Forgot your password?
typodupeerror
Spam

Spam Flood Unabated After Bust 188

Posted by kdawson
from the removing-a-cup-of-water-from-the-sea dept.
AcidAUS writes "Last week's bust of the largest spam operation in the world has had no measurable impact on global spam volumes. The spam gang, known by authorities and security experts as HerbalKing, was responsible for one-third of all spam, the non-profit antispam research group Spamhaus said." The article speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat.
This discussion has been archived. No new comments can be posted.

Spam Flood Unabated After Bust

Comments Filter:
  • by Anonymous Coward on Monday October 20, 2008 @07:35PM (#25447563)

    Since they did that bust in that other endless, fruitless war.

  • Another theory... (Score:5, Insightful)

    by mysidia (191772) on Monday October 20, 2008 @07:36PM (#25447581)

    They anticipated they might someday be busted.

    They could have designed the botnet with a dead man's switch... if they were busted, start feeding their partners' spam at double vigor, and have the bots create as much noise and general chaos as possible.

  • by actionbastard (1206160) on Monday October 20, 2008 @07:51PM (#25447695)
    "...the automated, 35,000-strong botnet..."

    Doesn't mean that the 'machines' will stop doing what they have been 'told' to do.
    FCOL, 99% of the spam is rejected because of bad addresses, rules, and so forth.
    It's just possible that these bots will continue to spam until they are physically shutoff by their owners.
  • by techno-vampire (666512) on Monday October 20, 2008 @07:54PM (#25447721) Homepage
    Busting the operators of this botnet isn't going to end the problem. It's going to continue as long as Joe The Plumber is surfing the net on a computer running an OS which is insecure by design. Even if it has a firewall, it's probably third-party software, and as such, doesn't start until after the network interface is up and running, leaving a huge (by computer standards) window of opportunity for the box to get pw0ned. And, of course, the same is true for any anti-virus running.

    Now, personally I run Linux, so for right now, I don't have to worry. Of course, if Linux ever gets popular enough to put a real bite in Microsoft's monopoly that will change, but it's not vulnerable in the same way. Not only is it (more) secure by design, the firewall goes up before, not after the network interface, so there's no time that it's exposed to the network without protection.

    Like it or not, most of the world's private computers are going to be running one form or another of Windows for the foreseeable future, and unless and until Redmond sets things so that there's a built-in firewall up and running while the box is still isolated, MS boxen are going to get pw0ned, and Joe The Plumber won't know that there's anything wrong except that his computer isn't as fast as it used to be, but he's accustomed to that by now anyway, and won't realize that it's a problem.

  • by Ethanol-fueled (1125189) on Monday October 20, 2008 @08:00PM (#25447777) Homepage Journal

    Scary, isn't it?

    Your post dosen't scare me as much as it's insightful mod does.

  • Re:Solution (Score:5, Insightful)

    by John Hasler (414242) on Monday October 20, 2008 @08:10PM (#25447869) Homepage

    The way draconian sentences have stopped drug dealing?

  • Re:turd post (Score:0, Insightful)

    by Anonymous Coward on Monday October 20, 2008 @08:11PM (#25447883)

    Fuck off.

  • by John Hasler (414242) on Monday October 20, 2008 @08:13PM (#25447905) Homepage

    Why would it need any kind of switch? Why wouldn't it just keep on churning out the spam it has until given new stuff?

  • by zappepcs (820751) on Monday October 20, 2008 @08:14PM (#25447909) Journal

    Dear F-Secure,

    Please note the implications of this story, then promptly stick your request for Internetpol up your collective asses.

    Thank you

    The Internet

  • by Toll_Free (1295136) on Monday October 20, 2008 @08:15PM (#25447917)

    You're so wrong, and that's funny.

    The problem with spam isn't the less than 40 seconds it takes for the firewall to come up on a WinTel box.

    It's the idiot behind the keyboard. Always has been, always will be.

    Nobody seems to realize (or face the facts thereof) that spam became more and more profitable, as more and more (soccer moms, idiot dads, stupid kids with no idea about what they are clicking on, hell a slashdotter here stated he has missed the no and hit yes trying to get the box to go away) people where given access to computers and high speed connections.

    Bottom line, the luser is the problem, not the machine, not the operating system (god knows, Linux doesn't have a single virii or worm or anything for it, does it),.... It's the ID10T's.

    To look at it any other way is just fooling yourself and being a fanboi.

    --Toll_Free

  • by John Hasler (414242) on Monday October 20, 2008 @08:18PM (#25447935) Homepage

    > It's just possible that these bots will continue to spam until they are physically
    > shutoff by their owners.

    But the owners are in jail!

    Oh. You mean the mules that think they own the machines.

  • Re:Solution (Score:3, Insightful)

    by kent_eh (543303) on Monday October 20, 2008 @08:35PM (#25448103)
    Like every thing else that gets a death penalty, it'll only stop the same people from repeating the crime, once they're caught.
    It won't stop new spammers from popping up before the first one's body is even cold.
  • by z0idberg (888892) on Monday October 20, 2008 @09:14PM (#25448415)

    the war on terror?

  • Exactly. That's why we see so much malware targeting the millions upon millions of Mac OS X boxes out there.

    Oh, no we don't. Because Unix is actually more secure than Windows.

  • by damn_registrars (1103043) <damn.registrars@gmail.com> on Monday October 20, 2008 @09:51PM (#25448679) Homepage Journal
    If anyone is surprised by this news, they need to think about what they think they know about spam.

    Sure not many people like to see the unsolicited ads for herbal viagra and pirated copies of photoshop. But why do the spammers send them out in the first place? It isn't because they hate us, and it isn't just because they can send out billions of them at next-to-no cost to themselves.

    They send them out because they make money doing it. Which means that someone, somewhere, is paying for spam as a service. Which means that even if 100 spammers were instantaneously taken offline and thrown into pound-me-in-the-ass prison, 100 new spammers would emerge to fill there places and likely send out even more spam.

    If we want to stop spam, we need to remove the economic incentive. And throwing spammers in jail does not accomplish that. So naturally the spam epidemic was largely unchanged by these arrests.
  • Re:Solution (Score:5, Insightful)

    by SL Baur (19540) <steve@xemacs.org> on Monday October 20, 2008 @09:58PM (#25448733) Homepage Journal

    The way draconian sentences have stopped drug dealing?

    Something like that. You cannot legislate away trade in something that people want to buy and other people are willing to sell.

    Email spam is profitable due to the economics of the situation, it used to be nearly free to send out spam, now with botnets it's much, much worse than that.

    Consider it from another angle. How much electricity world wide is consumed by the generation of spam and the receipt and deletion of spam? What's the carbon footprint of all this mostly useless activity? Save the Planet! Stop Spamming Now!

  • by ArcherB (796902) on Monday October 20, 2008 @09:58PM (#25448741) Journal

    If they sent the keys to that botnet via email.

    That is an interesting idea, but what would be the incentive for spammers to cooperate?

    A couple of bullets to the back of their head! Of course, they won't exactly cooperate after that, but the next spammer will.

  • Honestly... (Score:2, Insightful)

    by steelmaverick (936668) on Monday October 20, 2008 @10:30PM (#25448971)
    Seriously, they shut down a spam king with a 35,000 computer botnet, and expected the spam to take a nose-dive? That's not gonna happen.

    First of all, has the botnet been shut down? Does the botnet still have jobs/mail to send out? Is it self-propagating, so even if you shut down part of it, it can keep growing?

    Seriously, I just don't think this would even put a dent in the amount of spam sent daily.

    Perhaps if we made heavy spamming an offense worthy of the death penalty, then it would most likely stop. But today, with 99.9% (pulled this statistic out of my ass) chance of not getting caught, spam will continue to be a thriving business.
  • by lysergic.acid (845423) on Monday October 20, 2008 @11:04PM (#25449211) Homepage

    i don't think the government is spending half the money they spend on the War on Drugs on fighting spam. you can't even compare the two.

    if we lived in a true democracy--one that gave citizens direct voice in public policy--replacing congress with regular national referendums for passing legislation, the spam problem would be solved in under a year.

    everyone hates spam because it negatively affects our daily lives. few people profit from spam and at great societal costs. so if a referendum was held to divert tax funding away from the War on Some Drugs, the War on Iraq, the War on Terrorism, etc. and put these resources into combating spam, our prisons would no longer be filled with harmless drug users (and illegally detained arabs) and instead of filled with spammers, malware writers, and other real societal parasites. most people would probably vote to ban spam outright--that means companies that hire spammers & malware creators would be punished just as harshly. this would immediately cut off the financial incentive to spam. spammers don't send spam because they enjoy it; they do it for money. cut off the cash flow, and there'd be no reason to send spam.

    the other solution is to change our culture of consumerism. spam is a direct result of unbridled capitalism. financial greed and selfishness have become virtues in our society. spammers are the embodiment of the "entrepreneurial" spirit. we're trained to seize any and all opportunity to make money. our society glamorizes the rich, marginalizes the poor, and our entire society and political system is skewed in favor of the wealthy. and it's this pro-business political culture that allowed spam and malware to grow into a such a prevalent institution. politicians were so used to putting business interests above public interest that spam was just an given.

    but it'll take a long time to change our culture of capitalist greed & materialistic consumerism. our children need to be taught that personal integrity is more important than wealth, and to not equivocate money with happiness/success. most importantly, we need to value people based on their moral character and contribution to society, not their bank balance. instilling these positive values in kids will ensure that they don't grow up to be spammers. but that's hard in a society where money and socioeconomic status are everything. you can't even get a good education, decent health care, or justice if you don't have money. so this is an uphill battle.

  • by Erikderzweite (1146485) on Monday October 20, 2008 @11:33PM (#25449385)

    Well, an idiot running Linux isn't such a big threat as an equal idiot running Windows.

    I've switched all my family's computers to Linux after I got tired of cleaning malware regularly. And that's beside they all know the basics of computer security. As no one in my family is a hardcore gamer nor a photoshop/AutoCAD user, the switch went pretty easy (they were using firefox anyway).

    The situation *might* change, but for the time being I have much less hassle with Linux boxes they use. It's much more easier to remote-administer them too. And I am the only one who knows root password :)

  • by Anonymous Coward on Tuesday October 21, 2008 @12:24AM (#25449621)

    Since Service Pack 2 for XP (and SP1 for Server 2003), anyways. The original "Internet Connection Firewall" in XP did have that window-of-opportunity problem.

You can measure a programmer's perspective by noting his attitude on the continuing viability of FORTRAN. -- Alan Perlis

Working...