Rustock Botnet Responsible For 40% of Spam 250
angry tapir writes "More than 40 percent of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division. The Rustock botnet has shrunk since April, when about 2.5 million computers were infected with its malicious software that sent about 43 billion spam e-mails per day. Much of it is pharmaceutical spam."
Re:Question (Score:5, Interesting)
The overwhelming majority of the "pharmaceutical" ads in questions are fraudulent. They're not actually selling Viagra. They're either selling knockoff placebos, or they're selling nothing at all, because they're just looking for naive suckers to visit a sketchy web site and cough up a credit card number or other details that can be used in identity theft schemes or similar crimes. Merck and the other actual makers of the real products would love nothing more than to shut this crap down.
Re:Oh PAH-LEEEZE (Score:5, Interesting)
Re:Oh PAH-LEEEZE (Score:5, Interesting)
So, Lone Star, now you see that evil will always triumph because good is dumb. - Dark Helmet
Re:Wunna These Days, Alice... (Score:4, Interesting)
No need to destroy their data. All one would have to do is replace key Windows boot files with a script that tells them that their Windows installation is hopelessly infected by viruses and has been disabled, telling them to take it to somebody who actually knows how to properly configure a Windows machine. There's no need to destroy irreplaceable data, merely to wreck Windows so badly that they have to do a full reinstall. Since that is completely beyond any of the sorts of people who are part of the problem, they would be forced to take their computers to somebody for repair, and one would at least hope that a sizable percentage of those machines would come back properly protected from viruses.
WoW spam (Score:1, Interesting)
My email accounts only get spam from people trying to steal my battle.net password, on the order of several messages per day. I wonder where it comes from? Once I would have said China, but now I'm not so sure.
Email spam is so passe. (Score:3, Interesting)
Re:Oh PAH-LEEEZE (Score:3, Interesting)
That is only partially true. There was a /. story not long ago about a white-hat company that utterly destroyed a botnet. Sorry I can't remember the names which is making googling rather hard.
I do remember the technical details (whose surprised ?). It was a difficult and involved process - the botnet relied on numerous DNS tricks to always be able to find it's control servers. What the white hats did was to trace and track the current set of master servers. Knocking them out wouldn't do any good, as the controllers would just activate a new set and the bots would find them.
Instead they tracked the servers, worked with law enforcement and the ISP's hosting them and got those DNS names rerouted to their own servers - which were running a control server of their own, designed to be a drop-in compatible replacement for the real thing. Result - suddenly the good guys controlled all the bots, and could then actively locate and eradicate the infections (including letters to the owners of the computers and such).
It meant a lot of coordination between many organisations because pulling it off meant a huge bunch of people doing slightly different updates to servers at the exact same time - but it was done, and it shows it CAN be done.
Interestingly I do remember that the company that did it are the new kids in security, a small startup. They don't have any share of the pie that symantec and the like has, so they have no vested interest in keeping botnets alive. Instead they are trying to build a business model on studying, and then actively destroying them.
Trouble is - botnets are like hydra's, as long as there are so many vulnerable machines on the net (e.g. the entire Microsoft Windows customer base) destroying one doesn't do any good - you see a drop in spam for a few days, maybe a week or two, then another botnet has filled in the gap.
The only real way to solve the problem is to remove those deliciously easy targets. We all know exactly how easy that will be.
Rooting out cross-border networks of perpetrators? (Score:4, Interesting)
Re:Somebody (Score:5, Interesting)
You know what's really interesting in spam? For spam to pass the content filters, especially those based on statistical models of language, it has to have purposeful mistakes inserted all over the place. In the end, a piece of spam typically looks like if a stoned idiot wrote it. But now it seems that people who author the message in the first place became somehow infected by the stoned idiocy of their own messages.
A few months ago I went through 300 non-scamming spam messages in my spam folder, and only managed to get to 5, I repeat, 5 payment screens. That means that most spam is pretty pointless: the websites it points to, if they haven't been left out (happens quite often), are mostly broken so that there's no way to actually pass any money to the spammer, even if you try really hard. Sometimes they superficially look like they may work, but when time comes to actually submit a payment, things are very likely to be broken. I have been testing stuff using virtual credit cards available from my bank, with very low limits -- below that of the payment amount. On a working site, you get some indication that the transaction was declined. In most places, though, there would be internal server errors, javascript errors preventing payment submittal, and all other sorts of problems.
I think that bulk emailing operations are simply around to milk the spammers for money, and only the mailers make any money -- the spammers themselves seem too stupid to get any.
It's quite hilarious.
Microsoft malicious software removal tool (Score:3, Interesting)
Why isn't the Microsoft malicious software removal thing wiping these botnets out in their millions?
Re:Somebody (Score:2, Interesting)
Well Somebody, your right, it does cause harm. Then why hasn't someone come up with a set of out of the distro defaults that are safe and secure? Think about it. If in the community you want Linux to be widespread and generally useful, you come up with a product that is that by default.
We work these problems as we see them, take the seat belt thing with cars. Were the people who drove cars up until the 80's (or whenever the law required seat belts) criminals because a car crash would have hurt their passengers or the people in the other car. I don't think so. But we recognized that this was a problem that could be mitigated by requiring that seat belts be put into cars, and car seats for children, now the regulations that you must have your seat belts on. Why? because even if you get hurt in an accident the cleanup from it medically, financially and other ways effects us all.
The OS community has an opportunity to lock out this problem by crafting distributions that start out secure and those that know can open up what they want. Tall order certainly, and those that know don't want to have to go through that exercize if they don't want to, and like a system that needs them around to lock things down. But the problem of viruses, bots, theft and spam are serious problems. Not only should we find and stop these people but we should remove the food that attracts the rats and roaches of the computer field.