Botnet Mafia in Online Turf War

An anonymous reader writes " The kind of turf war seen in the real world by drug gangs is being replicated by the criminal gangs behind spamming botnets, and things are turning nasty."

Trying to care

[tomstdenis]

Trying to care, ..., nope failing.

As someone who doesn't have an email address anymore, I really don't care about spam in the slightest, or the battle they go over to spam people. Most of my spam, that actually made it to my inbox when I had a gmail account was in Portuguese or some random asian looking language. To me it was all gibberish [more than usual] and fleeting. But the ever presence of it [on average I would receive anywhere between 100 and 500 spams a day, with about 5-10 in my inbox] just gnaws at you. Day after day people keep assaulting your inbox, trying to take away the service from you.

And even though gmail is free, it was still MY inbox, if you know what I mean. And having these low lifes just clutter it up every day with the same foreign language bullshit nonsense was annoying.

Eventually I just deleted my account. I have a cell phone if people want to contact me. And for work I have a private email addy that my co-workers can use. Personal email is just a waste.

Tom

Re:Trying to care

[Oligonicella]

Wow! What the hell were you doing/where were you going that you got so much? I look at tits and ass online and still only get some 10-20 a day on a heavy day. Wow.

Re:

[jaavaaguru]

Yeah, because your email address is automatically sent to spammers when you view pictures/videos online.
</sarcasm>

Re:Trying to care

[tomstdenis]

I posted in usenet for several years, wrote OSS software, have my email addy on my websites, etc.

My work email has yet to receive a single spam. Oh, that's because I don't use it for anything but work and it's not on any webpage.

Tom

Re:

[Anonymous Coward]

You're lucky then. All it takes is for your address to end up in some other person's email client, and they become infected with a spam harvester bot of some kind. It's not as if you even have to communicate with that person. Some fool can forward a crap joke to everyone they know, chances are they won't use bcc:, resulting in your address being sent to a fair number of people.

 

Re:

[djdavetrouble]

My work email has yet to receive a single spam. Oh, that's because I don't use it for anything but work and it's not on any webpage.

I was spam free for quite a while, but in the last few years, the enterprise wide
address book has clearly been harvested (some 10000+ addresses)
by a bad apple somewhere. I imagine someone installed a "free screensaver"
or something else with a backdoor, or took a company laptop to a unprotected network
and gotten scanned and rooted, etc etc....

Re:

[Remus Shepherd]

Yes, I've used my main email address for Usenet posts for over a decade, and I get hundreds of spams a day. That's okay, though, I have filters up to the task.

Part of the problem, I feel, are legitimate organizations who sell their client lists to spammers. My work address never got spam until I got published in a professional journal. That journal sold its contributors' email addresses to someone, and I started receiving spam. I have no good solution here -- I'm a scientist, and have to publish or peri

Re:

[DeadCatX2]

Actually, in some computer disciplines it is useful to shorten long words, like address.

Say you have an address bus and a data bus. You're drawing a schematic. "Data" fits in just fine, but "address" would run into one of the two boxes. "Addy" is four letters long, just like data.

Re:

[joto]

So, essentially, you are saying that slashdot posts are like schematic drawings in braindead software that won't let you enlarge text boxes so words longer than four letters fit?

In that case, I can assure you, that you are wrong. Slashdot postings allow words longer than four letters. And they are not very useful for drawing schematics.

Er, no.

[DeadCatX2]

I'm saying that habits from real life tend to find their way into online life, and I postulated on the habit which could have resulted in the emergence of the word "addy".

Here, have your words back. You tried putting them in my mouth, but they don't fit.

Re:

[jZnat]

Also, it's not "IPv6", it's "inet6". And not "IP" or "IPv4", we go with "inet". Therefore, instead of "IP address", for example, it's "inet addr". "Email address" can thus be shortened to "mail addr" in techie lingo.

Hmm, this is fun. It's like AOLspeak for techs! And it makes a little more sense.

Re:

[Aladrin]

Those of us with REALLY old addresses get spammed incessantly because there was a time when it was safe to post your email address anywhere. My oldest (still working) address has been moved to gmail's hosting. It clears the spam automatically after 30 days, and there's 2,962 pieces of spam in there right now. That's almost 100 per day for an account I barely use now, and didn't use AT ALL for about 8 years. (Started actively using it again a few months ago.)

Re:

[OverlordQ]

That's it? Got over 5200 in my Gmail spambox right now.

Re:

[dickens]

My gmail spam folder currently shows 16,981. Nyeah! A truly sad commentary, isn't it? I get about 20 a day that aren't caught by gmail's filters.

My work email is pretty clean, but I did start getting a few stock pump image spams after I used my work address to register and download some drivers from iomega.

Re:

[plover]

I did start getting a few stock pump image spams after I used my work address to register and download some drivers from iomega.

Even for things like this at work I use sneakemail.com. Iomega may not be spammers (or maybe they are?) but that doesn't automatically make their web site or registration site secure.

Of course, it could just be bad timing, too. Another useful thing sneakemail has shown me is that the vast majority of the spam I get is harvested from email chains, not from malicious web site

Re:

[asninn]

Two things: a) leave your email address on the web somewhere (spam spiders WILL pick it up eventually), and b) give it time (the more your email address is traded around, the more spam you will get). Also, if you change email addresses, c) have your old address forward to the new one in case someone still uses the old one. Oh yeah, and d) register one or more domain names and set up a catch-all address for them that collects email sent to non-existant accounts.

I get about 3000 spam mails per day, of which a

Re:

[joto]

It may sound strange, but I take a certain pride in the first email address I ever got still working and (valid) email sent to that still reaching my current inbox.

Correct, that does sound strange!

Re:

[medraut]

Until one of your coworkers turns out to be one of the eevil spammers! Then we'll watch you cry.

Medraut

aren't you special?

[ClioCJS]

You come off as an asshole. Just letting you know.

P.S. Some of us need personal email and have relied on it heavily for 15 years.

Re:

[tomstdenis]

Part of my point was that we don't really need e-mail. It's just nice to have. Just like cell phones. Given that my email was turning into a never ending headache, and I can totally live without it, the smart choice was to just ditch it.

We shouldn't get too worked up over botnets fighting.

Re:

[plover]

Part of my point was that we don't really need e-mail. ... We shouldn't get too worked up over botnets fighting.

I assume you mean "we" as in the "my family and I" sense; because you certainly don't speak for the rest of us. 27 years ago an emailed message led to me meeting my wife, an event that I personally consider very important.

Just because you don't find email useful doesn't make it useless to the rest of us.

Apart from the spam aspect, botnets are also used to stage attacks on all manner of ta

Re:

[UP_Minstrel]

His point is, like usenet, email as a communications medium is beginning to falter. Like usenet, its signal to noise ratio is dropping like a rock (its already hit the dirt and bounced). I've actually considered dropping my email accounts completely and going to pure cel communications, but as I've still a high enough need, I can't do that yet. I'm not very far from making the decision, however. Like the OP, my address has been harvested, sold and traded because of historical activity (usenet, mailing l

Re:

[cultrhetor]

Try teaching at the university level and then tell me again how we don't need e-mail. Let's add a clause to this as well: even if you don't use your e-mail for non-work-related crap, any e-mail address with which you contact a significant number of undergraduates will eventually become a spam magnet. Further complication: my department requires that syllabi be placed online, with all attendant contact information, including contact e-mail address.

Re:

[tomstdenis]

Simple. Have a "teaching" address that only students can email to. Then have your own private one that isn't listed.

Are you sure you're the smartest man alive? Cuz my idea was pretty smart!

Tom

Re:

[tomstdenis]

For those of us who played the game and wanted to be accessible by the public [re: supporting an OSS project] it's part and parcel. If users can reach me for support emails, so can spammers.

I imagine if I just didn't take part in the OSS world and didn't post on usenet, I'd probably be spam free too.

Tom

Re:

[backwardMechanic]

Because the spammers know your work email address is different, and wouldn't want to bother you there? It's my work email that I have a bigger problem with, because it's the most useful to be able to post around. I want to put my email address on papers and posters, because someone interesting might contact me. I want to have my email address on my home page for the same reason. I certainly don't want to post my cell number in the same way. It's true that email isn't necessary, but it's certainly very usefu

Re:

[LordEd]

If you really did delete your account, you aren't getting it back because gmail says it is in use. I had to check because dropping your email address can be dangerous if your accounts are tied to it. (see password change [slashdot.org].

Re:

[tomstdenis]

No, what I think happened is when you delete an account google doesn't let anyone else use the name. Because it was "taken" 30 seconds after I deleted it. Google would be stupid to let others re-use usernames.

Tom

Re:Trying to care

[inviolet]

As someone who doesn't have an email address anymore, I really don't care about spam in the slightest, or the battle they go over to spam people.

You do realize that the costs of spam mitigation are all passed on to you, in the form of higher prices for gadgets, for professional and financial services, and eventually for everything else? Or do you not care about that either?

By the way, now that we are out of the Grunge era, it is no longer automatically cool to not care about such things.

Everybody's got an angle (was:Trying to care)

[Lead Butthead]

You do realize that the costs of spam mitigation are all passed on to you, in the form of higher prices for gadgets, for professional and financial services, and eventually for everything else? Or do you not care about that either?

There are a lot of people with vested interest to see that Spam and all manner of malware/spyware not go away. In addition to the douche that does things of this sort, all the landsharks, AV software people, net security people would all be out of a job if the problem disappears t

Re:Trying to care

[ThousandStars]

As someone who doesn't have an email address anymore [...]

So, do you still have a TV? [theonion.com]

Re:

[Lord Apathy]

Wow! An I thought I was one with apathy. But, you know, he has a point. I had a home phone with the number in the book. All I got was shit from telemarketers, shit on the answering machine. Sure the donot call list cut out a shit load of it but then people started calling that thought they had a business relationship with them. Finally I just pulled the plug on the damn thing and went with my cell phone. My motto is if you don't know my cell phone number I don't want to talk to you.

Same way I gu

Re:

[An ominous Cow art]

Wow! An I thought I was one with apathy. But, you know, he has a point. I had a home phone with the number in the book. All I got was shit from telemarketers, shit on the answering machine. Sure the donot call list cut out a shit load of it but then people started calling that thought they had a business relationship with them. Finally I just pulled the plug on the damn thing and went with my cell phone. My motto is if you don't know my cell phone number I don't want to talk to you.

I did this. I realized a couple of years ago that the only calls to my home phone were crap, so I cancelled it. I only use a cell phone now.

I wish I could do something analogous with my postal mail.

Re:

[Potor]

i have 810 spam messages on gmail right now, all brilliantly filed away in a folder i never look at. this is the default for gmail. how did you get so bogged down in spam? no more than one spam per week sneaks past the gmail spam filter on my account.

Careful..

[michaelhood]

It'd be a shame if something were to happen to this nice botnet ya got here...

ISPs have to be the solution

[sherriw]

Time for ISPs to stop being so nicey-nice about this.

1) Send an email to all customers saying that the ISP will begin choosing a random day (say every 3 months or so) to scan for infected computers churning out email.
2) On that random day (random so the spam bots won't be programmed to be silent on that day) the ISP shuts down outgoing mail for all infected computers on their network.
3) Customer who can't send mail is irate and calls ISP tech support hotline.
4) Tech support says: we warned you... please follow these virus removal instructions and install/update your anti virus software.

Bam problem solved. People who keep getting blocked every 3 months will quickly learn to take better care of their computers. Along with the customer's invoice the ISP could send an information sheet with prevention and removal instructions.

Maybe governments can give ISPs a little financial help for doing this?

Unfortunately I don't see any other solution other than tough-love.

Re:ISPs have to be the solution

[tomstdenis]

Can't have that. People can't be held responsible for what goes on in their computers. After all they're big magical boxes and the public is just so stupid.

I think this is a problem only MSFT can solve.

Tom

Re:

[d3ac0n]

-1 for missing the sarcasm.

Although I suppose he should get -1 for not using a /sarc tag.

-1's all around! Whee!

Re:

[tomstdenis]

Dude, sarcasm. I think this is a problem that people should solve by taking responsibility for their actions. But that will never happen because as a society [e.g. as a whole] we have the maturity of a three year old.

Tom

Re:ISPs have to be the solution

[Richard W.M. Jones]

I don't know about the rest of the world, but in the UK ISPs routinely cut off people if their machines are spewing spam (or other malware). The first thing most users know is when any web page they try and visit takes them to an ISP page telling them to run some malware scanning software.

Rich.

Re:

[CastrTroy]

I haven't heard of much of that happening on the other side of the pond. It is a good idea though. However, I think there would be a lot of backlash, as North Americans feel it is their god given right to have internet, and will probably cause a lot of legal trouble for the company cutting them off. It's much like trying to take someone's drivers license away. Even if they have been charged multiple times with drunk driving, they are able to get their license back, because it's something they "need". I

Re:

[Richard W.M. Jones]

Even if they have been charged multiple times with drunk driving, they are able to get their license back, because it's something they "need". In some situations a car is needed, but if you continually show that you aren't going to be responsible, then you really think you have the need for a car.

I'm not sure I'd compare this to drunk driving. If you drive drunk then you had a choice, and clear responsibility not to do that. On the other hand grandmothers buy Windoze computers to type out emails to t

Re:

[CastrTroy]

But MS gets very little grief to fix it, because the users don't experience any direct problems. Those who know what they're doing, including Computer savvy people and network admins for large companies will put the proper measures in place to protect against potential problems, just as their would with any OS. But as long as grandma is still able to send email, then she is happy. It might be a little show if her computer is part of a botnet, but she's still able to do her work. If the ISPs start to cut

Re:

[@madeus]

I agree that software companies should be more responsible than they presently are (and that software doesn't do what it could to keep users safe), but it's ultimately a toss up between an OS thats horrible and frustrating to use (e.g. Vista style constant nagging whenever you try to do anything) and just relying on users common sense. When you do get to the stage of having constant blocking and / or popups during normal use, those messages lose their effectiveness, because users click right through them (p

Re:

[CastrTroy]

I can think of a few instances where it's not the user's fault. If you install windows xp, no service packs, because that's what came with your computer, and you aren't behind a router or any other firewall, then the computer will become infected before you can even download the updates. Even if the only thing you do is go to the windows update site to do the updating. That's a pretty sad state of affairs. It's something MS needs to fix. There should be no open ports by default on any machine they sell,

Re:

[mpe]

It's much like trying to take someone's drivers license away. Even if they have been charged multiple times with drunk driving, they are able to get their license back, because it's something they "need".

IIRC it is also possible, in the US, for people to lose their license for reasons unrelated to driving...

In some situations a car is needed, but if you continually show that you aren't going to be responsible, then you really think you have the need for a car.

Even in the US there are plenty of places

Re:ISPs have to be the solution

[PeeAitchPee]

People who keep getting blocked every 3 months will quickly learn to take better care of their computers.

It's a great theory, but in practice, I'm afraid that your average lazy consumer will simply switch to another (non-blocking) ISP who will happily take their money. 99% of the computer users out there don't even know what a spam bot is (unless they can regurgitate some buzzword from a commercial they saw), let alone how to fix a crippled PC. Your strategy only works if all the ISPs agree to it, and that ain't gonna happen.

Let's face it -- it's time for a new and improved mail protocol.

Re:ISPs have to be the solution

[asninn]

I'm not so sure about that. Yes, people are lazy, but switching to a different ISP is more of a hassle than running a virus/malware scanner; even if you're really computer-unsavvy, you'll probably have a child, sibling, cousin or friend who knows a bit more about computers and can do it for you.

And I still haven't seen any mail protocol proposals that would both cut down on spam in an effective fashion as well as not interfere with legitimate mail and not violating non-technical requirements like privacy etc.

Seriously, spam is a semantic problem, in a way; something that is spam for one person or in one situation need not be spam for someone else or in another situation. I'm signed up for a handful of company newsletters informing me about special offers etc., for example, and those aren't spam (since I signed up for them), but if I received them without having signed up, I'd definitely consider them spam. How is a mail delivery protocol supposed to be able to distinguish between these situations?

Re:

[Falkkin]

"How is a mail delivery protocol supposed to be able to distinguish between these situations?"

I've thought of this before and I think that part of the problem is that mail delivery is not a true end-to-end protocol. As far as SMTP is concerned, mail delivery "succeeds" when my mail server accepts an email for me. In reality, I have my own set of spam filters that run after the mail has been accepted. If one of these spam filters rejects a mail, ideally the sender would be informed -- that way a legitimat

Re:

[ball-lightning]

I'm not so sure about that. Yes, people are lazy, but switching to a different ISP is more of a hassle than running a virus/malware scanner; even if you're really computer-unsavvy, you'll probably have a child, sibling, cousin or friend who knows a bit more about computers and can do it for you.

Five years ago, I would have agreed with you. The problem is, (some) of those same kids who were fixing computers a few years ago have graduated to writing the malware they used to remove. I am gainfully e

Re:

[TheRaven64]

Then make it a legal requirement (either via a new law or ideally as part of every peering agreement) that the ISP will take action to prevent spam and malware being sent over their network. Then start cutting off the ISPs that host the botnets from the backbones for violating their peering agreements. The average lazy customer who can be bothered to switch to an ISP which doesn't block them for being in a botnet will find that their ISP no longer provides access to the Internet.

Re:

[PeeAitchPee]

Then make it a legal requirement

Yeah, that's what we need -- more laws regulating the Internet. You know, 'cuz the ones we have already work so well.

Re:ISPs have to be the solution

[jeffasselin]

We don't need more laws, we simply need better laws written by people who actually understand the technology that needs to be regulated.

Re:ISPs have to be the solution

[TeXMaster]

Oh I'll just love it when my ISP blocks my internet connection because I just sent a patchset by email to a *-devel list for peer review.

I know the good intentions and all that, but seriously, I'm already pissed enough at my ISP (Tiscali.it) that doesn't allow me to send more than 3 consecutive emails.

So either implement this kind of stuff with a proper way to tell spam sending from acceptable mass mailing, or be ready to handle hordes of very angry customers.

Re:

[liledevil]

XS4all, one of the first and biggest ISP's in the netherlands, allready does this but not once every 3 months, but every single day.
as soon as they find your internet connection is scanning or sending spam you will get blocked from having full access to the internet.
Instead you can browse via a proxy, and once you have take serious measures so no more scans/spams are started from your connection you will be unblocked.

Faced this issues several times now when people didnt secure their machines enough, no anti

Re:

[Anonymous Cowpat]

Which will work beautifully until month 6, at which point disgruntled customers will instruct their banks not to honour any further direct debit mandates from the ISP and organise paying ONLY for the days during which they received service. Between the lost income and the insane administrative headache of dealing with cancelled direct debits and partial payment of bills, it'll cost the ISP's big time.

Any policy which tries to penalise average customers for what someone else illegally does with their compu

Re:ISPs have to be the solution

[powermacx]

Well, here in Argentina the first answer when you call tech support to complain your connection isn't working is: "You've got spyware. Reinstall Windows and install an up to date antivirus+antyspyware".

Of course, when I answer: "Er... I have a Mac" the answer is "Uh... I don't know... did you try restarting?"

Re:

[klubar]

Actually a fair number of employer now require that employees install anti-virus software on home machines if employees are accessing work resources. Most corporate anti-virus subscriptions include home use, so it's all bundled in the employer's package. Typically these are installed as part of the VPN software so enforcement is easy. It really does cut down on the crap on home computers and could be considered an employee benefit.

Minor problem is that macs are typically not included in corporate VPNs,

Re:

[WhiteWolf666]

Why every 3 months?

Why not daily? Why not constantly?

You should not be permitted to spam people from your hardware, regardless of whether or not you actively installed the spamware. If your computer is polluting the internet, it should be disconnected. End of story.

If this bothers you, a) stop getting infected, or b) switch to an OS that doesn't get infected.

Re:

[mcrbids]

Time for ISPs to stop being so nicey-nice about this.

Being nice is a good way to keep customers. Being "un-nice" is a good way to lose them. Losing paying customers is usually bad for business.


1) Send an email to all customers saying that the ISP will begin choosing a random day (say every 3 months or so) to scan for infected computers churning out email.
2) On that random day (random so the spam bots won't be programmed to be silent on that day) the ISP shuts down outgoing mail for all infected computers on

oblig checklist

[remmelt]

Your post advocates a

(X) technical ( ) legislative ( ) market-based (X) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the mone

Re:

[ajs318]

Actually, nobody does click on the links and buy the stuff being advertised. They don't have to.

The spam advertisements are part of a get-rich-quick scheme (also known as Network Marketing -- as in the great Networks of Ancient Egypt). The advertisements are the product. The spammers are making money right, left and centre from idiots who are paying for an unsaleable product, and then paying more to have their product advertised widely. The advertising doesn't help them sell a single product, of cour

Botnet Mafia warnings

[marto]

You could wake up with an ascii horses head in your inbox http://www.virtualhorses.com/graphics/asciiart.htm [virtualhorses.com]

Let's have ...

[WrongSizeGlass]

... Botnet Wars! They can infect systems and fight it out in the process table.
"Watch out! They just spawned a thread that has access to your virtual address space! Protect your data registers!"

Re:

[jonwil]

For some reason your post made me think of TRON. I can almost picture different bots fighting it out on the Game Grid...

Where will there HQs be?

[master5o1]

Will they be in the typical Pizza shop website? something like www.donluigi-pizza.com (and donluigi-pizza.org for eGangster login)

Re:

[Dan Slotman]

Uncle Enzo guarantees delivery within 30 minutes!

Cash Rules Everything Around Me

[packetmon]

Browsing through some of the posts here, I'm seeing how people tend to forget the financial aspect of botnets. Spam, malware is big business (obviously) so its no surprise that can become the online equivalent to a Columbian drug war without the murders and guns. There is huge business in bots and whats sad is, the low man on the totem pole is often some American company who's advertisements are being spammed (for the spammers). Vint Cerf stated there are millions of infected machines, I don't know about those numbers, but I can tell you that if I was involved in (dis)organized crime, why should I re-invent the wheel when I could re-program my own bots to take over others' cruddily created bots. This falls in line with a document I wrong (Ubuntu and the Destruction of the Internet [infiltrated.net]) where my logic is, "are you sure you want grandma using Linux"?... With e-Criminals getting savvier, how long will it be before the Internet truly becomes the Wild West... Some may think its not a big deal, but when there are finances involved, that can escalate to physical crimes (shootings, murder, etc.) and its happened a few times where (dis)organized idjits stealing e-money from games were caught up in real life incidents for stepping over "turf".

Re:

[Coriolis]

Certain things will always need the root password, and the design of all operating systems is currently lacking in how they handle such things. Protecting users from themselves appears to be an unsolved problem. However, even without root access you should still be able to cause considerable havoc using this technique, given a set of known filenames. This is one of the inherent dangers of popularity.

Mind you, there is a bit of horse-poo in that article:

• Author states you can't do this in Windows. Comment

Re:

[packetmon]

Obviously you misinterpretted... Author states you can't do this in Windows. Commenters point out that yes, yes you can. Author retorts that you can't do it as easily. Easily, shmeasily. You only have to work out how to do it once. You can create something undetectable for the moment in Windows. Diff between Windows and Linux is, its easier to find on Windows then it would be on Linux... * Author states his method can be configured to be undetectable. Highly doubtful; unless it uses a vastly different al

We're doomed

[giafly]

The really organised criminals will be using exactly the same techniques to evade capture and to protect the business of criminality as is seen in the drugs war. You can be sure that while sacrificial lambs get jail time, the gang bosses and the real botnet builders will continue to prosper. Until, that is, law enforcement, the judiciary and governments around the world start to take the spam problem as seriously as they do the drugs one.

We're doomed

Re:

[haxor.dk]

Judging from the result of the state's "War On drugs"? Yes...

Final solution

[Fuzzums]

I hope they'll drive-by-spam eachother until their computers are fried.

Re:

[misleb]

Reminds me of the myths (or were they!?) years ago about how you could use a Tesla Coil to send a jolt to your enemy's computer through the telephone system and fry it remotely.

-matthew

Botnets blowing each other up?

[Arancaytar]

Yay! I'll get popcorn!

Oh wait, that also means the tubes get clogged. Dang it.

Oh Noes!

[AltGrendel]

I hope this doesn't spill over to any MMORPGs. Things could get really ugly if that happens.

PGP is your friend

[oliverthered]

If people actually started using the tools that have been available for years and signed their emails it would be a lot easier to spot the ones sent out by spam bots.

It's amazing how hard it is to get a company to send you a signed email to prove who they are and even harder to send an encrypted email containing personal information to them even though everyone knows how insecure email it.

Lazy Government,
Lazy Companies,
Lazy Consumers.
The tools are there for free and have been for years.

Re:

[codemachine]

Sadly, it just isn't easy enough to use for the common person. Nor is it widespread enough that even technical people would bother - even a lot of sysadmins don't touch it, even though it'd be easy for them to deploy.

We need to have it integraded into our clients in such a way that everyone would start using it. However, it'd be a lot easier to do that with IM than email as of now. You can have the client add the contact's key when the contact is added, and you can store it on a server side list so that

End the War On Botnets

[Cyryathorn]

Obviously, the War On Botnets has failed. All the War On Botnets has done is created a lucrative enterprise for organized crime. We need to legalize botnets, so that botnet operators can finally come out of the shadows. Also, once legalized, we can tax botnets -- this way, botnets become an income generator for the government, rather than a black hole of enforcement dollars. The police can then better spend their time tracking down *real* criminals.

Re:

[joto]

Sounds reasonable to me. The problem with spam is that it's essentially "free". So instead of making it illegal, we should tax it, to make it less profitable. Botnets is just the modern way of getting spam out of the door, so it should be taxed as well.

This will eventually be solved on its own

[gunnarstahl]

Relax and wait. Over time, ISPs will start to get seriously annoyed by this waste of bandwidth. As soon as customers start calling and complain about their crawling download speed, ISPs will have to start to act.

And ISPs who act against it will finally gain a reputation for providing being spam-free services. Just regularly call your ISP and complain about that they don't filter the spam.

For me having about 20-30 junk mails in my inbox per day isn't really much trouble. T'Bird does a fairly good job detecting them. And if it really starts to bug me I will install something like spamassassin on my server. So, who cares.

Don't get me wrong: I just hate this stuff like everyone else. But even wasting thoughts on it is useless.

Yt,

Gunnar

No, not really

[Dachannien]

The kind of turf war seen in the real world by drug gangs

Until I actually RTFA, I thought they meant that botnet gangs were finding the people running opposing botnets and killing them.

Or maybe I was just secretly hoping.

And this will only get worse

[Opportunist]

As long as people are not held responsible for what damage their machines do to the net, this will not change.

Botnets rely on people being negligent, clueless and generally careless. There is no such thing as an unavoidable infection. Over 99% of all infections rely on user interaction (and yes, while over 98% of percentages used in biased reports are fake, this one I can actually vouch for), with remote exploits only constituting for a very, very small of infections, most of which also relying on your use of an insecure machine directly connected to the net.

If people acted on the road like the act in the net, a mass accident with 100s of cars involved would not be a newsworthy item. It would be the rule in rush hour traffic! And as much as I hate car analogies, this one is sadly true.

People switch their common sense off when they access the internet. I have no other explanation for this phenomenon. You can get most people to double click your attachment with the most hare brained excuse, "important news from your lawyer" is often enough.

Even if they have none!
With the "from" line reading "lawyer"!!!

The main problem isn't spam. The core problem is that those botnets are then used to spread even more and even more dangerous malware around. Bankfraud being one of the more "harmless" things in their arsenal.

People have to be held responsible for what their machines do, and what cause they harm to the rest of the net population. I'm not talking jail time, it needn't be capital punishment. The people we're talking about are not your "usual criminals". They already wet their pants if there's a chance that they could have to show up as defendent in court, as those "you went to our page so you owe us 500 bucks or we drag you to court" scams prove. Some kind of nominal fine would already be plenty.

Don't get me wrong. I don't want to keep anyone from using the net. But as with everything that can be harmful to other people using the same tools you do, you have to act responsibly. This applies to cars, this applies to guns, and it also applies to machines with internet connection.

Re:And this will only get worse

[joto]

People switch their common sense off when they access the internet. I have no other explanation for this phenomenon. You can get most people to double click your attachment with the most hare brained excuse, "important news from your lawyer" is often enough.

So why shouldn't people doubleclick their attachments? I mean, to read the attachment, you have to doubleclick it, right? So why are you suggesting that they shouldn't?

This is completely counterintuitive. The people who need to be held responsible are the idiot programmers who allow arbitrary code to be executed by clicking on attachments in a program deliberately designed for end-users. Such a feature in an email-program sounds like it might be more useful to movable-computation researchers working on lab-machines in a closed network.

Don't get me wrong. I don't want to keep anyone from using the net. But as with everything that can be harmful to other people using the same tools you do, you have to act responsibly. This applies to cars, this applies to guns, and it also applies to machines with internet connection.

And by clicking on attachments, you are harming someone? By simply leaving your computer connected to the Internet, you are harming someone?

This is completely counterintuitive. It would be like prosecuting car-owners for having their cars parked in the garage instead of constantly driving it to and from the factory for "updates". Or prosecuting gun-owners because the manufacturer of the gun decided that whenever you put the safety on, the gun would fire a shot, if someone sent a certain radio-signal.

Nonsense! Technical problems deserve a technical solution!

Let's declare war on spam

[roskakori]

From the article:

You can be sure that while sacrificial lambs get jail time, the gang bosses and the real botnet builders will continue to prosper. Until, that is, law enforcement, the judiciary and governments around the world start to take the spam problem as seriously as they do the drugs one.

Listen to the man! Remember, back then, when drugs got out of control, a war on drugs was declared and now there are no drugs anymore. When the whole terror thing got out of control and people started to land aero

How to avoid spam (slightly OT)

[Lavene]

In a consumer help program on TV they had brought in an expert to teach people how to avoid spam (viruses was already covered in an earlier program. Sadly (?) I missed that one. From the top of my head, some of the advices was:

Do not open porn sites (Yes, he said 'open')
Do not watch online movies
Keep an updated anti virus
Do not use web based e-mail
When not using your computer turn it off. Laptop users should close the lid.(I love this one!)

The most peculiar though was that not once did he warn about giving out your e-mail address. Thank god we have experts like that to help us protect our self...

Re:

[PrescriptionWarning]

I think it might still be better than Hackers, Swordfish, and that one with Sandra Bullock though... :P

Re:

[d3ac0n]

That would be "The Net". and yeah, it sucked as bas as the others, except that you got to see Sandra Bullock in a bikini sipping a martini. So it wasn't all bad.

Re:

[ajs318]

I'm afraid I can't think of Sandra Bullock the same way anymore since that song by The Beautiful South [google.co.uk].

Re:Somehow...

[billcopc]

I'm still waiting to be cast in an XXX Hackers spoof, where copying a garbage file sends the female lead on a dirty, dirty quest to get out of trouble with the sleazy fat ugly cops that pursue her.

Might as well spoof Takedown as well, where a fugitive hacker leads his asian arch nemesis on a cross-country chase through every brothel in the USA, all over a dick-length argument. They finally settle their feud in a stomach-churning scene where they both anally violate a journalist named John Warkoff.

Oh come on! When have you ever seen pr0n with a good story ?

Re:

[bhiestand]

I'm afraid to know what you'd do with the "triple-headed hydra" from Swordfish.

Re:

[s_p_oneil]

Well, I could be wrong. Sneakers wasn't bad, and it managed to include hackers and the mafia. ;-)

Re:Somehow...

[Rob T Firefly]

*ominously clicking together Jolt COla bottles stuck on fingertips*

Botnets... come out to play-ayyyyy!

Re:

[giorgiofr]

+1 The Warriors reference!

Re:

[Fordiman]

Ah, get over it.

I'm actually *related* to italian mafioso (though not involved), and I don't give a half-shit about this. Mafia implies italians about as much as Nazi implies germans. It's a specific group of Not-Very-Nice people, and these days, they're of any race creed or color. Use it in that fashion and the implication fades.

No, seriously. If your offended, your oversensitive. Shut up and deal with it.

Re:Somehow...

[Retric]

I'm actually *related* to italian mafioso... Shut up and deal with it.

Yes, Sir.

Re:

[Dogtanian]

I'm actually *related* to italian mafioso (though not involved)

Neither was Michael Corleone at first, and we all know how *that* turned out... ;-)

Re:

[joto]

Wow, a new word: e-organized crime!

Why not e-organized e-crime. I'm sure that when e-crime merges with crime, many e-dead e-bodies will start to appear.

Re:fix the cause not the symptom

[mpe]

The war on drugs is a miserable failure. So please find another parable

A "war on spam" might actually work better than "war on drugs" simply because there are liklely to be far fewer people who wants spam than want various drugs.

the whole enviroment that these people thrive in is made possible by MS Windows and its' horrible security. why don't we start screaming about fixing the root cause of the problem ?

Thing is that there are plenty of people who appear to think that Microsoft's bluring the line between user & administrator or having a "monoculture" environment is a good thing.

Re:

[Opportunist]

Uhhhh... I'd be wary of a "war on spam". You know that Russia still has The Bomb, yes?