Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Spam The Internet Your Rights Online

Another Worm Targets Anti-Spam Sites 538

Posted by timothy
from the heads-on-sticks-please dept.
kevinvee writes "Yahoo! is reporting about the next battle of Spam Houses versus Spamhauses. This time, its W32/Mimail-L receiving the attention. "It's the third Mimail variation to come after us, except this one is trying to do more," said Steve Linford, founder of The Spamhaus Project. Apparently this reincarnation comes as an attachment offering naked photographs. Once infected, a follow-up e-mail is sent to the user stating that a CD containing child pornography will be delivered to their postal address. "These guys write trojan (viruses), they carry out DDOS attacks and they get their money through selling stolen credit cards and spamming," Linford said."
This discussion has been archived. No new comments can be posted.

Another Worm Targets Anti-Spam Sites

Comments Filter:
  • A new low (Score:4, Funny)

    by CleverNickName (129189) * <wil@NOspAM.wilwheaton.net> on Wednesday December 03, 2003 @10:33AM (#7618443) Homepage Journal
    I didn't think that it was possible for me to hate spammers more than I already do.

    Turns out I was wrong.
    • Re:A new low (Score:5, Interesting)

      by Saint Aardvark (159009) * on Wednesday December 03, 2003 @10:41AM (#7618525) Homepage Journal
      No kidding.

      It's absolutely insane. They won't stop 'til they've destroyed email.

      It's melodramatic, but: spammers really have declared war on email, and the Internet and its users as a whole. They're fucking with email, they're fucking with DNS, they're sending out viruses to infect users and spread more filth, and they're trapped in this huge positive feedback loop that I'm desperately afraid won't end. They pump out millions of emails which get ignored so they pump out more which gets them blocked so they pump out more to get around that and they start attacking their opponents and now the volume of spam is so high they need to pump out even more just to get any sort of return...

      Rationally, I think the only way around it is to attack the economics of spam, as has been suggested by many much smarter than me.

      But really, what I want is revenge.

      • Revenge? (Score:5, Interesting)

        by $ASANY (705279) on Wednesday December 03, 2003 @11:05AM (#7618770) Homepage
        I got some revenge for ya...

        As promised, there's a new tool in town. Project Web Form Flooder [sourceforge.net] is still in beta, but it's functional in flooding spammer's websites with plausible data. Java source code only right now, but I'd imagine the ./ crowd can deal with that.

        If we flood spammer's websites with garbage data, maybe, just maybe we'll do a little to remove the profit motive in spamming, and once there's no money in it it'll end.

        Isn't it time we stopped crying and started doing something?

        • Re:Revenge? (Score:3, Insightful)

          by Viol8 (599362)
          The problem with that is that most spammers websites are hosted on innocent ISPs machines. After all , when someone pays for a web site
          the ISP doesn't know what it will be used for. The site only has to stay live for a few days for the spammers to make money. By the time the ISP
          has twigged and shut it down the spammers haved moved onto the next ISP to sucker.
          • Re:Revenge? (Score:4, Insightful)

            by sjames (1099) on Wednesday December 03, 2003 @11:58AM (#7619341) Homepage

            The problem with that is that most spammers websites are hosted on innocent ISPs machines.

            The objective isn't a DOS, it's to salt their data. If 99 out of 100 'orders' are fakes with invalid cc numbers, their transaction costs will go up and their profitability will plummit.

            The other alternative is to track them down and burn them alive.

            Neither of the above is desirable since mistakes will be made and innocents will be put out of business or killed. The desirable solution is to throw them in jail and fine the hell out of them after they are found guilty in a fair trial. However, vigilante action is the natural consequence when the law fails to take action.

            • Re:Revenge? (Score:3, Insightful)

              by plover (150551)
              The objective isn't a DOS, it's to salt their data. If 99 out of 100 'orders' are fakes with invalid cc numbers, their transaction costs will go up and their profitability will plummit.

              I think you've missed the profit model of spam. You need to recognize the difference between the spammer and the merchant. Two different businesses, with two different objectives.

              The spammer makes money by selling bulk-email services to merchants. $100 dollars for 1 million emails, that sort of thing.

              The merchant spe

              • Re:Revenge? (Score:3, Insightful)

                by thedillybar (677116)
                I disagree.

                If hiring a spammer means 0.1% valid responses and 1% invalid responses, then the merchants will eventually catch on and stop hiring the spammers. At some point, this ratio gets so small that it's not worth advertising.

                Sure, this may take a some time and some merchants, but eventually it will work its magic.
        • Re:Revenge? (Score:5, Interesting)

          by hellraizr (694242) on Wednesday December 03, 2003 @12:38PM (#7619727)
          If we flood spammer's websites with garbage data, maybe, just maybe we'll do a little to remove the profit motive in spamming, and once there's no money in it it'll end.

          Yes but unfortunatly most spammers have enormous clusters of servers for what they do and more bandwidth than you can shake a stick at (thats the only way the upstream providers will let them spam, they need 20mbit, they buy an OC-3). it would really be no big deal for spammers to survive a DDoS attack, it would take him down for maybe MAYBE 2 hours. how do I know this? I used to work for one. he was more legitimate than "make your penis bigger", all his lists were 2x optin but being in the biz I met all the other spammers down here in Boca Raton FL (the american capital of spam).

          To put it in perspective, one spammer had somewhere around 500 servers taking up an entire row of racks in the datacenter we were at. another one had 350. the guy I worked for was comparably small, less than 50 servers. and all these guys have enormous burstable bandwidth behind them (spam eats up somewhere around 100-300mbit/sec when doing the initial dns caching)

          Another thing is spammers usually hire VERY good technicians and pay them very well (which is why I stayed working for a spammer). it would be no big deal during a ddos attack, to swap out ip pools on the network (most spammers own tons of ip networks and multiple AS #'s), reprogram the router and setup LVS on 6-8 boxes and it would be able to take most any DDoS you could throw at them.

          Oh and finally spam makes money. TONS AND TONS of money. hundreds of thousands of dollars profit a month usually run by 3-4 guys, so there's always room for ways around whatever we can dish at them. they simply have more resources than the userbase they spam.
          • Re:Revenge? (Score:4, Insightful)

            by $ASANY (705279) on Wednesday December 03, 2003 @12:49PM (#7619837) Homepage
            Who cares about their servers?

            It's their DATA that's valuable. The data that unsuspecting knuckleheads willingly provide is what they make their money from. Flood their data with garbage so they can't tell the real from the bogus and their entire database becomes effectively useless.

          • I met all the other spammers down here in Boca Raton FL (the american capital of spam).

            Why doesn't it shock me that the capital of spam in the US translates to "Rat's Mouth"?
      • Re:A new low (Score:5, Insightful)

        by lone_marauder (642787) on Wednesday December 03, 2003 @11:07AM (#7618791)
        Rationally, I think the only way around it is to attack the economics of spam, as has been suggested by many much smarter than me.

        When you talk about changing the economy of spam, you are talking about creating scarcity with regard to communication by taxing it. I couldn't disagree more with the suggestion that we must restrict communications in order to solve the spam problem. We demand that outfits such as the RIAA learn to adapt in a world where communication is profligate and free. How can we, in good conscience, recommend that communication be restricted in an area where our personal convenience and comfort is concerned, and not in another, where someone's multimillion dollar industry is concerned? If we think freedom of information is a good thing, we must be consistent in that belief.
        • Re:A new low (Score:3, Insightful)

          by MindStalker (22827)
          Thats not the only way to change the economics of spam. Simply put spammers exist because the rate of return on investment is very high. We have to change that economic principle some how, there really is no argument there. There are many suggestions on how to do this, taxing is just one of them. Heck everyone pretending to reply is another one, which forces to spammer to follow many false leads. There is many, but something must be done to make spamming more expensive.
          • Re:A new low (Score:4, Interesting)

            by TheMidget (512188) on Wednesday December 03, 2003 @11:34AM (#7619088)
            Heck everyone pretending to reply is another one, which forces to spammer to follow many false leads.

            Even better: pretend to buy. Some spammer's site are so easy to crack (hint: SQL-injection) that it's a joke.

            Harvest credit card numbers (with matching delivery and billing addresses, and often with matching CVV's) on one spammer's site, and use them on another's.

            If enough people do this on a routinely basis, several things will happen:

            • The word will spread about among buyers of spamvertised products that buying these is a surefire way to get trouble with their credit card
            • Excessive rate of chargebacks make many spam operations unprofitable
            • Credit card companies will realize that spammers are troublesome business partners, and become very reluctant to give them merchant accounts.
            Hit them in the pocketbook (but use an open proxy, unless you want to get into trouble yourself...)
            • Re:A new low (Score:4, Insightful)

              by Kenja (541830) on Wednesday December 03, 2003 @12:16PM (#7619492)
              What a GREAT idea. Fight Spam by committing a federal offence. You can laugh at the foolish spammers from prison.
            • by MillionthMonkey (240664) on Wednesday December 03, 2003 @01:41PM (#7620349)
              (Inevitably, in every thread about spam, someone proposes a solution with one or more flaws. This is a handy form that passes the lameness filter and that can be reused for all such posts to save time! It does not specifically address all possible flaws and may be expanded in future versions.)

              Your post advocates a

              ( ) technical ( ) legislative (x) market-based (x) vigilante

              approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)

              ( ) Spammers can easily use it to harvest email addresses
              ( ) Mailing lists and other legitimate email uses would be affected
              ( ) No one will be able to find the guy or collect the money
              ( ) It is defenseless against brute force attacks
              ( ) It will stop spam for two weeks and then we'll be stuck with it
              ( ) Users of email will not put up with it
              ( ) Microsoft will not put up with it
              (x) The police will not put up with it
              ( ) Requires too much cooperation from spammers
              (x) Requires cooperation from too many of your friends and is counterintuitive
              ( ) Requires immediate total cooperation from everybody at once
              ( ) Many email users cannot afford to lose business or alienate potential employers
              ( ) Spammers don't care about invalid addresses in their lists
              ( ) Anyone could anonymously destroy anyone else's career or business
              ( ) Ideas similar to yours are easy to come up with, yet none have ever worked
              ( ) Other:

              Specifically, your plan fails to account for

              (x) Laws expressly prohibiting it
              ( ) Lack of centrally controlling authority for email
              ( ) Open relays in foreign countries
              ( ) Ease of searching tiny alphanumeric address space of all email addresses
              (x) Asshats
              ( ) Jurisdictional problems
              ( ) Unpopularity of weird new taxes
              ( ) Public reluctance to accept weird new forms of money
              ( ) Huge existing software investment in SMTP
              ( ) Susceptibility of protocols other than SMTP to attack
              ( ) Willingness of users to install OS patches received by email
              ( ) Armies of worm riddled broadband-connected Windows boxes
              ( ) Eternal arms race involved in all filtering approaches
              (x) Extreme profitability of spam
              ( ) Joe jobs and/or identity theft
              ( ) Technically illiterate politicians
              (x) Extreme stupidity on the part of people who do business with spammers
              ( ) Dishonesty on the part of spammers themselves
              ( ) Bandwidth costs that are unaffected by client filtering
              ( ) Outlook
              ( ) Other:

              and the following philosophical objections may also apply:

              ( ) Any scheme based on opt-out is unacceptable
              ( ) SMTP headers should not be the subject of legislation
              ( ) Blacklists suck
              ( ) Whitelists suck
              ( ) We should be able to talk about Viagra without being censored
              (x) Countermeasures cannot involve wire fraud or credit card fraud
              ( ) Countermeasures cannot involve sabotage of public networks
              ( ) Sending email should be free
              ( ) Why should we have to trust you and your servers?
              ( ) Incompatiblity with open source or open source licenses
              ( ) Feel-good measures do nothing to solve the problem
              ( ) Temporary/one-time email addresses are cumbersome
              ( ) I don't want the government reading my email
              ( ) Killing them that way is not slow and painful enough
              ( ) Other:

              Furthermore, this is what I think about you:

              (x) Nice try, dude, but I don't think it will work.
              ( ) This is a stupid idea, and you're a stupid person for suggesting it.
              ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
        • Re:A new low (Score:3, Interesting)

          What? Nice troll. Point out the word "taxing" in my post. I'll wait.

          Okay, my fault for feeding the trolls, but:

          When I talk about "attacking the economics of spam," what I mean is making it unprofitable to be a spammer. I think there are lots of ways to do this; taxing, while one way, is a particularly stupid and noxious method.

          Here are things I think will work to varying degrees:

          I think the best idea is spidering websites.

        • Re:A new low (Score:5, Insightful)

          by Frater 219 (1455) on Wednesday December 03, 2003 @11:42AM (#7619193) Journal
          When you talk about changing the economy of spam, you are talking about creating scarcity with regard to communication by taxing it. I couldn't disagree more with the suggestion that we must restrict communications in order to solve the spam problem.

          The problem of spam is not caused by the freedom of email, any more than murder is caused by the availability of knives and other weapons. It is too easy for technically-minded people to see spam as a technical problem, which is to be solved by replacing the existing mail system with something more restrictive. However, the spam problem is not spontaneously generated by the mail system, just as knives do not go around murdering people. Spamming, like murder, is a human action that certain humans choose to engage in.

          It is, of course, useful to use technology to make harmful actions more difficult. Locking up valuables makes theft more difficult; hiring bodyguards makes assassinations more difficult. However, we do not pretend that technology should make theft or murder impossible, or that the world should be transformed into a padded cell so that everyone is technologically prevented from doing anything wrong. Instead we deter and punish crime through education and law enforcement. Technology can reduce the likelihood and impact of harmful human actions, but we cannot use it as a replacement for social responses.

          Regardless of whether particular legislatures have passed laws which specifically address spam, we recognize spamming as a lawless and criminal endeavor. Spammers co-opt the property of others against the will of the property owners. (Note that this is worse than simply using that property without permission.) Just as gangs protect their core unlawful enterprises with further crimes such as murdering rivals and bribing police, spammers have come to use cracking, viruses, and DDoS to protect their core activity. Structurally, spam is just like other sorts of lawless action which we see as the proper jurisdiction of law enforcement rather than technological kludgery.

          There is no shortage of evidence, gathered from public sources and fully admissible in court, that particular spammers are engaged in criminal actions such as the above. Contrary to common belief, these spammers are not in "third-world nations"; they are in Western nations such as the USA, Canada, and the UK -- nations which have broadly functional legal systems, and nations whose Internet users are the chief recipients of spam as well. Volunteers have already carefully collected this information in the Registry of Known Spam Operations [spamhaus.org]. What is needed is twofold: (1) Funding for law enforcement to go after the known criminal enterprises; (2) Further litigation by major victims of spam, such as large ISPs, against those who are victimizing them.

          • Re:A new low (Score:3, Insightful)

            by wytcld (179112)
            Further litigation by major victims of spam, such as large ISPs, against those who are victimizing them.

            Nice idea, but. The new federal "anti-spam" legislation specifically removes private "right of action" against spammers. That is, victims can't sue. All they can do is complain to the federal government, which can act - or not - in its own way and time. It also pre-empts states from passing anti-spam laws stricter than the Fed's ... so you won't see the equivalent of NY AG Elliot Spitzer's action again
      • One might wonder if a new e-mail standard could be designed. One that by design would eliminate the spam problem. I don't know much about this, it's just a thought.
      • Re:A new low (Score:3, Interesting)

        by scrytch (9198)
        > It's absolutely insane. They won't stop 'til they've destroyed email.

        s/email/every public commons/
        These people can, have, and will spam by email, fax, autodialers, IM, SMS, spyware, and every single method of communication they can get their hands on that makes it cheap to publish.

        The feedback loop will certainly end ... when there isn't a commons left. When we've all retreated into isolated communities and protocols, and will have to pay for the privelege of connecting with strangers, under the rar
      • Calm down, calm down, spam is not so bad. Why if we eradicate spam just think of all the jobs that would be lost!! All those good people in the electronic mail marketing business (aka. spammers) and the developers that derive a living from anti spam software, the doctors that treat patients who's hearts have begun to give under the constant emotional irritation and anger generated by spam, the drug companies that make their medicine... the list goes on. No spam is an essential component in modern society, i
    • Re:A new low (Score:5, Insightful)

      by Uma Thurman (623807) on Wednesday December 03, 2003 @10:44AM (#7618568) Homepage Journal
      There's a term for a coalition engaged in the act of making money through the use of intimidation and illegal acts: organized crime.

      The spammers are exactly the same as the mafia.
      • by johnkoer (163434) <johnkoerNO@SPAMyahoo.com> on Wednesday December 03, 2003 @10:58AM (#7618702) Homepage Journal
        I thought you were going to say RIAA, but organized crime works too.
      • Re:A new low (Score:4, Insightful)

        by Tackhead (54550) on Wednesday December 03, 2003 @01:20PM (#7620166)
        > There's a term for a coalition engaged in the act of making money through the use of intimidation and illegal acts: organized crime.

        I'd actually go one step further. A Racketeering-Influenced Corrupt Organization.

        > The spammers are exactly the same as the mafia.

        But on that, I must dissent. The Mafia has a long and storied history of providing everything from illicit booze, prostitution, sports gambling, lotteries with better payouts than the government-run lotteries, duty-free liquor and cigarettes, financial assistance to those with whom banks will not deal, as well as a full range of soft and hard drugs.

        Unlike spammers, the mafia provides things that people actually want.

  • hmm.... (Score:5, Funny)

    by frodo from middle ea (602941) on Wednesday December 03, 2003 @10:34AM (#7618453) Homepage
    I always though the money making scheme from "Lock stock and two smoking barrels" was very practical and doable..This looks preety similar to that.<P>
    In case you don't know what I am talking about, Go see the movie before you mode me down.
  • baseball bat (Score:5, Insightful)

    by Clay Pigeon -TPF-VS- (624050) on Wednesday December 03, 2003 @10:34AM (#7618457) Journal
    What we need to do is find out the physical addresses of these nice individuals and try to reason with them using advanced negotiation tools, such as baseball bats and tire irons.
    • What we need to do is find out the physical addresses of these nice individuals and try to reason with them using advanced negotiation tools, such as baseball bats and tire irons.

      no, socks with soap in them, and bags fill of doorknobs do a much better job.

      This is your first time as a part of an angry mob?

  • Yeah... (Score:4, Insightful)

    by Kirk Troll (729217) on Wednesday December 03, 2003 @10:34AM (#7618458) Journal
    Apparently this reincarnation comes as an attachment offering naked photographs.

    Yeah... apparently, people are still STUPID enough to open these things. Does ANYONE out there still beleive you can get "100% free porn, just click here!" from some sleezy, unsolicited email that just redirects you to a credit card entry, despite the "free"?

    I guess so...
    • by cbreaker (561297) on Wednesday December 03, 2003 @10:38AM (#7618491) Journal
      Unfortunately, some people do..

      If you send out a million e-mails, and only .5% click your thing, then you are still getting 5,000 people to your site.

      It sucks. I hate it. People are so dispicable.
    • Re:Yeah... (Score:5, Insightful)

      by IWorkForMorons (679120) on Wednesday December 03, 2003 @10:44AM (#7618562) Journal
      people are still STUPID enough to open these things

      Because, for some people, curiousity is just too strong to resist. They know it can't be true, but they'll click it anyways "just in case". Then they'll call me to ask why their computer is all of a sudden slow, at which point I clean their system and buy a new pair of boots because my old left boot is embedded in their ass...
    • by dpbsmith (263124) on Wednesday December 03, 2003 @11:11AM (#7618828) Homepage
      It's easy to say "don't open obvious spam at all" and "never open an attachment" and "never click on a URL in an email."

      Personally, my middle-aged brain only functions at about a four-nines reliability level, meaning that if I deal with thirty pieces of email a day, about once a year I'll accidentally do something STUPID.

      Like pressing "reply" before I've finished composing my mail. Or replying to all when I only meant to reply to one. Or replying to a list when I only meant to reply to one person on a list. Or thinking that PayPal might really have sent me an email. Or opening a foreign attachment. Typically I realize that I've goofed approximately five hundred milliseconds after performing the mouse click that commits me to the imprudent action.

      (It doesn't help that I actually have real human friends who do send me email message with subject lines that are blank, or consist of the single word "Hi!" or "Meeting.")

      I am sure that you never ever do anything STUPID, and I fully agree with you that someone as STUPID as I deserves to have my computer infected with viruses.
      • The simplest rule when it comes to all forms of scams:

        Never give money to someone who initiates contact with you.

        I've had the ACLU call me on the phone. I am 99% sure that they are legitimately from the ACLU, but I won't give them a single digit of my credit card, because THEY CALLED ME.

        I kindly informed them that I would go to their (secure) website and make a donation. Of course the person calling me doesn't get their commission or whatever, but I'm following the rule.
    • dude, when you are horny enough, you'll click on ANYTHING
  • Good (Score:5, Interesting)

    by Karamchand (607798) on Wednesday December 03, 2003 @10:37AM (#7618482)
    I think this is actually a good thing because it links spammers with viruses and therefor reinforces the association "spammer = evil". Perhaps sooner or later more people (and gov. agencies and companies) see spam not just as annoyance but as attack.
    • Re:Good (Score:5, Interesting)

      by southpolesammy (150094) on Wednesday December 03, 2003 @10:46AM (#7618598) Journal
      Worse yet for them, it associates spammers and virus writers with child pornography, which is considered among the lowest of the low for crimes. If this doesn't get those in a position of power to realize the depths of depravity that these people are willing to go to, I wonder if anything will.
    • I agree that it's good that this kind of behavior demonstrates to the less technically literate people in our society that the spammers are not just "eagar entrepreneurs", but that they are (as another post put it) slowly becoming a form of organized crime.

      The bad side of these developments is that the spammers have created a job market for virus writers.

      Some of them are probably being paid enough to make a living off of their destructive skills, which means they have more time to dedicate to making parti
  • by Steve 'Rim' Jobs (728708) on Wednesday December 03, 2003 @10:37AM (#7618484) Journal
    Seriously, I dislike spammers as much as the next guy, but immediately saying this is the work of a spammer is stretching it just a bit. For all we know the person behind the worm has nothing to do with spam.
  • Anti-DDOS (Score:5, Interesting)

    by Angram (517383) on Wednesday December 03, 2003 @10:38AM (#7618487)
    Isn't there some way to distribute the anti-spam sites/lists so that a DDOS attack can't take it out? All that's needed is a simple neural net-style system - redundancy and distributed content (which the internet makes simple) could solve this sort of problem, at least for now.
    • I'm definitely not an expert on this topic, but hey, this is /. and everyone gets their $0.02, so here goes. A spam blacklist needs to be up to date. Every time someone tries to add to that list, the update would need to be pushed out to all of the nodes on the net. And all of the machines using that blacklist would still need to get the updated blacklist from one of those nodes, so they'd need to connect to some central server to at least be redirected to one of those nodes. So some central server stil
      • You don't need every node to have all of the info. If you distribute it, you can have overlapping info, and make a minimum/maximum of nodes containing the same info (i.e. 3-5 occurances of each blacklisted server).

        Perhaps the central server (if necessary) could use authentication measures to block DDOS attacks.
  • by gxv (577982) on Wednesday December 03, 2003 @10:39AM (#7618509)
    If law enforcements agencies cannot handle the problem it's time for the Wild West solutions. And it seems we have to be the sheriffs. Let's fight those bastards with their own methods. They claiumed OUR network, they use it for their own dirty purposes. And they try to 'kill' those who fight with them. We're the majority. Law & order people! DDoS DDoSers. Kill spammers!

    Ok. This is bad idea. But what else we can do?
    • yes it is a bad idea.

      it's the double edged sword. if you go after them you get sued (see SPAM-rage from a couple of days ago) and they get nothing against them.

      do what i do. when someone blindly asks you to "fix" their computer install AV, Ad/spy removal SW, and net nanny. you could even go a bit further and install anti-SPAM SW and a firewall. or if your overly zealous remove the administrator right from that user. Or just add a reg key entry to stop outlook, outlook express, and IE from running and repl
  • Focus (Score:3, Interesting)

    by Space cowboy (13680) on Wednesday December 03, 2003 @10:41AM (#7618527) Journal

    Virus experts said the outbreak was light compared to the rash of worms and viruses that plagued the Internet last summner. "We have had reports in the dozens, not in the hundreds," said Graham Cluely, senior technology consultant for Sophos

    Yes, but when those virii are targetting one machine instead of the internet as a whole, it makes something of a difference, Graham...

    Simon
  • It gets worse - (Score:5, Interesting)

    by m4ilm4n (574136) on Wednesday December 03, 2003 @10:43AM (#7618544)
    I've just received a fake "mailer daemon" rejection message with a viral attachment; although my a/v program caught it, I can see this tactic catching even the most suspicious of us...
  • by LilJC (680315) on Wednesday December 03, 2003 @10:45AM (#7618571)
    We all know the practice of creating an email account, leaving it hidden online somewhere or posting it and telling people not to use it in an effort to get email we are sure is not legitimate. If this works, let's take it a step farther.

    Mastercard, wait, even better AmEx issues a card with the same idea. The card is used once in response to a single spam. The card is then cut up but not cancelled. Hand the card numbers and the billing address over on a platter.

    When the card is used again, set your phasers to sue. The beneficiary of the card's usage can either be charged with fraud, etc. or roll on their superior. Pass the buck up the ladder until you can jail a spammer not on the basis of spam but of felony(ies).

    Of course, this assumes that you can find a "member magnifier" offer that isn't even looking to send you Sucrosa. Still, it might be worth a shot as a low-cost investment with a good potential for a high yield.

    The same idea could be used for eBay and PayPal scams. It's not as if none of us have gotten those "Please enter your password in this email and click submit button" spams. I wonder if this is already done. I'm a smart guy, but I'm still just another geek on /.. It seems some well-compensated theft prevention exec would have started doing this a long time ago if it would work. Though honestly, I don't see any problems with it myself.

    • by duffbeer703 (177751) on Wednesday December 03, 2003 @10:52AM (#7618639)
      Great idea!

      Now try to find a team of lawyers that can successfully prosecute such a case in Romania, China or Russia!

      These sorts of scams generally do not originate in places like the US or UK.
    • by Patoski (121455) on Wednesday December 03, 2003 @11:11AM (#7618822) Homepage Journal
      We all know the practice of creating an email account, leaving it hidden online somewhere or posting it and telling people not to use it in an effort to get email we are sure is not legitimate. If this works, let's take it a step farther.

      Mastercard, wait, even better AmEx issues a card with the same idea. The card is used once in response to a single spam. The card is then cut up but not cancelled. Hand the card numbers and the billing address over on a platter.


      Something similar to what you describe is already available via Sneakemail [sneakemail.com]. The concept is that they create a sneakemail.com email aliases to your real email account. So you create a label for each company who requests your email. So you would create a label called "Amazon.com" would be a good example. Sneakemail generates a unique @sneakemail.com email address for you to give Amazon.com. Sneakmail will then forward all mail to your real email address unless you tell it not to. You can easily see who is sending you spam by looking at who an email is addressed to (the foo@sneakemail.com address). You can also block an email alias so the sender gets a bounce notice when they try to spam you. There are other more complex rules you can use but that's the basic idea.

      -Pato
  • by Walterk (124748)
    Another nasty virus. Of course I personally am not worried one bit, since I don't run any MS software on any of my computers, but my mother's business depends on Windows. She uses Word and Finale [codamusic.com] for her music ventures. However she also uses Outlook for her mail.

    Is now a good time to upgrade to OS X? I would like this, since it would allow for better remote administration for when her system goes "loopy". Or should I just make her use Mozilla for mail?
  • Funny (Score:3, Interesting)

    by wampus (1932) on Wednesday December 03, 2003 @10:48AM (#7618607)
    As much as I hate spam and worms and such, that is too funny. Some dumb bastard tries to get the free pr0n from the email, gets infected, then gets scared to death because they lock you up for a LONG time for possessing kiddy pr0n.
    Maybe this is vigilante spam, using the scared straight theory. Next time Joe Sixpack tries to look at the free pr0n, a little voice will pop up and remind him of what happened LAST time.
    • Maybe this is vigilante spam, using the scared straight theory.

      Or maybe this isn't. What better way to make sure people don't get any sort of police agency or even their ISP involved in investigating spam then to send them kiddie pr0n and make it look like they asked for it? No one is going to incriminate themselves like that. If they did, they'd probably be locked up during the investigation of their involvement. And whether you did it on purpose or not doesn't matter. Once you're in jail, a whole
  • by orangenormal (728999) on Wednesday December 03, 2003 @10:48AM (#7618609)

    Once infected, a follow-up e-mail is sent to the user stating that a CD containing child pornography will be delivered to their postal address.

    This would scare the living daylights out of my mother if she were infected by this trojan/worm.

    I think part of the problem with computer security nowadays is that home users believe that anything is possible. Computers are still far too mysterious to the average user; I'll bet you dimes to dollars many users will think this CD mailing scare is real. Unless email and antivirus vendors do something to educate homes users, what's to stop the next virus from saying "open this attachment or we'll send illegal merchandise to your door?"

    Spammers, even benign ones, thrive on the naivety of home users. I still haven't received my cheque from Bill Gates and Walt Disney Jr...

  • by Kombat (93720) <kombat@kombat.org> on Wednesday December 03, 2003 @10:48AM (#7618612) Homepage

    What they're doing amounts to terrorism (at least, under today's NewSpeak definition of "Terrorism"). Why are the authorities not trying to track these guys down? How hard can it be? It is extremely difficult to completely cover your tracks on the net. You find out where an email came from. Track it back to the ISP. Find out where it came from. Track it back to the next ISP. Check their logs. Continue until you get to a modem pool/DSL connection. There's your guy.

    Are they all outside the country? Will those foreign ISPs not cooperate? Why is this so common?
  • by RT Alec (608475) * <alec@NOspaM.slashdot.chuckle.com> on Wednesday December 03, 2003 @10:50AM (#7618629) Homepage Journal

    This is getting ridiculous. All of these worms/viruses of late have their own SMTP engine built in, and connect directly to external SMTP servers to spread their payload. ISP's (and businesses that provide access to internal workstations) need to block access to external SMTP servers! In particular, block egress port 25 from the network.

    So you will ask, "But then how will I use my company's or other SMTP servers from home?" Easy, the port used for initial mail submission (IMS) should be set to a different port altogether. IMS and mail transport are different activities and should be treated as such. Use SMTP+AUTH+SSL, run it on port 465, and everybody is happy (except spammers and virus authors).

    "But I want to run my own server on my dial-up or other consumer level account!" Contact your ISP and see if you can get a static IP address. SMTP servers should be on static IPs, that way bounces and other system messages can be routed properly. Check the AUP of your ISP, you might be prohibited from running a server on your account (find another ISP, or use the tip above to use a different SMTP server).

    To do otherwise is to continue to be part of the problem, not part of the solution.

    • SMTP servers should be on static IPs
      Certainly not. Just because some abuse comes from residential (cable/DSL) connections doesn't mean the proper approach is to block all such hosts from making standard TCP/IP connections. SMTP allows any IP host to transfer mail to any other IP host. Blocking all such traffic because of fear of worms is short-sighted and helps destroy Internet communications.
      • by RT Alec (608475) * <alec@NOspaM.slashdot.chuckle.com> on Wednesday December 03, 2003 @11:34AM (#7619085) Homepage Journal
        SMTP allows any IP host to transfer mail to any other IP host

        That's exactly the problem. Mail is not supposed to be transmitted from any IP host to any IP host. The way it is supposed to work is:

        1. End user submits mail to their SMTP server
        2. SMTP server queues the mail, looks up the MX hosts of the recipient, and attempts delivery (this step may take time, due to internet congestion, etc.)
        3. Recipient's SMTP server receives the message (possibly from a backup MX host)
        4. SMTP server delivers the message to recipient's POP/IMAP/etc. server (maybe Exchange)
        5. Recipient accesses message using their e-mail client (Pine, Outlook, Eudora, Mozilla, etc.)
        In particular, the message is not sent directly from the sender to the recipient! That won't work-- what if the recipient's workstation is off? What if the recipient uses several different computers (devices) to access their mail? SMTP was reasonably well thought out, the only problems realy are that IMS and mail transport were originaly designated to use the same port, and there was no encryption or authentication built in. Now with SMTP+SSL+AUTH, and IMS on an alternate port, it is pretty robust.
    • For what it's worth, my ISP [fuse.net] has done exactly what you say for their dynamic IP customers. (Blocked outbound port 25 connections to all IPs but their mailservers.) It bugged me at first, but I set up my company's mailserver to listen on port 26 as well as 25, and now I can still relay my outbound mail. (No, we're not an open relay, don't bother trying.)

      Static IP accounts can still make outbound port 25 connections, as it should be. All in all it makes sense.
  • I never really understood why someone didn't just contact the CC companies and get a really low limit on their credit cards. Hell, even TELL them that you're going to use it for "verification purposes" online, so that you'd want to know who tried to charge money to it. I don't know if you can, but ask them to keep track of where it was rejected.

    Enter the number once, and watch the traceable info for spammers / people that buy this information just ROLL in.

    It may be time-consuming, but so is this battle
  • by doon (23278) on Wednesday December 03, 2003 @10:55AM (#7618671) Homepage
    As others have pointed out, this attack vector isn't persea the software that user is running. The attack vector is the user, the old PEBKAC (Problem Exists Between Keyboard and Chair), which has been showing up as the resolution to many tickets in our troubleticket system.

    The problem is no matter what we do, we can't prevent our users from shooting themselves in the foot. We rename attachments (.exe becomes _exe). We deny .com, .pif, .bat, tell them to keep their anti-virus software up to date, don't run strange attachments, and still we get this. At least we have started running all our outbound mail through AV scanning, and that cuts down on a bunch of the crap, but we still can't keep them from going "ooh shiny...." Click!. Until our users figure out that the computer is a little more dificult to use than their VCR (I don't want to get started on ease of use/convience vs security etc.. but when was the last time you played a movie, and you DDOS'd M$), and they actually need to be mindful of what they use/do on it, "bad people" will always be able to do bad things.

    Then again these users are the same people that would call up the phone company complaining of $600+ phone bills to the Caribbean, etc... When you ask them if they have downloaded any programs that offer free "porn" they get all defensive, etc... A quick look at their computer shows tons of those dialer type apps that are making the equiv of 900 (in the US) type calls over seas, and they don't realize it.

    For the record, my users would be the users of the ISP that I admin for...
  • by Tom (822)
    Sad but true: People in general don't care until the disaster is there, not just predicted.

    I've been trying to get my company to do something about spam (we're an ISP). The more serious, offensive, and aggressive spammers become, the higher my chances that someone up in management will get off his lazy ass and decide that it just might be worth it to do something.

  • If you're using renattach [pc-tools.net] on your server to filter attachments, just use the following in your renattach.conf to bitbucket this virus:
    banned_files = wendy.zip/k
  • by rcastro0 (241450) on Wednesday December 03, 2003 @11:04AM (#7618757) Homepage
    Leave Spammers with nothing to win.

    The interesting thing is that for Spam to make any sense, it has to get people to pay real money. Thus any profit making Spam will give away a payment trail. So, if I may ask why in the world no authority goes after whoever sells through SPAM ?

    Standard answers:
    1) They will move offshore
    (my reply, yes, but how will they get a payment if not through Visa/Amex/MC or other major intl institution)

    2) There will be "false positives"
    (I am not so sure about this one. One line of thought is that punishment may be directed to the profit coming from an Spam event, so if innocent sites make money w/out Spam they won't be very hurt. For instance, say spammers send Spam in the name of Amazon.com -- amazon might need to forfeit extra sales attributed to unusual traffic/sales in that period, attributable to the action of Spammers, if they bighugeenlargement.com doesn't have any traffic normally, they should be blown out of the water )

    3) Costs of enforcement will be too high
    Perhaps. But what are governments for ? If OKOKRIM can worry about persecuting 15 year old computer wizards [slashdot.org], and the DoD can worry about persecuting a 66 year old dictator [iraqi-mission.org], why can't someone go after Mr. Joe Spammer and his clients ?

  • Too evil? (Score:3, Insightful)

    by Dracolytch (714699) on Wednesday December 03, 2003 @11:08AM (#7618792) Homepage
    Hey guys,
    Just something to think about: This article talks about spammers along with references to not only spam, but destruction of anti-spam, virii, pornography, theft, identity theft, and child pornography. The only way they could really make spammers look any worse is if they labeled them as baby rapists.

    While it could be true, it's beginning to sound like propaganda, intending to make these guys look more Evil than life. Think about the article's motivation, author, and target audience. Be careful, there may be something more going on than what we see on the surface.

    ~D http://www.dracosoftware.com [dracosoftware.com]
    • Re:Too evil? (Score:5, Interesting)

      by Zak3056 (69287) on Wednesday December 03, 2003 @11:36AM (#7619118) Journal
      Just something to think about: This article talks about spammers along with references to not only spam, but destruction of anti-spam, virii, pornography, theft, identity theft, and child pornography. The only way they could really make spammers look any worse is if they labeled them as baby rapists.

      While it could be true, it's beginning to sound like propaganda, intending to make these guys look more Evil than life. Think about the article's motivation, author, and target audience. Be careful, there may be something more going on than what we see on the surface.


      You DON'T HAVE TO make this kind of stuff up--the spammers are more than happy to provide the real thing!

      The virus in question (mimail.L) offers porn, claims to be sending you child porn, attacks anti-spam sites, and tries to associate those anti-spam domains AS CRIMINALS in the minds of the target.

      What do you WANT the article to say? That these spammers/virus writers are misunderstood, because they had poor childhoods and their mothers didn't like them?

      Take off the tinfoil and open your damn eyes.

  • DIE SPAMMER DIE! (Score:5, Interesting)

    by BubbaTheBarbarian (316027) on Wednesday December 03, 2003 @11:14AM (#7618861) Journal
    Cannot resist this one...

    OK kids, sit down and let uncle bubba explain this one for you. One, if you see something once, it might be a coincidence. Twice means that maybe lighting is hitting the outhouse twice. This is the third one of these, and with each successive version, the methods and operations of the virus are getting more effective and efficient. That means at least two developers were able to reverse engineer and increase the efficiency of the payload of the virus, OR someone is monitoring what is going on and making improvements. Tell you what, I will let you think about that one for a sec...

    We also have the comments from the spammers themselves. Many have come out into the open and said that anti-spam orgs declared war on them, and that they would fight back. Do you honestly think that this is just a chance happening?

    I guess it could be, I mean, you could have some slashdotter waging a disinformation campaign targeting anti-spammers to piss everyone off...

    Oh, and too the nuts want to sue Microsoft under the same pretenses as suing gun manufactures...dude, spammers are equal opportunity abusers...they are abusing open protocols as much as they are using OS holes to propagate this crap. So unless you want to sue Berkley or something like that...

    Spammers evil...viruses evil...censorship evil...censoring spam ev...WAIT!...good...

    "We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns -- the ones we don't know we don't know."
  • why blame spam? (Score:4, Interesting)

    by gunfinger (729227) on Wednesday December 03, 2003 @11:17AM (#7618906) Homepage
    i have yet to see anyone point out WHY spam is actually as effective as it is -- people buy into it!

    if spam wasn't a money-maker, spammers wouldn't exist, it's as simple as that. just like if diets weren't such a huge industry, you wouldn't be seeing posters on how you could lose 30lbs in 30 days plastered all over your city (the birth of spam, might i add).

    if all these men just stopped caring about the size of their weenies, spam would take a huge hit. if we'd all be a bit smarter and not even consider clicking on insurance / any financial links in spam, that market would also take a huge hit. and if we were all more passionate with our partners then that takes care of goat / bestiality porn. the 'barely legal' crap, you have to deal with on your own. that's just wrong.

    honeypots, bayesian filters, spam blockers, LAWS... so much time, effort and money is being put into something that will only be solved once we start dealing with our own insecurities / needs.
  • by Anonymous Coward on Wednesday December 03, 2003 @11:48AM (#7619256)
    but some of these "Blacklist" organizations are not trying to help eliminate spam, or even block it, they are trying to _make money_.

    <rant>
    MAPS is one of them, and unfortunately I've been dealing with this problem first hand. I just installed a new server and out of the box Apache2 was setup to be an open proxy. It didn't take more then an hour or two before the IP was listed on MAPS-OPS. This is fine. However I promptly closed the proxy and notified them. What did they tell me, they sent me some canned email that told me to close the proxy.

    Alright, so I double check again, I search google for open proxy testers, run them, they all return negative, I look at the MAPS "test report", all it says is:

    IP: closed
    IP: test finished.

    Looks to me like the proxy is closed. I email them again, to say the proxy is closed, unless you can give me other details, your own test results seem to confirm this, whats going on?! They reply back saying their open proxy test is robust, advanced, and proprietary, therefore they can not give me any information regarding the test. Not only that, they want me to show what I did to close the proxy, and prove to them that I am the server administrator! Oh, and the best part, they want the email to come from abuse@<blocked_IP> or postmaster@<blocked_IP>.

    Well, for one I can't email them from those addresses because THEY BLOCKED ME! For two, how can I prove I'm the server administrator? The email address I'am using to contact them is listed in the whois record for the domain as the "admin contact". Thats not good enough though apparently. What do they want, a digital photo of me standing beside the server with a big "anti-spam" sticker on it?

    Thats the last I heard from them, they blocked me from filling out there "remove me from the list" form. Nice.

    If every open relay and proxy in the world was closed at this minute, MAPS would go out of business, therefore they have absolutely no interest in removing people from their list.
    </rant>
  • by tomato (66378) on Wednesday December 03, 2003 @04:50PM (#7622410)
    Spammers do indeed have a weak point. They are dependent on procesing their payments via credit card companies.

    I once tried to set up an online business that would accept payment via credit card. To set up a trading account, you have to jump through all sorts of hoops and rules. It's not cheap or easy. The credit card comapnies cheak who you are quite rigourously before they will give you a business trading account.

    Part of their rules is that the trader must clearly identify theirself/the business when making a sale.

    There are only a very few credit card companies - amex, visa, mastercard, mbna, that covers about 80% of the market.

    I'm not quite sure how to go about informing the credit card comanies that you have received an illegal credit card payment request. Perhaps you could send the spam to them, or the url of the actual webpage where it asks to fill in your credit card numbers.

    For the desperate, you could actually pay something, maybe using a spare card that you never use, then at once inform the credit card company of the situation, requesting a refund, and giving them relevant details, e.g. the website with the unlawful request on it, so that they will place a black mark against the trading account of the spammer.

    Too many of them and they will close his trading account. With the resources that credit card companies have for checking on background, its gonna be bloody hard for the spammer to reopen new acocunt, especially as lying for the purposes of getting a trading account is something that the police take REALLY seriously...

    (close your card or keep an eye out for any further withdrawals from your account and instantly notify the credit card company - they will then know the spammer's been passing around your details and have his address on file - more charges for the police to use)

    What do you think of this method?

    -tomato

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.

Working...