Kelihos Botnet Comes Back To Life 97
angry tapir writes "A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it. The Kelihos botnet only infected 45,000 or so computers but managed to send out nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals and stock scams. But it was temporarily corralled last September after researchers used various technical means to get the 45,000 or so infected computers to communicate with a "sinkhole," or a computer they controlled."
aren't there some structural ways to curtail this? (Score:4, Insightful)
I assume that the zombie-workstations send out e-mail via SMTP. Why not require real mail servers to comply with DNS to have an MX record for the domain or IP, and to then have SMTP servers for a given network or internet service provider throttle the number of e-mail per unit of time and to limit the number of recipients to human real-world numbers?
That would prevent a non-MX mail server from being able to send mail since other mail servers would reject it based on DNS, and would prevent zombie botnets from using the SMTP servers of the service provider that the computer is connected to in order to spam through.
It wouldn't eliminate spam, but it might serve well to reduce it significantly. Yes, it would require some more programming in the SMTP daemon, but it shouldn't jack with the protocol.
commons (Score:5, Insightful)
What I don't get in the whole spam saga - and I've been following it for 15 years now - is why it is possible for law enforcement to cooperate internationally and do joint raids in several countries when it comes to fake products, unauthorized DVD presses or computer games piracy groups - but not when it comes to spam.
Ask Spamhaus - we know most of the top offenders. We know who they are and in many cases we know where they live. And law enforcement is sitting on their hands.
Because it is a small damage on many people - an attack on the commons, not on one particular company or individual. We as humans assess damages instinctively, not mathematically. And that leads to crazy results. We consider someone stealing $50k from a bank a serious criminal, but someone stealing $0.01 from 50 mio. people is a nuissance - even though the actual damage is 10 times higher.
Sadly, that's a trend not only with spam. When Mommy Jane illegally downloads a Disney movie, she is fined ridiculous amounts of money. When Disney corrupts the law to steal from the public domain by retroactively taking content back under copyright, or extending it so it enters it later (if ever), it is hard to even explain to people why that's bad.
We have lost the concept of the commons, and that is the real tragedy of the commons, not the bullshit neo-liberal bedtime story by the same name.
Sissies (Score:5, Insightful)
"We could have issued an update to those machines to clean them up, but in several countries that would be illegal," said Ram Herkanaidu, security researcher and education manager for Kaspersky Lab.
Don't be a sissy! If you have the means to clean up machines infected with a botnet client without screwing it up, do it! If some pedantic rule-thumper complains about good-faith efforts to make clueless people's spamming machines stop doing that, rat them out by name to The Internet and sit back and watch a million people demand video evidence of their head being placed on a spike.
Re:Sissies (Score:5, Insightful)
OTOH, felony convictions can be soooo tiresome, although they do often come with free room and board. And then there's the question of whether a convicted, imprisoned felon is still liable for all the $million+ civil suits by every luser out there who thinks that your clean-up virus (which is what it is) has destroyed their porn collection. Hint - still liable.
Re:Expected (Score:5, Insightful)
Kaspersky Lab is a Russian company that could influence internal Russian enforcement actions.
You must be new to the eastern hemisphere. In the sovereign democracy of Russia, the enforcement influences companies, not the other way around.
Re:Expected (Score:5, Insightful)
No OS is immune to the dancing pig problem [wikipedia.org].
Re:Expected (Score:2, Insightful)
Simpler option: Temporarily direct the botnet to a sinkhole not to take it down, but to add movie download/seeder functionality to it. Then sit back and watch the **AAs take it down piece by piece.
Workable solution? (Score:5, Insightful)
Half the business world seems to believe that it is acceptable to mail my ISP, and have me disconnected from the internet if I download a couple of songs, movies, or whatever. Three strikes, and you're out.
So - why isn't anyone clamoring to have these machines disconnected by the ISP's? If they had all those machines communicating with a sinkhole for months, then surely they have identified real IP addresses for most, if not all of them.
We have the ability to unplug people and computers from the internet. Why do we only want to use that ability to punish small time downloaders?