Forgot your password?
typodupeerror
Spam

Spam Flood Unabated After Bust 188

Posted by kdawson
from the removing-a-cup-of-water-from-the-sea dept.
AcidAUS writes "Last week's bust of the largest spam operation in the world has had no measurable impact on global spam volumes. The spam gang, known by authorities and security experts as HerbalKing, was responsible for one-third of all spam, the non-profit antispam research group Spamhaus said." The article speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat.
This discussion has been archived. No new comments can be posted.

Spam Flood Unabated After Bust

Comments Filter:
  • I wonder... (Score:5, Funny)

    by Fluffeh (1273756) on Monday October 20, 2008 @06:32PM (#25447537)

    speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat

    If they sent the keys to that botnet via email. If it got eaten up by the other ends spam filters, that would be irony indeed.

  • by Robotbeat (461248) on Monday October 20, 2008 @06:34PM (#25447555) Journal

    "The article speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat."
    Whatever. I've seen way too many scifi films to believe that. Obviously, skynet is now self-aware.

    I for one... (etc.)

  • by Anonymous Coward on Monday October 20, 2008 @06:35PM (#25447563)

    Since they did that bust in that other endless, fruitless war.

    • by z0idberg (888892) on Monday October 20, 2008 @08:14PM (#25448415)

      the war on terror?

    • by lysergic.acid (845423) on Monday October 20, 2008 @10:04PM (#25449211) Homepage

      i don't think the government is spending half the money they spend on the War on Drugs on fighting spam. you can't even compare the two.

      if we lived in a true democracy--one that gave citizens direct voice in public policy--replacing congress with regular national referendums for passing legislation, the spam problem would be solved in under a year.

      everyone hates spam because it negatively affects our daily lives. few people profit from spam and at great societal costs. so if a referendum was held to divert tax funding away from the War on Some Drugs, the War on Iraq, the War on Terrorism, etc. and put these resources into combating spam, our prisons would no longer be filled with harmless drug users (and illegally detained arabs) and instead of filled with spammers, malware writers, and other real societal parasites. most people would probably vote to ban spam outright--that means companies that hire spammers & malware creators would be punished just as harshly. this would immediately cut off the financial incentive to spam. spammers don't send spam because they enjoy it; they do it for money. cut off the cash flow, and there'd be no reason to send spam.

      the other solution is to change our culture of consumerism. spam is a direct result of unbridled capitalism. financial greed and selfishness have become virtues in our society. spammers are the embodiment of the "entrepreneurial" spirit. we're trained to seize any and all opportunity to make money. our society glamorizes the rich, marginalizes the poor, and our entire society and political system is skewed in favor of the wealthy. and it's this pro-business political culture that allowed spam and malware to grow into a such a prevalent institution. politicians were so used to putting business interests above public interest that spam was just an given.

      but it'll take a long time to change our culture of capitalist greed & materialistic consumerism. our children need to be taught that personal integrity is more important than wealth, and to not equivocate money with happiness/success. most importantly, we need to value people based on their moral character and contribution to society, not their bank balance. instilling these positive values in kids will ensure that they don't grow up to be spammers. but that's hard in a society where money and socioeconomic status are everything. you can't even get a good education, decent health care, or justice if you don't have money. so this is an uphill battle.

      • I have said it before, and I'll say it again. Spam is there to induce payment through credit/debit cards. If it was made illegal for (American) card companies to process the payment for transactions solicited through spam, there would be no spam. In other words, follow the money and yes, Its the Americans wot done it
        • Re: (Score:2, Interesting)

          by domatic (1128127)

          Spammers also like to masquerade as legitimate advertising outfits. It used to be the one spamming was also flogging the bogus product. Now the spambot herds are a resource to rented and the spammers could care less whether any product moves or not. The only credit card they are interested in is the one that pays them for doing the spam runs.

          Following the money will still work in this instance but you likely won't be punishing the spammer. Rather, you'll punish the one who hired the spammer either becau

      • by RobBebop (947356)

        spam is a direct result of unbridled capitalism

        I disagree. It's unbridled socialism. In a capitalist market, the network would be taxed so that doing business over it would be a paid service. Want to send a letter to somebody in the mail? You pay the government or a private industry gatekeeper. Want to make a phone call? Again, pay the private industry gatekeeper. Want to send an e-mail message? Due to the fact that there is no gatekeeper, opportunities exist for everybody to do whatever they want. Society has an equal opportunity to use the ne

  • Another theory... (Score:5, Insightful)

    by mysidia (191772) on Monday October 20, 2008 @06:36PM (#25447581)

    They anticipated they might someday be busted.

    They could have designed the botnet with a dead man's switch... if they were busted, start feeding their partners' spam at double vigor, and have the bots create as much noise and general chaos as possible.

    • by John Hasler (414242) on Monday October 20, 2008 @07:13PM (#25447905) Homepage

      Why would it need any kind of switch? Why wouldn't it just keep on churning out the spam it has until given new stuff?

      • Re:Another theory... (Score:4, Interesting)

        by ShaunC (203807) on Tuesday October 21, 2008 @01:38AM (#25450213)

        Why wouldn't it just keep on churning out the spam it has until given new stuff?

        Because the life expectancy of a given spammed domain is on the order of several hours now, even with fast-flux DNS tactics, and professional spammers certainly understand that. There's no reason to expect that botnets are given a "spam this until otherwise instructed" order; instead, evidence points to very specific commands from botnet operators to mail each campaign for X site to Y addresses over Z period of time. There are screenshots out there of popular spam/bot controller interfaces. Besides, if the botnet operators have been busted, we have to presume that access to their C&C (and the ability to shut down the botnet) was part of a plea bargain.

        I've mentioned this anecdotally to friends and coworkers over the past week, but apparently I'm not the only one to notice: after the bust, spam volume has remained steady. Claims that this group was responsible for a third of all spam appear to be sorely overrated.

    • Re:Another theory... (Score:4, Interesting)

      by roguetrick (1147853) <kazer@brIIIigands.org minus threevowels> on Monday October 20, 2008 @07:29PM (#25448049) Homepage Journal

      "Hey, I got an idea, if we get caught lets make sure something happens that gives us an even longer prison sentence!"

    • They could have designed the botnet with a dead man's switch

      Isn't it more likely that the PCs in their botnet were just swiftly taken over by somebody else's worm and are now pumping out spam on a different botnet?

      Sure, there may be no incentive for spammers to cooperate with each other (and each others' botnets) but why would they want to poison the well?

  • by lobiusmoop (305328) on Monday October 20, 2008 @06:46PM (#25447653) Homepage

    My inbox now seems to be filling up with lobster thermidor aux crevettes instead.

    • My inbox now seems to be filling up with lobster thermidor aux crevettes instead.

      Now that's what I call a posh meal - I didn't even know they made neckties for lobsters.

      (I kid, I kid - I'm not actually that uncultured. I know a crevette is a sports car. Although I am a little unclear how the lobster reaches the gas pedal...)

  • Consider the economic benefits of spam! [today.com] MessageLabs reports that Egham, Surrey, on the suburban outskirts of London, is the town that receives the most spam in Britain.

    "It's not like there's much else to do," says Boris Busybody, 77 (IQ), of Egham Hythe, idly whirling his four-foot penis around his head in a desultory fashion. "Expanding your manhood, growing your breasts, increasing your sperm ... the Lib Dem phone calls get a bit much. That's Doctor Busybody, by the way. My Ph.D arrived last week."

    Spam has revitalised the local economy. Busybody has given up cab driving and is now working a lucrative job processing payments from home after he sent them his bank details in response to an urgent security message. "I had that King Otumfuo Opoku Ware II in the back of my cab once. Very generous and helpful fellow."

    The Egham Tourist Board has seized the day, with plans for a 50 foot tall penis sculpture at Junction 13 of the M25 on the exit ramp to the town. The sculpture will be encircled by a genuine imitation Rolex and spray a fountain of Spermamax, obtained at a very reasonable rate from a Canadian pharmacy. "You will search an hour for your underwear in the ocean of our spam!" is to become the new town motto.

    "I did get a good one the other day," says Busybody. "Barrister Matthew Sergeant Busybody of MessageLabs said we could promote our town to millions of people just by sending them an advance fee to process our incoming email. The stuff they try! â(TM)Scuse me, V!k@grk@ kicking in, got to go have sex again. Sorry."

  • by MrKevvy (85565) on Monday October 20, 2008 @06:50PM (#25447679)

    Exactly when the original story broke, I went from about two hundred spams a day to over a thousand, almost all of which were new topics, and it hasn't let up since. So the keys may have been passed on to several parties who are making more extensive use of the botnet than the HerbalKing group did.

    I wonder how many it will take before Yahoo finally decides to start blacklisting spam hosts rather than sticking to the woefully inadequate filters.

    • by Capsaicin (412918)

      Exactly when the original story broke, I went from about two hundred spams a day to over a thousand

      Wierd, I went from about 50-75 to about 5! I haven't had so little spam in ages, I keep having to check that fetchmail is still running. I wondered why, and then thought, this spam bust? No. Surely busting a single operator isn't going to have a noticeable effect?!

      So I guess it all depends on whose lists you are?

  • by actionbastard (1206160) on Monday October 20, 2008 @06:51PM (#25447695)
    "...the automated, 35,000-strong botnet..."

    Doesn't mean that the 'machines' will stop doing what they have been 'told' to do.
    FCOL, 99% of the spam is rejected because of bad addresses, rules, and so forth.
    It's just possible that these bots will continue to spam until they are physically shutoff by their owners.
    • Re: (Score:3, Insightful)

      by John Hasler (414242)

      > It's just possible that these bots will continue to spam until they are physically
      > shutoff by their owners.

      But the owners are in jail!

      Oh. You mean the mules that think they own the machines.

    • What? You mean to tell me that after the people were arrested, the compromised machines kept doing what they were told to do?

      I thought that they sent every spam by hand.....

      Really, you obviously see what TFA seems to be blind to. It is absolutely stupid to assume that somehow arresting people will fix the problem of automated spamming. For all we know, the compromised machines have a 6 month queue of spam to send, in pre-purchased amounts. Set it up once, charge your slimy clients once, and then sit on y
  • by techno-vampire (666512) on Monday October 20, 2008 @06:54PM (#25447721) Homepage
    Busting the operators of this botnet isn't going to end the problem. It's going to continue as long as Joe The Plumber is surfing the net on a computer running an OS which is insecure by design. Even if it has a firewall, it's probably third-party software, and as such, doesn't start until after the network interface is up and running, leaving a huge (by computer standards) window of opportunity for the box to get pw0ned. And, of course, the same is true for any anti-virus running.

    Now, personally I run Linux, so for right now, I don't have to worry. Of course, if Linux ever gets popular enough to put a real bite in Microsoft's monopoly that will change, but it's not vulnerable in the same way. Not only is it (more) secure by design, the firewall goes up before, not after the network interface, so there's no time that it's exposed to the network without protection.

    Like it or not, most of the world's private computers are going to be running one form or another of Windows for the foreseeable future, and unless and until Redmond sets things so that there's a built-in firewall up and running while the box is still isolated, MS boxen are going to get pw0ned, and Joe The Plumber won't know that there's anything wrong except that his computer isn't as fast as it used to be, but he's accustomed to that by now anyway, and won't realize that it's a problem.

    • by Toll_Free (1295136) on Monday October 20, 2008 @07:15PM (#25447917)

      You're so wrong, and that's funny.

      The problem with spam isn't the less than 40 seconds it takes for the firewall to come up on a WinTel box.

      It's the idiot behind the keyboard. Always has been, always will be.

      Nobody seems to realize (or face the facts thereof) that spam became more and more profitable, as more and more (soccer moms, idiot dads, stupid kids with no idea about what they are clicking on, hell a slashdotter here stated he has missed the no and hit yes trying to get the box to go away) people where given access to computers and high speed connections.

      Bottom line, the luser is the problem, not the machine, not the operating system (god knows, Linux doesn't have a single virii or worm or anything for it, does it),.... It's the ID10T's.

      To look at it any other way is just fooling yourself and being a fanboi.

      --Toll_Free

      • Bottom line, the luser is the problem, not the machine, not the operating system (god knows, Linux doesn't have a single virii or worm or anything for it, does it),.... It's the ID10T's.

        As I said, there isn't any malware for Linux...yet. There will be, as soon as it becomes, as you point out, profitable. As far as your assertion about the delay in the firewall going up not being a factor, I disagree, but I won't argue the point because it's just my opinion and I don't have any facts to back it up. Howe

      • Re: (Score:3, Insightful)

        Well, an idiot running Linux isn't such a big threat as an equal idiot running Windows.

        I've switched all my family's computers to Linux after I got tired of cleaning malware regularly. And that's beside they all know the basics of computer security. As no one in my family is a hardcore gamer nor a photoshop/AutoCAD user, the switch went pretty easy (they were using firefox anyway).

        The situation *might* change, but for the time being I have much less hassle with Linux boxes they use. It's much more easier to

      • by mdmkolbe (944892)
        What you say is true. I've run a Windows box for years with nothing more than a firewall and a smart user (me) that doesn't install every smiley face or kitten cursor that comes down the pike. I've never once had an infection.
    • by Fastolfe (1470) on Monday October 20, 2008 @08:30PM (#25448529)

      Even if it has a firewall, it's probably third-party software, and as such, doesn't start until after the network interface is up and running, leaving a huge (by computer standards) window of opportunity for the box to get pw0ned. And, of course, the same is true for any anti-virus running.

      First, XP has a firewall built in. It's not likely to be "third-party software". Second, firewalls and virus scanners use the same Windows Filtering Platform to do their work. This platform installs boot-time filters that are in effect until the user-mode software is finally up, at which point there's an atomic hand-off. At no time is the system open to any sort of "window of opportunity" like you describe.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Since Service Pack 2 for XP (and SP1 for Server 2003), anyways. The original "Internet Connection Firewall" in XP did have that window-of-opportunity problem.

      • by mvdwege (243851)

        And since when exactly has the builtin firewall in XP stopped outgoing connections?

        If the infection vector is one of the many IE exploits, the XP firewall is not going to stop the PC from becoming a zombie.

        Mart

    • by bendodge (998616)

      I think you're wrong. Most home computers I deal with these days are behind a cheap router which includes a thick-headed (you can't do anything besides web/email/IM without turning it completely off) firewall. The problem is that people actually click and download those zillion-billion packs of lame smilies, animated cursors, screensavers or, even worse, 'porn viewers'. A firewall won't solve bad user habits.

      • I'm behind a cheap router, but I've managed to get Bittorrent working with no problems. I've also opened another (unspecified) port for a different service, so I know it's not that hard. Of course, I'm a computer geek, not a point and drool luser.
    • It's going to continue as long as Joe The Plumber is surfing the net on a computer running an OS which is insecure by design.

      So you're saying Joe the Plumber should get Vista?

      • He already got it because he was told that his two-years old computer was too old (and was running very slow due to all the malware). So he went to Wal-Mart and bought himself a new one with (inevitable) Vista preinstalled. It will hopefully last next two years after Windows 7 comes out and he'll be convinced that he needs a new PC. Again.
        Hey, that's what runs the US economy! Imagine him being happy with his decades-old Linux box? Awful! Where is the profit in this?

    • by bloobloo (957543) on Monday October 20, 2008 @09:12PM (#25448841) Homepage

      Surely Joe the Plumber of all people should know how the tubes work?

    • Re: (Score:3, Informative)

      by Raenex (947668)

      Even if it has a firewall, it's probably third-party software, and as such, doesn't start until after the network interface is up and running,

      I imagine most people either use the firewall in their router or they use the default firewall that comes with Windows. How many people install 3rd party firewalls?

      Like it or not, most of the world's private computers are going to be running one form or another of Windows for the foreseeable future, and unless and until Redmond sets things so that there's a built-in firewall up and running while the box is still isolated, MS boxen are going to get pw0ned

      I had never heard of the problem with firewalls being disabled at boot, but I looked around and yes, it seems like it was a problem before XP Service Pack 2 that has since been fixed [cnrs-orleans.fr]:

      SP2 turns on Windows Firewall by default and starts it earlier in the boot process. [...] In Windows XP Service Pack 2, the firewall driver has a static rule, call

      • Thank you. I haven't been involved with XP since about the time SP1 came out and then, I never had to work with the firewall. That's good to know. Now, if only Microsoft could close some of the many other well-known vulnerabilities, it might be worth looking at again.
    • by RAMMS+EIN (578166)

      You might want to read this article [lwn.net]. The illusion that running Linux makes you safe and that Linux machines aren't involved in spam-sending botnets is just that: an illusion.

      As for firewalls protecting insecure systems: they do, to an extent. But the firewall isn't going to stop you from getting infected by, say, visiting a website with malicious code on it, opening an email attachment with such, or installing and running software with malicious code in it.

      • I'm not surprised. Note that I said that Linux was more secure than Windows, not that it was secure. And you'd be surprised how much protection you can get from a good multi-layer firewall. Back when I was running Windows, I had a firewall installed that not only blocked intrusion attempts, it blocked all outbound connections unless I'd told it that the program had permission to call out. It even had separate settings for a program to act as a client or a server. Thus, even if I did get infected, I cou
  • by HalAtWork (926717) on Monday October 20, 2008 @06:58PM (#25447757)
    When you arrest certain people, it doesn't remove the profitability of the activity, it doesn't remove the tools or knowledge used to perpetrate the activity, and it doesn't remove the infected computers already carrying out payloads. Maybe for a few who are deeply involved individuals with a lot to risk, they will reconsider what they're involved in, but there must be a large population who still consider it profitable and worth the risk.
  • But you can't stop all of us; after all, we're all alike.
  • While (mostly) joking, we should simply say that we're going to treat spammers as some of the most vile people in society and punish them accordingly. No 3-5 years in jail or a fine. You spam, you go to jail for life. If somehow you get out and do it (again), then second offense is a capital punishment. Either that, or treat them as 'terrorists' against the Interwebs, and allow police/military to shoot them on sight as combatants.

    Yes, I am mostly joking, but we need to let these people know that having an
  • by barocco (1168573) on Monday October 20, 2008 @07:13PM (#25447903)
    .. I thought it was because this spam ring was too big to fail and the congress bailed it out
  • by zappepcs (820751) on Monday October 20, 2008 @07:14PM (#25447909) Journal

    Dear F-Secure,

    Please note the implications of this story, then promptly stick your request for Internetpol up your collective asses.

    Thank you

    The Internet

  • by Joce640k (829181) on Monday October 20, 2008 @07:43PM (#25448149) Homepage

    It doesn't feel pity or remorse, and it will absolutely will not stop, ever...until our disks are full.

  • by DaveAtFraud (460127) on Monday October 20, 2008 @07:55PM (#25448255) Homepage Journal

    Maybe most of my spam originated on their bot net. My dSPAM fourteen day analysis shows my incoming spam rate has dropped to less than half the level of a week ago.

    Note, I'm not complaining.

    Cheers,
    Dave

  • ...that's not got much spam in it.
  • by damn_registrars (1103043) <damn.registrars@gmail.com> on Monday October 20, 2008 @08:51PM (#25448679) Homepage Journal
    If anyone is surprised by this news, they need to think about what they think they know about spam.

    Sure not many people like to see the unsolicited ads for herbal viagra and pirated copies of photoshop. But why do the spammers send them out in the first place? It isn't because they hate us, and it isn't just because they can send out billions of them at next-to-no cost to themselves.

    They send them out because they make money doing it. Which means that someone, somewhere, is paying for spam as a service. Which means that even if 100 spammers were instantaneously taken offline and thrown into pound-me-in-the-ass prison, 100 new spammers would emerge to fill there places and likely send out even more spam.

    If we want to stop spam, we need to remove the economic incentive. And throwing spammers in jail does not accomplish that. So naturally the spam epidemic was largely unchanged by these arrests.
    • by mosch (204)

      If we want to stop spam, we need to remove the economic incentive. And throwing spammers in jail does not accomplish that.

      It adds significant risk and potential complexity to their operating activities. As such, it reduces the economic incentive significantly.

      After all, most people look at risk-adjusted returns. And potentially losing your freedom and forfeiting your assets is a whole hell of a lot of risk.

      • Re: (Score:3, Informative)

        It adds significant risk and potential complexity to their operating activities. As such, it reduces the economic incentive significantly.

        The problem with that is that very few countries enforce anti-spam laws with criminal prosecution. The US could pass the most brutal anti-spam laws they want and it wouldn't make an impact because there would still be plenty of other countries that have no anti-spam laws at all.

        If spamming were a capital offense in the US, but not a crime at all in another country, the spammers will just go to another country and setup shop there. The end result would just be less spam originating in the US. The net e

    • by Tom (822)

      If we want to stop spam, we need to remove the economic incentive. And throwing spammers in jail does not accomplish that.

      That's not true.

      It does raise the risk, which raises the cost for the spam-buyers. If you raise the risk, and thus the cost, enough, it will stop being profitable. First for a few items, then for the majority. Only a small number of exceptionally high profit margin items will remain "spam-worthy".

  • Honestly... (Score:2, Insightful)

    by steelmaverick (936668)
    Seriously, they shut down a spam king with a 35,000 computer botnet, and expected the spam to take a nose-dive? That's not gonna happen.

    First of all, has the botnet been shut down? Does the botnet still have jobs/mail to send out? Is it self-propagating, so even if you shut down part of it, it can keep growing?

    Seriously, I just don't think this would even put a dent in the amount of spam sent daily.

    Perhaps if we made heavy spamming an offense worthy of the death penalty, then it would most likely s
  • How come we never go after the companies who make money off of spam? The spammers are just the middle men sending advertisements out for clients no? They don't stock viagra .. ? do they? maybe that's how they pass along the great deals

  • The naive (but sometimes well-meaning) fools who continue to persist in their delusional belief that legislative or executive action will have any meaningful impact on spam always seem surprised that their latest "triumph" is nothing of the kind. These well-publicized busts are all about positive PR for the entity making them, and career advancement for the politicians who trumpet them. They have nothing to do with actually stopping spammers, so it's no surprise that spammers merely laugh at these feeble

This file will self-destruct in five minutes.

Working...