Anti-Spammers Infiltrate Private Online Spam Clubs

Angry_Admin writes " Spammers are now trying to find out which antispammers have infiltrated their ranks and are sharing "sensitive" info with fellow antispammers. According to the story at The Register: 'Online spammer forums like the Pro Bulk Club the Bulk Club and bulkmails.org have been gatecrashed by activists from organisations like Spamhaus. Steve Linford of Spamhaus said spammers know this already but they don't know who amongst their number is working for the other side. In theory the members-only forums of these sites is accessible only by invitation and only to individuals who have a proven track record in spamming. Apart from playing with the paranoia of spammers, the undercover investigation cast light on the latest spammer techniques.' Hopefully the spammers aren't that bright and the antispammers stick around long enough to bring them down."

What now?

[Jonny_eh]

Sorry if this sounds like a flame but, what good is it? I guess it's pretty cool but will this actually be helpful? Kudos to the l33t guys who got in, I guess.

Re:James Bond of the Spam world?

[schon]

I wonder how they got in if it's invitation only.

One would assume they got invited. :o)

Seriously, only "known" spammers get invites - but the question is - what constitutes "known"?

How hard would it be for an anti-spammer to set up a bogus online identity, list themselves as spammers, and then sent spam-like emails to the spammers' email addresses, and then wait for an invite?

Not so bright Spammers

[sameerdesai]

"Hopefully the spammers aren't that bright and the antispammers stick around long enough to bring them down." Yea right!! Do you imply everyone is so stupid to get spammed everyday and can't stop these "not so bright" spammers.

invitations?

[Cska Sofia]

I'd surely like to know how these people figure out where to send invitations to spammers. I have a mailbox heaving with spam, just begging to be returned to sender...

Bundled spamware and spyware

[Bonewalker]

This isn't one hundred percent on topic, but I wish someone could answer this question. Why would producers of legitimate software, e.g. Kazaa, Weatherbug, etc. bundle their stuff with known spamware, ad-serving crap, and general spyware bullshit? Don't they realize that before long users will figure out where it is coming from and then stop downloading and installing their software all together? What kind of fees do they usually command for allowing this type of bundling?

Re:Don't doubt the Spammers IQ

[mobiux]

You don't have to be smart to be a spammer
You just have to lack morals in general.

I think that it actually shows that the anti-spammer is winning. Spammers have to resort to trojanned machines and illegal tactics to get thier job done.

Which makes me wonder, if it were a wild west situation where anything goes, and anti-spammers were allows to break the law in the same manner, would these spammers still be in business, or would there basically be a bounty on the heads of spammers.

Re:James Bond of the Spam world?

[Anonymous Coward]

This begs the question: If you're a top-notch spammer, how can you build a reputation? Isn't staying anonymous part of being a pro?

why does Mandrake open a port 80 proxy?

[SethJohnson]

I just noticed the other day, when Slashdot stopped accepting my posts due to an open proxy on my IP, that my Mandrake 9.2 installation had some kind of proxy configured in Apache. What in the hell? Why does the default installation of Makdrake do this? Absolutely ridiculous. I had also installed it at work and had to disable it there, too.

Not that this is directly pertinent to spamming, but it is a built-in security hole that allows criminals to use default mandrake webservers as conduits for nefarious deeds.

Re:hmmm

[LWATCDR]

Interesting nit to pick.
The people of Germany did very little to stop the Nazis. Silence is consent is a very old principle of law. If you know someone is going to kill someone but you do nothing to stop it, you are an accessory to that crime.

While the vast majority of Germans have no guilt in this mannor because they where children or not even born yet. A very large number of German adults and I would even say a majority knew what was happening. I would say that German in this context is a fair use of the word. Nazi would work as well.
BTW my father servied in the US Army in Germany in the 50s. He loved the German people but could never understand how they let Nazis come to power and do the things they did.

Re:Not just a tree house club

[waterwheel]

I believe spammers in many cases make their money by collecting a portion of sales. So in that sense, it's normal enterprise and must work for some industries. And I'm sure it still works in the drugs/sex industries.

They can resell the list as many times as they want, by my email I'd guess some of these are being sold dozens of times every day. Plus, when one customer drops off, there's probably two more waiting to take their place. $XX for 10 million email addresses just sounds too good for many people.

I've had customers ask me about this, and I've had customers send out spam - they've told me they did. Of course, it wasn't spam, it was a double opt in list. Really? you've got a million people's emails who asked to be sent important information on life insurance? Nevertheless, some continue to try it once. And the new customers I'm sure are substantial.

Re:Not just a tree house club

[maximilln]

I can't say that I am impressed by the knee-jerk responses of "the revenue comes from the people who buy the stuff." Clearly there's a statistical chance that the profit from this junk feeds the machine but, if that were so, the spam machine would be little more than the local flea market. As we all know the spammers can often be very upscale and sophisticated sometimes have multiple server and router banks with which to turn on and off IP address ranges as they get caught, targeted, shut down, or blacklisted.

So the question remains: Where really does the funding for this stuff come from?

People are going to slam me for presenting this possibility and, well, bring it on. Personally, I think that a good amount of spam is funded by us--you and me. Go ahead. Get enraged. Gnash your teeth. Call me a paranoid hippie tree loving freak. I could give a shit.

Face reality. It's a business game. A good portion of the taxpayer subsidized/backed loans for technological advancement and small business loans probably go to shmucks like this. These are people who are buddy-buddy with politicians and existing business heads. These are the people who sit on top of brokerage houses and know where to get the startup funding. These are people who have been proven time and again to have no scruples about working over every pyramid scheme possible to get their hands on your money. These are people who can conjure up numbers generated from spam mailings, work the statistical analysis over to their favor, and pitch it to some new investment broker who is scraping to fill his quota and willing to take a chance. Whose money is he willing to take a chance with? Why, once again its yours and mine. 401k funds, IRA funds, generic stock investment funds.

Go ahead. Say its not possible. Mod me down as stupid. If anyone could ever really use the FOIA and manage to get enough of the tax records from these spam organizations to track it all down you can bet that I'm right.

Go on. Get mad. Come on... you know you can do it... be mad at me for being the messenger... let it all out.

I can take it.

Re:Not just a tree house club

[Uma Thurman]

The money might come in part from laundering. There's really nothing to show that you didn't do $100,000,000 of business in a year, when you might have really done $1000. The balance of the fictional business on the books might actually be sourced in illegal drug, gambling, or terrorism money.

John Ashcroft should lay off the Internet bong sellers and the purveyors of porn. If he wants to hit the terrorists in the wallet, he'll close down all the money laundering possibilities that exist. Spam operations are a huge gaping hole that everyone seems to be ignoring.

I heard of something like this once...

[tokachu(k)]

Sometime back in 2002, a guy who worked for LeadClick (a spamhaus) downloaded a file called

"teen sex.mpg.scr"

(notice the extension) that turned out to be a backdoor. The screen shots are somewhere on Freenet [freenetproject.org] (you have to download and run Freenet first).

What the screenshots reveal are, to say the least, scary. It turns out that an employee named "Greg" (greg@leadclick.com), who works as an e-mail harvesting database manager, also manages databases for SpamCop!

I kid you not. A spammer who works for SpamCop. I can't post links to the freesite (that's kinda pointless), but at least the incriminating screenshots are safe on Freenet.

Re:Honor among thieves?

[Vexler]

It's interesting the reasons that some people would resort to spam. In an article recently on Tech Republic, the author interviewed several spammers on the reason(s) they started out as spammers. One had college tuitions to pay off, another just wants quick cash with no regards as to what topics are/aren't off-limits. When you consider why people spam, the knowledge can be used against them in one way or another.

Now that you mention it ...

[Daniel Dvorkin]

I was at a party the other night and got into a conversation with a guy who wanted some advice from me, as a Web developer, on setting up a commercial Web site. At first the conversation was pretty normal -- we talked about the choice of servers, languages, back-end databases, etc. Then he asked me, "How can I make sure people go to my site?"

So I talked about Google PageRank, targeted vs. untargeted advertising, making his site attractive enough to inspire users to stay on it, making sure it's simple enough that it loads quickly and works on different browsers, etc. And he seemed to be listening, but after a while he asked me, "No, I mean when I send people e-mail advertising my site, how do I make sure they go to it?"

I had to talk to him for a while to make sure he was saying what I thought he was saying, but after a while it became pretty clear that the deal is this: he's going to be running a site selling Brazilian sex tours, and he wants to know how to send spam that will a) get people to go to his site, and b) get through spam filters.

Needless to say, the conversation didn't last long after that, but it did provide some insight into the mind of the spammer. He really didn't see anything wrong with spamming, or even with trying to be deceptive to get past spam filters. As far as he's concerned, he's selling a service people will want if only he can get his message through. I'd say he was an aggressively normal guy -- a bit of a yuppie, with a backwards baseball cap and a lite (sic) beer, definitely not a geek, probably watches lots of football and drives an SUV.

These are the people who are crapflooding your mailbox. They're not mysterious creeps living in caves. They're your neighbors. Be aware. Eternal vigilance is the price of liberty ...

What would be nice...

[bobsled]

...would be to have a way to break into these open relays and infected/zombie/otherwise compromised PC's and disable relaying... but whoever tried would certainly get busted...or the opposite effect would take palce - something like the virus that was written to get rid of a virus (was it to get rid of Blaster? Can't recall... too many brain cells gone...)...more harm done than good...

Of course, even if possible, it would probably be like trying to kill fire ants one at a time...
(tedious and VERY painful). Maybe if we could just find the queen spammer...

SPAM = DDOS

[DrugCheese]

Just a random thought:
Isn't this just a distributed denial of service attack on my inbox?

I have seen the enemy, and they are ... Us

[EvilTwinSkippy]

Hi, I once wrote a bulk mailer for a DotCom. I was young. I needed the money. They collected addresses the old fashioned way: free stuff. People would be more than happy to fill out a little questionaire for a discount drink, or (gasp) to get ONTO the mailing list.

To my credit I had written into the system a very simple and effective opt-out. Click, click, we were out of your life. Everyone on the list had taken the time to fill something out to get on the list. It wasn't really spam.

At least that's what I tell the voice in my head.

I also wrote the web statistic reporting engine, so I do know that pageviews to the website would skyrocket following a bulk mail. And no, most of the traffic wasn't for the "opt out" bin.

This was back in '98, when spam was a joke, not a fact of life. I recently turned down a job reverse engineering a web-database of a certain annoying industry to generate targetted mailing lists.

And that was from my brother.

Why has nobody paid any attention to this?

[ZuperDee]

In my opinion, AMTP could solve some of our troubles [bw.org]. If you had to be authorized to use a mail server, and if your route had to be verified as correct, I bet it could cut down on spam by at LEAST 50% or more. It might not eliminate the problem entirely, but even 50% would be a huge improvement. It might also make other spam-fighting tools like blacklisting more effective, the discovery of spam origins easier, and therefore, make it easier to prosecute spammers.

Sure, it might be a small blow to annonymity, but I say, so be it. If we are going to make any headway on the spam problem, we MUST be able to hold people accountable for abuses of mail servers. Unfortunately, accountability cannot be achieved without some sacrifices in anonymity guarantees. I think that ANY real solution must ultimately be a tradeoff between anonymity and accountability, and the sooner we realize this, the sooner we can start making any real headway. PERIOD.

Can they invite other covert anti-spammers?

[billstewart]

Once a couple of anti-spammers get into one of these clubs, can they go conspire to invite other anti-spammers, or "trusted" writers of "31337" spamware products which leak out useful information (e.g. it does send the spam but it also sends a message to Spamhaus with the IP address and to Vipul's Razor with the message signature?)

Strategies

[azav]

I was thinking about this.

If a spammer is a repeated spammer, some of the reporting services like spamcop should report them to their registrar. The registrar should revoke their domain and point their domain to a page explaining why this page is unavailable.

If the registrar does not revoke their domain, the registrar should have their operation suspended by the master registrar.

If a registrar has a habit of being a registrar for spammers, they will be shut down.

This seems able to shut down spammers and if this process is fit into the business model of a registrar, may be able to make it more difficult for these assholes to do business.

Re:If only the people who READ spam weren't so stu

[bhmit1]

Unfortunately, that specific mob of suckers that clicks on the spam messages isn't reading slashdot (we happen to be a completely different mob of suckers) and it's doubtful that they even know a "dot head". Therefore, telling us they should know better isn't going to do the least bit of good.

On the other hand, a different old argument would be appropriate for this group. Simply go to all those URL's (by retyping the top level url, clicking on them probably sends them a key to identify your email address), and submit lots and lots of fake orders. Heck, automate it if you can, with some kind of randomizer that picks odd names from a list so there's no easy way for the spammers to filter them out, and even better if you can impersonate a large network. Suddenly, to get one legit customer, you have to go through thousands of pieces of crap, and the business model no longer works.

Now, if someone could make a distribute app that accepts some kind of template (go to this url, put a name here, cc number there, etc) to automatically fill in and bang on a spam supported site, I'd be more than happy to run it.

Re:hmmm On picking nits.

[corbettw]

For fairness it should be noted that the US had, and has, concentration camps.

Stricly speaking, the Japanese-Americans (some were actual citizens, some weren't) in WW2 were held in internment camps, not concentration camps. There's a world of difference between the two.

That's not to excuse the locking up of those immigrants during WW2, but they weren't (purposefully) worked to death or marched into ovens.

Heck, if you want vigilante justice...

[jhantin]

why not tap into the vast nets of compromised machines yourself, to distributedly spam the spammers' order forms with false orders? The spammers' own weapons turned against them... there's something fitting about that.

Unfortunately, that way lies madness, federal marshals, and another spiraling arms race -- and in any arms race worthy of the title, the only winners are the arms dealers.

Cumulative effects

[adb]

Quick ethics quiz: if I send out a thousand spams, each of which reaches ten million people and wastes ten seconds of their lives (between deleting and earning the money to pay the marginal cost of services to deal with my shit), I've wasted over three thousand man-years of other people's time. Given that the average human lifespan is on the order of 100 years, am I

(a) better than,
(b) worse than, or
(c) about the same as

someone who murders 30 people?

Please explain your answer in a detailed but concise fashion.

Re:I have seen the enemy, and they are ... Us

[Anonymous Coward]

I built a large mail cluster for a spam company. The company does have a way to opt out of the emails, and only send to people that have opted in (albeit some of it is likely deceptive).

But, they paid me $6k for one day of work. Tell me you wouldn't do it for a single day of work. $6k under the table is a lot of money. I figured they were going to have it set up with or without me, and I might as well get some money out of the slimy bastards as repayment for filling my mailbox with shit.

Re:Cumulative effects

[Bombcar]

I would argue that you are better than Mr. Axe murderer (of the 30th degree).

Why? Because ethics isn't measured by hours of time lost. If it was, then traffic jams "kill" 15,000 people a year! (66 hours a person, say 150 million commuters).

In fact, we can think of spam as traffic jams of the internet. And I bet people spend much more time in traffic than deleting spam.

Also, the harm is spread out amongst people, just like insurance spreads about the cost of living amongst people.

That doesn't mean spam is OK, but it is not murder by any stretch of the imagination.

But it is most likely fraud, and is annoying.

You CAN make money with 900 numbers...

[Cyno01]

Old phreaking scam. Get yourself a nice 900 number, charge like $10 a minute or some obscene amount like that. Post it on the internet (BBSs at the time) to give it some legitimacy, then beige box a buncha houses (homeade linemans handset into the exterior TNI) to your 900 number, kaching!

Re:Not just a tree house club

[Eric S. Smith]

The filter-poisoning junk appended to spam messages [...] is a perfect terrorist comm channel that is effectively immune to traffic analysis (i.e. there's no way to identify the intended recipient).

I was reluctant to mention this when it first occurred to me, but after thinking it through I'm morally certain that terrorists have already figured this out.

There's an awful lot of overhead in that approach, and it seems to me that it's unreliable. For it to work, you would need:

1. an agreed-upon set of code words -- could fall into enemy hands.
2. the ability to send spam reliably -- if you test, you risk getting shut down; if you don't test, you risk failure at an important moment.
3. an excuse to send spam -- probably not a major problem, since a ficticious product or some random Web site would presumably suffice.
4. the ability to receive spam reliably -- if your operatives don't see the encoded message, they can't act on it.

Using code spam complicates existing tricks like "numbers stations" on short-wave, coded classified ads in major publications, dead drops, plain old clandestine meetings, and spoken messages passed from a guy who knows a guy who knows somebody.

A few layers of no-tech sneakiness are bound to isolate the people at the top from everyone else, in any case.