Rustock Botnet Responsible For 40% of Spam 250
angry tapir writes "More than 40 percent of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division. The Rustock botnet has shrunk since April, when about 2.5 million computers were infected with its malicious software that sent about 43 billion spam e-mails per day. Much of it is pharmaceutical spam."
Somebody (Score:5, Insightful)
Hunt them down and kill them all
Please
Re:Somebody (Score:5, Funny)
And then, unplug their computers.
That's... that's what you meant, right?
Re:Somebody (Score:5, Insightful)
(They are the low hung fruit.)
Re: (Score:3, Insightful)
(They are the low hung fruit.)
Considering what they are selling, they are also the "well hung" fruit.
Re:Somebody (Score:5, Insightful)
I agree with hitting the pharma companies, but the credit card companies? I'd rather have them be neutral providers of monetary exchange services than have them decide what's legitimate and what isn't, just like ISPs should stay out of copyright enforcement.
Re:Somebody (Score:4, Insightful)
Seriously, do you have any idea how tightly regulated even direct to consumer drug ads are? There's no way any legitimate company is involved in this. I know it's fun and exciting to blame Big Pharma for everything wrong in life, but how about we stick to the many things they ACTUALLY do wrong, rather than random shit we merely attribute to them?
Re:Somebody (Score:5, Interesting)
You know what's really interesting in spam? For spam to pass the content filters, especially those based on statistical models of language, it has to have purposeful mistakes inserted all over the place. In the end, a piece of spam typically looks like if a stoned idiot wrote it. But now it seems that people who author the message in the first place became somehow infected by the stoned idiocy of their own messages.
A few months ago I went through 300 non-scamming spam messages in my spam folder, and only managed to get to 5, I repeat, 5 payment screens. That means that most spam is pretty pointless: the websites it points to, if they haven't been left out (happens quite often), are mostly broken so that there's no way to actually pass any money to the spammer, even if you try really hard. Sometimes they superficially look like they may work, but when time comes to actually submit a payment, things are very likely to be broken. I have been testing stuff using virtual credit cards available from my bank, with very low limits -- below that of the payment amount. On a working site, you get some indication that the transaction was declined. In most places, though, there would be internal server errors, javascript errors preventing payment submittal, and all other sorts of problems.
I think that bulk emailing operations are simply around to milk the spammers for money, and only the mailers make any money -- the spammers themselves seem too stupid to get any.
It's quite hilarious.
Re: (Score:2)
but surely we can all agree that if anyone needs "taken care of", it's spammers!
Aw c'mon. All they want is to make sure you can get a good solid boner. It's a pretty philanthropic cause. Don't be too hard on them.
Re: (Score:2)
Murder is (arguably) wrong, but surely we can all agree that if anyone needs "taken care of", it's spammers!
I say we give 'em a fish-hook enema and use them as bait in shark infested waters. It's better than they deserve but it still gives them a fighting chance ;-)
Re:Somebody (Score:5, Informative)
I know its "crazy" to think that not everyone knows how to run a bare bones Linux distro and knows how to block all ports except for 80, 8080, and say 21-23. But believe me when I say that the majority of computer users are incredibly inept when it comes to basic computer security.
Grandma will never be a network admin. Neither will your local elementary school teacher. Just because people run Windows out of the box and have no idea they are harboring an orgy of botnets is it fair to call them criminals.
Re: (Score:3, Informative)
All the user needs to do is run Linux on a 64 bit machine so they have proper NX. I'd say OSX but it's still got fake ASLR AFAIK. Problem fucking solved. There's no known Linux-based botnets. They don't have to become a firewalling expert, because there's no dangerous services running by default. For most users Linux+Chrome or Linux+FF would provide a superior experience to what they were using before. Too bad no major vendor advertises it on this basis... or adequately
Re: (Score:3, Insightful)
There's no known Linux-based botnets
The skill set of those running the linux based botnets is a little higher. It doesn't mean they aren't out there... many routers are infected and run linux just for an example, and there are quite a few rogue webservers out there too. The question for botnet owners really boils down to "do you want to run a 500 strong linux server botnet or a 2.5 million strong Windows/PC botnet?" Given the number of dual and quad core systems on the consumer market I think most would agree the latter is a better ROI.
Re: (Score:3, Insightful)
In the highly unlikely event that every person in the world switched to Linux tomorrow, I guarantee there would be a Linux botnet running in a matter of weeks. Remember that you don't have to "root" a box to get it working as a part of a botnet. Running software, initiating client side network connections, sending e-mail, these are all things that can be done as a regular user. Use a flash vulnerability, or just get the user to run a script (in some ways even easier with an unwary user in Linux, since the
Re: (Score:3, Insightful)
So because someone is operating technology they are not able to safely use they should be free of reprimand?
The infected systems should be blocked from internet access ... but surely you're not implying that people who aren't technical enough to be a sys or network admins can't own a computer? Would I have to take a test online or at a store before ordering a computer?
Spam causes real financial trouble and being infected either means Windows and therefore Microsoft are at fault, or the user is at fault.
I don't see you pointing a finger at those who start this whole mess: the people writing the virus "packages" for sale, the botnet operators and those who hire them to spew spam, steal bank login information, coordinate DDoS attacks and everything i
Re: (Score:2)
You may as well point a finger at the hospital "supergerms" themselves. They're an evolutionary response to mishandling of basic security, and of the basic economics and legal handling of spam. Even if you personally went and shot the authors of this particular botnet tonight, plenty more are waiting in the wings to fill the economic and social niche they occupy.
This doesn't make the authors good people who don't deserve punishment, but like crack dealers moving into empty houses in your neighborhood, arres
Re: (Score:2)
Blue Frog was perfect for this sorta thing.
Too bad it worked so well it pissed the spammers off into lobbing a DDoS nuke.
Identifying (Score:2)
So if they can identify these botnets, and they know this spam is coming from them...
Do they know what IP addresses these bots are connecting from? Is it possible to make a blacklist? How can I avoid accepting mail from these 2.5 million computers?
Oh PAH-LEEEZE (Score:5, Insightful)
And, don't expect ANY help from the "white hats" in general, all they can do is walk in circles pontificating about how it would be unethical to hack these networks and bring them down.
So really, the only solution is the possibility of someone with "black hat" skilz that wants to be paid to take the system down outside the "law".
Re:Oh PAH-LEEEZE (Score:5, Interesting)
Re:Oh PAH-LEEEZE (Score:5, Interesting)
So, Lone Star, now you see that evil will always triumph because good is dumb. - Dark Helmet
Re: (Score:2)
So, Lone Star, now you see that evil will always triumph because good is dumb. - Dark Helmet
True. More technically, because of evil whistle-blowers with vested evil interests (usually monetary) or a few goody two-shoes touting a "who watches the watchers" attitude that keeps necessary law from being created.
The goody-two shoes normally support *other* laws giving otherwise-worrysome lethal or raiding force to the police/justice/penal system, but worry that certain rights of theirs will be trampled if they stand down for "good" causes tangential to their main interests. See also NRA activism in ant
Re: (Score:2, Insightful)
Still, it's true if you think about it.
Imagine if nearly 90% of cars and trucks on the road dumped trash all over the place when driving around? Those drivers would get a ticket and be required to go to a garage to fix whatever the hell is causing their vehicle to dump trash everywhere.
No such law exists for computers and the internet. And everyone has to suffer because of it.
So, good is dumb because your hands are tied in laws. And evil triumph because we get billions of spam clogging the tubes all over th
Re: (Score:2, Offtopic)
And only on Slashdot does your comment get the points for a "funny" mod without you getting the boost in karma that usually goes with it.
Re: (Score:3, Interesting)
That is only partially true. There was a /. story not long ago about a white-hat company that utterly destroyed a botnet. Sorry I can't remember the names which is making googling rather hard.
I do remember the technical details (whose surprised ?). It was a difficult and involved process - the botnet relied on numerous DNS tricks to always be able to find it's control servers. What the white hats did was to trace and track the current set of master servers. Knocking them out wouldn't do any good, as the con
Re: (Score:3, Informative)
There was a /. story not long ago about a white-hat company that utterly destroyed a botnet.
If you're thinking if this story [slashdot.org], it was a research professor, and the botnet was eventually allowed to be retaken.
Re: (Score:2)
I wasn't thinking of that one no. The story I am thinking off was definitely a company effort, I remember reading the details and the whitepaper on the company site. I just can't remember their name.
Re: (Score:2)
It would normally be up to the governments to hire white hats to pu
Re: (Score:2, Insightful)
There's more than enough threat for Symantic etc. to deal with one and still have a viable business model.
And you're right, white hats don't hack other people's machines, which is illegal, just because it seems like a convenient solution to a problem. That's basically how that works.
Re:Oh PAH-LEEEZE (Score:5, Funny)
So really, the only solution is the possibility of someone with "black hat" skilz that wants to be paid to take the system down outside the "law".
Hudson: Let's just bug out and call it even, OK? What are we talking about this for?
Ripley: I say we take off and nuke the entire site from orbit. It's the only way to be sure.
Hudson: Fuckin' A...
You forgot your tinfoil hat. (Score:4, Informative)
Companies like Symantec and Norton didn't start off as antivirus companies. They build tools and utilities. If by some miracle all of the botnets, trojans, and virus infections were to vanish from the world, I imagine that they would go back to making tools. It was virus makers that created the market, not Symantec and Norton.
I suppose you think cancer researchers don't really want to find a cure, because then they'd lose their funding, right?
The fact that you are marked as insightful is baffling. You have a distorted sense of reality.
I won't even bother commenting on your "white hats" criticisms, since that's been pretty well covered by others...
However, to say that *your* solution is the only solution is not only short-sighted, it's arrogant. Black Hat "skilz" must be the mystery reason why about half the number of systems are infected now, right?
There isn't a magic bullet solution that will magically fix the problem completely, aside from getting rid of the internet (and maybe humanity too!). It has to be fought on multiple fronts and incorporating multiple solutions to mitigate the problem and hopefully if it's made difficult enough or they have enough that they can lose, then maybe it will stop... but it's much more likely that we're always going to be stuck with it to at least some degree.
Re: (Score:2)
Re: (Score:2)
I'm afraid that I think it's you that needs the reality check.
Assuming conspiracy where there need be none just clouds your judgement.
Yes, the "white hat" folks have their hands tied because we don't want vigilante justice from morons who *think* they know what's right and wrong...
Rgds
Damon
Re: (Score:2, Insightful)
Companies like Symantec and Norton didn't start off as antivirus companies. They build tools and utilities. If by some miracle all of the botnets, trojans, and virus infections were to vanish from the world, I imagine that they would go back to making tools. It was virus makers that created the market, not Symantec and Norton.
Eh, I'd say that depends on how much they've invested in their antivirus business and how much of their profits come from antivirus. If they now only get 20% of their profits from tools and utilities, I doubt they'd be happy to lose that 80%.
It's not like those guys go to work motivated to make tools and antivirus is just a necessary evil. They go to make money.
Re: (Score:2)
Blue Frog had a good run until the spammers nuked it with a DDoS.
Microsoft malicious software removal tool (Score:3, Interesting)
Why isn't the Microsoft malicious software removal thing wiping these botnets out in their millions?
Re: (Score:3, Insightful)
It is no problem for Government agencies to take extralegal action.
But indeed the core is that people should use Linux and users of infected Windows machines should pay.
Re: (Score:2)
We've traced the spam... it's coming from inside your house!
Re: (Score:2)
>> How can I avoid accepting mail from these 2.5 million computers?
Use gmail.
Spam has been a history lesson since 2004.
Re: (Score:2)
Instead of being an elitist dick about it, why not print yourself up some business cards and hand them out to people who need help with their computers.
Oh? Not your kind of gig? Buy a book for a niece or nephew or something and maybe they might find interest in learning how to do it.
Until then your attitude will do absolutely nothing to help cure the ailment that you apparently loathe so much. Personally, spam does not bother me because it gets filtered out quite effectively. Maybe you need to do somethin
Re: (Score:2)
Because business cards saying "I am an elitist dick" dont bring in much business?
Pharmaceutical (Score:3, Insightful)
Much of it is pharmaceutical spam.
A very particular kind of pharmaceutical.
Re:Pharmaceutical (Score:5, Informative)
My accounts have been getting more offers of narcotics than genital enlargement in the past few months. Also got a few spams selling antibiotics, which is a new one, and even more reprehensible if they're genuine.
Re: (Score:3, Informative)
Why is it worse if they're real? You can buy antibiotics at any vet supply house.... It's not like they're hard to get without a prescription. If they're real, the spam is pretty much noise. If they're not real, then it's bad---people buying something that they think will make them well, only to have it not help them, or worse, poison them....
Re:Pharmaceutical (Score:5, Insightful)
The spam is offering antibiotics such as linezolid, teicoplanin, daptomycin, and tigecycline, antibiotics that are reserved for highly resistant bacteria ("superbugs" like VRE and MSRA), not the stuff you can get from a veterinarian. These drugs being used inappropriately is a very bad thing.
Re: (Score:2)
It's bad in many ways. Creating new mega resistant strains will be bad for all of us. Also those are not gentle drugs, people using them need to be monitored for life threatening side effects.
It's sad that health care is so expensive in the U.S. that people would even think of resorting to ordering the drugs from a spamvertized site. It's not unexpected though, black and gray markets thrive wherever prices are kept artificially high or where prohibition is in place.
Re: (Score:2)
If you give them your credit card info, you're not actually going to get anything. On the off chance they do send you some drugs, they are going to be fake. It might cause damage if people forgo real medical treatment because they think the placebos are real, but I would be very surprised if there was anything dangerous or even effective in them. All of that assumes someone would even get something from the spammer, which is unlikely at best.
Re: (Score:2)
If you can get as far as actually submitting a payment. I've had poor luck with that -- maybe it's just me getting particularly broken spam. I've got heaping bunches of messages where there isn't even a single link in them.
Re: (Score:2)
You can buy antibiotics at any vet supply house.... It's not like they're hard to get without a prescription.
You know that, and I guess I know that too, but if someone is so ignorant that they think antibiotics are miracle drugs that should be taken for every cough or flu, then they're probably ignorant enough not to know how easy it is to get antibiotics. As I understand it, a significant amount of people who take antibiotics pointlessly are getting prescriptions for it. If you come to their door and say "Here!" then that's worse, because actually making an appointment and then paying the bill probably inhibits
Re: (Score:2)
If they aren't real and people get poisoned I'd say it's just natural selection.
Re: (Score:2)
I get mostly narcotic pain killer spam, and if I thought there was any chance I would actually receive the product after paying for it I might give them some business. They're either going to not ship you anything and just take your money, or send you sugar pills made to look like whatever they're selling. I doubt the antibiotics are real, but who knows what they could be. Probably bulk bought tylenol repackaged - if they send you anything at all which I doubt they would.
Re: (Score:2)
Drug faking isn't new - it's just new in the US. I spent quite a lot of time in Nigeria during my career, and one thing you learn fast is to only go to embassy doctors who import their medicines.
Why ? Because there is a thriving market for fake malaria (and other) medicines - faked so well that even doctors (local or Western) can't tell the difference.
People die from Malaria in redcross hospitals because the last batch of pills were basically sugar pills dressed up so well (along with packaging) that neithe
Re: (Score:2)
Perversely, this kind of spam plays hell with the company I work for since we manage IT systems for chemists. Chemists get quite irate when legitimate messages from their suppliers get marked as spam because they mention pharmaceuticals.
Voluptuous woman falls over heavy chest (Score:5, Funny)
Make your girl happy with your long and huge meat machine.
*link to .ru website*
Re: (Score:2, Funny)
A vast majority of the ones I get are just a link or someone having a spaz on the keyboard a few times and then a link.
I do occasionally get ones where they try to chop up the words into several parts. Those are the easy ones to filter for.
Re: (Score:3, Funny)
I know, I kinda miss the days when my spam folder would be filled with messages that end in a quixotic paragraph that resembles nonsensical poetry.
Stiffy In A Jiffy (Score:5, Funny)
Subject: Stiffy In A Jiffy
From: Erection Perfection
Re: (Score:2)
So how hard.... (Score:3, Insightful)
Is it to order some of their crap. Track down where the money goes.
And kill them.
We've spent more doing less millions of times... Why don't we get around to fixin this problem?
Re: (Score:2, Informative)
anti-spam (Score:4, Funny)
Re: (Score:3, Funny)
Wait, are you proposing that we ENCOURAGE 4chan to take over a botnet of 2.5 million computers?
I'll take the spam thankyouverymuch.
Re: (Score:2)
Really? (Score:5, Funny)
Yes, it's called the internet.
Re: (Score:2)
I installed a spam-repelling rock to my motherboard. Haven't gotten a single piece of spam since then on that computer.
Re: (Score:2)
Saw Law & Order ep. 10 yesterday... (Score:2)
"Amazing..."
"What?"
"She did in 10 seconds what we've been trying to do for ten years."
"What?"
"Put Masucci out of business, permanently."
Question (Score:2)
IANAL but it would seem to me that the pharmaceutical companies that benefit from this (and yes if no one paid attention to spam it would go away, the fact it's still here means people respond to it) should have responsibility in the computer crimes taking place here.
Re:Question (Score:5, Interesting)
The overwhelming majority of the "pharmaceutical" ads in questions are fraudulent. They're not actually selling Viagra. They're either selling knockoff placebos, or they're selling nothing at all, because they're just looking for naive suckers to visit a sketchy web site and cough up a credit card number or other details that can be used in identity theft schemes or similar crimes. Merck and the other actual makers of the real products would love nothing more than to shut this crap down.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It is done - most of those "Spammer gets 10 years" headlines you see are about exactly that: they are ultimately convicted of credit card fraud. The trouble is - the vast majority of the time the spammers and their victims are in vastly different jurisdictions, which makes investigation and conviction harder (as it now requires significant international cooperation). Most of the spammers are in developing nations where police services are significantly underfunded and less effective than in the US which me
Re: (Score:2)
Spammers should be handled by Seals or other agents that can get in, do it, and get out without involving that pesky "jurisdiction."
Hell, I mean if we are going to be doing that, we might as well be doing it for a cause that benefits humanity at large!
Re: (Score:2)
You know, as a citizen of one of those "not America" countries... I would prefer you don't do it at all and actually consider all those jurisdiction things. You know why ? Because even if it means spammers are harder to catch - I would still rather prefer NOT having to worry about navy seals jumping through my bedroom window if I call your government a bunch of profiteering warmongers.
If Guantanamo Bay proves one thing it's this: most Americans think civil liberties belong to them, only to them and us peopl
Re: (Score:2)
Embarrassing, or downright illegal. People aren't going to go to the authorities and say, "I was trying to buy some morphine off this guy on the internet and my stuff never arrived."
Re:Question (Score:4, Insightful)
If the FBI was half as interested in nailing fraud as it was in doing the RIAA's bidding, they would create fake credit card accounts and order the spamvertized products themselves. Then they can trace the transactions back and get the merchant accounts frozen.
Re:Question (Score:4, Funny)
Soap: You what?
Tom: You take out an advert in the back page of some gay mag, advertising the latest in arse-intruding dildos. You sell it with, I dunno, "does what no other dildo can do until now", "the latest and greatest in sexual technology", "guaranteed results or your money back", all that bollocks. Now these dils cost twenty-five quid a pop - that's a snip for the amount of pleasure they're gonna give the recipients. But they send their cheques to the other company name, nothing offensive, er, "Bobbie's Bits" or something, for twenty-five quid. You take that twenty-five quid, you stick it in the bank until it clears. Now, this is the smart bit - you send back the cheque for twenty-five pound from the other company name, "Arse Tickler's Faggots Fan Club", saying we're sorry, we couldn't get the supplies from America because they ran out of stock. Now you see how many people cash that cheque - not a single soul, because who wants their bank manager to know they tickle arse when they're not paying cheques? Bacon: So how long do you have to wait until you see a return?
Tom: Probably no more than four weeks.
Bacon: A month? So, what fucking good is that if we need it in six - no, five days?
Tom: Well, it's still a good idea.
Re: (Score:2)
Tom: Listen to this one: you open a company called the "Arse Tickler's Faggots Fan Club".
Soap: You what?
Tom: You take out an advert in the back page of some gay mag, advertising the latest in arse-intruding dildos. You sell it with, I dunno, "does what no other dildo can do until now", "the latest and greatest in sexual technology", "guaranteed results or your money back", all that bollocks. Now these dils cost twenty-five quid a pop - that's a snip for the amount of pleasure they're gonna give the recipients. But they send their cheques to the other company name, nothing offensive, er, "Bobbie's Bits" or something, for twenty-five quid. You take that twenty-five quid, you stick it in the bank until it clears. Now, this is the smart bit - you send back the cheque for twenty-five pound from the other company name, "Arse Tickler's Faggots Fan Club", saying we're sorry, we couldn't get the supplies from America because they ran out of stock. Now you see how many people cash that cheque - not a single soul, because who wants their bank manager to know they tickle arse when they're not paying cheques? Bacon: So how long do you have to wait until you see a return?
Tom: Probably no more than four weeks.
Bacon: A month? So, what fucking good is that if we need it in six - no, five days?
Tom: Well, it's still a good idea.
On a related note, you should read a story by Roald Dahl.. I think it is called "the Bookseller" (which, according to wikipedia, first appeared in Playboy in 1986). It's about a book seller who looks through the obituaries of influential men, and then sends a bill for some "interesting" titles to the widows... and how he is found out...
Friendly Reminder (Score:5, Insightful)
"Maybe what we need are a few good old fashioned hangings." -- Commissioner Orson Swindell, Federal Trade Commission
at the first FTC spam conference.
Email spam is so passe. (Score:3, Interesting)
Re: (Score:2)
Nothing. Firewall the shit out of yourself, dropping instead of rejecting. Including ICMP.
It sucks, but not doing that can either result in you seeing what you see now, or your being an unwitting member of a reflected DDoS squad.
Explanation:
Attacker sends a spoofed ICMP Echo (or whatever) with the target's IP address as the sender. Your machine dutifully (and correctly) would reply, along with N+1 others, bombarding the victim.
Why not pay spammers and trace the spam? (Score:2)
Tell me I'm not the first to think of this. Just pay and spam some traceable ads... It has to be illegal enough that you can subpoena financial records of individuals, probably mostly credit cards. If you know who first took the money surely one can trace it to the bot net(s) that finally emailed it... Surely there will be a number of middle men and they will try to hide their activities though stolen credit card number and such. But it would be traceable if anyone took the time to do it.
Rooting out cross-border networks of perpetrators? (Score:4, Interesting)
2.5 million Windows computers (Score:3, Informative)
Hm lets see, 2.5 million Windows computers in one botnet agains 0 Linux computers world wide. I would say Dell was right:
"6) Ubuntu is safer than Microsoft Windows: The vast majority of viruses and spyware written by hackers are not designed to target and attack Linux." from http://www.theregister.co.uk/2010/06/14/dell_ubuntu_windows_security/ [theregister.co.uk]
Re:Windows has great anti-malware tech (Score:4, Insightful)
Re: (Score:3, Insightful)
You can fairly easily set it up so that when machines reboot, all changes are lost. It's convenient for a lot of applications.
Re: (Score:2)
Re: (Score:2)
Run it in a VM with an immutable base disk image and a difference disk that gets thrown out every time it boots.
Update the base image periodically vs new threats.
While it's probably POSSIBLE to root the host of the VM you are running in, I'm willing to bet that it's too much effort for most spammermeisters right now.
Re: (Score:2)
No fear, as long as it's Windows. It will lock up or otherwise asplode within 3 minutes anyways :P
Re:Wunna These Days, Alice... (Score:4, Interesting)
No need to destroy their data. All one would have to do is replace key Windows boot files with a script that tells them that their Windows installation is hopelessly infected by viruses and has been disabled, telling them to take it to somebody who actually knows how to properly configure a Windows machine. There's no need to destroy irreplaceable data, merely to wreck Windows so badly that they have to do a full reinstall. Since that is completely beyond any of the sorts of people who are part of the problem, they would be forced to take their computers to somebody for repair, and one would at least hope that a sizable percentage of those machines would come back properly protected from viruses.
Re: (Score:2)
Re: (Score:2)
You just need to have the machine provide the proper reference to someone that can fix it. Imagine if millions of computers all over the world suddenly cried out for Jacob's Computer Consulting with his worldwide army of computer-fixers.
Wouldn't you like to be Jacob? Probably has the apartment penthouse next to the folks running the botnet in St. Petersburg or Bucharest.
Re: (Score:2)
All one would have to do is replace key Windows boot files with a script that tells them that their Windows installation is hopelessly infected by viruses and has been disabled, telling them to take it to somebody who actually knows how to properly configure a Windows machine.
We're talking about a network of MILLIONS of computers, you know? And it's not like the good old days of Code Red where you could write an automated shutdown script with a PHP script and a telnet session - today's botnets are relative
Re: (Score:3, Insightful)
Because statistically speaking, if they have one virus, they probably have thirty.
Re: (Score:2)
Well then I suppose you will be quite busy for... well, the rest of your natural life.
Pick your battles. Seriously, do you get that annoyed by spam that mostly just gets sent to another folder labeled as such?
Besides, I'd like to see your response if this hypothetical fantasy land you envision actually happened. Do you have enough time in the day to field phone calls from every friend and relative asking for your help "setting up my new Ubuntu machine?" I sure as hell don't. I dodge phone calls about this
Re: (Score:2)
Keep your Ubuntu and Mac to yourself. I use neither, and I still don't use Windows.
Re: (Score:3, Insightful)
"Us Ubuntu and Mac users will not give you peace nor rest until Windows is dead"
Good luck with that. Of course once OUR Windows is dead it'll be YOUR machines sending us SPAM.
Yeah, you know what? You may be right, but in the mean time...
Because, you see, whatever MY potential for causing YOU harm in the future (and I admit it's non-zero), the likelihood that the overwhelming majority of the millions of machines in this botnet right now are running Windows has a probability of 1. So maybe if WE stopped speculating about some future email Armageddon and focused on the one tha
Re:This is why we won't shut up. (Score:5, Insightful)
>Good luck with that. Of course once OUR Windows is dead it'll be YOUR machines sending us SPAM.
No it won't. The "windows gets targeted only because it's biggest" argument is a fallacy - and an easily debunked one at that.
Here's the REAL reason why you will never see much spams or trojans in the Linux world. Unlike our windows counterparts, when we need an app for some task, we don't open a (insecure) browser, search around, find a .exe which we then RUN to install the program.
We connect to a repository, which is run by software experts who have repackaged and tested the programs in question, the software gets downloaded automatically - the files are checked using digital signatures to prevent MitM attacks, and only then installed.
Average computer users will never have the capacity of computer experts to tell trojans from useful apps, and either way have no viable means of determining if a particular install file is trustworthy without having already taken the risk, all while dealing with a browser/email combination that could do all this without them even being aware of it (though at least that has gotten better than it used to - remember I-Love-You, that's how bad Outlook once was!).
Us GNU/Linux users pool our resources to have people who are skilled select and evaluate the apps in our repositories and make our selection from a set that's pre-vetted. We can choose on features and design without having to WORRY about "does it coincidentally install spyware which will later be installing a botnet", because the people who packaged the software have nothing to gain by not removing such, and everything to benefit from ensuring the trustworthiness of the software.
Remove the capacity to write "installer programs" for windows - create a repository (perhaps even a paid one - like Apple's app-store) and you solve the botnet problem. Trouble is, Microsoft unlike the GNU/Linux companies won't find the best way to keep their repo profitable is to be open to all comers who write useful software. Much like Apple, they'll end up using it to make sure nothing i available to their users that competes with their own products.
The cure may be even worse than the disease - so I don't know if it's something to push for. What I can tell you is, as long as ordinary users are supposed to vet good from bad software (people who have ZERO training in how to tell the difference in other words) - botnets WILL proliferate. The problem isn't even so much OS-design (though it plays a role), it's the way software is managed on the two platforms.
GNU/Linux simply has a software management concept that is by it's very nature far, far more secure than Windows. It's not perfect - last year Fedora's repos were pwned temporarily - and they had to create and issue a full set of new keys to ensure the integrity of what they contained - but the problem was fixable without any customer ever being at risk. That's what GNU/Linux's repository concept does - it takes the task of risk assessment and gives it to people who are trained at for the job so by definition they do it better.
Re: (Score:2)
No good. That would just free up bandwidth for the attack spammers (outlook exploiters, "your wife photos" etc)
Re: (Score:2)
Most of my spam is of two varieties:
1. Chinese/Japanese/Korean (a good spread of all three) telling me who knows what.
2. People of various Grammar School Failures trying to weasel my battle.net password (that hasn't been used in a year anyways).
Group two there is usually using the stupid anchor-with-a-different-URL bullshit (that people still fucking fall for) and either fake "your account was compromized!" warnings, or fake beta invitations.
The (relatively small compared to above) remainder is this bullshi
Re: (Score:2)
Most of the time they are either clueless or just negligent. They pay some advertiser to do some "targeted email marketing" or other buzzwords-of-the-week and assume they are getting normal advertising. Instead, they get spam in their name.