Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Spam Your Rights Online

On The Trail Of Super-Zonda 318

Posted by timothy from the how-bout-a-nice-hot-cup-of-lead dept.
Dynamoo writes "BBC Radio 4 has been on the trail of the notorious Super-Zonda spammers and crackers, according to this article. Super-Zonda's trick is to find insecure hosts and pressgang them into webservers for mail order brides, viagra and other spam favorites. In this case a server is traced back to a hacked machine at a major international airline. The BBC investigate some of the people allegedly behind the spam in an investigation starting on the Spamhaus houseboat in London and ending in the Netherlands via Moscow. The BBC point the finger at Martijn Bevelander of MegaProvider as being not the innocent party he seems. The BBC provide some evidence to back this up, and are not known for rash accusations."
This discussion has been archived. No new comments can be posted.

On The Trail Of Super-Zonda More

On The Trail Of Super-Zonda

Comments Filter:

  • Hooray! (Score:4, Insightful)

    by sbszine ( 633428 ) on Tuesday July 01, 2003 @08:42PM (#6345146) Journal
    Finally, investigative reporting that is actually helpful and interesting. Go the Beeb : )

    • Re:Hooray! (Score:5, Insightful)

      by tqft ( 619476 ) <`moc.oohay' `ta' `ua_sworrubnai'> on Tuesday July 01, 2003 @09:44PM (#6345520) Homepage Journal
      Hmm...

      "...investigative reporting that is actually helpful and interesting..."

      Wouldn't have anything to with them being publicly funded and not beholden to corporate interests?

      • Re:Hooray! (Score:3, Interesting)

        by 56ker ( 566853 )
        They're not publicly funded (from tax pounds). If you want to choose not to receive television pictures at home, then you don't have to pay a licence fee (which goes to fund the BBC). They get their money from television licences (about approx US$160/year for colour). There used to be radio licences too (years ago). They still have their own agenda though - although you're right - they aren't as concerned with profit as a business would be. The C in BBC does stand for Corporation though....
        • I was half aware of this - but (semi-)independent funding of a public broadcaster is a far away dream in Australia.

          I am waiting for the great sellout when the econmoic zealots selloff the ABC and SBS (the 2 public TV broadcasters in Australia dependent on direct government funding). Hopefully the outcry from the public will stop it, but stations that carry independent critical thinking will get thrown to the sharks sooner later - at the moment they are slwoly getting their blood ($)let to drive the media

        • Re:Hooray! (Score:5, Interesting)

          by whoever57 ( 658626 ) on Wednesday July 02, 2003 @12:04AM (#6346451) Journal
          They're not publicly funded (from tax pounds)

          In name only. The license fee is effectively a tax on ownership of a television, since every owner of a television must pay it and persistent failure to pay can result in jail time. If it walks like a duck.....

          I believe that even if one can only receive satellite broadcasts, one still has to have a license fee.

          If one could own a television, and avoid the license fee by not watching BBC channels, then it would not be a tax.
          • They're not publicly funded (from tax pounds)

            In name only. The license fee is effectively a tax on ownership of a television, since every owner of a television must pay it and persistent failure to pay can result in jail time. If it walks like a duck.....

            In New Zealand we had the same regime, a "tax but not a tax" that you had to pay if had a TV. One or two brave souls fought their legal battles and avoided paying by soldering their antenna connectors direct to a video machine without a tuner, etc., et

          • Re:Hooray! (Score:3, Interesting)

            by Gordonjcp ( 186804 )
            I believe that even if one can only receive satellite broadcasts, one still has to have a license fee.

            Well, duh! The BBC produces about 12 satellite TV channels, which (like all other BBC TV and radio channels) carry no advertising. Do you think they give them away for free too?
        • 'Corporation' historically, in Britain, has always referred to a public body. 'working for the corporation' meant working for the local authority.

          Nowadays, the only corporation most people know about is the beeb, so the etymology's lost on most.

      • Re:Hooray! (Score:4, Interesting)

        by aziraphale ( 96251 ) on Wednesday July 02, 2003 @06:27AM (#6347746)
        I think it might have more to do with the unique and peculiar phenomenon called 'Radio 4'. You have to understand, this is a radio station like no other in the world. Its news coverage makes most broadsheet newspapers of international standing look like supermarket tabloids; its factual programming ranges from farming to education to natural history to technology to science to history to art without missing a beat; it has been the starting point for some of the most innovative comedy ever to come out of britain; it broadcasts a daily soap opera set in a small country village that has been running for over 50 years (and whose theme tune can mysteriously be instantly recited by any british person even if they've never heard it); it carries the shipping forecast of the british meteorological office; and it features no advertising or jingles at all (unless you can call the sound of 'big ben' chiming the hour, or 'the pips' (a strange sequence of electronic beeps that mark the hour), or the national anthem at closedown, jingles...)

        The point is, investigating internet spam is as much to be expected from radio four as interviewing a man who's devoted his life to the study of finches, or broadcasting a group of grown men sitting in a theatre reciting the names of london underground stations in accordance with some arcane set of rules.

        They probably followed the investigation with a reading from a novel by Hanif Kureishi and a half hour documentary on the history of beekeeping. And then the shipping forecast.

        Dogger, Fisher, German Bight.... easterly, becoming more northerly later, rising.

    • Re:Hooray!: inaccurate though (Score:5, Informative)

      by Anonymous Coward on Tuesday July 01, 2003 @10:39PM (#6345896)
      First, it was not a "hacked" web server.
      Second, it appears that Super-Zonda just recently moved the actual host (well, it too was a proxy) to CyberAngels (they had been on servepath.com for a long time, then ev1 [I think it was] for a weekend, then ...

      The spammer uses network scanning tools to find an open web proxy. A system where, with the proxy located at {PROXY_IP} as its IP address,

      telnet {PROXY_IP} 80
      GET / HTTP/1.1
      Host: www.nytimes.com

      gets the front page of the NY Times.

      He then does the following.

      He uses something like the following:

      telnet {PROXY_IP} 80
      GET / HTTP/1.1
      Host: [a_hostname_of_his_own]

      and looks at his nameserver's records to see whence came a request to resolve his hostname. Now he knows the location of the nameserver/resolver used by the open proxy. He does this a few times (the proxy may use several nameservers - just as in configuring your windows system for the 'net, you enter two nameservers in the settings). He also checks at his web server to see whence comes the connection (the proxy may or may not make its outgoing connections using the same IP address).

      Now he sets his nameserver to do the following:

      1: It responds to requests to resolve his spam site which come from the nameserver(s) used by the proxy with the correct IP address (of his spam site).

      2: It responds to ANYONE else with the IP address of the open web proxy.

      He then sets up his web server itself to drop all packets to port 80 (maybe to all other ports as well) EXCEPT packets to his port 80 *which come from the abused proxy*.

      The result? Everyone resolves his spamvertized host to the abused, hacked, illegally accessed web proxy and sends HTTP packets thither. That server/proxy attempts to get and serve up the pages by getting the IP address from its resolver which then gets the IP address of the hacker/spammer's actual site and accesses it and gets the page to return to the victim. Even if one happens to guess at the location of the actual spammer's machine, one cannot verify it since it appears dead to anyone except the proxy.

      The trick to locating him is to find out what resolver the proxy is using and have your resolver, nslookup or dig in Linux, say, do a lookup, but not via your ISP's nameserver - instead use the proxy's nameserver/resolver. Then you find whence the proxy got what it served up.

      [By the way, this is a pro-spam operation and the spammer's site may host some clients' stuff and in some cases, at least, it actually proxies the pages from another site.]

      It is not a matter of the spammer "hacking" anything. It is simply his hijacking web servers which serve as proxies but which allow anyone to use them as proxies.

      Why "super-zonda"? The names he used for his nameservers were ns1.super-zonda.com, etc. For other spamertized domains he registered different names for the nameservers, but they were located at the same IP addresses/locations.

      One of the web servers/open proxies he hijacked was a British Airways travel shop server. He also hijacked a mideast bank web server. A K12 server in Colorado, I think it was. Several in Korea. He would spam for many clients at once, hijacking several web servers (one for every one or two of the hostnames).

      The article on the BBC says:

      "When Paul and Matt looked up which computer the website was using to host its service, the IP address belonged to British Airways."

      Wrong. That was what it appeared to be. The pages were not there.
      That site was proxying them.

    • is actually helpful and interesting.

      But it wasn't seen first on Fox News Network, so no one here in the US saw it. Ergo, it didn't happen...

  • Oh, oh yeah? (Score:5, Funny)

    by Faust7 ( 314817 ) on Tuesday July 01, 2003 @08:44PM (#6345158) Homepage
    But it is a crime that is very difficult to police, and a crime that is growing daily, as spammers find ever more inventive ways of staying ahead.

    Well, now Microsoft is on the case. So they'd just better watch out.

  • Super-Zonda? (Score:5, Funny)

    by levik ( 52444 ) on Tuesday July 01, 2003 @08:44PM (#6345165) Homepage
    Wasn't that one of the characters in the original Street-Fighter 2 arcade?
    • I believe you're referring to E. Honda, the gigantic sumo wrestler with the dreaded Hundred Hand Slap.

      It's a good newbie fighter, but once you get experienced, it's real easy to counter all of his cheap moves.
    • Re: your sig (donate [flooble.com] IQ points)

      I just hacked the system. Click on this link [flooble.com] to get ten free IQ points!

      You will see that you have successfully donated -10 IQ points, which now means that you can solve math problems you could not solve before.

      Please do not take more than your share, though. Dave Berry of the Miami Herald is already reporting that some people down there have suffered from ... well, explosions.

  • Sure ;-) (Score:5, Funny)

    by Faust7 ( 314817 ) on Tuesday July 01, 2003 @08:46PM (#6345175) Homepage
    A special investigation by the BBC has revealed that British Airways was used without its knowledge to host a website advertising Russian mail order brides.

    As if the BBC would ever admit its nation's premier airline was desperate for some hot Siberian lovin'.

  • UK? (Score:2, Funny)

    by ArsonPanda ( 647069 )
    Damn, here I was hoping there would be a chance of prosicuting in a country that still has the death penalty. Preferably something slow.
  • kill.

    KILL!!

    KIILLLL!!!!

    Rid the world of the filthy disgusting spammonger! Use his vile machines to broadcast a message to the world that spam shall not go unpunished! The land shall be purified!*

    *This rant curtesy of having just watched Boondock Saints and Dune.

  • Is that a dagger in your pocket (Score:3, Funny)

    by seismic ( 91160 ) on Tuesday July 01, 2003 @08:48PM (#6345189)

    Many have tried but its proven very difficult to get really up close to the viagra spammers.

  • Confused... (Score:5, Funny)

    by Anonymous Coward on Tuesday July 01, 2003 @08:48PM (#6345197)
    I thought the mail order bride email were jokes, not SPAM.

    <russian accent>
    "Hello, My name is Tania and I have executed 18 years of age. I love ...."
    </russian accent>
  • From article: British Airways was used without its knowledge to host a website advertising Russian mail order brides.

    I assume that's air freight.

  • Hang 'em high (Score:5, Interesting)

    by The Tyro ( 247333 ) on Tuesday July 01, 2003 @08:49PM (#6345202)
    This is computer cracking/fraud at its seedy worst.

    Are these the jokers responsible for the Pornographic spam and Mail-order brides dreck that fills up my inbox? And they are using hacked commercial webservers as relay points for this cruft?

    Anyone who assists these guys is guilty of multiple computer crimes, at least as an accessory if nothing else (unless they are in a country that HAS no such laws, or doesn't honor extradition requests from foreign nations). Nobody can claim this is innocent "hacking" for education, curiousity, or "helping out" the victim by showing them what holes they have... this is outright exploitation of someone else's property, equipment, bandwidth, etc for your own financial gain, via spam, no less.

    This is fraud, any way you slice it... somebody needs to go to jail.
    • (unless they are in a country that HAS no such laws, or doesn't honor extradition requests from foreign nations)

      Wouldn't this be a great chance to use a few cruise missles? All we have to do is equate spammers with terrorists and I'm sure we can get dubya right on it. Or maybe we can tell the Israelis that they're members of Hamas....


      Allright, I know making politcal staments was playing with fire, but won't someone please think of the spammers? Can't we convince someone to hunt them down for us?

  • Hate the sin, Love the sinner (Score:3, Interesting)

    by ObviousGuy ( 578567 ) <ObviousGuy@hotmail.com> on Tuesday July 01, 2003 @08:50PM (#6345210) Homepage Journal
    Spam is another form of Speech. Yes, it is grossly abused and outright annoying, but it is still protected here in the U.S. (except for pending anti-spam legislation).

    But the actions of the spammers (Super-Zonda in this case) are reprehensible. They are clearly breaking the law in hacking into people's computers in the manner that they are, and they should be punished appropriately for that.

    Here is one aspect of the DMCA that is very important to retain even if the rest is done away with. If you have a system with some sort of "protection" and someone deliberately circumvents that protection to use your system for illegal activities, that someone should be punished for not just the illegal activities but also for the circumvention of the protections you set up. While I don't advocate the creation of laws for it's own sake (like many gun laws), I think that having a law in place that punishes criminals not just for the crime itself but also for the method of the crime is important in cases like this.

    • Re:Hate the sin, Love the sinner (Score:5, Informative)

      by ShaiHulud-23 ( 632290 ) on Tuesday July 01, 2003 @09:18PM (#6345385) Homepage Journal
      Oft-quoted blurb from NYTimes article "Tangled up in Spam [noblit.com]" (PDF) by James Gleick:

      Many people who hate spam believe, honorably enough, that it's protected as free speech. It is not. The Supreme Court has made clear that individuals may preserve a threshold of privacy. ''Nothing in the Constitution compels us to listen to or view any unwanted communication, whatever its merit,'' wrote Chief Justice Warren Burger in a 1970 decision. ''We therefore categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material into the home of another.''
      • If you are not a troll, or a spammer, you are grossly misinformed.

        The Supreme Court has repeatedly ruled that advertising enjoys less protection than ordinary speech. The most recent decision was in 1980 and is called the Central Hudson Case.

        In the decision, the exceptions to First Amendment protection of advertising speech were clearly outlined (the four-part Central Hudson Test).

        Here is a link: http://www.bodi.com/papers/advertising/adv-1.htm
        but to summarize, spam speech cannot even get past the fir
    • I believe I heard it best watching the Screen Savers earlier this afternoon. It's not free speech, it's commercial communications. Spammers aren't trying to just sway peoples' judgements...ok, well maybe trying to make guys believe that by taking a pill they can make their junk 25% larger...but on top of that they are selling you something. If this was free speech we would have never seen a national do-not-call directory for telemarketers.

    • Spam is another form of Speech. Yes, it is grossly abused and outright annoying, but it is still protected here in the U.S.

      Fuckshitsake's, why don't you fill up with cluons? You just sound like a spammer bransishing the freespeach argument.

      Where do you see in Congress shall not...abridge speech an interdiction of PRIVATE parties refusing data traffic from another PRIVATE network?

      Hint: the INTERnet is a BUNCH of various PRIVATE network that are in NO WAY obligated to accept each other's traffic.

    • Re:Hate the sin, Love the sinner (Score:5, Insightful)

      by schon ( 31600 ) on Tuesday July 01, 2003 @11:16PM (#6346134)
      Spam is another form of Speech.

      No, it's another form of harrassment.

      it is still protected here in the U.S.

      Really? Cheif Justice Berger, of the US Supreme Court disagrees with you.

      "Nothing in the Constitution compels us to listen to or view any unwanted communication, whatever its merit. We categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material into the home of another. If this prohibition operates to impede the flow of even valid ideas, the answer is that no one has a right to press even 'good' ideas on an unwilling recipient. The asserted right of a mailer, we repeat, stops at the outer boundary of every person's domain."


      Are you a supreme court justice? Are you a even a lawyer? No, you're just a lousy /. troll.

      So, what, exactly, gives you the authority to claim that the harrassing actions of spammers are "protected"? Please list any relevant quotes that say that harrassment and theft are legal.
    • Spam is another form of Speech. Yes, it is grossly abused and outright annoying, but it is still protected here in the U.S. (except for pending anti-spam legislation).

      Actually, the US supreme court recently made it exceptionally clear that nobody has the right to force their speech upon you, and in fact, at worst, YOU have an expectation of privacy. Telemarketers do not have the "right" to call you. Postal spammers don't have the "right" to flood your mailbox with junk mail. Junk faxers don't have the

  • Legislation Is Needed (Score:5, Interesting)

    by Anonymous Coward on Tuesday July 01, 2003 @08:50PM (#6345211)
    People that run open SMTP relays are part of the problem. Just as pawn shops that accept goods of dubious origin serve as fences and bear some responsibility for the problem of burglary, so do administrators that run open SMTP relays, either maliciously or out of stupidity, bear some responsibility for the spam problem.

    I'd like to see owners of open SMTP relays be liable.

    • No! (Score:3, Insightful)

      by Fastball ( 91927 )
      Reform SMTP or do away with it all together, and this problem likely goes away or becomes a non-issue. Legislation on technology is too often a concession to failure. My God, we haven't even tried an alternative to SMTP, and you're talking about passing laws. There's countless gun control laws at every level of government in the U.S., and does that absolutely prevent people who should not have a gun from getting one? No.

      When applied to crises, legislation rarely affects changes as intended. Please, people

      • I don't think SMTP is really the problem. What feature of a new protocol would prevent spam while still allowing all legitimate mail through. Why does that feature require a whole new protocol?

  • What about replacing SMTP? (Score:4, Interesting)

    by egg troll ( 515396 ) on Tuesday July 01, 2003 @08:51PM (#6345221) Homepage Journal
    I know it may not be accurate in this particular case, but would overhauling SMTP help reduce spam and other UCE? STMP was built for a more, erm, polite era and seems like its failing in this day and age with regards to spam.
    • ... would overhauling SMTP help reduce spam ...


      Yes.

    • Replacing SMTP won't really help (Score:5, Insightful)

      by dmeranda ( 120061 ) on Tuesday July 01, 2003 @09:55PM (#6345580) Homepage

      That wouldn't really solve the problem, unless the replacement was effectively to not have worldwide email. It really comes down to a problem of authenticating the source of the mail, and even then you need some way to know if that source is acceptable. Both of those are really tough problems when applied to a worldwide scale.

      Think about secure TLS/SSL websites. The authenticity check is dependent upon the trustworthyness of the root CAs. The respectable CAs must do a lot of manual checking of the registrant's identity before signing a certificate. And that costs a lot of time and money and infrastructure. And even then the certificate-based system we have for webpages is not all that great, it's still relatively easy to hijack websites or even run it yourself (who besides me actually bothers to look at the certificate details when they go to a secure site, or even removes some of the root CAs from their browser's builtin list?).

      Now, there certainly should be a way to get the domain name registration information as verifyable as certificate registrations; because the whois databases right now are laughably corrupt, not even the most fundamental checks are performed to insure that the data is correct. But even then, that doesn't stop spam, although it may help you track them down better.

      And asuming you have perfect authentication, knowing the source is authentic still doesn't determine whether you consider the source to be a spammer or not. A certificate only proves identity, it doesn't say anything about the type of content being sent. You certainly wouldn't be able to know the millions of different potential email sources, nor keep up with the minute-to-minute changes. And if you're a business you can't use a known sender whitelist; or you may never get job resumes, sales inquires, and so forth. So someone would have to build a list of all "good" non-spammer certificates.

      But then you're back to the same situation we have now. You'd just be using certificates or something like that instead of IP addresses as the "identity" you'd be matching against some database, like the many blackhole lists. And given how easy it is to hijack insecure computers, there would certainly be holes around that type of system too.

      Now true, the insecurity of vanilla SMTP is an issue for confidentiality purposes, but you can't really blame spam on that. And if you use the already standardized SMTP extensions, such as STARTLS or S/MIME, then SMTP can be pretty secure. Spam is a social problem, not a technology problem.

      • First of all, you'd need to keep records of all email receipts for two days, and then records of where it came from, according to which physical connection the email came through.

        Then, if someone gets spam, they send it to their ISP within the same day. The ISP first compares the headers with the actual receipt on the email (that is, where our own computers say it came from is actually where it came from). If forged, the computer does two things: (1) send an email to the forging computer's ADMIN (2) chal
    • Yes, but the logistical problems trying to overhaul something as ubiquitous as SMTP are unsurmountable. The 'net has worked mostly because everything has been designed for interoperability-- a non-compatible overhaul would break so many things this wouldn't even be funny.

      It turns out there are compatible upgrades that can help reduce the cost of spam, and reduce their flow [shameless plug for my own work-in-progress [hostdepartment.com] for an SMTP extension that does just that].

      The problem is, the only way to dispose of s

    • yeah there shouldn't even be an OPTION of allowing relaying except from a particular group of hosts.

      And if it's needed, USE AUTHENTICATION. I have three SMTP servers I can use for various uses (work, grad school, and my DSL ISP). All of them require authentication, either by logging in with a username/password or by requiring my IP to authenticate with their IMAP server before allowing me to send. It boggles my mind that so few servers require this given that all modern mail software allows for authenti

  • Hit squads. (Score:5, Funny)

    by nettdata ( 88196 ) on Tuesday July 01, 2003 @08:54PM (#6345242) Homepage
    Paypal donations to hi-tech hit squads, a la Tom Clancy and his Mr. Clark, to track down and eliminate, with EXTREME prejudice, any and all spammers, anywhere in the world. I'd give them $5/month, easy. Hell, film it and broadcast it like COPS. It's not like the embedded media have any real use for those handy portable vidcams they were sporting recently. Now _THAT'S_ a pay per view!

    These guys don't care about laws, and any and all fines they MAY receive are just a cost of doing business and a lesson learned on how NOT to do it next time. Mind you, I think they'd start caring if they starting being hurt and/or killed.

    And I'm only half kidding...

    Anyone wishing to apply for such a squad, please email to...
    • Hmm the idea is crazy enough, it might work.. who knows, maybe you'll see AOL's balancesheet for 2004 and under expenses it says "Spam prevention measures ... $ 10,000", but that's not R&D budget for Bayesian filtering technology, instead money to fund a unit of highly trained Anti-Spammer Commandos with H&K MP5s, night vision and middle-of-the-night incursions. Ah, that would be a cool job to have. :)
    • What we need is a Dead Pool [imdb.com] for spammers.
    • See Jim Bell's Assassination Politics [jya.com]. Beware, the government does not have a sense of humor. Jim Bell is currently in federal prison, serving a 10 year sentence for "stalking" an IRS agent. For details, see here [cluebot.com].
    • I know you're kinda kidding but for the part that isn't, um, vigillante justice is about as reliable as a lynch mob. I was once accused of sending spam - I was NOT. No, it wasn't that I admin'd an open relay either, a customer on a mailing list we kept from website signups complained the email was spam and the spamcops didn't check their facts before they complained to our ISP, who didn't check their facts before they shut off our service for a day.

      So, um, yea, let's kill spammers and have active firewal
  • It's worth listening to the more entertaining audio report, rather than just reading the (slightly drier) text.

  • If Reporters can (Score:5, Insightful)

    by mudpup ( 14555 ) on Tuesday July 01, 2003 @09:01PM (#6345293) Homepage Journal
    If reporters can find these spammers who break the law why can't law enforcement do the same?
    • Reporters keep their jobs on the merit of their results, and are promoted if they bring intriguing stories to their publishers; law enforcement personnel keep their jobs for maintaining the status quo and keeping society's more difficult elements from disrupting civilization.

      As much as spammers may annoy, exhaust resources and breach poorly monitored servers, they don't make enough noise, individually, to draw focussed attention from your average police officer. The questions of legal jurisdiction become

  • Open HTTP Proxies (Score:5, Informative)

    by kiolbasa ( 122675 ) on Tuesday July 01, 2003 @09:04PM (#6345313) Homepage
    The trick they use, as I understand it, is to rig their DNS servers to respond differently based on the IP address querying the spammed domains. The DNS responds with the address of an open HTTP proxy normally, and when the open HTTP proxy does the lookup, it gets a different address - the spammer's webserver. That webserver then only responds to those open proxies. The moral of the story is to be more careful when you put any proxy on the internet.
  • There will be countless solutions offered, many of which only address symptoms and not the problem on the whole. Laws, improved security, expanded blacklists. These will not fix the problem: anyone can send anyone a message, an entire frickin' message. Not a header, or subject. An entire message.

    I don't pretend to have all the answers, but from where I type, until mail transfer methods are reformed to challenge senders (something along the lines of whitelists) and only send message headers before such cha

  • Someone get an address and phone number (Score:3, Funny)

    by Omkar ( 618823 ) on Tuesday July 01, 2003 @09:09PM (#6345351) Homepage Journal
    And we'll finally find a good use for the (offline version) Slashdot effect.
  • Why does the mailorder bride site look like an exact ripoff of hotornot? damn, they are lazy enough to just copy a website but not to skip over hosting it on a hijacked server....
  • Be the parties who go to jail. I mean hard jail time for any person who causes this sort of nonsense to happen.

    I want them in jail with a specific exclusion from any form of communication other than snail mail.

    • What the fuck is your major malfunction?

      So somebody sends out annoying emails. Perhaps they even do some squirrely things to do so. But good god, man -- it's an email. Throwing someone into a place reserved for killers and rapists and then summarily depriving them of all modern forms of communication might make you feel better about your overly self-important sense of time, but that does not justify the evil of the deed.

      Repeat after me: your life, just like mine and most everyone else's, is inherently m

      • Its called "ENOUGH IS ENOUGH!" Just look at the reaction to the US national "Do not call" list. One annoying phone call is just that. A systematic pattern of annoying phone calls crosses the line and becomes harassment.

        Spam has gone waaaaaaay over that line. Telemarketers can be gotten rid of. Bulk snail mail can be stopped. Spammers WON'T stop. They don't care how much collateral damage they cause because it costs them nothing.

        The ONLY reason many of these spammers are alive is because it is unfortu

      • Re:Make those who benefit... (Score:5, Insightful)

        by Stephen Samuel ( 106962 ) <samuel@NOsPaM.bcgreen.com> on Tuesday July 01, 2003 @11:15PM (#6346113) Homepage Journal
        It's not just sending a bit of email... It's hijacking the proxy server at a place where I worked, and spending about $800/month in bandwidth before they found out about it. Luckily all they had was a lowly ADSL line (1.5 megabit). Do that to a few thousand people and you've got more than a million dollars worth of scammed bandwidth under your collar.

        That is worth sending someone to jail for. Given that we've got these sledgehammer anti-hacking laws on the books, we might as well put them to a good use.

        Which reminds me: is hacking for profit considere an extraditable offence??

      • Re:Make those who benefit... (Score:5, Insightful)

        by dubl-u ( 51156 ) * <2523987012@pota . t o> on Tuesday July 01, 2003 @11:52PM (#6346384)
        Repeat after me: your life, just like mine and most everyone else's, is inherently meaningless.

        Hi! Philosophers know this as the naturalistic fallacy. The way the world is implies nothing about the way we should choose to make it. You are welcome to choose a zero value for human life. I pick bigger ones, as do most people.

        Spam is annoying. Spam is nothing more than that -- it does not deserve "hard jail time".

        No, Britney Spears is annoying. Spam is a major societal problem.

        From the estimates I've seen, the worldwide cost of spam is$10-$50 billion/year, and it's still growing unchecked. As this article suggests, it seems to be moving from the control of low-lifes to outright criminals. I guess that's not surprising, given how much of the stuff advertised via spam is either fraudulent or illegal.

        When you compare the costs of spam to some of the recent large business bankruptcies [bankruptcydata.com], it's clear that spam in in the same league. People are clamoring for jail time for the recent set of CEOs/con-men; why shouldn't spammers, who cause a similarly big problem, face similarly big sentences?
        • The naturalistic fallacy is the application of moral value to any given property. Inherently, there is nothing of worth -- value is assigned fallaciously, according to the theory, which was proposed by Moore. "I pick bigger [values for human life]" is an example of the application of the fallacy.

          If you want to criticize my understanding of philosophy, get yours right first.

          Spam is not a "major societal problem." Hunger, AIDS, and the abuse of our civil liberties are examples of major societal problems.

          • If you want to criticize my understanding of philosophy, get yours right first.

            I quote Frans de Waal, from Good Natured: the origins of Right and Wrong in Humans and Other Animals:

            Known as the naturalistic fallacy, the problem of deriving norms from nature is very old indeed. It has to do with the impossibility of translating 'is' language (how things are) into 'ought' language (how things ought to be).

            You asserted that life is "inherently meaningless", a proposition with which I agree; it's all just mol

  • Get the spammer's customers! (Score:4, Funny)

    by HiKarma ( 531392 ) * on Tuesday July 01, 2003 @09:43PM (#6345514)
    Why do commercial spammers spam? Well, for the ones who try it more than once, it's because somebody pays them to do it. Who pays them to spam you? The suckers who buy from them pay them to do it. Without that money the spammers would have little reason to spam.

    So what you need to do is punish the spammer's customers, find them, out them and make them afraid.

    The way to do this is simple. Just send out some really attractive spams. Offer legit products at irresistable prices. Have legit sites to back up that the offer is real and not too good to be true. Anybody who responds, however, is an evil spam funder, and they will give you all their ID information, which you can use to punish them for funding spammers!

    That will stop 'em.

    (For the satire impaired, that's what this is.)

  • Power to the People (Score:2, Insightful)

    by quinkin ( 601839 )
    The steps taken by the BBC consultants exemplifies a much understated aspect of anti-spamming: Killing the open relays and hacked servers.

    It is a fairly trivial matter for most regular /. readers to back trace a spam mail to the source server. In nearly all cases the server is an open relay or has been owned - either way the plug should be pulled.

    I would like to see a semi-automated tools to assist in this. It would allow people to respond to the majority of spam they receive with little effort.

    The

    • Re:Power to the People (Score:2, Informative)

      by pe1chl ( 90186 )
      >It is a fairly trivial matter for most regular /. readers to back trace a spam mail to the source server. In nearly all cases the server is an open relay or has been owned - either way the plug should be pulled.

      I think you have not looked at the matter last year.
      What you say may have been true in the past, but the spammer's tactics have changed.
      They use proxies now, not relays.
      There is no way to trace the path back to them, for a regular /. reader.

      You would need co-operation from the access provider o

  • Open Relays? (Score:2, Interesting)

    by qtp ( 461286 )
    I wonder how many of these spammers are using open relays.

    Whenever I read of proposed spam legislation and law enforcement attempts, I can't help but think that this somehow encourages companies and individuals to not take the neccessary care in configuring thier hosts, suscribing to blackhole lists, or running proper filters on thier hosts/servers.

    When I see the disparity between email providers in the amount of spam I recieve, I realise that the admins are at least partially to blame. (My mail account

    • Re:Open Relays? (Score:4, Informative)

      by AndroidCat ( 229562 ) on Wednesday July 02, 2003 @12:38AM (#6346609) Homepage
      Mainly these days, it's open proxies. Open relays leave a trail in the headers, proxies don't. Outgoing filters won't help in that case because it's not going through the ISP's mail server.

      Administrators can't do anything in cases where management doesn't mind pink spammer money, or where the sales guys are clueless about known spammers.

      For plenty of block lists, start at sprews.org and follow the links. Eventually you'll find one of the flavour you want.

  • In a perfect world (Score:5, Funny)

    by Anonymous Coward on Tuesday July 01, 2003 @10:27PM (#6345814)
    These spammers would get caught, go to jail, and share a cell with many men who have enlarged thier penises, taken viagra, and are looking for a new relationship. Now that would be poetic justice.

  • Is it time to start shooting spammers yet? (Score:5, Funny)

    by Mike Van Pelt ( 32582 ) on Tuesday July 01, 2003 @10:41PM (#6345909)
    I'm serious.

    Today, I was working on a problem with our spamassassin server running out of memory, and saw something scary in the log file - email from <one of our biggest customers> to <executive who reports directly to the CEO>, subject "Legal action started", marked as spam.

    Very bad to get false positives like this!

    However, on tracking it down, it was....

    You guessed it....

    An ad for an herbal product to "Enlarge your P3n1s!!"

    Can we start hunting them down and shooting them yet? Please, pretty please?

    http://scs.northwestern.edu/nuilr/peer-net/media 2k /fraud.html

  • Dead[?] CyberAngels (Score:3, Insightful)

    by AndroidCat ( 229562 ) on Wednesday July 02, 2003 @12:26AM (#6346549) Homepage
    Just today (Tuesday July 1st) Telefonica announced that they had dropped Cyberangels as a client for breach of their terms and conditions regarding unsolicited bulk e-mail.

    I think they also got dropped from another provider as well. There was some speculation that they were using a hijacked IP block.

    There's betting on NANAE about where he pops up next.

  • Legislate Out The Source (Score:5, Insightful)

    by Anonymous Coward on Wednesday July 02, 2003 @02:41AM (#6347123)
    I'm really sick of hearing how the way to take the money out of spam is to charge for e-mail.

    Instead of attacking the supply side, attack the demand side. Forget the fact that most of these spammers are outside the US. The fact is, most spam *advertisers* are in the US.

    If the law allowed companies/people to be sued for using a service that has been convicted of using illegal means to send spam (invalid return address, hijacked systems, forged headers, etc), it would take about one or two high publicity lawsuits against a couple of spam buyers (lower mortgage rates! viagra! enlargement!) to curb the problem.

    This legislation to kill spam by going after the senders will work for all of about a day, until all the buyers start buying service from someone offshore.

    This would be self-regulating, market driven phenomenon if played out properly. Legitimate mailing companies could advertise their "legitimacy" and real companies could use those services for real, honest-to-goodness marketing. If someone used a shady mailing company, then they expose themselves to damages.

    Whatever. Spam will not significantly decrease until the companies that contract out the services of these mailers have the screws put to 'em.
  • In some not too recent discussion here on /. somebody posted a link to how a guy got pissed off and cracked a spammer's computer, collecting all sorts of data (including not-so-good nude pictures) and writing a highly amusing report on it. Does anyone know that link?

  • Rash Accusations? (Score:3, Funny)

    by EnglishTim ( 9662 ) on Wednesday July 02, 2003 @03:34AM (#6347302)
    "The BBC ... are not known for rash accusations"

    I'm not sure Alastair Campbell would agree... ;-)

  • IT prostitute (Score:3, Interesting)

    by pigeon ( 909 ) on Wednesday July 02, 2003 @03:39AM (#6347327) Homepage
    IT's no big surprise, this Bevelander was a well known young internet interpreneur, who became famous in the Netherlands because he represented the internet boom. But he didn't do anything special, and he is the kind of guy who would do anything for money.

  • Martijn Bevelander's history (Score:3, Informative)

    by Anonymous Coward on Wednesday July 02, 2003 @06:05AM (#6347677)
    I'm a network engineer for a medium-sized ISP in The Netherlands. Martijn Bevelander has been operating in de dutch ISP world for years now. Previously most people saw him as a huge clown; his daddy (some chief somewhere) seems to always fund his playing in the internetworld while he manages to get all his companies to go broke.

    His staff continues to show their good knowledge on the Internet: see this mail [cctec.com] where one of his noc monkeys notifies the operators on the Amsterdam Internet Exchange of a new announcement from Bevelander Internet Services: 192.168.0.0/16. Perhaps this was just a sneak preview into the future?

    The dutch media have reported on several occasions on him: check this [webwereld.nl] link from Webwereld.

    Insiders still laugh on his ignorance regarding security. He used to have his printers wide open connected to the internet, resulting people to send complete black pages to it. Another great story is how he continued to buy new 3com switches after he failed to change the administrators access to them and someone from the outside shutdown't his uplink port. Yeah Martijn, they were all broken.

    So far he was just a joke. The troubles started when his company Bevelander Internet Services got broke and he quickly setup a new company called Megaprovider. After most of the customers were transferred, he sold the empty remains to Concepts ICT. Appearantly Megaprovider is not doing to good as well, seeing his Cyberangels adventure.

    One of his well-known associates, Joshua Dodds, is known as a true DDoS-kiddo, DoS'ing everyting and everyone who says a bad thing about him on IRCnet. I guess they will never learn...

  • Let's hear it for the BBC (Score:3, Interesting)

    by Simon Brooke ( 45012 ) * <stillyet@googlemail.com> on Wednesday July 02, 2003 @09:44AM (#6348902) Homepage Journal
    OK, we're seeing a lot of whinging here about whether the television license fee is actually a tax. Well, it sort of is, of course, but it also in important ways, sort of isn't. If it were a tax - a grant from the treasury - then the BBC could easily be forced to toe the government line. It's because the license fee is 'hypothecated' - i.e. dedicated to a particular purpose, in this case the BBC (a thing the treasury really hate) that the BBC is independent from government.

    It's because the BBC is independent from Government that we can get spats like this [bbc.co.uk], where the BBC very publicly say, in effect, that the Prime Minister lied to Parliament about Iraq's alleged Weapons of Mass Destruction, and it's because of the BBC's independence that it can refuse to back down despite the most severe pressure from the government.

    So, you know, let's hear it for the BBC and let's hear it for the License Fee [bbc.co.uk]. It's because the license fee is hypothecated - a tax paid by the people directly to an independent organisation - that we have at least one high quality media publisher with the utmost journalistic integrity which can call a sleazy and corrupt government to account, as it is doing now over the lies which led us into an illegal and unjustified war, and as it did under the Tories about MPs taking bribes.

    A government run broadcaster could not do this, because the government could tell them to shut up, and cut off their funds if they didn't. A commercial broadcaster would find it much harder to do this, because the big commercial interests which pay for advertising don't want the boat to be rocked.

    The BBC is, let's face it, one of the most independent, one of the most honest, one of the most fair broadcasters in the world. In a world where most media is in the hands of a very few commercial interests, mostly with fairly noxious political agendas, having one which is answerable only to the public is a very good thing in my opinion.

    Long live the license fee!

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close