.

You also don't leave a trail of bread crums behind. It could also be argued that you (the spammer), when charged for spamming, are the victim of an orchestrated spamming.

This is NOT new

[Anonymous Coward]

This has been the consensus at SPAM-L for quite some time. You might want to subscribe.

Google for SPAM-L's FAQ [google.com]

Re:What cash flow?

[Anonymous Coward]

I don't know...though I remember a few Slashdot articles over the past year that mention Spammers making quite a bit of money (not millionares, but not paupers either).

Re:Tracking

[Anonymous Coward]

Seeing as how spammers are paid for the messages that they send out, how is it possible to track the messages that have been sent using this type of method?

Easy. It's called seeding. Mass mailers and those selling mailing lists use it all the time. The idea is simple; along with the target addresses, the company paying for the mail service plants known fake addresses along with the supposedly good ones. If the known address is used when it shouldn't be or is not used when it should be, you automatically have your tracking.

How this works in the spammer world, I don't know though I'm thinking that anyone moderately familiar with mass mailing can figure it out in an hour or two.

Along those lines, though, if the company paying for the spammer's services is that sophisticated they also know that they are paying for an abusive service -- not one strictly made up of 'opt-in' or 'verified interested' people.

not hard, but not effective either.

[splerdu]

While being anonymous for anonymity's sake isn't very hard to do, it is hard for a spammer to remain anonymous and be effective at the same time. These people are selling products, at the very least they can be traced to the guy who paid them to send the spam.

Buy our new penis enlargement pills!
Available at... errr... go figure

PEBKAC

[WegianWarrior]

Or for those not so keen on abverbiations, Problem Exist Between Keyboard And Chair.

Make sure you got the latest anti-virus program. Do not open attachments from prople you don't know. Be wary about opening attachement from people you do know. Avoid HTML-enchanted (ha!) mail like the plauge. If possible, run another e-mail client than Outlook and Outlook Express. Set up and maintain a firewall that can block traffic that goes out as well as in. Use common sence - you wouldn't enter a house of ill repute in real life in fear of a STD, so you shouldn't visit a website of ill repute in fear of getting a virus or worse.

Seriously... if more people used their heads to think with and was a little more suspious about things, this would not be a problem.

It's true

[paranode]

I run honeypots and work in security and I can tell you firsthand that this is definitely an accurate conclusion to draw. People exploit Windows boxes all the time and the only things I ever see them do with them are opening up spam relays or hooking it up as a bot to a warez IRC channel. There's absolutely no skill involved, it's just script kiddies with automated tools taking advantage of lazy Windozers who forget to set SQL passwords or ever patch their system with the latest updates. It's pathetic, and it really makes me think that spam can never be stopped no matter how much legislation gets passed.

Re:Bad for the business model

[cdrguru]

You miss the point - why do you connect the company selling a product with the spammer advertising it?

Often, there is an advertising company that charges $1500 or so to "advertise" your product for you. They then pay subcontractors to actually send it.

Also, often the company with the product gets told the advertising company's list is 100% opt-in. Then, they turn it over to subs with "send this to your list - any list" and include these email addresses...

Until you make "spam" illegal to send out, you will never stop this. Advertisers absolutely believe they are selling a legal product that there is demand for. And there is - or you wouldn't be getting any spam.

Re:Really?

[anshil]

There is something important you forgot, you are not confronting one entity, but two. The ordering customer, and the entity sending the spams. These are usually different. One entity pays the other to send it's spam. The spam customer is not anonymous, the actual spam sender stays anonymous.

Re:Huh?

[Elwood P Dowd]

Um, you've got it exactly wrong. This happens because you sent email to a friend of yours, and that friend got a virus. The virus uses random email addys from either their mailboxes or their address book as a spoofed from address.

It's not spammers, it's bugbear. Or whatever the flavor of the week is.

Re:Really?: not just sending spam

[Anonymous Coward]

Sending spam? That isn't all.

The brutalrape spammer did more. His virus infected computers to install a tiny web server and a few pages. Victims had graphic rape images on their machines. The virus "phoned home" when the victim went online. The spammer took the victim's IP address and added it to his nameserver as (one of the) IP address(es) for his spamvertized hostname.

Those getting the spam would complain about the graphic images and spam site - on a victim's computer. The tiny web site would have a few pages including one which would be a (possibly JavaScript encrypted) redirector to the actual signup page (usually a signup page rather than the actual site - one would have to pay before finding the location of that).