Russian Denies Writing SoBig Worm - Slashdot

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

×

Russian Denies Writing SoBig Worm 67

Posted by timothy on Wednesday November 03, 2004 @01:28PM from the nyet-nyet-nyet dept.

IphtashuPhitz writes "The Russian spamware programmer anonymously accused eariler this week of writing the Sobig worm has responded to the accusations. Ruslan Ibragimov of Send-Safe doesn't deny that his program uses proxies to hide spammer's identities. But he totally refutes the report's technical analysis in an online interview over at OReilly Network."

This discussion has been archived. No new comments can be posted.

Russian Denies Writing SoBig Worm

Search 67 Comments Log In/Create an Account

Comments Filter:

I don't buy it (Score:3, Interesting)

by Commander Trollco ( 791924 ) writes: on Wednesday November 03, 2004 @01:44PM (#10712772)

The bit about headers is believable. But the opcode similarities are harder to defend- anyone know more about this and care to comment? He clearly has a motive, and should be lynched regardless of whether he actually wrote sobig.

Share
twitter facebook
Proxie Shortage (Score:5, Interesting)

by Rob Carr ( 780861 ) writes: on Wednesday November 03, 2004 @01:50PM (#10712866) Homepage Journal

From the article:
"Trojans killed my business," he said, noting that many of his customers have recently migrated to "cracked" (pirated) versions of spamware programs such as Dark Mailer, for which they purchase lists of Trojaned proxies from hackers. .... Comments on Send-Safe's discussion forum appear to confirm that the company has had trouble providing users with sufficient proxies for sending spam.
There's irony in this guy's complaint, and (assuming he didn't write SoBig) at least a little justice. "My heart bleeds for the Snicker-Snack Company" - Linus (the character from "Peanuts," not the software guy)

Share
twitter facebook
Well, well, well, (Score:3, Interesting)

by cavac ( 640390 ) writes: on Wednesday November 03, 2004 @01:56PM (#10712960) Homepage

so he doesn't write viruses, just unwanted bulk mail. Makes me much more comfortable. not.

Share
twitter facebook
"Totally refutes"??? (Score:4, Interesting)

by Zocalo ( 252965 ) writes: on Wednesday November 03, 2004 @02:03PM (#10713063) Homepage

Well let's see. Ibragimov makes a few claims such as "it's bullshit!", "it's a coincidence!" and gives a very brief outline of how SendSafe works, revealling nothing not in the report. He also claims he's not been spoken by any law enforcement agency regarding the matter, which is possibly true. Hardly a point by point rebuttal is it, and never mind the maxim "spammers lie" which means everything he says will be taken with a huge pinch of salt.
The only interesting comment I found is that his company is currently having difficulties due to trojans, something that the SendSafe forums seem to confirm. That seems quite probable, but it hardly helps his case - why, exactly, would trojans be causing his SendSafe business any problems? Unless, of course, it might be something to do with other trojans that he didn't write such as NetSky/Sasser preventing SoBig getting as many hosts as it used to? Given that there was a spat between the various trojan authors, complete with a possible Russian connection, just before Sven Jaschen was arrested that at least seems entirely plausible to me.

Share
twitter facebook
Re:After all this.. (Score:2, Interesting)

by jjeffrey ( 558890 ) writes: <slash&jamesjeffrey,co,uk> on Wednesday November 03, 2004 @02:06PM (#10713100) Homepage

The comment handling in SlashCode has always been a lot heavier to handle than the news pages. I think there is probbaly a lot more processing involved. I wonder how well optimised the SQL queires are and what the backend technology is - is it still MySQL? - UPADTEs and INSERTs are often going to be slower than SELECTs, but it may be worse if they are using MySQL in replicated mode with one master server to send all the updates too and a few slaves to do selects from. Though I guess that's unlikley with the load they get. Do they use MySQL Cluster?

Parent Share
twitter facebook
Hasn't anyone else caught this obvious lie? (Score:2, Interesting)

by Anonymous Coward writes: on Wednesday November 03, 2004 @05:41PM (#10716294)

The bit where he talks about headers is completely stupid and it shows that even on the interview he is lying. If you read the report, they say that Send-safe and sobig's headers are in the same order, which is different from outlook. So, he's lying.

Here's the quote from the "Who wrote sobig" article:

"Although these subtle differences suggest separate source code, the similarities suggest that Send-Safe was the template, and not other mailing programs such as Outlook, Netscape, The Bat!, or AMS. As these other independent email tools generate their headers with very different ordering, it would seem unlikely that the Sobig author(s) determined the email headers and values independently."

And the quote from the interview:

"But Ibragimov said Send-Safe chose the particular order of headers merely to mimic Outlook Express and to better evade spam filters." CONTRADICTION!

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde