The Gang Behind the World's Largest Spam Botnet 58
tsu doh nimh writes "A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. Brian Krebs uncovers fascinating information about a hacker named 'GeRa' who is supposedly behind the Grum botnet, which is currently sending about one out of every three spam emails worldwide. The story also points to several possible real-identities behind the Internet's largest spam machine."
Priorities (Score:5, Insightful)
MegaUpload: Some people love it, some people hate it. Most of their damage (much of it alleged) is limited to a single industry and affects a tiny percentage of their bottom line
Global Botnets: Universally hated with very real damage caused in terms of time spent, infrastructure upgrades, spam filtering, etc, plus I'm sure a lot of that spam is also used for phishing and other activities that cause further damage. It affects pretty much every company and individual with any sort of online presence. I don't have any numbers, but I imagine the cost of spam botnets cause damage that's at least an order of magnitude greater than what copyright infringement is even claimed to be (nevermind the smaller amount it actually is).
But hey, glad we took down the one that also served legal uses.
Re:Priorities (Score:5, Insightful)
Re:Priorities (Score:4, Insightful)
My guess is that the credit card companies that are collecting processing fees for the actual purchases don't mind the extra business.
Re:Priorities (Score:5, Insightful)
Re: (Score:3)
I've been saying that to anyone that cared to listen for years. As long as Visa/MC/the banks/processors get their cuts and the chargeback level stays low, they do not care who or what is transacting.
Re: (Score:2)
Still, aren't the CC companies and banks the weak point in spam operations? Surely the government would be able to lean on them even harder than they can lean on some foreign ISP regarding a website.
But every time I read about spammers like this, I think of the rubber stamp from the movie Top Secret! [zazzle.com].
Re: (Score:3)
Unless those processing fees are from donating money to a leak site. That money's no good.
Re: (Score:1)
Also, since if people are buying stuff through it means there should be a money trail to follow...
Re: (Score:2, Insightful)
And who wants to bet that the money trail would lead to places and people that the "enforcers" would rather we not know?
Re: (Score:2, Insightful)
the problem is that the scams can use ad-hoc resources cobbled together from infected systems, there is no need to have a permanent domain. People don't need to get their by searching, the spam provides them a link. So shut down the server. Just be aware the server's legal operator wasn't involved and now their sites are down. And the scammers failed-over to the next batch of infected systems.
Re:Priorities (Score:5, Insightful)
Spammers can use flux hosting for their websites so this part is not easy to target. Accepting payment, though, is something that's trivial to block -- if there was any will to do so.
Re: (Score:2, Interesting)
Oh yeah, sure. It'd be about as easy as blocking payment to some other really damaging websites such as wikileaks. /sarcasm
Re: (Score:2)
Hosting providers often don't care: follow the $$$ (Score:1)
flux hosting? Heh, they just pick one of the many hosting companies that do nothing about spam reports received via SpamCop.net or emailed directly.
Case in point? I received spam last Friday, which has redirects to: 199.10 2.228.2 19/~ lig htfoo/tracking/rd/t-a-x/main/jonxqo The IP address is with ServInt. Despite contacting them via their abuse@ address, the live chat feature on their website, and their Facebook page (from which they have blocked me by now) the site is still up. And ServInt is just one exa
Re: (Score:2)
I just started digging into finding Servint's upstream provider today because of all the fuckers abusing their servers (1-3 spam mails a day from as many scam companies with changing names). In my findings I also ran across 11 years old threads about their completely disgusting business practices. When reporting spam to them back then they threatened the spam reporters with reporting THEM as spammers! See the Spamcop mailing list 2000-2001 for more miserable reading.
From what I've found about Servint it loo
Re:Priorities (Score:5, Insightful)
So next time a company will spam in the name of a rival, thus baiting authorities to take it down. Just because they are the ones advertised is no proof that they ordered the advertisement and if they did that they know that it's being achieved by illegal spam.
Re: (Score:3)
Problem with that is that I'd be able to get any web site taken down by paying people to send around a little spam linking to it :)
Re: (Score:3)
So you follow the money trail back one or two steps further to the guy that accepted money to send the spam and the operators of the botnet.
It's not that hard. The government knows how to do this. It's just not a high priority.
Re:Priorities (Score:5, Insightful)
Realistically, there is only one way to stop spam and that's to disrupt the money flow between the people that buy products from spam and the spammers to such an extent that it is no longer profitable. That's certainly not going to be easy, but for all its faults SOPA would have provided some of the necessary muscle needed to force Mastercard and Visa to try and prevent payments to known spam operators through its provisions to block financial flow to such sites (it's potential use for preventing sales of fake Viagra is why Pfizer is on the SOPA supporter's list). Another avenue of attack is blacklisting banks that can be shown to be processing spam related payments, especially since research [arstechnica.com] has shown that there may only be a handful of banks prepared to deal with spammers in the first place.
Re: (Score:3)
Probably because zombie machines on the botnet are the ones hosting the website(s).
Re: (Score:1)
The reason something like this doesn't get shut down is because companies spend money to get rid of the problem, money spent is taxable, more money spent, more taxes paid.... then the next version of spam/virus/malware/etc... more money spent, more taxes paid... rinse and repeat.
Re: (Score:3)
Remove the website - which must be hosted *somewhere* and the spam ceases to be profitable.
It's more on the line of: remove the website - which isn't easy because it's most of the time hosted by a company that is accomplice - and another one pops up in a mater of hours.
Re: (Score:1)
For more information:
http://scholar.google.com/scholar?hl=en&q=related:mBwQLdGHFCUJ:scholar.google.com/&ei=WdwqT6PyBsOviQKsyfjGCg&sa=X&oi=science_links&ct=sl-related&resnum=1&ved=0CC4QzwIwAA [google.com]
This will tell you all you need to know about why it hasn't been done, direct from the experts in the field.
Short form: the Russians aren't about to take down a "legit pharmacy" just because of abuse of "referral programs".
PSAs? emails are for scammers (Score:1)
It affects pretty much every company and individual with any sort of online presence.
It's too bad that banks, credit companies, and others who are hurt by spam and botnets don't have public service annoucements on TV and in AARP that say something like "Consider all email to be scams!"
It' is interesting that my financial institutions no longer send links when there's some sort of update or annoucement. Their emails just say "log into your account and see ..."
It seems to be old people (70yrs+) that really get snookered - at least that age group seems to be the largest segment of victims. It'
Re: (Score:3, Interesting)
time spent, infrastructure upgrades, spam filtering, etc
I of course hate spam, but that type of stuff does keep a lot of Slashdotters employed.
Good job on being spectacularly biased and imagining up all those useful pieces of information to back up your viewpoint.
Re: (Score:2)
I was just trying to inject some grey into that guy's black and white garbage. He's completely off base anyway, because several botnets have been taken down by authorities.
I'm not saying we shouldn't take down botnets - go for it, by all means! We'll never be able to eradicate it completely though, so we might as well appreciate the good that comes from it instead of just whining about the bad. It's the same as all those people who point out that piracy can actually get you some sales that you otherwise wou
Re: (Score:2)
Broken window fallacy is not the same as people buying your stuff after downloading it first. Where do you people come from?
Re: (Score:2)
If he was talking about copyright, he'd be doing the same by pointing out how piracy can be beneficial in some ways.
I'm not one of the ones who would want to keep spam around. I was simply pointing out that it doesn't only do "damage" because his levels or bias and hypocrisy are absurd.
Re: (Score:2)
Oh my god you've repeated this twice now. People buying something after trying it for free has nothing to do with the broken window fallacy.
Re: (Score:2)
I take it you don't understand analogies either?
Re: (Score:2)
I usually do, but for some reason I failed on this one.
Re: (Score:2)
People buying something after trying it for free has nothing to do with the broken window fallacy.
Well, the "broken window parable" - or "window maker fallacy" as some people call it - was created to investigate opportunity costs in a situation that might at first seem only negative. There is no one lesson to draw from that imagined situation, and there is obviously a lot of room for debate as to how the situation affects an economy, as economics are necessarily complex.
I don't see how it's very different to the ongoing debate going on about how copyright and piracy affect the economy. Outcomes are not
Re: (Score:1)
Good job on being spectacularly biased
So your point is that killing keeps many detectives, coroners, and funerary home employees working. So it's good.
Re: (Score:2)
On a moral scale it's not good. On an economic scale, it's probably neutral-to-good right now, as it frees up jobs for other people, or gets rid of people drawing government welfare :p
Re: (Score:2)
>But hey, glad we took down the one that also served legal uses.
Same comparison could be made between action taken by US against drug cartels and Taliban, al-Shabaab, etc.
Re: (Score:2)
False equivalence, rear your head!
Re:Priorities (Score:4, Funny)
Destroying this botnet could have detrimental effects on men with tiny penises worldwide!
Re: (Score:2)
I feel your pain. The unbalanced allocation of resources mirrors so many policy decisions, from law enforcement to military involvement. If we could just use /. polls to drive these decisions, spammers would experience the same wake up call as the Somalis who took those aid workers hostage.
Re: (Score:2)
I guess, by your logic, we should bother to try and take down Global Botnets either because there are rapists and murderers out there who have yet to be caught. Obviously we have our priorities mixed up.
Leaving aside the whole "MegaUpload was a legitimate business" argument it's likely a matter of low hanging fruit. Shutting down a botnet is difficult. It's comand and control structures are usually obfuscated and redundant. It's operators are (usually) bright enough to cover their tracks. Innocent peop
Re: (Score:1)
Re: (Score:2)
Is that you, Zuckerberg? You're getting your IPO. Stop shilling for your company already.
80k sales and $6m in revenue (Score:5, Insightful)
Over a 3-year period, GeRa’s advertisements and those of his referrals resulted in at least 80,000 sales of knockoff pharmaceuticals, brought SpamIt revenues of in excess of $6 million, and earned him and his pals more than $2.7 million.
...and that's why we will never be rid of spam: because at least 80,000 people are dumb enough to buy boner pills over the internet from someone who spammed their inbox with poorly-spelled sales pitches.
Re: (Score:2, Interesting)
Re: (Score:2)
True.
You have convinced me to change my position on spam.
From "shoot the spammers" to "shoot the idiots who buy from them".
The only issue is that we must shoot idiots faster than they breed, and that is going to be challenging.
Maybe they are Syrians? (Score:2)
"Syrian" hackers on a U.N. Peacekeeping Mission:
http://www.themoscowtimes.com/news/article/syria-cyber-war-opens-new-front-in-russia/452200.html [themoscowtimes.com]
Syria Cyber War Opens New Front In Russia
02 February 2012
By Jonathan Earle
The cyber front of Syria's year-old civil war spread to Russia this week as pro- and anti-government bots splashed criticism and expressions of gratitude across the Russian Internet, and Syrian hackers attempted to commandeer the website of a Russian embassy.
The attacks are a response to Russi
How about stopping the product? (Score:4, Insightful)
If actual products are being shipped (as opposed to pure fraud), then it should be possible to trace the physical deliveries back to their source. Pharmacy products are not e-product. They are physical. So if these products are being marketed through illegal means, and are probably illegal products themselves, then why not follow them back to their source.
At the very least, the govt could make a big noise and say that goods marketed through spam are being seized enroute and people will throw their money away if they purchase them.
Re: (Score:2)
There was an article on slashdot not too long ago about websites that pay you to act as a small "shipping/receiving" drop point for these illegal online pharmacies...
I try and search it, but slashdot search doesn't really bring it up...
Doubtful passport authenticity (Score:2)
wikileaks? (Score:3)