Botnet Mafia in Online Turf War

An anonymous reader writes " The kind of turf war seen in the real world by drug gangs is being replicated by the criminal gangs behind spamming botnets, and things are turning nasty."

Trying to care

[tomstdenis]

Trying to care, ..., nope failing.

As someone who doesn't have an email address anymore, I really don't care about spam in the slightest, or the battle they go over to spam people. Most of my spam, that actually made it to my inbox when I had a gmail account was in Portuguese or some random asian looking language. To me it was all gibberish [more than usual] and fleeting. But the ever presence of it [on average I would receive anywhere between 100 and 500 spams a day, with about 5-10 in my inbox] just gnaws at you. Day after day people keep assaulting your inbox, trying to take away the service from you.

And even though gmail is free, it was still MY inbox, if you know what I mean. And having these low lifes just clutter it up every day with the same foreign language bullshit nonsense was annoying.

Eventually I just deleted my account. I have a cell phone if people want to contact me. And for work I have a private email addy that my co-workers can use. Personal email is just a waste.

Tom

ISPs have to be the solution

[sherriw]

Time for ISPs to stop being so nicey-nice about this.

1) Send an email to all customers saying that the ISP will begin choosing a random day (say every 3 months or so) to scan for infected computers churning out email.
2) On that random day (random so the spam bots won't be programmed to be silent on that day) the ISP shuts down outgoing mail for all infected computers on their network.
3) Customer who can't send mail is irate and calls ISP tech support hotline.
4) Tech support says: we warned you... please follow these virus removal instructions and install/update your anti virus software.

Bam problem solved. People who keep getting blocked every 3 months will quickly learn to take better care of their computers. Along with the customer's invoice the ISP could send an information sheet with prevention and removal instructions.

Maybe governments can give ISPs a little financial help for doing this?

Unfortunately I don't see any other solution other than tough-love.

Cash Rules Everything Around Me

[packetmon]

Browsing through some of the posts here, I'm seeing how people tend to forget the financial aspect of botnets. Spam, malware is big business (obviously) so its no surprise that can become the online equivalent to a Columbian drug war without the murders and guns. There is huge business in bots and whats sad is, the low man on the totem pole is often some American company who's advertisements are being spammed (for the spammers). Vint Cerf stated there are millions of infected machines, I don't know about those numbers, but I can tell you that if I was involved in (dis)organized crime, why should I re-invent the wheel when I could re-program my own bots to take over others' cruddily created bots. This falls in line with a document I wrong (Ubuntu and the Destruction of the Internet [infiltrated.net]) where my logic is, "are you sure you want grandma using Linux"?... With e-Criminals getting savvier, how long will it be before the Internet truly becomes the Wild West... Some may think its not a big deal, but when there are finances involved, that can escalate to physical crimes (shootings, murder, etc.) and its happened a few times where (dis)organized idjits stealing e-money from games were caught up in real life incidents for stepping over "turf".

Re:Somehow...

[PrescriptionWarning]

I think it might still be better than Hackers, Swordfish, and that one with Sandra Bullock though... :P

Re:ISPs have to be the solution

[liledevil]

XS4all, one of the first and biggest ISP's in the netherlands, allready does this but not once every 3 months, but every single day.
as soon as they find your internet connection is scanning or sending spam you will get blocked from having full access to the internet.
Instead you can browse via a proxy, and once you have take serious measures so no more scans/spams are started from your connection you will be unblocked.

Faced this issues several times now when people didnt secure their machines enough, no anti-vir, anti-mal etc, but must say it works smoothly, you get a proper page when you are trying to browse without the proxy informing your connection has been "filtered" and that you need to take measures to prevent this in the future.
It all comes with a good helpdesk offcourse, where the technicians are able to judge whether the measures taken really have effect.

Re:aren't you special?

[tomstdenis]

Part of my point was that we don't really need e-mail. It's just nice to have. Just like cell phones. Given that my email was turning into a never ending headache, and I can totally live without it, the smart choice was to just ditch it.

We shouldn't get too worked up over botnets fighting.

This will eventually be solved on its own

[gunnarstahl]

Relax and wait. Over time, ISPs will start to get seriously annoyed by this waste of bandwidth. As soon as customers start calling and complain about their crawling download speed, ISPs will have to start to act.

And ISPs who act against it will finally gain a reputation for providing being spam-free services. Just regularly call your ISP and complain about that they don't filter the spam.

For me having about 20-30 junk mails in my inbox per day isn't really much trouble. T'Bird does a fairly good job detecting them. And if it really starts to bug me I will install something like spamassassin on my server. So, who cares.

Don't get me wrong: I just hate this stuff like everyone else. But even wasting thoughts on it is useless.

Yt,

Gunnar

Re:Trying to care

[djdavetrouble]

My work email has yet to receive a single spam. Oh, that's because I don't use it for anything but work and it's not on any webpage.

I was spam free for quite a while, but in the last few years, the enterprise wide
address book has clearly been harvested (some 10000+ addresses)
by a bad apple somewhere. I imagine someone installed a "free screensaver"
or something else with a backdoor, or took a company laptop to a unprotected network
and gotten scanned and rooted, etc etc....

Re:Cash Rules Everything Around Me

[Coriolis]

Certain things will always need the root password, and the design of all operating systems is currently lacking in how they handle such things. Protecting users from themselves appears to be an unsolved problem. However, even without root access you should still be able to cause considerable havoc using this technique, given a set of known filenames. This is one of the inherent dangers of popularity.

Mind you, there is a bit of horse-poo in that article:

• Author states you can't do this in Windows. Commenters point out that yes, yes you can. Author retorts that you can't do it as easily. Easily, shmeasily. You only have to work out how to do it once.
• Author states his method can be configured to be undetectable. Highly doubtful; unless it uses a vastly different algorithm every time, I could probably develop a heuristic to detect it, and I don't even specialise in this kind of thing. Of course, I will acknowledge the difficulty in detecting it the first time :)

Re:aren't you special?

[plover]

Part of my point was that we don't really need e-mail. ... We shouldn't get too worked up over botnets fighting.

I assume you mean "we" as in the "my family and I" sense; because you certainly don't speak for the rest of us. 27 years ago an emailed message led to me meeting my wife, an event that I personally consider very important.

Just because you don't find email useful doesn't make it useless to the rest of us.

Apart from the spam aspect, botnets are also used to stage attacks on all manner of targets. Extortion schemes, phishing, adware distribution, web site hijackings, identity thefts, and more botnet recruitment attacks are just some of their malicious payloads.

It's likely these criminals do affect you. If you shop on-line, you're probably taking precautions against having your credit information stolen by one of these attackers. And if you don't go shopping on-line, it may be because you're afraid that one of these attackers might steal your credit information. In either case I doubt that you avoid shopping on-line because you're a Luddite, or because you're unable to figure it out -- there are very few of those kinds of people posting to Slashdot.

And this will only get worse

[Opportunist]

As long as people are not held responsible for what damage their machines do to the net, this will not change.

Botnets rely on people being negligent, clueless and generally careless. There is no such thing as an unavoidable infection. Over 99% of all infections rely on user interaction (and yes, while over 98% of percentages used in biased reports are fake, this one I can actually vouch for), with remote exploits only constituting for a very, very small of infections, most of which also relying on your use of an insecure machine directly connected to the net.

If people acted on the road like the act in the net, a mass accident with 100s of cars involved would not be a newsworthy item. It would be the rule in rush hour traffic! And as much as I hate car analogies, this one is sadly true.

People switch their common sense off when they access the internet. I have no other explanation for this phenomenon. You can get most people to double click your attachment with the most hare brained excuse, "important news from your lawyer" is often enough.

Even if they have none!
With the "from" line reading "lawyer"!!!

The main problem isn't spam. The core problem is that those botnets are then used to spread even more and even more dangerous malware around. Bankfraud being one of the more "harmless" things in their arsenal.

People have to be held responsible for what their machines do, and what cause they harm to the rest of the net population. I'm not talking jail time, it needn't be capital punishment. The people we're talking about are not your "usual criminals". They already wet their pants if there's a chance that they could have to show up as defendent in court, as those "you went to our page so you owe us 500 bucks or we drag you to court" scams prove. Some kind of nominal fine would already be plenty.

Don't get me wrong. I don't want to keep anyone from using the net. But as with everything that can be harmful to other people using the same tools you do, you have to act responsibly. This applies to cars, this applies to guns, and it also applies to machines with internet connection.

Re:aren't you special?

[UP_Minstrel]

His point is, like usenet, email as a communications medium is beginning to falter. Like usenet, its signal to noise ratio is dropping like a rock (its already hit the dirt and bounced). I've actually considered dropping my email accounts completely and going to pure cel communications, but as I've still a high enough need, I can't do that yet. I'm not very far from making the decision, however. Like the OP, my address has been harvested, sold and traded because of historical activity (usenet, mailing lists, web sites with poor security, etc) and my inbox is constantly filling with crap.

Obviously he isn't the only one who feels this way. If ISPs and Governments considered email to be "mission critical" they'd have gotten off their collective asses a long time ago and addressed this situation. Unfortunately, even if the wake up call is heard, not all governments will be motivated enough to stop spam. They will instead become the carriers, the hosts, the havens and the sources. Their lack of action has declared their feelings loudly. They don't care. They don't see a need or a business reason to have addressed this before. And now, its likely too late to save the medium long term.

Plenty of other people have a high desire to keep email. If you're one of those, take a few of the cycles that you're spending cleaning out your inbox and think of a practical way to halt spam. Share it. Take your bow and bask in the fact that you've saved email and can wear tights with a big 'e' on the front as email's savior superhero.

If you're not, step back and watch the email infrastructure die a slow painful spam clogged death.

Re:Trying to care

[An ominous Cow art]

Wow! An I thought I was one with apathy. But, you know, he has a point. I had a home phone with the number in the book. All I got was shit from telemarketers, shit on the answering machine. Sure the donot call list cut out a shit load of it but then people started calling that thought they had a business relationship with them. Finally I just pulled the plug on the damn thing and went with my cell phone. My motto is if you don't know my cell phone number I don't want to talk to you.

I did this. I realized a couple of years ago that the only calls to my home phone were crap, so I cancelled it. I only use a cell phone now.

I wish I could do something analogous with my postal mail.

Re:PGP is your friend

[codemachine]

Sadly, it just isn't easy enough to use for the common person. Nor is it widespread enough that even technical people would bother - even a lot of sysadmins don't touch it, even though it'd be easy for them to deploy.

We need to have it integraded into our clients in such a way that everyone would start using it. However, it'd be a lot easier to do that with IM than email as of now. You can have the client add the contact's key when the contact is added, and you can store it on a server side list so that it never has to be done again. It is this central authority that makes it easier to pull off, though the lack of significant spam volume in IM makes it less worthwhile to do.

Maybe Apple, Google, Yahoo, MS, etc can figure out a way to integrate it into the email experience in such a way that it'd take off. But I don't think it'll happen anytime soon. Nor would it solve the spam problem on its own, since spammers can sign email too, and can even start stealing the PGP keys from infected machines.

Re:Trying to care

[Remus Shepherd]

Yes, I've used my main email address for Usenet posts for over a decade, and I get hundreds of spams a day. That's okay, though, I have filters up to the task.

Part of the problem, I feel, are legitimate organizations who sell their client lists to spammers. My work address never got spam until I got published in a professional journal. That journal sold its contributors' email addresses to someone, and I started receiving spam. I have no good solution here -- I'm a scientist, and have to publish or perish. I'd like to avoid that publisher but it's one of the big journals of my profession.

Even worse is when I signed up with a new ISP. Having my own email, I never used the free email account that came with my new DSL connection. But when I checked the email there out of curiosity, it was awash in spam. My ISP appears to be selling its email addresses to spammers, as a short-sighted means of quick income. Despicable.

I think that this is an area where the law can help. A government-mandated privacy policy (put it in the Bill of Rights) would allow people to dodge spam by being selective about where their email address appears.