Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Spam Security

Spammers Using Hacked Machines as Decoys 413

Posted by michael from the there's-gotta-be-a-law dept.
avi33 writes "This Wired story shows a disturbing alliance between hackers [sic] and spammers. Interestingly, they blame part of the alliance on market forces, leading some skilled engineers to the dark side for profit's sake. A Polish firm claims to have control of 450,000 Trojaned systems that it uses to mask the IP addresses of its hosted sites. In other words, you could host your Viagra-peddling site with a company that has a stringent no-spam policy, but a DNS lookup will point to a home user's compromised machine. Not quite bulletproof, but certainly ups the ante in the spam war."
This discussion has been archived. No new comments can be posted.

Spammers Using Hacked Machines as Decoys More

Spammers Using Hacked Machines as Decoys

Comments Filter:

  • Firewall (Score:3, Interesting)

    by JohnGrahamCumming ( 684871 ) * <slashdot.jgc@org> on Thursday October 09, 2003 @02:30PM (#7175313) Homepage Journal
    Of course if broadband ISPs were to implementing a simple inbound firewall
    for every user then they'd eliminate most of these problems overnight:
    trojaned machines would be unreachable, worms like CodeRed that scan for
    vulnerabilities would be halted.

    The few users of broadband who actually need to run an Internet visible
    server would then have to contact their ISP for a port to be opened, but
    that seems like a small price to pay for cutting off 1000s of machines that
    have been hacked.

    Naturally, this would cause file steal^H^H^H^Hharing applications to stop
    working.

    John.

    • Re:Firewall (Score:5, Funny)

      by Frostalicious ( 657235 ) on Thursday October 09, 2003 @02:37PM (#7175354) Journal
      an Internet visible server would then have to contact their ISP for a port to be opened

      Considering the quality of customer service at my ISP, I'd better hurry up and request an open port for my Duke Nukem Forever server to be up in time.

    • Re:Firewall (Score:5, Informative)

      by loknor ( 583729 ) on Thursday October 09, 2003 @02:39PM (#7175362) Journal
      Yes and it is worth the jump backwards in technology to help OS manufacturers continue to pedal sub par product and services that are the real cause of the problem. Attacking a problem at somewhere other than its source has always been such a great way to deal with challenges like this.
      • Of course one can continue this: The real problem aren't the broken OSs, but the computers. Or the internet itself. Or whatever.

        . If you want to attack the real cause of a problem you will have to assassinate every single human being. Because human being have the property to make problems.
      • Yes, it's partly due to subpar products from Micrsoft. But it's also based on the culture of users that don't see themselves as targets. Just the other day I was talking to a fellow admin and happened to mention that on the one Windows XP box I have to use for work (at home) I run as a Power User and just use the RUNAS command to become the administrator. His jaw dropped and he said, "You actually DON'T run as an administrator"? He couldn't believe that I would inconvenience myself for a little extra s

    • Re:Firewall (Score:5, Insightful)

      by fractalus ( 322043 ) on Thursday October 09, 2003 @02:43PM (#7175383) Homepage
      This actually would block quite a few things.

      1. Personal web servers. Given the quality of most of these sites, probably not a great loss.

      2. Game servers. No more running a CounterStrike servers for your buddies.

      3. IM file transfers (AIM, ICQ). These require open ports.

      4. VoIP, unless that VoIP implementation routes connections through a third computer.

      The problem is, when you advocate blocking inbound connections, you force the bulk of the net to only be passive consumers of prepackaged content, rather than equal participants in the net. Blocking specific ports for specific reasons (like outbound port 25, although that has problems too) is one thing, but just deciding everything should be blocked but "approved" stuff means a lot of apps are dead in their tracks... stuff that isn't web/mail.
      • And also prevent the eventual proliferation of any applications built around running a personal server on your household computing devices.

      • Re:Firewall (Score:3, Insightful)

        by JohnGrahamCumming ( 684871 ) *
        I never said just "approved" applications. I just said that the default should be everything is off. If you need a port open then it's a service request with the ISP.

        That would be a bad idea, but just because someone can't *by default* start running a web server on their machine accessible from the Internet does not make them into "passive consumers". If they want to they can, they just ask the ISP.

        A close family member's Windows 2000 box was 0wn3d within days of getting broadband even though they neve
        • Why would your friend complain to his ISP?

          Since when did it become the ISP's responsibility to deal with everyone's viruses and trojans?

          Remind me to short all of the national ISP's for allowing that perception to arise. They'd be digging their own graves trying to support all the security holes in the MS products that 95% of people insist on using. Just ask Packard Bell.
          • > Why would your friend complain to his ISP?

            What happened was the people using the machine were sucking up the DSL bandwidth. First the user sees is "my Internet connection is slow". So who do they call...

            John.

        • A close family member's Windows 2000 box was 0wn3d within days of getting broadband

          That's a problem at a level the ISP should be blind to. I think the question is: "Why did this person have a business-based OS running on a home box?" Ok, so, if they needed Win2k, they should know how to administer it. If not, they should have XP Home. Home should be where all the port-blocking occurs by default.

          Putting the burden on the ISP is fixing the wrong problem. The ISP should be able to remain blissfully u

    • Re:Firewall (Score:5, Insightful)

      by Shamashmuddamiq ( 588220 ) on Thursday October 09, 2003 @02:54PM (#7175423)
      I'm all for ISPs performing automatic blocking as long as the user has the option of opening all ports. I wish ISPs would charge, say, an extra $5/month for users that want no port blocking. I just bought a house and am moving into a neighborhood that has no DSL. That means that (1) if I get cable, I can't run my services (here in Indianapolis, all the cable companies do port blocking), and (2) if I get satellite, it's really expensive and I can't play the RTS games I always enjoyed. I LIKE running my low-traffic mail, http, and ssh servers. I LIKE being able to do nerdy stuff like accessing my computer from the remote world without having to do all kinds of port redirecting. I don't care what measures the ISP takes to make sure I'm not spamming my neighbors, just as long as they don't take away my basic capabilities. If they want to do relay tests on my machine once a day or limit my outgoing SMTP traffic, then fine. But I'd like to buy an *INTERNET CONNECTION*, and I like to do more than use my connection to look at advertisments.
      • I wish ISPs would charge, say, an extra $5/month for users that want no port blocking. ... here in Indianapolis, all the cable companies do port blocking

        Come to the Netherlands ;-)
        Here we have an ISP that charges Eur 1.95/mo for a PC Firewall. Main selling argument is protecting agains the Blaster virus.
        IMHO, it would be dumb to charge extra for a fully open connection, just make it configurable on some web page, somewhere around the advanced setting. Together with a bit a technical talk to make sur

      • Re:Firewall (Score:3, Insightful)

        by LWATCDR ( 28044 )
        I have issues with paying for someone to not do something. Why do I have to pay for an unlisted phone number I should get a rebate. Why should I pay for my ISP to not block my ports because the vast majority of people can not set up there own firewall. Naw they should pay me for not having to provide me with a firewall.
    • The real problem is that services are becoming centralized which allows for easier spamming. In addition, there is a very easy system to crack and install a home-built forwarder.
      The real answer should be distributed services. That is, companies should offer a nice set-up for doing e-mail, web-services, etc from the home. It should like wise be a service that the system is updated.

    • Re:Firewall (Score:3, Informative)

      by nsxfreddy ( 471193 )
      Usually when a machine is trojaned, it communicates with the trojan creator actively, meaning it connects to an IRC channel, sends an email, somehow communicates on it's own. Most trojans would not be affected by an inbound firewall block since they would still be able to connect to the controller.

      It would not be that difficult to modify a trojan that gets it's commands through an IRC channel to send a spam through that same channel.
      • all these comments and this is the *only* one that really exposes the naivete of the original post. blocking inbound is useless if a machine is trojaned because the trojans can initiate the connections outbound *on or to any port*. and trojans can arrive in email so an inbound block won't prevent the infiltration of trojans.
        • I agree that once a machine is trojaned it's possible that it makes an outbound connection to the Internet the inbound blocking does nothing.

          But that does not deny the fact that default inbound blocking would prevent worms like CodeRed from spreading, and other "buffer overflow" style attacks initiated from across the Internet (e.g. recent Windows DCOM) problems would be eliminated. All this for the price being paid that ISPs would have to administer these blocks.

          Frankly this functionality should be in t


    • Of course if broadband ISPs were to implementing a simple inbound firewall
      for every user then they'd eliminate most of these problems overnight:
      trojaned machines would be unreachable, worms like CodeRed that scan for
      vulnerabilities would be halted.

      It's already pretty common -
      My DSL provider requires everyone to use a router/firewall/dsl-modem.
      (It's part of the installation package)

      Suppose you get 99% of the users behind a firewall.
      That still leaves over a million computers vulnerable.

      How did you p

    • Re:Firewall (Score:5, Insightful)

      by NickFortune ( 613926 ) on Thursday October 09, 2003 @03:20PM (#7175723) Homepage Journal
      I have broadband and a good solid firewall. I use a deny-by-defualt iptables script on my gateway box and and a second layer filtering outbound connections on my desktop machine. I have neither need nor desire for my ISP to provide a firewall. If they start closing my ports for me, then I get myself a new ISP.

      How easy do you suppose it's going to be to get ISPs to open one of those ports? If it's too hard, written confirmation and three days notice perhaps, then its no good if I want to, say, open a port of ssh for a few days.

      On the other hand, if it's too easy then it's going to be easy for some hacker to social engineer himself access to port X, should he or she so desire.

      Lastly, if ISPs get to thinking that ports are some sort resource that they control, then its only a matter of time before they start charging for them. If I wanted to subscribe to one of those browser only services then that's what I would have done.

      I'd have no problem with a ISP based firewall that I had administrative control over. It should be easy enough to design a web-based interface, similar to the webmail pages you see everywhere. Allow me to configure firewall rules at the ISP and I'll use that as well as my own setup. But the minute they start dictating what I can do with which, or messing around with my settings, I look for a new provider.

      But I'll not willingly be locked in a cage. Not for my own protection, nor for anyone else's.

    • Re:Firewall (Score:5, Insightful)

      by Dr. Manhattan ( 29720 ) <sorceror171.gmail@com> on Thursday October 09, 2003 @03:23PM (#7175757) Homepage
      Hell, a lot of ISPs can't even be bothered to do outbound filtering to drop packets with spoofed source addresses. If they did that, it would make DOS attacks vastly more difficult. But try getting anyone to care... until they get DOSd.
    • Of course if broadband ISPs were to implementing a simple inbound firewall
      for every user then they'd eliminate most of these problems overnight:
      trojaned machines would be unreachable, worms like CodeRed that scan for
      vulnerabilities would be halted.

      Of course then the broadband ISP's better come clean that they are not selling me a pipe to the internet any more. Rather, they are selling me the ability for my Internet Explorer (tm) to access the web and show it to me -- kinda like cable TV, only in the inter
    • "The few users of broadband who actually need to run an Internet visible server"

      It might be *relatively* few, but it's not really just a few users. Lots of peoples livelihood rests on the Internet being a bidirectional medium.

  • nailing the bastards (Score:2, Interesting)

    by tarzan353 ( 246515 )
    It's not that hard to take down a spammer who causes you problems beyond just sending you unwanted email... I had one friend who had a spammer run a couple hundred thousand emails thru his system (a bug had made it into an open relay). It took one stern call to the ISP hosting the advertised websites to get his hosting and DNS cut off at the knees.

    This is more than just sending off a single email to a scantly watched abuse email.. This means getting hold of a real person and explaining, realistisay, what

    • Re:nailing the bastards (Score:3, Informative)

      by avi33 ( 116048 )
      Right, the point of the article is that this makes it almost impossible to determine which ISP to contact (without ordering a bottle of Viagra and tracing the money trail.)
      • Not really. If the ISP wants to be constructive and wishes to stop being targeted by this type of spammer, all they have to do is monitor the hacked machine a little while to determine where the sockets are being forwarded. After a few seconds, they can shut down the site. Until the spammer can get on a new site with new DNS entries, the spamvertised site will be dark. Best of all, they still have to host their domain on some DNS server unless they want to risk advertising an IP address. I have receive
    • This group isn't in Poland purely by chance - many of the countries of the former Soviet Union don't have laws for these things - usually simply because they have other, more practical problems to attack than shutting down someone's server.

      • Geography 101 (Score:3, Informative)

        by Greedo ( 304385 )
        Uh ... Poland is a country of the former Soviet Union? I don't think so.

        Maybe an eastern block country. Maybe a Soviet satellite state. But hardly on the same level as Belarus or the *-stan countries (Turkmenistan, Kazakhstan, Uzbekistan, etc.).
  • Just sue the owner of the company that they're advertising.

    Make some $$$.

    • Re:Am I missing something here (Score:4, Informative)

      by jqh1 ( 212455 ) on Thursday October 09, 2003 @02:46PM (#7175391) Homepage
      My site/service got mentioned in a spam "newsletter" once without my knowledge or consent. I was promptly strung up on spamcop as a business that had advertised in spam -- and my site/service is a spam *fighting* service to begin with!

      The point here is there's so much spam with so many variations on the base set of presumed facts, that hair-trigger lawsuits will cause many friendly-fire victims. I doubt the spammer I mentioned above meant to cause me any harm by mentioning me in his "newsletter", but I doubt it would be too hard to find a situation where it's done on purpose -- i *have* been "joe jobbed" several times (used as the reply address on spam) and that gets pretty nasty, too, and presents a similar situation where spammers falsely implicate others. Add in swift and sure legal consequences, and it would be much worse. Even assuming the courts have the ability to determine a false positive defendant when they see one, just think of the expense of doing that.

    • Exactly. Until recently, penalties have been too low. I have a check for $50 from a mortgage broker in Los Angeles, obtained by threatening to sue under California's anti-spam law.

      After January 1, the price of spamming goes up in California.

  • Comment removed based on user account deletion

    • Re:So much spam it sucks. (Score:5, Insightful)

      by Trigun ( 685027 ) <evil&evilempire,ath,cx> on Thursday October 09, 2003 @02:48PM (#7175400)
      Spammers are winning.

      I hate to say it, but they are. They're winning because they play dirty, and we can't stoop down to their level. After two weeks of battling an unusual torrent of spam, I'm ready to torture one of the bastards in a week-long live-webcast to serve as a warning to everyone else. It's time to sink below their level, so we can punch them in the nuts without throwing out our backs!

    • Spammers are winning.

      They are only winning to those that don't do anything to help themselves.

      The Verisign SiteFinder was a bad thing, obviously, but I laughed at the reaction "It's breaking my spam filter." What kind of archaeic, obsolete spam filter were these people using?

      Likewise, that spammers are using trojaned systems is bad, of course. Any system compromise is bad. But this is just normal virus and hacking. It doesn't make it any harder to get rid of your spam.

      I've said it once and I'll

      • I've said it once and I'll say it again, Bayesian filers is the solution.

        No, it's not. Filtering is merely automating "just hit delete." It still gets sent, it still travels the wires to your box, it still hits your spool.

        The core argument against spam is that it shoves the costs of advertising onto the recipents. That's why we said that "just hitting delete" wasn't an acceptable answer.

        Now, you're singing "Just use Baysian to delete for you." Same spam on the wire, same hit on the spool, same copy to

  • interesting methodology (Score:5, Insightful)

    by fractalus ( 322043 ) on Thursday October 09, 2003 @02:38PM (#7175359) Homepage
    It sounds like they run DNS which "load-balances" requests to the spamvertised sites through zombies set up as open proxies. Since the zombies are scattered throughout all IPs, it makes blocking them hard.

    Of course the scumbags know their weak spot is the DNS. Blocking particular domains is easy, and changing the authoritative DNS for a zone takes a while (done that too often). It steps up the spam blacklisting to now require not just refusing mail, but also refusing to talk to certain DNS servers that are known to operate this way. They can move around, but it's harder; I'm not sure if this is better or worse than the current situation.

    Damn spammers.
    • The methodology is something I have expected to come for a while now.

      All I can say is that the right answer is the last line of the article.

      It is actually the right answer to all SPAM problems period. Especially when applied to the company which is using it to promote their trade, not the spammers. The latter will die by themselves if there will be noone to buy their product.

      • Re:interesting methodology (Score:5, Informative)

        by fractalus ( 322043 ) on Thursday October 09, 2003 @02:55PM (#7175434) Homepage
        I've watched the spam to my inbox go from a few messages a day at the beginning of this year to over 300 a day now. Doubling every ten weeks is a statistic I can believe.

        It's clear spammers have no regard for the law. One need only look at their track record: abusing open relays to defray the cost of sending mail, forging headers to divert attention away from themselves, advertising illegal products, businesses, or outright scams, exploiting vulnerabilities in computers to turn victims into zombies for more spamming.

        Educating users is futile... I can't even got most of my friends to stop forwarding the latest chain message. I barely saved one of my friends from falling for a credit card phishing scheme, and she's pretty experienced compared to most.

        The only thing that is going to work is to go after the people running spamvertised sites. But that's going to cause problems by creating a new kind of "Joe Job"... hire a spammer to spam for your competitor's product; the wrath of the anti-spam crowd then goes straight to your competitor.

        Damn spammers.
    • Just admit defeat and shut your mail server down. You can't win, so you may as well just save yourself some frustration and withdraw from the fray completely. Let people get in touch with you some other way.

  • Guess Who's To Blame (Score:5, Insightful)

    by the_mad_poster ( 640772 ) <shattoc@adelphia.com> on Thursday October 09, 2003 @02:42PM (#7175375) Homepage Journal

    most of them home computers running Windows with high-speed connections.

    WHY wasn't ICF turned on by default in XP Home? WHY aren't there pamphlets included with new computers about keeping AV up to date and not opening unknown e-mail attachments? WHY are so many ports in Windows open by default on Home installations? WHY is Microsoft still clinging to the broken "identify executables by extension" mechanism?

    We include pamphlets about how not to hurt yourself while you're using your pretty new Gateway PC, but we can't even drop in a fucking 2 page paper about keeping A/V up to date and the danger of executable attachments? Not only that, Microsoft runs on almost all of the Home PCs out there but almost nobody (sorry geeks, we're all still nobodies when we're not on Slashdot) demands any accountability or quality or security from Microsoft?

    Fuck it... I'm going to become a goddamn mime.

    • Re:Guess Who's To Blame (Score:2, Interesting)

      by Anonymous Coward
      By including the pamphlet in the box, Gateway is then possibly opened to suits because of the hard link between Gateway and updating AV software.

      Also, it can become a support nightmare, as Gateway like most vendors don't support 3rd party software for free.

      Even then, troubleshooting or offering any advice to a customer becomes very subjective, and by offering advice on certain products that are not shipped with their systems, Gateway further opens its doors to possible legal action.

      I remember once at Gat
      • Sadly it comes down to the almighty dollar. A company with millions of dollars in revenue (I'm guessing that their execs aren't driving 10 year old hondas to work) is protecting thier profits by not doing something that just about any sane person would say "yea, that's a good idea."

        *sigh*

      • By including the pamphlet in the box, Gateway is then possibly opened to suits because of the hard link between Gateway and updating AV software.

        That may be how the idiot PHBs at these places think, but I don't buy it at all. Computer Maker A puts pamphlets into the box to tell people how not to hurt themselves while using their PC, but that doesn't open them to lawsuits from some idiot who hurts themself? What if I'm tugging blindly at cords and pull the monitor down on my head? Can I sue Computer Ma

    • > WHY wasn't ICF turned on by default in XP Home?

      This is very good question. ICF is going to be turned on by default in XP - see this CNET article [com.com] for more details on how Microsoft is doubling its efforts on security.

    • WHY is Microsoft still clinging to the broken "identify executables by extension" mechanism?

      For the same reason that Adobe Photoshop will tell you that a .jpg file is broken if it's actually a Targa file with a JPEG extension ?
      It's easy, and it is generally trustworthy.

      Your gripe should be with mis-identifying the extension, not with looking at the extension per se.

      E.g. anna_kournikova.jpg.exe
      Nothing wrong with that, except that you get to see ".jpg", rather than ".exe" - a stupid flaw by whoever wrote

      • But it's NOT generally trustworthy, it's just stupid. It's also "convenient", that's why they used it to begin with - simplify things for the average user who doesn't want to take a lousy 5 minutes to understand the difference between what makes a file executable (or, even worse: what the difference is between an executable and plain file).

        The problem with the file extension mechanism is that it's used in conjunction with a filesystem that pretty much knows "you're an administrator" or "you're someone els

        • I understand what you are saying, but I disagree because the general population doesn't usually understand the difference between data files and the files that are the programs that operate on their data files.

          All those mysterious .exe things are hidden away in that special 'program files' directory that has warnings all over it. From a regular users perspective, its 'under the hood' of their car, where they pay a professional to work. They click to get their computer to open their files, they edit their
    • The problem isnt' windows. The problem are broken machines on a network. MS released a patch and it never got populated as much as it should. MS doesn't edcuate users on turnning on/off certain things.

      But you know what? For every reason these things should be turned off, it's turned on.

      And does finger pointing solve anything? No. Did pointing fingers get most everyone to stop using telnet vs ssh? Did it stop people from sending sensitive data over non-ssl connections? No. Did it stop people from r

    • Re:Guess Who's To Blame (Score:3, Informative)

      by Kphrak ( 230261 )

      WHY wasn't ICF turned on by default in XP Home? WHY are so many ports in Windows open by default on Home installations?

      AIM. MSNM. ICQ.

      Kazaa. Grokster. Morpheus.

      Counterstrike. Unreal. Quake.

      Personal web servers. Blog software. Update software. File shares.

      That's WHY. Much as I hate MS software, don't blame them for saying "the customer is always right." People want to turn their computers into servers (aka traps for every conceivable virus and trojan in existence). They're going to be extremely pis

  • Did anyone here try the sites mentioned in the article:
    rackshack.net seems to be a static address hosted at ev1.net
    removeform.com does not even work, since it seems to always point to
    bestportal.biz which has an IP address of 1.1.1.1 which is not even valid.

    HuH? What are they talking about?

    Even if they did somehow create cloaked IP address, you can still go after the domain name.
    The article does not seem to make a lot of sense to me. Some one explain if they found anything
    real.

    • As I understand it, those are the legitimate sites being sneakily used to host illegitimate material. I don't think the article actually gives any of the 'masking' urls.

      I could be entirely wrong...

    • Obviously the Polish wankers have disabled the web sites for the minute.

      Sounds like a Jihad against name-services.com is needed.

      The bad DNS hosts are the issue now.

      Mind you. We still need to clean the zombies.

  • Of course this is just the supply attempting to meet the demand for people who are deseperate need of thicker penises, more viciodin, and larger breasts. Why else would they continue to notify use of these offers? They are just doing the world a needed service I tell you!

    [/RANT OFF]
    • Of course this is just the supply attempting to meet the demand for people who are deseperate need of thicker penises, more viciodin, and larger breasts.
      Mid-way transgenders strung out on vicodin is a very scary thing. Definitely someone that I don't want to meet.
  • Blacklists is a part of the war which will last forever.

    The only way to fight the spam is white lists supported by keys which should be certified either by the user (friends and partners) or by the goverment (white book).

    Everything else is an illusion of a fight and like the Cold War with the Soviet Union. But guess what? "Good" users are playing a role of the Soviet Union dreaming about the perfect cyber society, while spammers are capitalistically motivated sharks (means the western world in the cold

    • I have a separate Hotmail account account for emailing a few friends that has never received spam - and it is about a year old.

      The trick? Whitelist my friends. Voila! Instant no-spam email.

      My other Hotmail accounts are a few years old and they get TONS of spam, for the record.

      Granted Whitelisting works a lot better when you only have three friends, your mileage may vary.
    • "capitalistically motivated sharks"

      Hey, I'm all "ra ra comrades" like the rest of you (*glances around*) but capitalism is supposedly based on strong property rights.

      Spam is (usually, and at least in the locations of the majority of victims, i.e. people in countries with money to buy stuff) a VIOLATION OF PROPERTY RIGHTS. It is not a legitimate business practice. Isn't it coincidental how a lot of spam originates from non-capitalist countries?
    • Blacklists don't work. They simply escalate.

      Whitelists don't work. They simply escalate.

      As long as spammers are allowed to send stuff, they'll waste bandwidth and server space. If they have to, they'll start forging spam to come from your friends. They'll steal keys if they have to, as they get more desparate. Or alternatively, they'll spam to MORE people, and only get the ones without whitelists.

      Greylisting has great potential, because it forces up the cost of spamming. This latest 'tactic' of the spamm
  • Forgive my ignorance of the relevant RFCs, but if a service provider doesn't let all valid (according to the RFCs) packets get to your box, are they actually providing "Internet" access?

    I.e., isn't it a different protocol at that point?
    • Well, that would make it false advertising - if your ISP uses the words "Internet Access" but prevents you from doing something [legal] on the internet, you can sue. Same as marketing a copy-protected disk as a CD.
    • Sure they are. Just limited access. It is still a TCP/IP connection to the internet.

      Personally , I think this is a great idea. Especially if the ISP provides some kind of a web interface to allow the customer to open/close ports on their own (most wouldn't bother). Or maybe provide a router, pre-configured with the service. NAT and a basic firewall stops most k1dd3z cold. It would put a halt to the vast majority of the MS worm problems on home systems too.
    • No, it's all tcip/ip/udp. Blocking an application level protocol does not really change the status of the connection you have (you can just do less with it).

      Although it is a legitimate question whether stateful/content-based filters erode the usefulness of the net...
  • Is Poland honestly lawless enough for this not to be illegal there? Can no one sic Interpol on these jokers?
  • My home webserver has problems with "referrer spammers" (guys who keeps wasting your bandwidth with false referrer info to get higher scores at Google). Currently I just keep a list of spammers IPs and block them away.

    Some of the "referrers" are spammed from many different IPs, usually from some DSL provider. I wonder if they're cracked machines doing the spammer's job.

  • From the article:

    "Try to find the real IP," he said. "This host is in rackshack.net, the most antispam ISP."

    My experience with rackshack.net (e.g. ev1.net) is quite the opposite. While one of their hosted spammers was making a 3 week long run of thousands of spam to my mail server, this was repeatedly reported to them, including by telephone call, and they did nothing about it ... at least not for 3 weeks. That is why rackshack.net and ev1.net have earned a special place in my private blacklists to bl

  • it started as a network of hi-jacked zombie machines...

    And its original purpose was more nefarious than destroying the human race: shoving SPAM down people's throats!

  • This is an indication of real progress - spammers now have to commit multiple felonies to spam. That's enough to attract serious law enforcement attention.

    The way to go after spammers, as I keep pointing out, is to follow the money. Find out where the credit card transaction goes. If a criminal offense is involved, any financial intermediary has to either reveal who's behind it or be charged with being an accessory to a felony.

  • Illegal for Spammers and their clients? (Score:3, Insightful)

    by WatertonMan ( 550706 ) on Thursday October 09, 2003 @03:11PM (#7175591)
    The only reason to Spam is to sell a product. But surely if some seller advertises this way, utilizing hacked systems, they are in serious violation of law. Why don't the feds simply go after the clients of spammers. If that happened enough you'd think that the spammers wouldn't be able to make money and would simply stop spamming!
    • I agree that a vendor who contracts with spammers who in turn hack systems to send spam is (or should be) as legally culpable as the spammer itself.

      But how in the world do we prosecute them if all their spam is zinging off trojaned machines, their "legal" address is an abandoned oil platform in the Caribbean, their credit card processing is done in Russia, their legal department is a nonexistent address in Bangalore & they're drop shipping from East Bumfsck, Kansas?

      At that point, what district attor

  • I was wondering how it would be possible to automatically combat this. It would need some form of tracroute combined with a DNS lookup that logs the DNS server when the end point in the trace is a cable or dsl user. The cable or dsl user should be fairly easy to identify as such in that their names usualy include in some form that refers to their ISP.
  • [sic] is only meant to be used when a typo is reprinted verbatim, and it appears after the incorrect word. "hackers" appears to be spelled correctly.

  • It's only a matter of time... (Score:4, Interesting)

    by Have Blue ( 616 ) on Thursday October 09, 2003 @03:17PM (#7175683) Homepage
    ...Before computer use (at least on the Internet) requires a license. I realize that has some very large drawbacks, but at the rate we're going one day the benefits really will outweigh the drawbacks. Do we have to wait until network traffic is 90% spam and viruses? 99%? 100%? A computer can do more damage to the network than a car can do to a highway, and we license driving. Maybe we'll wait until poor network performance starts to kill people by interfering with hospitals and emergency services.
    • If the internet (or email) in its present form gets to be more bothersome than useful, I have no doubt that an "improved" internet-type system will appear. Like most new computer technologies, it starts with nerds (/.), but if it is actually useful and useable enough, others will eventually get into it. Think of how fast file sharing took off - Napster (a new concept to most) was so easy and had so much to offer that even technophobic middle-agers used it. When Kazaa came around, it took no time at all to b
  • This is totally evil, that spammers are stooping so low to... wait a minute. Never mind.

    Can you say class action suit? The fear of my system being hacked by spammers has left me depressed. Give me a million dollars. Now.

    Maybe if we geeks find out how to patch systems affected, that would make a good followup /. article. (I'm guessing the easiest way to patch would be to switch to Mac, or perhaps Linux (tee hee!))
  • So if I have an off-the-shelf router this side of my cable modem, what can be done to prevent my cable connection from being used for this?

    And the why is the link to the story about the guy who was seemingly the origin of lots of spam.

    I'll go re-rtfa, but such a fix didn't pop out so far...

  • No need for a SPAM law then (Score:3, Insightful)

    by jmv ( 93421 ) on Thursday October 09, 2003 @03:20PM (#7175724) Homepage
    If that's the way spammers operate, there's no need for new spam laws, no? What they're doing (unauthorized access to a machine) is already a criminal offense. Why not prosecute on that?

  • Protection on a home level (Score:3, Informative)

    by ducomputergeek ( 595742 ) on Thursday October 09, 2003 @03:22PM (#7175751)
    I know that we have a NAT firewall on the Wi-fi router in my appartment and then I use Apple's IP firewall on my ibook along with several *iux based security tools and Zone Alarm on my PC and I rarely see any messaged on the PC pop-up about attempted port scan.

    When I lived on the dorms, it was a different story. There were an average of 4000 attempt portscans on my machine a day.

    Its almost gotten to the point of without turning to viglantism on the internet and launching counter DDos attacks on the spammers themsleves, especially those outside of countries that don't enforce or don't attempt to enfore any type of Spam laws. Most spammers now operate outside of western countries, so what's the cure?

    Filtering helps, tools like Spamassassin has brought my total spams from like 80 a day to less than 10.

    I for one, as much as I hate them, wouldn't mind to see a few class action lawsuits against spammers. How much longer until the pipes bust with junk and turn the Internet into a near useless medium.

    I know several of my clients now call me instead of email as they say that they "Have to wade through 30 junk messages for one valid message". I have rules set up to where my customer's and family email go to seperate folders, and that helps even more, but something needs to be done.

    As much as I hate to bitch and not offer any answers, I am afraid that I am stumped. I fear that any attempts to write new protocals, espically by the likes of M$, Yahoo, HP, and other major players, with result in the closing of networks, (i.e. this message was not authenticated by a pallidum enabled server, therefore it will be rejected. Please trade your Mac in for a PC with Win XP^2 for $1000) and cause a leap backwards. At the same time, while people here can say the OSS community will develop an "open" solution, the very fact that its open means that the very people we try to stop will be able to circumvent anything the community develops. Not to say this won't happen with closed-source technology, but then companies like M$ can possible use DMCA against the spammers that reverse engineer such technology.

    In any case, spammers are winning and we all are losing.

  • Who are the ISPs/registrars for these fuckers and why aren't burly men in blue suits and submachine guns breaking down the doors of their registered addresses? Isn't DNS tiered? Isn't there an upstream DNS terminating at a registrar? Why can't this be tracked?

  • Spammers == Criminals (Score:2, Insightful)

    by str8 ( 28028 )
    Here is yet another example of how spammers have no regard for laws and where their activity is blatantly criminal. It also illustrates why spam laws will be ineffective.

    It is about time for Law enforcement to find them (follow the money, duh!) and prosecute them. If they are hiding someplace that has no effective rule of law, find them and then knee-cap them. Maybe then they will appreciate law-and-order a bit more.

    Psst. Hey buddy, can you spare a .sig?
  • Seems to me that one of the biggest problems is that there's no way to contact the end user of an IP.
    (there's a secondary problem - who should be allowed to contact them)

    Most of these trojaned machines wouldn't be if the owner of the machine was aware that they were trojaned.

    Perhaps the standard response to an abuse complaint should be;
    redirect all outbound connection attempts to an explanation of the complaint,
    and an explanation of how to fix a trojaned machine.

    -- this is not a .sig
  • People have been spoofing internet addresses since man invented fire.

    Whats more fun is DOS attacks like this. Trojan that pings some dot com.

    Make your application really cool and useful, and some dot com is fucked.
  • If the spammer's father had used a Trojan, we wouldn't be having these problems now...
  • I've said it before, I'll say it again. I'll keep saying it until it becomes law.

    Give him some webmail account that he can access over dialup from prison. Publish that email far and wide so it'll end up on every spam list in the world.

    Then, tell him that once a year he'll get an email with a password that if he gives the prison guard, he can leave at any time.

    This email can come in any form, with any subject heading, very likely disguised as spam. His webmail account will also have a 5Mb limit, and if t
  • A while ago, Microsoft said it had closed an exploit in Hotmail allowing spammers to bypass the spam checker of Hotmail. It looks like they've found another exploit, because spam is back in the inbox again.

    And the funny thing is - it is so obvious that this spam could be easily deleted, either before reaching the inbox, or after. So much spam follows the same pattern, if there was a button to declare it spam, a sufficient number of claims of any specific email being spam could be cause enough for a scrip

  • Good place for a honeypot (Score:5, Insightful)

    by russotto ( 537200 ) on Thursday October 09, 2003 @03:37PM (#7175953) Journal
    If what they're doing is redirecting to random compromised machines which in turn go to the real site, one method for combatting them is to set up a honeypot of easily-compromised machines and wait for one or more of them to get infected by these loser's trojans. Then firewall logs (or analysis of the trojan) will reveal the real addresses being relayed.

  • How can we get a list of these IP addresses? (Score:5, Insightful)

    by El ( 94934 ) on Thursday October 09, 2003 @03:37PM (#7175959)
    Shouldn't we be monitoring spam anyway, building a list of source IPs, and notifying the ISPs responsible for those IPs to pass along a message to their customers to either a) stop sending spam or b) fix the holes in their machines, or c) they will be cut off from the 'net...

  • Listed in DNS (Score:4, Insightful)

    by wowbagger ( 69688 ) on Thursday October 09, 2003 @03:41PM (#7176012) Homepage Journal
    OK, so these cracked machines are listed in the bad guy's DNS servers.

    1. ISPs can start preventing their DNS servers from talking to the bad guys DNS servers. Thus, all spammer domains will fail to resolve.
    2. We now have a list of trojan'ed machines. Just do DNS queries, find out the ISPs involved, and have them go after the infected machines.
    3. Alternatively, go after the infected machines directly - ram a worm down their throats that cleans the machine up, or at least formats the hard disk to knock it offline.
    4. Hack the trojan - harvest the addresses of the spammers' web sites from the data feed.

Slashdot Top Deals

"Confound these ancestors.... They've stolen our best ideas!" - Ben Jonson

Close