A Month After Grum Botnet Takedown, Spam Back To Previous Levels 47
wiredmikey writes "It's been over a month since spam-spewing Grum botnet has been shut down, but spam experts say there hasn't been a noticeable impact on global spam volume. Symantec researchers at the time estimated that Grum was responsible for one-third of all spam being sent worldwide, and its takedown led to an immediate drop in global spam email volumes by as much as 15 to 20 percent. However, the drop was only temporary. While Grum had an estimated hundred thousand zombies sending spam, the machines were likely blocked for sending emails too frequently, or wound up on IP blacklists, said Andrew Conway, Cloudmark researcher. IP filtering is fast and cheap, and is a good first line of defense against spam, Conway said. Grum spam was easy to blacklist, and despite its size, most spam messages from the botnet probably never reached user inboxes."
Re:Filtering != Stopping (Score:4, Informative)
(1) How do we stop the money?
You might be the first person who has ever asked this question when I have pointed out this dilemma here on slashdot. Most other people respond by advocating murdering the spammers in some way, shape, or form instead.
The money can be stopped a few different ways. A few years ago a group at Georgia Tech (IIRC) found that the majority of all financial transactions executed on spamvertised sites were processed through a very short list of processing centers. Getting those guys to clean up their act would be a big step in the right direction.
Another is to find where the spammers themselves are receiving payment (as the above method goes after the people paying the spammer instead). Following the money isn't that hard if you initiate a transaction (to track it from one end) and get useful records of who really owns the domain for the spamvertised site (which is often registered in some way to the spammer).
I thank you for asking the question.
(2) And why should we bother?
The biggest argument for doing something about spam lies in the fact that spam makes the internet more expensive for everyone. Being as a large portion of all traffic is spam, it means that legitimate traffic is delayed as a result. And of course the spam also takes up space on hard drives (sometimes in replicate as it traverses from a server to a user's computer) and CPU time. Any company that is running a spam filter - be it software, hardware, or some of each - is also devoting resources to the problem that someone has to pay for.
Spam is no more offensive than the spam I hear on the radio or TV.
I would argue that to be an incorrect analogy for the reasons I stated above. You can turn off your radio or TV and you won't hear your local car dealer screaming at you to come buy a new car. However if you turn off your computer you are still paying your ISP to move spam around. Even worse you are paying for your ISP to build up its network infrastructure so they can deliver the bandwidth the promised you while also dealing with the avalanche of spam coming to their network every moment.