digg

Facebook Connect Join Digg About

Report: spam-wielding botnets are working 9 to 5

arstechnica.com Botnets that send out spam seem to like workin' 9 to 5 and resting on Sundays, according to the latest report out of Symantec's MessageLabs. Spam levels are up this month, too, taking the total percentage of spam over the 90 percent mark. Hope you have a good junk filter!

Who dugg this? Made popular May 29, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

28 Comments

show profanity settings
expand all
  • IneffablePolk, on 05/29/2009, -0/+14My guess is that lots of people have their work computers infected with spam-sending viruses that are unable to function when the computers are turned off at the end of the day.
  • lurkingfridge79, on 05/29/2009, -0/+9Could it be because many computers used at workplaces are infected?
  • teemingvoid, on 05/29/2009, -0/+7my 2 cents, either spammers' idea is to target people as they're sitting with their email clients open during the work day, hoping for a click as a message notification comes up, and/or they're trying to blend all that bandwidth required to send out their spamminess with all the other businesses internet traffic during a work day.
    or for the conspiracy minded... maybe its from employees at those big firms getting a little cash on the side by blending spam in with all the out going emails. warning the spammer IS IN THE BUILDING!
  • styn, on 05/29/2009, -0/+4This is the answer ofcourse. It was my first thought and was surprised no-one had mentioned it. Computers in botnet are still subject to conventional logic. i.e.: the computer must be connected to power, connected to the internet and turned on before it can spam. When are botnets most active? When infected pc's are on and connected ofcourse.
  • savocado, on 05/29/2009, -0/+4get Gmail
  • johnsmith555, on 05/29/2009, -0/+4Die spammers Die
  • petemorley, on 05/29/2009, -0/+3First point is spot on. An email sent to an office employee between Tuesday-Friday, 11 am to 5 pm is more likely to be read. Junk emails sent over the weekend tend be deleted en mass on the Monday.
  • WallyAnti, on 05/29/2009, -0/+2Seriously, because they find it so irresistible to violate our private email accounts, I think these people should always have all of their personal information posted and freely available to anyone who wants to harass them. The punishment should fit the crime.
  • Sillywombat, on 05/29/2009, -0/+1I knew it! These arnt botnets, they are specially trainned monkeys.

    "Given enough time, a hypothetical chimpanzee typing at random would, as part of its output, almost surely produce one of Shakespeare's plays or a trail of spam email".
  • nyxerebos, on 05/29/2009, -0/+1why on earth would anyone do that?
  • Kamujin, on 05/29/2009, -0/+1I predict a huge decline in botnets as more people replace Windows XP with something more modern. Win7, Vista, OS X, or Linux will all do fine.
  • Kamujin, on 05/29/2009, -0/+1People still get spam?

    I see spam so rarely these days, that I also get a sense of nostalgia when one makes it through.
  • fangor, on 05/29/2009, -0/+1Well, yeah...if they did their spamming off-peak, they'd probably be the majority bandwidth users and it would make it easier for ISP's to black hole infected machines until they are repaired.
  • savocado, on 05/29/2009, -0/+1I wonder if they have private heathcare...
  • Kamujin, on 11/10/2009, -0/+1Respectfully, your suggesting that these designs have not evolved in 20 years. You mention buffer overruns, but you do not acknowledge that Vista has an address randomization feature specifically designed to combat this type of attack. XP does not have this.

    Vista is more than UI look and performance boost that you were trying to suggest. Many of the complaints about Vista were directly related to the impact of Vista's security features on XP era applications. Take about damned if you do and damned if you don't. One group criticizes them for the impact of their security features. The other claims they don't exist.
  • Kamujin, on 11/10/2009, -0/+1With all due respect, you are wrong.

    Vista is not the same codebase as XP. If memory serves, it was derived from the Windows 2003 server codebase. It is substantially different and does contain rewrites of many components. For example, the networking stack.

    Additionally, things like UAC and signed drivers are non-trivial security improvements. Our Vista infection rate remains at zero machines.

    The 8/10 article is a junk article. It's a backwards compatible OS. Of course older code still runs, even if it's malware. Security is far more complex then you are trying to suggest. Please educate yourself a bit more.
  • Kamujin, on 05/30/2009, -0/+1I hear what your saying, but my experience tells me otherwise.

    I run the technology group at my firm and we have yet to have a Vista or Linux box get infected. The XP boxes which are a small fraction of the total number of workstations continue to get compromised.
  • JohnnySoftware, on 11/10/2009, -0/+1Now, that is interesting. So, they are business computers.
  • JohnnySoftware, on 11/10/2009, -0/+1Vista is still vulnerable to 8 out of 10 viruses. It is not a complete rewrite. It is just a UI look & performance boost.
  • nyxerebos, on 05/29/2009, -0/+1PCs are infected the world over. This would suggest the timing is deliberate. Machines in Europe/Asia/Australia are just as likely to be part of the botnet.
  • nyxerebos, on 05/29/2009, -0/+1No, better OS does not make for less gullible users. "free kitten screensaver.exe" is all it takes to deliver your payload to a fast new PC on a business internet connection.
  • nyxerebos, on 05/29/2009, -0/+1Somehow I don't think the Russian/Nigeiran mob provide healthcare plans.
  • JohnnySoftware, on 11/10/2009, -0/+1True PCs are infected the world over but very few people have email addresses in their Outlook "contacts" address book that are on the opposite side of the world, do they?

    It would be pretty easy to see the median & average number of timezones apart the sender and receiver of the spams were.

    The article doesn't say the email addresses used were being forwarded around and if they weren't, doing that computation would be pretty useful & require trivial effort. Also, they could have paid extra close attention to dates that were national holidays peculiar to just some countries and correlated that with the 9-5 stuff.

    If international spam originating on a country's computers DROPS on the date of their unique HOLIDAY, then that implies the spam is not being throttled by artifice, it is being choked by accident.

    I agree with @styn and lurkingfridge79. The timing does not have to be deliberately controlled: 1) turn on office computer, 2) computer sends spam to people in your address book all of whom live in your country in almost exact same timezone as you, 3) you turn off your office computer or it sleeps and consequently spam from you stops until next morning.
  • JohnnySoftware, on 11/10/2009, -0/+1Windows 7, Vista, XP, 2000 - not modern. Same architecture as Windows NT. That is when the security model, NDIS file serving protocols, etc. were defined. Early 1990's.

    And the interface portion of Win32 API (Windows NT through 7) really strongly matches Win16 API. The APIs were not redefined, simply reimplemented.

    Linux kernel arose sort of from scratch or sort of from Minix in the early 1990's too. Linux and Unix use a lot of open source programs and those programs have existed for like a decade or too. They seem to get worked on actively though, not lie fallow. Still, I you can call them modern only if you allow that lots of the current code in them was written ages ago.

    Mac's current kernel is based on Mach, the first version of which dates back to CMU in the mid-1980's. Mac OS X borrows a lot of code at its Unix layer from open source Linux and Unix programs. The Cocoa framework in Mac OS X is what used to be called "NeXT Step" back in the 1990s. A lot is very new but some of the classes have been around a very long time.

    We should probably face that we are running some pretty old, hopefully mature code. Modern does not mean a lot in terms of quality, per se. People knew to avoid "buffer overruns" and similar bugs that are a hazard today. If they were good programmers they did, if they were bad programmers they didn't. It's that simple.

    Twenty year old code could be excellent and code written yesterday could be sloppy. Just depends on who wrote it and who came along later and cleaned it up or messed it up.
  • insanebrain, on 05/29/2009, -1/+1stop surfing for porn ;)
  • fangor, on 05/29/2009, -1/+1Well, when I was doing telemarketing, I was able to successfully sign people up for "free trials" (ccn required) just by telling them it was free and then asking for the credit card. Mind you, no one got on my list unless they had canceled AOL at least once. There's a lot of slutty credit cards out there.
  • scubachef11, on 05/29/2009, -2/+1'Very hot hardcore farm ***** movies await you'
    'Ytake advantage of vi,aqra su<pe>r act.i.ve pi,llse'
    'blondtrannysucks&*****'
    'Naughty farm animals love the sexy sluts'
    'CelebPhyllisDavisShowsTitsInNature'

    These are *real* subject lines from spam that I constantly get in my inbox. All I want to know is - who is their target demographic? What keeps this spam monster alive?
  • thecosmicpope, on 05/29/2009, -5/+1Does that mean these bots have to be monitored, or even manned, for whatever reason? Doesn't that kinda go against why the bots were invented in the first place?

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.