Forgot your password?
typodupeerror
Spam IT

Rustock Botnet Responsible For 40% of Spam 250

Posted by timothy
from the long-walk-short-plank dept.
angry tapir writes "More than 40 percent of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division. The Rustock botnet has shrunk since April, when about 2.5 million computers were infected with its malicious software that sent about 43 billion spam e-mails per day. Much of it is pharmaceutical spam."
This discussion has been archived. No new comments can be posted.

Rustock Botnet Responsible For 40% of Spam

Comments Filter:
  • Somebody (Score:5, Insightful)

    by bobstreo (1320787) on Tuesday August 24, 2010 @10:51PM (#33364966)

    Hunt them down and kill them all
    Please

    • Re:Somebody (Score:5, Funny)

      by DWMorse (1816016) on Tuesday August 24, 2010 @10:56PM (#33364996) Homepage

      And then, unplug their computers.

      That's... that's what you meant, right?

    • Re:Somebody (Score:5, Insightful)

      by Anne Thwacks (531696) on Wednesday August 25, 2010 @03:28AM (#33366264)
      Starting with the pharma companies whose products are being promoted, and the credit card companies who process the transactions.

      (They are the low hung fruit.)

      • Re: (Score:3, Insightful)

        by crow_t_robot (528562)

        (They are the low hung fruit.)

        Considering what they are selling, they are also the "well hung" fruit.

      • Re:Somebody (Score:5, Insightful)

        by selven (1556643) on Wednesday August 25, 2010 @08:41AM (#33367538)

        I agree with hitting the pharma companies, but the credit card companies? I'd rather have them be neutral providers of monetary exchange services than have them decide what's legitimate and what isn't, just like ISPs should stay out of copyright enforcement.

        • Re:Somebody (Score:4, Insightful)

          by Lurker2288 (995635) on Wednesday August 25, 2010 @12:53PM (#33370730)
          Yeah, go after Pfizer. Because I'm sure it's really them that's putting out all that Viagra spam, and totally not bullshit suppliers of counterfeit drugs.

          Seriously, do you have any idea how tightly regulated even direct to consumer drug ads are? There's no way any legitimate company is involved in this. I know it's fun and exciting to blame Big Pharma for everything wrong in life, but how about we stick to the many things they ACTUALLY do wrong, rather than random shit we merely attribute to them?
    • Re:Somebody (Score:5, Interesting)

      by tibit (1762298) on Wednesday August 25, 2010 @08:56AM (#33367644)

      You know what's really interesting in spam? For spam to pass the content filters, especially those based on statistical models of language, it has to have purposeful mistakes inserted all over the place. In the end, a piece of spam typically looks like if a stoned idiot wrote it. But now it seems that people who author the message in the first place became somehow infected by the stoned idiocy of their own messages.

      A few months ago I went through 300 non-scamming spam messages in my spam folder, and only managed to get to 5, I repeat, 5 payment screens. That means that most spam is pretty pointless: the websites it points to, if they haven't been left out (happens quite often), are mostly broken so that there's no way to actually pass any money to the spammer, even if you try really hard. Sometimes they superficially look like they may work, but when time comes to actually submit a payment, things are very likely to be broken. I have been testing stuff using virtual credit cards available from my bank, with very low limits -- below that of the payment amount. On a working site, you get some indication that the transaction was declined. In most places, though, there would be internal server errors, javascript errors preventing payment submittal, and all other sorts of problems.

      I think that bulk emailing operations are simply around to milk the spammers for money, and only the mailers make any money -- the spammers themselves seem too stupid to get any.

      It's quite hilarious.

  • So if they can identify these botnets, and they know this spam is coming from them...

    Do they know what IP addresses these bots are connecting from? Is it possible to make a blacklist? How can I avoid accepting mail from these 2.5 million computers?

    • Oh PAH-LEEEZE (Score:5, Insightful)

      by Frosty Piss (770223) on Tuesday August 24, 2010 @11:09PM (#33365056)
      First and foremost, don't expect ANY help from the "security" companies like Symantec and the like, SOLVING this problem would mean the end to their extortion business.

      And, don't expect ANY help from the "white hats" in general, all they can do is walk in circles pontificating about how it would be unethical to hack these networks and bring them down.

      So really, the only solution is the possibility of someone with "black hat" skilz that wants to be paid to take the system down outside the "law".
      • Re:Oh PAH-LEEEZE (Score:5, Interesting)

        by Nemyst (1383049) on Wednesday August 25, 2010 @12:07AM (#33365386) Homepage
        Your wording seems to indicate contempt. White hats or security experts unfortunately have their hands tied. They probably know how to take down the botnet, but that involves illegal activity. While the criminals are hampered by no such things, the lawful guys are stuck with it: anything they'd do that would be essentially good would get them jailed.
        • Re:Oh PAH-LEEEZE (Score:5, Interesting)

          by Yvan256 (722131) on Wednesday August 25, 2010 @12:14AM (#33365418) Homepage Journal

          So, Lone Star, now you see that evil will always triumph because good is dumb. - Dark Helmet

          • by vlueboy (1799360)

            So, Lone Star, now you see that evil will always triumph because good is dumb. - Dark Helmet

            True. More technically, because of evil whistle-blowers with vested evil interests (usually monetary) or a few goody two-shoes touting a "who watches the watchers" attitude that keeps necessary law from being created.

            The goody-two shoes normally support *other* laws giving otherwise-worrysome lethal or raiding force to the police/justice/penal system, but worry that certain rights of theirs will be trampled if they stand down for "good" causes tangential to their main interests. See also NRA activism in ant

        • Re: (Score:3, Interesting)

          by silentcoder (1241496)

          That is only partially true. There was a /. story not long ago about a white-hat company that utterly destroyed a botnet. Sorry I can't remember the names which is making googling rather hard.
          I do remember the technical details (whose surprised ?). It was a difficult and involved process - the botnet relied on numerous DNS tricks to always be able to find it's control servers. What the white hats did was to trace and track the current set of master servers. Knocking them out wouldn't do any good, as the con

          • Re: (Score:3, Informative)

            by Raenex (947668)

            There was a /. story not long ago about a white-hat company that utterly destroyed a botnet.

            If you're thinking if this story [slashdot.org], it was a research professor, and the botnet was eventually allowed to be retaken.

            • I wasn't thinking of that one no. The story I am thinking off was definitely a company effort, I remember reading the details and the whitepaper on the company site. I just can't remember their name.

      • Re: (Score:2, Insightful)

        by blueg3 (192743)

        There's more than enough threat for Symantic etc. to deal with one and still have a viable business model.

        And you're right, white hats don't hack other people's machines, which is illegal, just because it seems like a convenient solution to a problem. That's basically how that works.

      • by PatPending (953482) on Wednesday August 25, 2010 @12:30AM (#33365488)

        So really, the only solution is the possibility of someone with "black hat" skilz that wants to be paid to take the system down outside the "law".

        Hudson: Let's just bug out and call it even, OK? What are we talking about this for?

        Ripley: I say we take off and nuke the entire site from orbit. It's the only way to be sure.

        Hudson: Fuckin' A...

      • by N0Man74 (1620447) on Wednesday August 25, 2010 @01:24AM (#33365692)

        Companies like Symantec and Norton didn't start off as antivirus companies. They build tools and utilities. If by some miracle all of the botnets, trojans, and virus infections were to vanish from the world, I imagine that they would go back to making tools. It was virus makers that created the market, not Symantec and Norton.

        I suppose you think cancer researchers don't really want to find a cure, because then they'd lose their funding, right?

        The fact that you are marked as insightful is baffling. You have a distorted sense of reality.

        I won't even bother commenting on your "white hats" criticisms, since that's been pretty well covered by others...

        However, to say that *your* solution is the only solution is not only short-sighted, it's arrogant. Black Hat "skilz" must be the mystery reason why about half the number of systems are infected now, right?

        There isn't a magic bullet solution that will magically fix the problem completely, aside from getting rid of the internet (and maybe humanity too!). It has to be fought on multiple fronts and incorporating multiple solutions to mitigate the problem and hopefully if it's made difficult enough or they have enough that they can lose, then maybe it will stop... but it's much more likely that we're always going to be stuck with it to at least some degree.

        • Jesus. Get off your High Horse and come down to reality. Commit to a Scorched Earth No Holds Barred program to get rid of spam, OR ACCEPT IT AND STOP WHINING ABOUT IT. Folks, that's our options.
          • by DamonHD (794830)

            I'm afraid that I think it's you that needs the reality check.

            Assuming conspiracy where there need be none just clouds your judgement.

            Yes, the "white hat" folks have their hands tied because we don't want vigilante justice from morons who *think* they know what's right and wrong...

            Rgds

            Damon

        • Re: (Score:2, Insightful)

          by interkin3tic (1469267)

          Companies like Symantec and Norton didn't start off as antivirus companies. They build tools and utilities. If by some miracle all of the botnets, trojans, and virus infections were to vanish from the world, I imagine that they would go back to making tools. It was virus makers that created the market, not Symantec and Norton.

          Eh, I'd say that depends on how much they've invested in their antivirus business and how much of their profits come from antivirus. If they now only get 20% of their profits from tools and utilities, I doubt they'd be happy to lose that 80%.

          It's not like those guys go to work motivated to make tools and antivirus is just a necessary evil. They go to make money.

      • by shentino (1139071)

        Blue Frog had a good run until the spammers nuked it with a DDoS.

      • Why isn't the Microsoft malicious software removal thing wiping these botnets out in their millions?

    • by Solandri (704621)

      Do they know what IP addresses these bots are connecting from? Is it possible to make a blacklist? How can I avoid accepting mail from these 2.5 million computers?

      We've traced the spam... it's coming from inside your house!

    • >> How can I avoid accepting mail from these 2.5 million computers?

      Use gmail.

      Spam has been a history lesson since 2004.

  • Pharmaceutical (Score:3, Insightful)

    by Tubal-Cain (1289912) on Tuesday August 24, 2010 @11:07PM (#33365046) Journal

    Much of it is pharmaceutical spam.

    A very particular kind of pharmaceutical.

    • Re:Pharmaceutical (Score:5, Informative)

      by compro01 (777531) on Tuesday August 24, 2010 @11:39PM (#33365234)

      My accounts have been getting more offers of narcotics than genital enlargement in the past few months. Also got a few spams selling antibiotics, which is a new one, and even more reprehensible if they're genuine.

      • Re: (Score:3, Informative)

        by dgatwood (11270)

        Why is it worse if they're real? You can buy antibiotics at any vet supply house.... It's not like they're hard to get without a prescription. If they're real, the spam is pretty much noise. If they're not real, then it's bad---people buying something that they think will make them well, only to have it not help them, or worse, poison them....

        • Re:Pharmaceutical (Score:5, Insightful)

          by compro01 (777531) on Wednesday August 25, 2010 @12:43AM (#33365532)

          The spam is offering antibiotics such as linezolid, teicoplanin, daptomycin, and tigecycline, antibiotics that are reserved for highly resistant bacteria ("superbugs" like VRE and MSRA), not the stuff you can get from a veterinarian. These drugs being used inappropriately is a very bad thing.

          • by sjames (1099)

            It's bad in many ways. Creating new mega resistant strains will be bad for all of us. Also those are not gentle drugs, people using them need to be monitored for life threatening side effects.

            It's sad that health care is so expensive in the U.S. that people would even think of resorting to ordering the drugs from a spamvertized site. It's not unexpected though, black and gray markets thrive wherever prices are kept artificially high or where prohibition is in place.

            • by sqrt(2) (786011)

              If you give them your credit card info, you're not actually going to get anything. On the off chance they do send you some drugs, they are going to be fake. It might cause damage if people forgo real medical treatment because they think the placebos are real, but I would be very surprised if there was anything dangerous or even effective in them. All of that assumes someone would even get something from the spammer, which is unlikely at best.

              • by tibit (1762298)

                If you can get as far as actually submitting a payment. I've had poor luck with that -- maybe it's just me getting particularly broken spam. I've got heaping bunches of messages where there isn't even a single link in them.

        • You can buy antibiotics at any vet supply house.... It's not like they're hard to get without a prescription.

          You know that, and I guess I know that too, but if someone is so ignorant that they think antibiotics are miracle drugs that should be taken for every cough or flu, then they're probably ignorant enough not to know how easy it is to get antibiotics. As I understand it, a significant amount of people who take antibiotics pointlessly are getting prescriptions for it. If you come to their door and say "Here!" then that's worse, because actually making an appointment and then paying the bill probably inhibits

        • by weicco (645927)

          If they aren't real and people get poisoned I'd say it's just natural selection.

      • by sqrt(2) (786011)

        I get mostly narcotic pain killer spam, and if I thought there was any chance I would actually receive the product after paying for it I might give them some business. They're either going to not ship you anything and just take your money, or send you sugar pills made to look like whatever they're selling. I doubt the antibiotics are real, but who knows what they could be. Probably bulk bought tylenol repackaged - if they send you anything at all which I doubt they would.

        • Drug faking isn't new - it's just new in the US. I spent quite a lot of time in Nigeria during my career, and one thing you learn fast is to only go to embassy doctors who import their medicines.
          Why ? Because there is a thriving market for fake malaria (and other) medicines - faked so well that even doctors (local or Western) can't tell the difference.
          People die from Malaria in redcross hospitals because the last batch of pills were basically sugar pills dressed up so well (along with packaging) that neithe

      • by rjch (544288)

        Perversely, this kind of spam plays hell with the company I work for since we manage IT systems for chemists. Chemists get quite irate when legitimate messages from their suppliers get marked as spam because they mention pharmaceuticals.

  • by Spewns (1599743) on Tuesday August 24, 2010 @11:08PM (#33365052)

    Make your girl happy with your long and huge meat machine.

    *link to .ru website*

    • Re: (Score:2, Funny)

      by Delarth799 (1839672)
      You get text in your emails still?

      A vast majority of the ones I get are just a link or someone having a spaz on the keyboard a few times and then a link.
      I do occasionally get ones where they try to chop up the words into several parts. Those are the easy ones to filter for.
  • So how hard.... (Score:3, Insightful)

    by Anonymous Coward on Tuesday August 24, 2010 @11:09PM (#33365062)

    Is it to order some of their crap. Track down where the money goes.

    And kill them.

    We've spent more doing less millions of times... Why don't we get around to fixin this problem?

    • Re: (Score:2, Informative)

      by ergrthjuyt (1856764)
      Generally spammers are contracted out or just trying to earn referral commissions - they aren't doing the selling themselves. Also, the money will go international, often to countries that aren't just going to say "OK, here it is" when you ask for the bank info.
  • anti-spam (Score:4, Funny)

    by bakamorgan (1854434) on Tuesday August 24, 2010 @11:16PM (#33365098)
    Find their ip address and sick 4chan on them maybe then something will get done.
    • Re: (Score:3, Funny)

      by NevarMore (248971)

      Wait, are you proposing that we ENCOURAGE 4chan to take over a botnet of 2.5 million computers?

      I'll take the spam thankyouverymuch.

  • Really? (Score:5, Funny)

    by scdeimos (632778) on Tuesday August 24, 2010 @11:19PM (#33365122)

    More than 40 percent of the world's spam is coming from a single network of computers

    Yes, it's called the internet.

  • [Mobster Don is gunned down seconds before cops arrest him]

    "Amazing..."
    "What?"
    "She did in 10 seconds what we've been trying to do for ten years."
    "What?"
    "Put Masucci out of business, permanently."
  • IANAL but it would seem to me that the pharmaceutical companies that benefit from this (and yes if no one paid attention to spam it would go away, the fact it's still here means people respond to it) should have responsibility in the computer crimes taking place here.

    • Re:Question (Score:5, Interesting)

      by ScentCone (795499) on Tuesday August 24, 2010 @11:53PM (#33365304)
      it would seem to me that the pharmaceutical companies that benefit from this ... should have responsibility in the computer crimes taking place here

      The overwhelming majority of the "pharmaceutical" ads in questions are fraudulent. They're not actually selling Viagra. They're either selling knockoff placebos, or they're selling nothing at all, because they're just looking for naive suckers to visit a sketchy web site and cough up a credit card number or other details that can be used in identity theft schemes or similar crimes. Merck and the other actual makers of the real products would love nothing more than to shut this crap down.
      • No, some of them really do sell these meds, though they're often cut with something, way too strong or way too weak. The reason this spam is so prevalent is that a bunch of stupid consumers have learned that you can actually buy from these stores and you do receive pills. There was an interesting investigation into this by some paper a while ago, where they ordered some viagra from one of these stores then got it lab tested. It came wrapped in a copy of a Bombay newspaper and was dramatically stronger than
  • Friendly Reminder (Score:5, Insightful)

    by DynaSoar (714234) on Tuesday August 24, 2010 @11:54PM (#33365316) Journal

    "Maybe what we need are a few good old fashioned hangings." -- Commissioner Orson Swindell, Federal Trade Commission
      at the first FTC spam conference.

  • by Psaakyrn (838406) on Wednesday August 25, 2010 @12:55AM (#33365570)
    Now the port scan spams on the other hand.. Sure, I can block them, but the sheer load is causing DoS issues. What can I do about that?
    • by X0563511 (793323)

      Nothing. Firewall the shit out of yourself, dropping instead of rejecting. Including ICMP.

      It sucks, but not doing that can either result in you seeing what you see now, or your being an unwitting member of a reflected DDoS squad.

      Explanation:

      Attacker sends a spoofed ICMP Echo (or whatever) with the target's IP address as the sender. Your machine dutifully (and correctly) would reply, along with N+1 others, bombarding the victim.

  • Tell me I'm not the first to think of this. Just pay and spam some traceable ads... It has to be illegal enough that you can subpoena financial records of individuals, probably mostly credit cards. If you know who first took the money surely one can trace it to the bot net(s) that finally emailed it... Surely there will be a number of middle men and they will try to hide their activities though stolen credit card number and such. But it would be traceable if anyone took the time to do it.

  • by D4C5CE (578304) on Wednesday August 25, 2010 @03:50AM (#33366354)
    Our taxes pay agencies boasting their purported capability to do just that. If they let bot-herders proliferate for years, how are they supposed to be more efficient against terrorists not entirely dissimilar in organization (and with the first able to turn into the latter at any time by using/"renting out" their botnets as Weapons of Mass Disruption e.g. for DDoS attacks against critical infrastructures)?
  • by devent (1627873) on Wednesday August 25, 2010 @03:54AM (#33366366) Homepage
    It's 2.5 million Windows computers that are infected. No Macs, no Linux, no *BDS, no Solaris, no YouNameIt. It would be interesting, how many are Windows XP, Windows Vista or Windows 7.

    Hm lets see, 2.5 million Windows computers in one botnet agains 0 Linux computers world wide. I would say Dell was right:

    "6) Ubuntu is safer than Microsoft Windows: The vast majority of viruses and spyware written by hackers are not designed to target and attack Linux." from http://www.theregister.co.uk/2010/06/14/dell_ubuntu_windows_security/ [theregister.co.uk]

The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it. -- E. Hubbard

Working...