Sobig Worm Attacking RBL Lists? 260
Ubi_NL writes "According to the Register there is a close correlation between the DDOS attacks on a number of anti-spam lists and the presence of the Sobig virus. Now that Monkeys.com is gone, and spamhaus.org is taking heavy blows, are the spammers actually winning the battle by using viruses?"
Useless links (Score:2, Insightful)
No point in providing useless links..
And how could they win? (Score:3, Insightful)
I hope so! (Score:1, Insightful)
I most certainly hope so! Blacklists are a cure far worse than the disease, and I'm completely rooting for the spammers here. What with bayesian junk filtering and using uniquely generated email addresses whenever I give them, I never see any spam, and the bandwidth it's costing me is minimal. Blacklists however make it nearly impossible for me to communicate with quite a few people (my ISP has found itself on one blacklist, and no matter what they're doing, they can't get off).
And of course, if the spammers are indeed using viruses, afterwards whn the blacklists are gone, we can nail them for having used those viruses, and we'll be rid off to pests, with an internet that's once more in nearly pristine condition.
Re:And how could they win? (Score:5, Insightful)
do you actually think SMTP would get supplanted in the near term (>5 years) with an incompatible solution?
Do you think there won't be new and better anti-spam solutions before SMTP is supplanted?
(if you answered yes to either of the above, your world view is distorted and you need to stop drinking so much
Attempted slander against anti-spam services also (Score:5, Insightful)
---- quote --------------
Dear Internet user.
We are an organization dedicated to stopping spam. Please help us as we are
funded solely by private donations.
visit www.spamcop.net for full details. Or you can send your donations to:
Julian Haight
PO Box 25732
Seattle, WA
98125-1232
As you can see by this message unsolicited e-mail is an invasion of your
privacy. As you can also see it can be sent anonymously
We will continue our efforts until all spam is eliminated.
To join please visit www.spamcop.net or contact
jkdom@mail.julianhaight.com
We will continue to send out this message until we convince all ISP's to
stop all spammers.
!!!Stop low-lifes from invading your inbox with their junk!!!
---- end quote ------------
If they spew out fake spam which can only be meant for slanderous purposes, would you really expect them to *not* be in the virus game. Almost all these Windows viruses, if you hexdump them, have smtp capability. It's quite thinkable that a fair amount of them are really experiments rather than 'bad things done to innocent users because the virus writer likes doing that'.
There must be a lot of money involved in the art of spamming still. I wouldn't be surprised if spamhauses are partially means of laundering money as well (think about it). Either way, these people *are* criminals and one should consider them as such.
What about netstat? (Score:2, Insightful)
Comment removed (Score:3, Insightful)
Re:And how could they win? (Score:3, Insightful)
We're not talking about spamfilters, we're talking about RBLs, which are usually more of a problem than a solution.
Granted that spamhaus provides more services than an RBL does (like providing names of those who should be crucified), but both the original parent of this thread and the article summary are refering to RBLs.
Granted, that if there was no way to filter spam there would be a strong demand for the replacement of SMTP. ignoring Bayesian filtering for the moment (which generally has less false positives, less false negatives, and does not usually trash anything outright), it would be MUCH simpler, and easier to implement spam filtering on top of smtp, or to mearly require that all mail be signed, (etc, ad nausium) than it would be to write a new protocol, and have it implemented, especially if it is incompatible with the existing protocol (which has 100% market penetration)
Very good! you've covered one of the reasons that this ISN'T GOING TO HAPPEN.
This wouldn't happen because Microsoft is not entirely stupid. This would be akin to Windows Media Player only playing WMA, or Internet Explorer only working with IIS sites.
More Harm Than Help (Score:-1, Insightful)
Blacklists are the equivalent of the guilty until proven innocent paradigm in the justice system. While they might stop spam by quickly blocking computers that have been hacked into by spammers, they cause problems for the poor people who got hacked. Yeah, it lets them know that they were hacked, but sometimes the people have already found out and fixed the problem. Yeah, they might stop a lot of spam, but they also generate a bunch of innocent victims in the process.
Bayesian filtering has been very successful and has none of the negative affects of the aggressive blacklisting.
Re:PARENT MODERATED DOWN UNFAIRLY (Score:0, Insightful)
This from the country which bombed three whole countries because of the actions of a handful of people?
Two can play that game! (Score:1, Insightful)
But this can be fixed through cooperation. All we need is a few hundred, or peraps a couple of thousand blocklist hosts and a method of coordinating them.
This is easier than it seems. The method already exists. It is called Newsgroups. The only problem that needs to be solved is a method of proving authenticity. Those solutions are also already available.
List updates could be delivered quickly via IRC too. May as well use the enemy's weapons against him.
Spammers as cyber-terrorists (Score:3, Insightful)
Outlaw spammers, put an end to spam. Sometimes it's as simple as that. (And it works: Haven't seen much fax spam for years...)
Just be "Mr. Concerned Citizen" for once and send articles like this [theregister.co.uk] to your congresscritter [loc.gov] now. Let them know what spammers have already done "to your kids" (rather omit the "to your p...s" part even if you've ordered their pills and pumps) "and to your computers".
Comment removed (Score:5, Insightful)
Huh ? (Score:3, Insightful)
English ?
And if such a site is under attack, why on earth are you linking it on slashdot's front page ?
Sunny Dubey
I've said it before... (Score:5, Insightful)
The main problem here is that we have millions of hosts connected to the Internet that just aren't robust or secure enough to be connected to a public network (I'm mostly talking about Windows machines here, if you hadn't guessed).
There was a discussion last week on slashdot about ISP's doing egress filtering home users's connections and I'm all in favour of that.
Unless you're hell-bent on running a mailserver on your DSL line, there's no reason for you to go out on port 25. Even if you do run a mailserver, you should have your box forward all outbound mail to your ISP's mail relay. AOL and some other large ISPs won't accept mail from you if you don't anyway.
IMHO ISPs have a responsibility to protect the backbones from their lame-ass customers with compromised machines.
Reply rather than mod if you think I'm talking out of my outbound relay.
Re:I've said it before... (Score:3, Insightful)
Re:I've said it before... (Score:3, Insightful)
Well, the above mentioned switched on users and small businesses with satellite offices using consumer DSL circuits to save money, that's who. I'd also be unhappy about the prospect of this being a slippery slope. Let's say we start by forcing SMTP through the ISP's server (which kills SoBig) and also block DCOM and NetBIOS (which probably shouldn't be on the Internet outside a VPN anyway). Fine, but what happens when we get a major exploit on another non-core protocol? Do we block that too? Who decides?
Are you sure you will feel that way when one of the protocols *you* rely on gets firewalled by your ISP to "protect the Internet"?
Re:How the attack works (Score:3, Insightful)
There is no evidence that the SoBig virus was written by spammers, or even that the RBL DDOS is intentional. To me it looks like the RBLs simply can't handle the load from trying to filter out this virus, plain and simple.
Perhaps an improvement to filtering tools would be to rely as much as possible on bayesian and rule-base filters, and only contact an external RBL (or other rule) if the score is borderline. Right now they're hitting the RBLs for every single message even if it would fail the most simple filter. I imagine the problem is just that everyone's mail server can easily handle 1000x the current level of crap, but the RBLs can't.
Re:And how could they win? (Score:3, Insightful)
However, these will only address the issue of a website or online store passing your email address around when they shouldn't (or idiots like Lycos and Yahoo who think sending emails to registered users is cool even when they have not opted in for any). It will not cope with the hardcore spammer who uses spiders to pull addresses from webpages/usenet postings or those that use random-garbage@yourdomain.com (I have been seeing a couple of these). It also does not address the waste of bandwidth/mailserver storage space imposed by delivering unwanted spam (which means higher access fees for everyone). For these, blacklisting is the only palliative - and the fact that spammers are now resorting to DDoSing the blacklist servers should be the best testament to how effective they have been (not to mention some of the pro-spammer AC postings here).
Ultimately, the only long-term solution is to make spam unprofitable - and given that most of it is generated by US businesses (as covered in this MSN article [msnbc.com]), this would be best done by imposing heavy fines on companies using, or profiting from, spam.