Spam Flood Unabated After Bust

AcidAUS writes "Last week's bust of the largest spam operation in the world has had no measurable impact on global spam volumes. The spam gang, known by authorities and security experts as HerbalKing, was responsible for one-third of all spam, the non-profit antispam research group Spamhaus said." The article speculates that the operators of HerbalKing simply passed on to associates the keys to the automated, 35,000-strong botnet, and the spam flow didn't miss a beat.

Re:This type of thing is only going to continue

[Fastolfe]

Even if it has a firewall, it's probably third-party software, and as such, doesn't start until after the network interface is up and running, leaving a huge (by computer standards) window of opportunity for the box to get pw0ned. And, of course, the same is true for any anti-virus running.

First, XP has a firewall built in. It's not likely to be "third-party software". Second, firewalls and virus scanners use the same Windows Filtering Platform to do their work. This platform installs boot-time filters that are in effect until the user-mode software is finally up, at which point there's an atomic hand-off. At no time is the system open to any sort of "window of opportunity" like you describe.

Re:This type of thing is only going to continue

[Raenex]

Even if it has a firewall, it's probably third-party software, and as such, doesn't start until after the network interface is up and running,

I imagine most people either use the firewall in their router or they use the default firewall that comes with Windows. How many people install 3rd party firewalls?

Like it or not, most of the world's private computers are going to be running one form or another of Windows for the foreseeable future, and unless and until Redmond sets things so that there's a built-in firewall up and running while the box is still isolated, MS boxen are going to get pw0ned

I had never heard of the problem with firewalls being disabled at boot, but I looked around and yes, it seems like it was a problem before XP Service Pack 2 that has since been fixed [cnrs-orleans.fr]:

SP2 turns on Windows Firewall by default and starts it earlier in the boot process. [...] In Windows XP Service Pack 2, the firewall driver has a static rule, called the boot-time policy. It performs stateful filtering and eliminates the window of vulnerability while the computer is booting.

Re:Spam gang whack-a-mole

[damn_registrars]

It adds significant risk and potential complexity to their operating activities. As such, it reduces the economic incentive significantly.

The problem with that is that very few countries enforce anti-spam laws with criminal prosecution. The US could pass the most brutal anti-spam laws they want and it wouldn't make an impact because there would still be plenty of other countries that have no anti-spam laws at all.

If spamming were a capital offense in the US, but not a crime at all in another country, the spammers will just go to another country and setup shop there. The end result would just be less spam originating in the US. The net effect of spam received in the US would likely be completely negligible.