Botnet Mafia in Online Turf War 266
An anonymous reader writes " The kind of turf war seen in the real world by drug gangs is being replicated by the criminal gangs behind spamming botnets, and things are turning nasty."
It is better to travel hopefully than to fly Continental.
Trying to care (Score:3, Interesting)
As someone who doesn't have an email address anymore, I really don't care about spam in the slightest, or the battle they go over to spam people. Most of my spam, that actually made it to my inbox when I had a gmail account was in Portuguese or some random asian looking language. To me it was all gibberish [more than usual] and fleeting. But the ever presence of it [on average I would receive anywhere between 100 and 500 spams a day, with about 5-10 in my inbox] just gnaws at you. Day after day people keep assaulting your inbox, trying to take away the service from you.
And even though gmail is free, it was still MY inbox, if you know what I mean. And having these low lifes just clutter it up every day with the same foreign language bullshit nonsense was annoying.
Eventually I just deleted my account. I have a cell phone if people want to contact me. And for work I have a private email addy that my co-workers can use. Personal email is just a waste.
Tom
Re:Trying to care (Score:5, Funny)
Re: (Score:2)
</sarcasm>
Re:Trying to care (Score:4, Insightful)
My work email has yet to receive a single spam. Oh, that's because I don't use it for anything but work and it's not on any webpage.
Tom
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
I was spam free for quite a while, but in the last few years, the enterprise wide
address book has clearly been harvested (some 10000+ addresses)
by a bad apple somewhere. I imagine someone installed a "free screensaver"
or something else with a backdoor, or took a company laptop to a unprotected network
and gotten scanned and rooted, etc etc....
Re: (Score:3, Interesting)
Part of the problem, I feel, are legitimate organizations who sell their client lists to spammers. My work address never got spam until I got published in a professional journal. That journal sold its contributors' email addresses to someone, and I started receiving spam. I have no good solution here -- I'm a scientist, and have to publish or peri
Re: (Score:2)
Say you have an address bus and a data bus. You're drawing a schematic. "Data" fits in just fine, but "address" would run into one of the two boxes. "Addy" is four letters long, just like data.
Re: (Score:2)
In that case, I can assure you, that you are wrong. Slashdot postings allow words longer than four letters. And they are not very useful for drawing schematics.
Er, no. (Score:2)
Here, have your words back. You tried putting them in my mouth, but they don't fit.
Re: (Score:3, Funny)
Hmm, this is fun. It's like AOLspeak for techs! And it makes a little more sense.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
My work email is pretty clean, but I did start getting a few stock pump image spams after I used my work address to register and download some drivers from iomega.
Re: (Score:2)
Even for things like this at work I use sneakemail.com. Iomega may not be spammers (or maybe they are?) but that doesn't automatically make their web site or registration site secure.
Of course, it could just be bad timing, too. Another useful thing sneakemail has shown me is that the vast majority of the spam I get is harvested from email chains, not from malicious web site
Re: (Score:2)
I get about 3000 spam mails per day, of which a
Re: (Score:2)
Correct, that does sound strange!
Re: (Score:2, Funny)
Medraut
aren't you special? (Score:4, Insightful)
P.S. Some of us need personal email and have relied on it heavily for 15 years.
Re: (Score:3, Interesting)
We shouldn't get too worked up over botnets fighting.
Re: (Score:3, Interesting)
I assume you mean "we" as in the "my family and I" sense; because you certainly don't speak for the rest of us. 27 years ago an emailed message led to me meeting my wife, an event that I personally consider very important.
Just because you don't find email useful doesn't make it useless to the rest of us.
Apart from the spam aspect, botnets are also used to stage attacks on all manner of ta
Re: (Score:2, Interesting)
Re: (Score:2)
Re: (Score:2)
Are you sure you're the smartest man alive? Cuz my idea was pretty smart!
Tom
Re: (Score:2)
I imagine if I just didn't take part in the OSS world and didn't post on usenet, I'd probably be spam free too.
Tom
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Tom
Re:Trying to care (Score:5, Insightful)
You do realize that the costs of spam mitigation are all passed on to you, in the form of higher prices for gadgets, for professional and financial services, and eventually for everything else? Or do you not care about that either?
By the way, now that we are out of the Grunge era, it is no longer automatically cool to not care about such things.
Everybody's got an angle (was:Trying to care) (Score:2)
There are a lot of people with vested interest to see that Spam and all manner of malware/spyware not go away. In addition to the douche that does things of this sort, all the landsharks, AV software people, net security people would all be out of a job if the problem disappears t
Re:Trying to care (Score:4, Funny)
So, do you still have a TV? [theonion.com]
Re: (Score:2)
Wow! An I thought I was one with apathy. But, you know, he has a point. I had a home phone with the number in the book. All I got was shit from telemarketers, shit on the answering machine. Sure the donot call list cut out a shit load of it but then people started calling that thought they had a business relationship with them. Finally I just pulled the plug on the damn thing and went with my cell phone. My motto is if you don't know my cell phone number I don't want to talk to you.
Same way I gu
Re: (Score:2, Interesting)
Wow! An I thought I was one with apathy. But, you know, he has a point. I had a home phone with the number in the book. All I got was shit from telemarketers, shit on the answering machine. Sure the donot call list cut out a shit load of it but then people started calling that thought they had a business relationship with them. Finally I just pulled the plug on the damn thing and went with my cell phone. My motto is if you don't know my cell phone number I don't want to talk to you.
I did this. I realized a couple of years ago that the only calls to my home phone were crap, so I cancelled it. I only use a cell phone now.
I wish I could do something analogous with my postal mail.
Re: (Score:2)
Careful.. (Score:4, Funny)
ISPs have to be the solution (Score:5, Interesting)
1) Send an email to all customers saying that the ISP will begin choosing a random day (say every 3 months or so) to scan for infected computers churning out email.
2) On that random day (random so the spam bots won't be programmed to be silent on that day) the ISP shuts down outgoing mail for all infected computers on their network.
3) Customer who can't send mail is irate and calls ISP tech support hotline.
4) Tech support says: we warned you... please follow these virus removal instructions and install/update your anti virus software.
Bam problem solved. People who keep getting blocked every 3 months will quickly learn to take better care of their computers. Along with the customer's invoice the ISP could send an information sheet with prevention and removal instructions.
Maybe governments can give ISPs a little financial help for doing this?
Unfortunately I don't see any other solution other than tough-love.
Re:ISPs have to be the solution (Score:5, Funny)
I think this is a problem only MSFT can solve.
Tom
Re: (Score:3, Funny)
Although I suppose he should get -1 for not using a
-1's all around! Whee!
Re: (Score:2)
Tom
Re:ISPs have to be the solution (Score:5, Informative)
I don't know about the rest of the world, but in the UK ISPs routinely cut off people if their machines are spewing spam (or other malware). The first thing most users know is when any web page they try and visit takes them to an ISP page telling them to run some malware scanning software.
Rich.
Re: (Score:2)
Re: (Score:3, Insightful)
Even if they have been charged multiple times with drunk driving, they are able to get their license back, because it's something they "need". In some situations a car is needed, but if you continually show that you aren't going to be responsible, then you really think you have the need for a car.
I'm not sure I'd compare this to drunk driving. If you drive drunk then you had a choice, and clear responsibility not to do that. On the other hand grandmothers buy Windoze computers to type out emails to t
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
IIRC it is also possible, in the US, for people to lose their license for reasons unrelated to driving...
In some situations a car is needed, but if you continually show that you aren't going to be responsible, then you really think you have the need for a car.
Even in the US there are plenty of places
Re:ISPs have to be the solution (Score:4, Insightful)
People who keep getting blocked every 3 months will quickly learn to take better care of their computers.
It's a great theory, but in practice, I'm afraid that your average lazy consumer will simply switch to another (non-blocking) ISP who will happily take their money. 99% of the computer users out there don't even know what a spam bot is (unless they can regurgitate some buzzword from a commercial they saw), let alone how to fix a crippled PC. Your strategy only works if all the ISPs agree to it, and that ain't gonna happen.
Let's face it -- it's time for a new and improved mail protocol.
Re:ISPs have to be the solution (Score:5, Informative)
And I still haven't seen any mail protocol proposals that would both cut down on spam in an effective fashion as well as not interfere with legitimate mail and not violating non-technical requirements like privacy etc.
Seriously, spam is a semantic problem, in a way; something that is spam for one person or in one situation need not be spam for someone else or in another situation. I'm signed up for a handful of company newsletters informing me about special offers etc., for example, and those aren't spam (since I signed up for them), but if I received them without having signed up, I'd definitely consider them spam. How is a mail delivery protocol supposed to be able to distinguish between these situations?
Re: (Score:2)
I've thought of this before and I think that part of the problem is that mail delivery is not a true end-to-end protocol. As far as SMTP is concerned, mail delivery "succeeds" when my mail server accepts an email for me. In reality, I have my own set of spam filters that run after the mail has been accepted. If one of these spam filters rejects a mail, ideally the sender would be informed -- that way a legitimat
Re: (Score:3, Insightful)
Five years ago, I would have agreed with you. The problem is, (some) of those same kids who were fixing computers a few years ago have graduated to writing the malware they used to remove. I am gainfully e
Re: (Score:2)
Re: (Score:3, Insightful)
Then make it a legal requirement
Yeah, that's what we need -- more laws regulating the Internet. You know, 'cuz the ones we have already work so well.
Re:ISPs have to be the solution (Score:4, Insightful)
Re:ISPs have to be the solution (Score:5, Informative)
I know the good intentions and all that, but seriously, I'm already pissed enough at my ISP (Tiscali.it) that doesn't allow me to send more than 3 consecutive emails.
So either implement this kind of stuff with a proper way to tell spam sending from acceptable mass mailing, or be ready to handle hordes of very angry customers.
Re: (Score:2, Interesting)
as soon as they find your internet connection is scanning or sending spam you will get blocked from having full access to the internet.
Instead you can browse via a proxy, and once you have take serious measures so no more scans/spams are started from your connection you will be unblocked.
Faced this issues several times now when people didnt secure their machines enough, no anti
Re: (Score:2)
Any policy which tries to penalise average customers for what someone else illegally does with their compu
Re:ISPs have to be the solution (Score:5, Funny)
Of course, when I answer: "Er... I have a Mac" the answer is "Uh... I don't know... did you try restarting?"
Re: (Score:2)
Minor problem is that macs are typically not included in corporate VPNs,
Re: (Score:2)
Why not daily? Why not constantly?
You should not be permitted to spam people from your hardware, regardless of whether or not you actively installed the spamware. If your computer is polluting the internet, it should be disconnected. End of story.
If this bothers you, a) stop getting infected, or b) switch to an OS that doesn't get infected.
Re: (Score:2)
Being nice is a good way to keep customers. Being "un-nice" is a good way to lose them. Losing paying customers is usually bad for business.
1) Send an email to all customers saying that the ISP will begin choosing a random day (say every 3 months or so) to scan for infected computers churning out email.
2) On that random day (random so the spam bots won't be programmed to be silent on that day) the ISP shuts down outgoing mail for all infected computers on
oblig checklist (Score:3, Informative)
(X) technical ( ) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the mone
Re: (Score:2)
The spam advertisements are part of a get-rich-quick scheme (also known as Network Marketing -- as in the great Networks of Ancient Egypt). The advertisements are the product. The spammers are making money right, left and centre from idiots who are paying for an unsaleable product, and then paying more to have their product advertised widely. The advertising doesn't help them sell a single product, of cour
Botnet Mafia warnings (Score:4, Funny)
Let's have ... (Score:5, Funny)
"Watch out! They just spawned a thread that has access to your virtual address space! Protect your data registers!"
Re: (Score:2)
Where will there HQs be? (Score:4, Funny)
Re: (Score:2)
Cash Rules Everything Around Me (Score:3, Interesting)
Re: (Score:2, Interesting)
Certain things will always need the root password, and the design of all operating systems is currently lacking in how they handle such things. Protecting users from themselves appears to be an unsolved problem. However, even without root access you should still be able to cause considerable havoc using this technique, given a set of known filenames. This is one of the inherent dangers of popularity.
Mind you, there is a bit of horse-poo in that article:
Re: (Score:2)
We're doomed (Score:5, Funny)
Re: (Score:2)
Final solution (Score:4, Funny)
Re: (Score:2)
-matthew
Botnets blowing each other up? (Score:3, Funny)
Oh wait, that also means the tubes get clogged. Dang it.
Oh Noes! (Score:2)
PGP is your friend (Score:5, Insightful)
It's amazing how hard it is to get a company to send you a signed email to prove who they are and even harder to send an encrypted email containing personal information to them even though everyone knows how insecure email it.
Lazy Government,
Lazy Companies,
Lazy Consumers.
The tools are there for free and have been for years.
Re: (Score:3, Interesting)
We need to have it integraded into our clients in such a way that everyone would start using it. However, it'd be a lot easier to do that with IM than email as of now. You can have the client add the contact's key when the contact is added, and you can store it on a server side list so that
End the War On Botnets (Score:3, Funny)
Re: (Score:2)
This will eventually be solved on its own (Score:3, Interesting)
And ISPs who act against it will finally gain a reputation for providing being spam-free services. Just regularly call your ISP and complain about that they don't filter the spam.
For me having about 20-30 junk mails in my inbox per day isn't really much trouble. T'Bird does a fairly good job detecting them. And if it really starts to bug me I will install something like spamassassin on my server. So, who cares.
Don't get me wrong: I just hate this stuff like everyone else. But even wasting thoughts on it is useless.
Yt,
Gunnar
No, not really (Score:5, Funny)
Until I actually RTFA, I thought they meant that botnet gangs were finding the people running opposing botnets and killing them.
Or maybe I was just secretly hoping.
And this will only get worse (Score:4, Interesting)
Botnets rely on people being negligent, clueless and generally careless. There is no such thing as an unavoidable infection. Over 99% of all infections rely on user interaction (and yes, while over 98% of percentages used in biased reports are fake, this one I can actually vouch for), with remote exploits only constituting for a very, very small of infections, most of which also relying on your use of an insecure machine directly connected to the net.
If people acted on the road like the act in the net, a mass accident with 100s of cars involved would not be a newsworthy item. It would be the rule in rush hour traffic! And as much as I hate car analogies, this one is sadly true.
People switch their common sense off when they access the internet. I have no other explanation for this phenomenon. You can get most people to double click your attachment with the most hare brained excuse, "important news from your lawyer" is often enough.
Even if they have none!
With the "from" line reading "lawyer"!!!
The main problem isn't spam. The core problem is that those botnets are then used to spread even more and even more dangerous malware around. Bankfraud being one of the more "harmless" things in their arsenal.
People have to be held responsible for what their machines do, and what cause they harm to the rest of the net population. I'm not talking jail time, it needn't be capital punishment. The people we're talking about are not your "usual criminals". They already wet their pants if there's a chance that they could have to show up as defendent in court, as those "you went to our page so you owe us 500 bucks or we drag you to court" scams prove. Some kind of nominal fine would already be plenty.
Don't get me wrong. I don't want to keep anyone from using the net. But as with everything that can be harmful to other people using the same tools you do, you have to act responsibly. This applies to cars, this applies to guns, and it also applies to machines with internet connection.
Re:And this will only get worse (Score:4, Insightful)
So why shouldn't people doubleclick their attachments? I mean, to read the attachment, you have to doubleclick it, right? So why are you suggesting that they shouldn't?
This is completely counterintuitive. The people who need to be held responsible are the idiot programmers who allow arbitrary code to be executed by clicking on attachments in a program deliberately designed for end-users. Such a feature in an email-program sounds like it might be more useful to movable-computation researchers working on lab-machines in a closed network.
And by clicking on attachments, you are harming someone? By simply leaving your computer connected to the Internet, you are harming someone?
This is completely counterintuitive. It would be like prosecuting car-owners for having their cars parked in the garage instead of constantly driving it to and from the factory for "updates". Or prosecuting gun-owners because the manufacturer of the gun decided that whenever you put the safety on, the gun would fire a shot, if someone sent a certain radio-signal.
Nonsense! Technical problems deserve a technical solution!
Let's declare war on spam (Score:2)
Listen to the man! Remember, back then, when drugs got out of control, a war on drugs was declared and now there are no drugs anymore. When the whole terror thing got out of control and people started to land aero
How to avoid spam (slightly OT) (Score:3, Funny)
Do not open porn sites (Yes, he said 'open')
Do not watch online movies
Keep an updated anti virus
Do not use web based e-mail
When not using your computer turn it off. Laptop users should close the lid.(I love this one!)
The most peculiar though was that not once did he warn about giving out your e-mail address. Thank god we have experts like that to help us protect our self...
Re: (Score:2, Interesting)
Re: (Score:2)
Re: (Score:2)
Re:Somehow... (Score:4, Funny)
Might as well spoof Takedown as well, where a fugitive hacker leads his asian arch nemesis on a cross-country chase through every brothel in the USA, all over a dick-length argument. They finally settle their feud in a stomach-churning scene where they both anally violate a journalist named John Warkoff.
Oh come on! When have you ever seen pr0n with a good story ?
Re: (Score:2)
Re: (Score:2, Insightful)
Re:Somehow... (Score:5, Funny)
Botnets... come out to play-ayyyyy!
Re: (Score:2)
Re: (Score:3, Informative)
I'm actually *related* to italian mafioso (though not involved), and I don't give a half-shit about this. Mafia implies italians about as much as Nazi implies germans. It's a specific group of Not-Very-Nice people, and these days, they're of any race creed or color. Use it in that fashion and the implication fades.
No, seriously. If your offended, your oversensitive. Shut up and deal with it.
Re:Somehow... (Score:4, Funny)
Yes, Sir.
Re: (Score:2)
Re: (Score:2)
Wow, a new word: e-organized crime!
Why not e-organized e-crime. I'm sure that when e-crime merges with crime, many e-dead e-bodies will start to appear.
Re:fix the cause not the symptom (Score:4, Insightful)
A "war on spam" might actually work better than "war on drugs" simply because there are liklely to be far fewer people who wants spam than want various drugs.
the whole enviroment that these people thrive in is made possible by MS Windows and its' horrible security. why don't we start screaming about fixing the root cause of the problem ?
Thing is that there are plenty of people who appear to think that Microsoft's bluring the line between user & administrator or having a "monoculture" environment is a good thing.
Re: (Score:2)