Writing Viruses for Fun and Profit 172
JMPrice writes "There's a short
article over at zdnet that explores a future synergy between viruses and spam, i.e. international crackdown on spam and open relays makes spammers opt to use infected computers instead as relays, and speculates a relationship between the virus writers and spammers."
I've seen the future.. (Score:5, Informative)
The spam was being generated from multiple locations simultaneously, and from IP addresses that looked like standard ISP subscribers, mostly in the US and Western Europe. It looks suspiciously like the spam was being sent from Trojanised PCs.
Bearing in mind that the people most likely to want to force Doxdesk.com off the web were browser parasite writers, it seems to me that there is a definite link now between these parasites, certain viruses/trojans/worms and spammers. Just another bit of proof that these people have no respect for the law.
Re:What cash flow? (Score:5, Informative)
Some spammers make serious cash, for instance this fellow [oregonlive.com], who claims to have earned $1k each week.
Composing another Outlook virus is trivial. Download an existing source (either from usenet [source.code] or some web page [bismark.it]), modify, and start spreading it.
Any 13yo kid with some programming experience can do this, and if it pays $500, it probably beats mowing lawns for several weeks!
Re:Really? (Score:2, Informative)
More like a hit and run technique it is much harder to defend and act against.
You also don't leave a trail of bread crums behind. It could also be argued that you (the spammer), when charged for spamming, are the victim of an orchestrated spamming.
This is NOT new (Score:5, Informative)
Google for SPAM-L's FAQ [google.com]
Re:What cash flow? (Score:1, Informative)
Re:Tracking (Score:3, Informative)
Easy. It's called seeding. Mass mailers and those selling mailing lists use it all the time. The idea is simple; along with the target addresses, the company paying for the mail service plants known fake addresses along with the supposedly good ones. If the known address is used when it shouldn't be or is not used when it should be, you automatically have your tracking.
How this works in the spammer world, I don't know though I'm thinking that anyone moderately familiar with mass mailing can figure it out in an hour or two.
Along those lines, though, if the company paying for the spammer's services is that sophisticated they also know that they are paying for an abusive service -- not one strictly made up of 'opt-in' or 'verified interested' people.
not hard, but not effective either. (Score:5, Informative)
Buy our new penis enlargement pills!
Available at... errr... go figure
PEBKAC (Score:4, Informative)
Or for those not so keen on abverbiations, Problem Exist Between Keyboard And Chair.
Make sure you got the latest anti-virus program. Do not open attachments from prople you don't know. Be wary about opening attachement from people you do know. Avoid HTML-enchanted (ha!) mail like the plauge. If possible, run another e-mail client than Outlook and Outlook Express. Set up and maintain a firewall that can block traffic that goes out as well as in. Use common sence - you wouldn't enter a house of ill repute in real life in fear of a STD, so you shouldn't visit a website of ill repute in fear of getting a virus or worse.
Seriously... if more people used their heads to think with and was a little more suspious about things, this would not be a problem.
It's true (Score:5, Informative)
Re:Bad for the business model (Score:3, Informative)
Often, there is an advertising company that charges $1500 or so to "advertise" your product for you. They then pay subcontractors to actually send it.
Also, often the company with the product gets told the advertising company's list is 100% opt-in. Then, they turn it over to subs with "send this to your list - any list" and include these email addresses...
Until you make "spam" illegal to send out, you will never stop this. Advertisers absolutely believe they are selling a legal product that there is demand for. And there is - or you wouldn't be getting any spam.
Re:Really? (Score:3, Informative)
Re:Huh? (Score:3, Informative)
It's not spammers, it's bugbear. Or whatever the flavor of the week is.
Re:Really?: not just sending spam (Score:2, Informative)
The brutalrape spammer did more. His virus infected computers to install a tiny web server and a few pages. Victims had graphic rape images on their machines. The virus "phoned home" when the victim went online. The spammer took the victim's IP address and added it to his nameserver as (one of the) IP address(es) for his spamvertized hostname.
Those getting the spam would complain about the graphic images and spam site - on a victim's computer. The tiny web site would have a few pages including one which would be a (possibly JavaScript encrypted) redirector to the actual signup page (usually a signup page rather than the actual site - one would have to pay before finding the location of that).