Spam Drops 1/3 After Rustock Botnet Gets Crushed 199
wiredmikey writes "The Rustock Botnet was sending as many as 13.82 billion spam emails each day before being taken down early this month by an effort headed by Microsoft in cooperation with authorities and the legal system. According to Symantec's March 2011 MessageLabs Intelligence Report, the Rustock botnet had been responsible for an average of 28.5% of global spam sent from all botnets in March.
Following the takedown, when the Rustock botnet was no longer cranking out spam by the billions, global spam volumes fell by one-third. For reference, toward the end of 2010, Rustock had been responsible for as much as 47.5% of all spam, sending approximately 44.1 billion e-mails per day, according to MessageLabs stats. Since then, Bagle, a botnet that wasn't even on MessageLabs' top ten spam-sending botnets at the end of 2010, has taken over from Rustock as the most active spam-sending botnet this year."
Impressive (Score:5, Insightful)
Re:Impressive (Score:5, Informative)
"Spam will be a thing of the past in two years' time" - Bill Gates, 24 January 2004.
Re: (Score:2)
Re: (Score:2)
He was right. Gmail was launched April 1st, 2004.
Re: (Score:2)
In fairness, he also said that 660 ppm ought to be enough for anyone.
Re: (Score:2)
Re: (Score:2)
Parts per million. "A reduction to 66% [660 parts per million] ought to be enough for anyone."
my joke = phail
Re: (Score:2)
Re: (Score:2)
Bah! I meant to put 660 K (thousand) ppm, thereby completing the similarity to "640 K ought to be ...".
Double phail.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Actually, he turned out to be right. I don't think he or MS was claiming to stop all SMTP traffic that you might call spam, but to have filtering technologies that worked well enough where it wasn't a problem for the end user.
I remember the late 90s and early 00's. Spam was a big issue. You could randomly get 100+ spam emails in an hour. No one had good filters. It was all client-side and big mess. By the mid 00's it was just this thing to worry about when you checked your quarantine and only the occasiona
Re: (Score:2)
And for my users at work, for me, for my family it really is a thing of the past, because
All non-corporate communication is done via facebook wall posts now?
We are rapidly nearing the point where no email will flow unless:
1) One side is a spammer.
or
2) One side is a corporation or an individual acting on the behalf of a corporation.
I could see a point in a year or two where "email spam" is about as relevant to the general population as "usenet spam".
Re:Impressive (Score:4, Insightful)
Excellent! So they can drop all attempts to regulate the bandwidth. After all we just got 30% wider pipe, did we not?
For those oh so bandwidth hungry mobile devices......
Re: (Score:2)
"Regulation of Bandwidth" and "Having More Available Bandwidth" are two separate concerns. Arguments for or against the prior should stand regardless of the latter. If only this were so.
Re: (Score:2)
Unfortunately no, since spam didn't take 100% of the pipe.
Re:Impressive (Score:4, Insightful)
Can't Fix Stupid (Score:3, Informative)
Actually, MS is a highly secure OS. It is the users that are not secure. I have hundred of windows servers and been running them for years on the internet. So have many others. They don't turn into zombies. I have had several PC's, all windows none of them zombies. I have a sister who has to have every toolbar she comes across and any free software that tells her the weather or what ever. She turns a PC into a zombie in usually a weeks time. I have a neighbor, running a mac, little old lady. Found hers to b
Re: (Score:3)
Actually, MS is a highly secure OS. It is the users that are not secure.
Typical blame-the-victim (btw MS is a company, not an OS).
Years of Microsoft's poor security practices in the service of extraction of greater profits and margins has led to this situation.
I have a neighbor, running a mac, little old lady. Found hers to be running as a zombie.
Let me match your anecdotal evidence with some of mine (equally valuable):
I have numerous (dozen or more) relatives that have migrated to Mac who prior to the migration would always have some spyware or virus on their Windows system, even a botnet client or two. Post migration, I have yet to hear of any slowdowns, erra
Re: (Score:2)
See that, even the malware on OS X is better written!
Re: (Score:2)
The fact that Vista/7 is more secure than XP does little to counteract the habits and ecosystem of malware that exists to exploit people.
You think that Mac's do?
You've proven the GP's point. Bad user habits are the cause of spam, not MS's operating system and I dislike Winblows as much as the next person with half a brain.
However bad Windows is at supporting bad user habits, OS X actively fosters them. The Mac advertising gives people a false sense of security by telling them that they are magically secure. In actual fact the same kind of malware that is so prevalent on Windows systems also exists on OS X, the only difference is that M
Re: (Score:2)
Until Microsoft made email and documents executable against the advise of every security expert, the very idea of an email virus was nothing more than an in joke/urban legend. Then, they trained millions of users to click OK without reading or thinking about it. That's not what I would call a good security record.
Re: (Score:2)
I'm inclined to disagree. A botnet really doesn't have to live in kernelspace - userspace is more than good enough to spew out thousands of spam messages an hour. Jest all you like about drive-by downloads and the like, but the majority of botnet software is executed by the user, deliberately because it claims to give them cool smilies in MSN, or a little monkey hiding by the clock (or Jessica Alba). Even Linux, BSD and OS X do nothing to stop that sort of behaviour (and they don't claim to try). If the
Well to be fair... (Score:2)
Well to be fair, probably like 90% of those are pirated versions of Windows XP and as such never got any security updates. Not sure MS is responsible for large number of people around the world ripping off their software and not paying for it...
Just sayin'
Don't worry MS is still evil. Just that these botnets are predominately made up of pirated software to begin with.
Re: (Score:2)
Good job! Especially since worm-riddled broadband-connected home computers running Microsoft operating systems were the cause of the spam problem in the first place. An unreasonable man like me would view this as a problem of Microsoft's causing, and by default their responsibility to clean up. Seems as if Microsoft's shoddy programming job allowed the holes to exist in the first place, and they cynically passed the cost on to the rest of us. Sort of like how an amoral oil company should be forced to cl
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If there were no windows boxes, spam would continue. SMTP does not identify the sender. The inability to identify the sender is the single biggest vector for spam. That is a protocol problem. Not an OS problem.
Re: (Score:2)
SMTP is a protocol and has no behaviors. SMTP-formatted email does identify the sender. Unfortunately, such a thing is easily spoofed. So SMTP can be manipulated to hide the true sender and its location on the network. That's the flaw. But fixing that wouldn't be enough. The proximal problem is that people still get trojans on their machines that can act like normal programs, and the server accepting your connection has no way of knowing whether the client sending it data is legitimate or bogus. The w
Re: (Score:2)
Stopping spam is a two part problem. The first part is identifying who the mail comes from. Without a
Re: (Score:2)
It doesn't need it from the start. MS's inet stack can be watching for connections to SMTP ports and looking for to-addresses that only exist in spam databases. If the OS detects that, it can phone home, or kill the sending task, or pop up a "You are infected by a spam email botnet program." There's no reason anyone should be hosting one of those any more.
Re: (Score:2)
Re: (Score:2)
If Windows disappeared tomorrow, spam would continue and the drop in volume would be temporary.
That is a bold claim. Got any supporting evidence? Not guesses, theories, thoughts, I mean evidence.
Re: (Score:2)
Re: (Score:2)
Well, having personally seen spam spewing from an open relay on a linux box, seems like pretty decent evidence.
A single data point does not make a trend.
The Linux and MacOS system that spit out spam now are do not disappear if Windows goes away.
True, but we're talking volume here. Do you really think that 98% of e-mail would be spam if it weren't for the botnets?
Now, do you have any supporting evidence to the contrary? Not guesses, theories, thoughts, I mean evidence.
Pretty much any statistics you want to dig up show a massive difference between exploited windows machines and any other OS. Even if you adjust for market share. Even if the other OS is leading, as in the case of LAMP vs. windows webservers.
OS X currently has a market share of - depending who you ask - somewhere between 5% and 15% in the consumer m
Re: (Score:2)
A single data point does not make a trend.
No, it doesn't make a trend. It does show it is possible though, and unless you are claiming that spammers would refuse to spam from anything but Windows, we must come to the conclusion that the spamming would continue on another system. The claim that spammers would refuse to work on other system that meet their needs is an extraordinary claim that would need extraordinary proof.
True, but we're talking volume here. Do you really think that 98% of e-mail would be spam if it weren't for the botnets?
There would continue to be compromised systems. People install botnet clients all the time. There is nothing in Linux or OSX
Re: (Score:2)
It does show it is possible though,
Wrong discussion. Nobody here claims that all other OSs are perfectly secure and nothing bad could ever happen on them. "Possible" is not what the problem of Spam is even about. "Massive enough to drown everything else" is what the problem is. For that, it has to be more than possible, it has to be so easy that it is economically feasable to root systems on a large scale.
the papers that are posted there point out that there are far more vectors than just Windows
Yes, I know. However, you ignore the point that in those approaches I was simply assuming the existence of a remote root exploit that woul
Re: (Score:2)
"Possible" is not what the problem of Spam is even about. "Massive enough to drown everything else" is what the problem is.
That is a false dichotomy. If it is possible, and it can make money then someone will do it. Your cost calculations are irrelevant when you factor in the third world, although it is unlikely to become so expensive that it needs to go to the third world. Of course, your own papers point out that remote exploits are totally unnecessary to propagate malware. What you say in this thread directly contradicts the papers you wrote and published on your website.
Re: (Score:2)
You make no sense, it's really hard to understand what the heck you're trying to say, but I'll give it a try:
because your 10 yr. old research? It's ANCIENT... today is TODAY,
You must be really young if you think the world changes that quickly. Technical details do. Basic principles don't.
Same with MacOS X once it was more utilized - it became more of a "prime target" because more folks use it now...
That argument has been debunked hundreds of times, get a new one. If prominence were the deciding factor, then all the Linux/Apache webservers would all be rooted while the more obscure windows/IIS servers would all be save. Funny thing is, we don't see that in the real world.
[Android rambling]
I fail to s
Re: (Score:2)
Re: (Score:2)
Making it worse... [slashdot.org]
Re:Impressive (Score:5, Insightful)
Microsoft's operating system architecture allowed users to have admin privileges, among other architectural mistakes. Defaults were made so that HTML rendering was done by default, as well. Many users were infected because of incompetence-- not by sheer numbers.
FOSS coders have the same loathing for spam and lack of prosecution that other coders do. That Microsoft has taken down a botnet is laudable. Others ought to join in, too. But first, perhaps online email services ought to acknowledge the role the play in allowing spammers to do their work. Microsoft is one of the good guys here, acknowledging abuse complaints quickly, but others like AOL and Yahoo, don't even acknowledge a complaint, let alone act on them.
Botnets are one part of the problem, but even users trying to do their very best get infected. It's less so than before XP SP2+ editions, but there are very few non-Microsoft botnet members out there. Think about that.
Re: (Score:2)
Microsoft's operating system architecture allowed users to have admin privileges, among other architectural mistakes.
On home systems they have to let potentially inexperienced users have access to admin privileges. Vista took them away by default, but whenever some tempting piece of software says it needs someone to type the admin password most users will do it so it barely slows down the spread of trojans. The same attach would work just as well as any OS with a large home-user userbase. The weakness is not so much the OS, it's PEBKAC.
Re: (Score:2)
Until XP SP2, which did the same thing as Vista, user was root/admin. A lot of software had to run as root, too, which Microsoft forced a demotion of when they changed this policy.
It's really the architecture, and irresponsibly bad QA, as well as rush to market problems.
Re: (Score:2)
I guess you missed all of the demotion in SP2. Wasn't much, but it was a start. And while you're correct in citing that lowly NT3.5x could have users and administrators, no one coded that way. Everyone had to be an administrator to work. SP2 started the chain completed partially in Vista, then a bit better in 7 to allow genuine user functionality in user space with user apps that could talk to the OS and get work and peripherals to work.
Even now, the use of the registry database is an architectural defect,
Re: (Score:2)
The weakness is not so much the OS, it's PEBKAC.
That is an arrogant assumption of computer nerds.
No other industry gloats in its own superiority in such a way. Any car maker, toaster maker, supermarket layout designer, literally everyone else doesn't subscribe to the "customer is dumb" mantra, but looks at where his product is at fault by giving confusing feedback, not guiding the customer correctly, not being easy enough to use, etc. etc.
And yes, that includes security questions.
Yes, I am a professional in that area. There are a few cases of "human erro
Re: (Score:3)
Re: (Score:2)
It's not an arrogant assumption of computer nerds -- I make security blunders too.
The problem isn't that. The problem is how easy they are catastrophic. If our cars were designed that way, highways would be slaughterhouses. Sure, there are quite a few deaths every day, month, year - but we feel compelled to improve on safety continually, instead of shrugging, say "dumb drivers" and going on without a change.
That is what I call arrogance. Even if it was the fault of the driver, maybe you can make an improvement that reduces the likelihood of others making the same mistake?
That probably couldn't be enforced for home computers, so the only answers would be to cripple functionality (would work for a lot of users, actually)
Actually, I'm al
Re: (Score:2)
All of this is about native thru iteratively more difficult hurdles for bot makers. When an OS is inherently more simple to root and bot, the OS seems very likely to have been poorly designed.
Now that XP SP2+ inhibits this, there have been further exploits through email and browser payloads that have caused innumerable machines to become bot'd.
If you divide that out, let's look at the iPad phenomenon, where they outsell a lot of stuff, and Apple's total end-user marketshare has climbed through the roof. In
Re: (Score:3)
Not all OSes are created equal.
Re: (Score:2)
Hubris
Users aren't stupid, they just aren't geeks. It is our fucking job to make these machines useable by normal people. If we can't do that, then it's all just ego-stroking and mental masturbation.
Unless you have done actual research and experiments and have solid evidence to be sure there aren't other causes (bad architecture, bad security design, bad user interface, misleading OS feedback, not to speak of bugs and exploitable faults), "it's the stupid users" is a cop-out, and a cheap one at that.
Re: (Score:2)
It's a matter of motivation back in the 70s and 80s and through much of the 90s, the number of computer users was small enough that you could do that, but a lot of people that make up the growth aren't motivated to learn, which is why even extremely simple things are beyond their grasp.
MS, Apple and some of the Linux distros aren't helping anybody by discouraging people from experimenting and looking to get better at it.
Re: (Score:2)
MS, Apple and some of the Linux distros aren't helping anybody by discouraging people from experimenting and looking to get better at it.
Yeah, sure, that's why MS give away express editions of Visual Studio for free.
Re: (Score:2)
Bear in mind that 1/2 of the world's population has an IQ less than 100. Even allowing for the Flynn effect, what that essentially means is that roughly 2/3 of the world's population isn't going to be able to learn to use complex tools, especially when they have the lazy choice of using simple ones. Either the computer provides the missing intelligence, or the user will have to do without.
In the case of MS's many operating systems po
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
1. Build Java(cross-platform) puzzle game/clone
2. Inject email spamming software into the game.
3. Send billions of spam...
4. Profit!
Re:Unrootable (Score:3)
Amiga OS 5!
"Never heard of it? Precisely!"
Re: (Score:3, Funny)
Who cares (Score:5, Insightful)
Re: (Score:3)
The organized criminals who are raking in the money are well protected in their home countries so this is essentially a big game of whack a mole until people better protect their computers (good luck with that).
Agreed, kind of. Users can only do so much, especially when zero-days are frequent targets of vulnerabilities and vendors do lazy and irresponsible patching and damage control.
We need well-enforced international criminal penalties for both the spammers themselves, as well as the corporations that hire them. Remove the monetary incentive and both the motive and means drop significantly. This also reduces the overall incentive to infect others' machines as a nice side effect.
What would also be interesting is
Re: (Score:3)
Re:Who cares (Score:5, Informative)
The last couple of times a story like this was posted, I went straight to SpamCop's statistics [spamcop.net] for corroboration. You're right: the touted decrease in spam is real, but temporary. However, the yearly chart does seem to show a downward trend.
Re: (Score:2)
Why, then, does my own statistics show a very strong upwards trend? Is the volume getting lower, but it bypasses the filters better?
Seriously. I have as much spam in my inbox now as I used to do 10 years ago, when it started to piss me off enough that I installed spam filters. Except now there's little more I can do. :-(
Re: (Score:3)
so this is essentially a big game of whack a mole until we do something about the economic forces behind spam
There, fixed that for 'ya. No amount of patching and filtering will make spam go away - ever. Spam will continue to be sent out as long as spammers can make money by sending out spam. The only way we can ever end spam for good is to either make it too expensive to send (which would not be palatable for most users) or take serious steps to interfere with the money train that keeps the spammers paid.
Everything else is reactionary, futile, or just a feel-good step (or a combination thereof).
Re: (Score:2)
And unfortunately, this will not happen for a very, very long time.
You see, spam is just the ugly part of some deep beliefs of our culture. Tackling spam means asking questions few people really want to have asked seriously.
For example: Isn't almost all advertisement unsolicited? I certainly didn't opt-in to any of the billboards I encounter every day on the street.
Or: Where do we draw the line to unethical business practices, and can we really draw it - in an official, as in on-the-book, way - without decl
Re: (Score:2)
I don't know why we don't start boxing in nations who do not control their spammers and hackers. Telling the USSR, just for an example, to shut down their known, easily-found spamming operations or get blackholed right off the fucking face of the planet would go a long way towards ending this stupidity.
I'm sure somewhere in the Wikileaks memos someone could find evidence that all of our world leaders are polishing each others' fucking knobs on this issue . . . sometimes I think the world is run by toddlers
Re: (Score:2)
sometimes I think the world is run by toddlers who've escaped the daycare.
It's worse than that. It's run by people with an adult mind and toddler ethics. I'm not kidding, kids have an early phase in their development where they simply can not fathom the concept that there could be a part of the world that does not revolve around them, and can not be easily classified as threat or source-of-food-and-security - or as one of the famous people with that mindset put it "you're either with us..."
Re: (Score:2)
It's worse! Toddlers can be taught that cheating and hitting are bad. World leaders are impervious to those lessons.
Re: (Score:2)
How well protected?
Like, say, if the government advertised their names and addresses, would it be impossible to bribe their nefarious cohorts to impose a little discipline on them?
Re: (Score:2)
Form letter time (Score:5, Funny)
This same old "silver bullet" for spam is yet another lame attempt to solve an intractable problem. Here we go...
Your post advocates a:
wait, one third you say??? Holy shit, never mind! Good work!
This is really good news... (Score:2)
Now I can get my spam-bot service up and running with much less competition in the marketplace. Some penis-enlargement companies just don't want to spread their money around.
Re: (Score:2)
Re: (Score:2)
"Taxes: Redeemable only for Warfare, Welfare, and more Taxes. Offer not valid in Puerto Rico." Some dumbass Randroid Teabagger.
"I enjoy paying taxes. With them I buy civilization."
Oliver Wendell Holmes.
Re: (Score:2)
Also, you don't know a fucking thing about me and you failed to really get what the sig is saying. I would gladly pay taxes if I felt that it wasn't going to be used to wage pointless wars (this coming from a military vet) and if I got anything out of the socialist programs they institute. Instead, we get American style welfare, where the successful pay and get nothing and those who don't pay s
Re: (Score:2)
This. Is. SLASHDOT, Slappy. You drop a sig like that, expect to get called on it.
I love it when people like you flip out. Shows me that I was dead on target.
I particularly love the instant resort to obscenities, not to mention the cite of a COMIC STRIP.
So you're ex-military. So what? I'm to be impressed that you joined the ArmyNavyAirForceMarinesCoastGuard? I'm to be impressed that you became a member of an organization that goes and kills people because some Rear Echelon Mother Fucker in D.C. says so? When
Re: (Score:2)
No, and now that there's less traffic your operation will be more visible, hence more vulnerable. Hence the PECs will be negotiating to pay you less since the risk of losing your services to interdiction just went up.
Licensed copy of Windows 7 (Score:2)
This outcome could have been easily prevented if they had used licensed copies of Windows 7 for their spam net.
Not for long... (Score:5, Insightful)
Re: (Score:2)
Prosecution is the prime demotivator behind reducing crime, so it should be done as loudly and crudely as possible.
Re: (Score:2)
My spam volume is pretty much unchanged. I'll get a handful at the weekend (off to SpamCop it goes), and since registering a business some local companies using foreign servers have been sending me one or two unwanted comical e-mails per week. All my spam is either 419-scams or somebody trying to sell me somewhat legal business products these days. The old pharmaceutical spam doesn't even reach my inbox (thanks, Zimbra filters!).
I do have a very old and easily guessed e-mail account that I don't actually us
Wouldn't it be great if the ISPs could play a part (Score:2)
Perhaps by just informing people that their machine may be infected? Perhaps by using another medium like an automated phone call or a note on their bill that says that traffic from their computer conforms to traffic seen by infected computers? Perhaps giving them some stats each month that says: this is how many email were seen to be sent by your Internet connection; hey this is pretty high for a home computer, have you updated your virus scanning?
I do not necessary suggest that they block port 25 or
Re: (Score:2)
Does the ISP need to look far enough into the packet to see that it is SMTP traffic, or even that it is TCP?
It could be an option when you sign up though.
Re: (Score:2)
I've recently discussed with my ISP the sort of thing they could do to identify packets trying to get into my network (lots of extra blinkenlights on the cable modem, occasional access attempts at the router), and their response was basically that it's illegal for them even to tell me the IP addresses in the incoming or outgoing packet headers.
Yup. They may be routing them, but they're not allowed to log them or even to see them on a screen, and they're certainly not allowed to tell me what they are.
I'm not
Re: (Score:2)
You don't need to do any packet inspection. A blackhole server, a tarpit, or just the logs on your own mailserver would be enough to identify customers that have a botnet problem.
Awesome... (Score:2)
Hope that M$ continues this great venture into closing down the infected pcs or whatever they did to stop the spam, they could help the price of internet to go down if all spam ceased, and the ISPs did not have to spend extra for all that filtering....might give us cheaper internet???
Re: (Score:2)
Maybe we should start a fund to help MS defray the cost of the effort. In case they have trouble paying...for fixing...the problem they...caused...
Ok Apple (Score:2)
It's your turn to do something useful.
secondary support for the evidence (Score:2)
Re: (Score:2)
I work at a top 20 email provider and can concur that spam levels are down since the November, 2011.
Care to tell me what MSFT and AAPL are trading for in your current time? I'll even be happy with a ballgame score or two.
I noticed (Score:2)
I noticed a drop, but it's back up now with messages telling me how my "business" is an award winner and the usual Nigerian-influenced stuff
Are people really that stupid?
Re: (Score:2)
Yes. As every con-man knows: A sucker is born every minute
Re: (Score:2)
A sucker is born every minute
Said the man selling a get-rich-quick-off-suckers scheme...
Oh here we go.... (Score:2)
>Since then, Bagle, a botnet that wasn't even on MessageLabs' top ten spam-sending botnets at the end of 2010, has taken over from Rustock as the most active spam-sending botnet this year."
Yeah, and guess what?
Bagle runs spectacularly under Wine. As in, it behaves itself quite nicely and you don't notice it until you receive mail in your mailbox that is coming from yourself.
Bagle is truly cross-platform malware.
All it needs to do is attach itself to Gnome's or KDE's startup folder or .bashrc or .login.
A
Re: (Score:2)
All it needs to do is attach itself to Gnome's or KDE's startup folder or .bashrc or .login.
Indeed. From what I've read, Bagle might run under Wine, but only when you run it. Unlike on Windows, it doesn't have any way to make it auto-start after a reboot. To expect a Windows virus to know how to rewrite a .bashrc or .login file on some random version of Linux, which might be running Gnome or might be running KDE, etc., sounds pretty far-fetched.
Re: (Score:2)
>it doesn't have any way to make it auto-start after a reboot.
Didn't I just mention 4 different ways to start at login? Once root status is attained, there's another way - add it to the init scripts. It's not as if local privilege escalation doesn't exist.
>To expect a Windows virus to know how to rewrite a .bashrc or .login file on some random version of Linux, which might be running Gnome or might be running KDE, etc., sounds pretty far-fetched.
When I ran Bagle, it was smart enough to fetch my addr
99.8% improvement for my domain (Score:2)
Re: (Score:2)
Not a typo, here is an example of a recent prosecution -- http://www.fbi.gov/news/pressrel/press-releases/fbi-slovenian-and-spanish-police-arrest-mariposa-botnet-creator-operators [fbi.gov] -- Andy many more are behing hunted down Brian Krebs writes about: http://krebsonsecurity.com/2011/03/microsoft-hunting-rustock-controllers/#more-8707 [krebsonsecurity.com]
Re: (Score:2)
I get between 0 and 2 a day (and maybe one per month slips past the filter).