arstechnica.com— Antispam sites that fight back against phishing scams have been attacked with denial of service attacks launched by spam botnets. Antispam vigilantes believe that the Storm worm is behind the onslaught.
Sep 12, 2007View in Crawl 4
Spam isn't being ignored, no one knows how to truly prevent it. Though more legalities can be created to try and prevent it. No one is going to stop them. That's like saying pirating music is going to stop, yeah right.
"Then they can use heuristics to figure out if, for instance, 100 emails are coming from the same customer in less than a minute and pull the plug. If an ISP doesn't care then they can be put in the black hole."It isn't that simple. Botnets consisting of several thousand computers sending spam means that one computer is sending only one message at a time to one recipient at a time over a vastly longer time frame. They can also throttle the traffic so that to the ISP it just looks like joe user's computer is just sending a few emails. In reality the botnet mailer is sending several hundreds of thousands of messages from several thousand distinct computers. The botnet creators built it to be virtually undetectable via the monitoring of volume. Consumers are so terrified of big brother wanting to monitor their incoming / outgoing traffic that actual packet monitoring would never go over in terms of privacy protection. That's the only way to really shut that activity down.DDOS'ing however: that's much easier to discover, from a traffic-monitoring point of view. Any PC that does a ping of a certain length, or attempts to instantiate a connection but not let it go within some threshold (say: 20 seconds) -- shut their connection down. Period. No normal user would have a requirement to be able to do that to a variety of sites at once."Second, if it's purely spam and not scam then we can go after the company that is buying the spam service by following the money. The email usually communicates where to send the payment. Fine that company $5,000 for using the bot net and then $2 for every email discovered. If the company doesn't pay then force VISA, AMEX, etc to stop all payments to the company. If the owner keeps opening new businesses to dodge the fine then make that a prison punishable offense."Spammers don't pay each other using Visa or Mastercard. They use stolen credit cards to purchase their domains, and they register those domains with completely fake information. They do this repeatedly, to the tune of several tens of thousands of domains per day.They pay each other for services like botnet rental or list purchasing via means such as epassporte or (at least until recently) egold. Otherwise it's all private bank wire transfer, usually to some third party offshore bank.I've been studying all of this for a while and I can tell you: there is no obvious, straightforward, simple solution.Having said that: ISP's need to get off their asses and take this problem seriously. The US is #3 in terms of botnet penetration to home users with cable or DSL connections. That has just got to change.SiL
it has been noted on Castlecops and elsewhere that more could be in store. I hope this is all wrong and the spammers behind these DDOSes are exposed by their ongoing attacks. Hopefully some will be caught and jailed, but that is much more wishful thinking. I think before that happens a larger attack by them will occur.
kinggorillaSep 13, 2007
He could always change it to Optimus Prime
holySep 14, 2007
Spam isn't being ignored, no one knows how to truly prevent it. Though more legalities can be created to try and prevent it. No one is going to stop them. That's like saying pirating music is going to stop, yeah right.
killspammerzSep 14, 2007
"Then they can use heuristics to figure out if, for instance, 100 emails are coming from the same customer in less than a minute and pull the plug. If an ISP doesn't care then they can be put in the black hole."It isn't that simple. Botnets consisting of several thousand computers sending spam means that one computer is sending only one message at a time to one recipient at a time over a vastly longer time frame. They can also throttle the traffic so that to the ISP it just looks like joe user's computer is just sending a few emails. In reality the botnet mailer is sending several hundreds of thousands of messages from several thousand distinct computers. The botnet creators built it to be virtually undetectable via the monitoring of volume. Consumers are so terrified of big brother wanting to monitor their incoming / outgoing traffic that actual packet monitoring would never go over in terms of privacy protection. That's the only way to really shut that activity down.DDOS'ing however: that's much easier to discover, from a traffic-monitoring point of view. Any PC that does a ping of a certain length, or attempts to instantiate a connection but not let it go within some threshold (say: 20 seconds) -- shut their connection down. Period. No normal user would have a requirement to be able to do that to a variety of sites at once."Second, if it's purely spam and not scam then we can go after the company that is buying the spam service by following the money. The email usually communicates where to send the payment. Fine that company $5,000 for using the bot net and then $2 for every email discovered. If the company doesn't pay then force VISA, AMEX, etc to stop all payments to the company. If the owner keeps opening new businesses to dodge the fine then make that a prison punishable offense."Spammers don't pay each other using Visa or Mastercard. They use stolen credit cards to purchase their domains, and they register those domains with completely fake information. They do this repeatedly, to the tune of several tens of thousands of domains per day.They pay each other for services like botnet rental or list purchasing via means such as epassporte or (at least until recently) egold. Otherwise it's all private bank wire transfer, usually to some third party offshore bank.I've been studying all of this for a while and I can tell you: there is no obvious, straightforward, simple solution.Having said that: ISP's need to get off their asses and take this problem seriously. The US is #3 in terms of botnet penetration to home users with cable or DSL connections. That has just got to change.SiL
s0teSep 14, 2007
it has been noted on Castlecops and elsewhere that more could be in store. I hope this is all wrong and the spammers behind these DDOSes are exposed by their ongoing attacks. Hopefully some will be caught and jailed, but that is much more wishful thinking. I think before that happens a larger attack by them will occur.
rona2365Dec 5, 2007
<a class="user" href="http://www.airsole.net">http://www.airsole.net</a>elevator shoesTurn any shoes into height increase elevator shoes. ___________________________________________________________<a class="user" href="http://www.gov-auctions.org">http://www.gov-auctions.org</a><a class="user" href="http://cars.gov-auctions.org">http://cars.gov-auctions.org</a> ___________________________________________________________Contemporary Chinese Wedding InvitationCustom Wedding InvitationsWedding Invitation DesignFree Wedding InvitationPersonalized and Unique Wedding Invitations<a class="user" href="http://www.983wedding.com">http://www.983wedding.com</a>___________________________________________________________Flight Attendant - <a class="user" href="http://www.sristysaviation.com/main.html">http://www.sristysaviation.com/main.html</a>
Closed AccountDec 5, 2007
ibm<a class="user" href="http://www.advanceddatarecovery.co.uk/ibm.html">http://www.advanceddatarecovery.co.uk/ibm.html</a>hitachi<a class="user" href="http://www.advanceddatarecovery.co.uk/hitachi.html">http://www.advanceddatarecovery.co.uk/hitachi.html</a>Hard Drive Recovery<a class="user" href="http://www.easyrecovery.ie/harddriverecovery.html">http://www.easyrecovery.ie/harddriverecovery.html</a>Laptop Recovery<a class="user" href="http://www.easyrecovery.ie/laptoprecovery.html">http://www.easyrecovery.ie/laptoprecovery.html</a>Raid Recovery<a class="user" href="http://www.easyrecovery.ie/raidrecovery.html">http://www.easyrecovery.ie/raidrecovery.html</a>