Russian Minister Gets Spammed, Spams Back 406
elhim writes "According to an article in the Moscow Times: 'Spammers last week got on the wrong side of the wrong man, and quickly found themselves with a taste of their own medicine. The man? Deputy Communications Minister Andrei Korotkov. Tired of the endless spate of unsolicited messages that clog e-mail systems everywhere, [Korotkov and others devised] ...an audio message to be volleyed nonstop to the telephone numbers listed in the... [email] spam messages.' Sometimes Russia reminds me of the Wild West."
Spam (Score:2, Interesting)
This is a Public Service Announcement (Score:5, Funny)
Since when is sci-fi defined by films? (Score:5, Funny)
In Soviet Russia... (Score:5, Funny)
Re:Spam (Score:2, Interesting)
Of course it is a loss of money, but an efficient way to fight against "Spam back attack"
But i'm not a Spammer
Hmmm... (Score:2)
I wonder if they tried blocking log 0 :-)
Re:Spam (Score:3, Funny)
revenge is sweet...
Re:Spam (Score:5, Informative)
In this case though, the article was about calling phone numbers listed in the spam, which if nothing else, at least increases the cost of doing business for the spammer. I'd imagine the parent poster was talking about the same, as email replies aren't likely to impose much of a burden on the spammer. It's a lot cheaper to glance at an email and hit shift-delete than to have an inbound phone circuit and operator tied up while somebody rants at them about the evils of spam.
Re:Spam - webbug images (Score:2)
That's the main reason why I turn off the loading of remote images in email...
for Mozilla: preferences -> Privacy & security -> images -> []Do not load remote images in Mail and Newsgroup messages
In my experience, most legitimate users attach images to their emails. If I get an email which has r
So the numbers is real? (Score:5, Funny)
I'll order the penis enlargement pills right away.
--dpr
Re:So the numbers is real? (Score:5, Funny)
Re:So the numbers is real? (Score:2)
Phone numbers? (Score:5, Funny)
And second, that guy is hereby my god.
Re:Phone numbers? (Score:4, Informative)
A spam message that attempts to start a transaction usually includes some way to contact the sender (or at least, the one that wants his product advertised). This is a lead to stop the spam by abusing it.
Re:Phone numbers? (Score:5, Funny)
So by getting a huge number of people angry enough to call (or wanting to buy) this would be an .. MS-DDOS .. ?
Re:Phone numbers? (Score:5, Informative)
Still I don't expect broken windows, masked armed men in their office and Militia (our local police) officers showing them a prescription to 'clean out' from there... It is a dream of almost everybody here, but it is not going real any day.
And their management which is 'very far, too far from here to get phone calls' - these people seem to be just insane i-net villains, striving not for business, but to 'show these Russian swines' who is the king of the hill around.
2. Read the article more accurately: even Andrey Korotkov had to confirm: that resounding measure didn't bring much good. God or not, but the problem remains.
Re:Phone numbers? (Score:2)
So filter on their fscking phone number for chirst sake.
Pon'al?
IN SOVIET RUSSIA (Score:5, Funny)
Please let me be the first one to have said that ...
Re:Phone numbers? (Score:2)
Wrong Number? (Score:5, Funny)
BTW, Russia had its wild east. While we had our mountain man era, the Russian had theirs, except they were going in the other direction. The parellels continue untill the turn of the century!
Cowboy Baby (Score:3, Insightful)
It marked the death of the frontier. (I know, blah blah Indians were there first, but the population density was never that great and there were always massive sections of uninhabited land). The remaining frontiers are largely closed to the ordinary man, and are unlikely to ever be truly opened again to the point where you can just go somewhere, stake off a chunk of land, and just LIVE there, and have it be LEGAL.
I know, I know. Progress. We live 1.6 times as long, that's a
Sometimes? (Score:2)
Just like that other "wild west" once was - before it was planted with the neon of corporations.
Coincidentally, I just finished a commentary [slashdot.org] on that very topic.
(Notice I didn't say "ironic?")
Spam must contain a real contact method (Score:5, Interesting)
Sure the from address is generally bogus, to skip past the basic anti spam methods out there, but something in the email must contain a valid phone number, web site, or address, otherwise how would the spammers make any money (and I suppose they must as they don't do it just to piss everyone off)
Re:Spam must contain a real contact method (Score:5, Informative)
Re:Spam must contain a real contact method (Score:5, Funny)
Re:Spam must contain a real contact method (Score:2)
Re:Spam must contain a real contact method (Score:2)
Recently there has been a number of spams with a twist on the getting asked to dial 90#. So why is there spam tring to convince people that an get an old trick to be considered to an urban ledgend? Its odd that someone is spending so much effort to get that message out.
In the past spam has been used to attempt to drive up stock prices and hurt other compai
Re:Spam must contain a real contact method (Score:2)
Not always (Score:5, Insightful)
For that, they don't need a contact method.
Re:Spam must contain a real contact method (Score:3, Insightful)
For example: CALL 1-800-SOMEBODY-THE-SPAMMER-HATES AND WE WILL GIVE YOU FREE MONEY!!!!!!!!!!
So people start calling some random business's 1-800 number demanding their free money or complaining about the spam. Phone bill goes through the roof, legit calls get DOS'ed, and the spammer might actually be able to put some small company out of business.
I'm sure the more creative among you could come up with even more fun scen
Go on, say it (Score:4, Funny)
Phone rings: "Let this be a warning to you: in Soviet Russia, spam *recipient* drives you crazy"
Hang up
Phone rings...
Beware the Joe-Job (Score:5, Insightful)
Oh, and in Soviet Russia, the punchline inserts you. Sorry, but it had to be said.
Re:Beware the Joe-Job (Score:5, Interesting)
Re:Beware the Joe-Job (Score:2)
Re:Beware the Joe-Job (Score:3, Funny)
suspects fuck the shit out of the beat.
Re:Beware the Joe-Job (Score:2)
Not if the spammer is an American.
Re:Beware the Joe-Job (Score:2)
I'm also sure there is a law somewhere pertaining to persons interfering with government operations in the US and very probably it doesn't define gov ops as USG only so it likely that it applies to interfering with foriegn governments as well because the several states are foriegn governments too.
Vanishing point. (Score:2)
The difficult part is designing the perfectly balanced retaliation sceme.
Turnaround is fair play: SQL injection (Score:5, Interesting)
It's crazy how many spam websites are running on IIS with .asp scripts (or even better: .aspx!) as a
frontend [hick.org], and Microsoft Sequel Server as a backend [hick.org] .
Just type a spare single quote into the "remove me from your list" box, and watch as parts of the SQL query are displayed. Experiment a bit, and transform this into a query that clears the entire subscribers list, or that changes their spam messages to something funny, or that keeps the subscriber list but replaces all e-mail addresses by their own whois contact (or better: their upstream provider's whois..), etc.
For starters, the following string often removes the entire list when entered into the remove me box:
(that's two single quotes between the or and the = sign).
If the site has an "affiliate program" (look around a bit...), the same string entered as a user name into the affiliate programme's login box might let you in, with a little bit of luck. If not, try the following instead (again, there are only single quotes in the string, no double quotes):
If it still doesn't help, try to repeat the same string in the password box.
If still not ok, you may need to use a union statement:
Start with one null, and keep adding more until the "parameter number mismatch" error disappears. Patience may be needed, certain login scripts require more than 40 nulls! Then start replacing the nulls with your desired password string, and attempt to find a combination which doesn't give you a type mismatch error.Example:
Then enter zozo into the password box. With a little bit of luck, this method may let you in.
Once you're in, you've access to the affiliate's (i.e., the spammer's) account:
- home address: always nice for a baseball bat expedition, or to pull an Alan Ralsky [freep.com] on the spammer.
- phone number: on your way to work, give your friend a call! One from each phone booth that you encounter! Write the number on bathroom stalls! Post it to slashdot!
- bank account number: well, just change it to your own!
- website URL: change it to you know what [hick.org]
- social security number: post it to as much places as you can
- ...
The benefit of such actions is twofold: not only does it teach the spammer not to spam, but it also tells him that Windows (and especially aspx + Sequel Sewer) is not a very secure technology.Have fun!
Re:Turnaround is fair play: SQL injection (Score:4, Insightful)
Too bad screwing with their database technically illegal, since the database is an "asset" for the company. The injection you propose would hurt their asset. You might be removing addresses that opted in (yeah, right).
I wouldn't try this at home, kids.
Re:LOL That's got to hurt. (Score:2)
Slipping in goatse links is easy. Too easy even. There are a number of redirector services (shorl.com [shorl.com]) which allow you to hide the URL, and even most [yahoo.com] mainstream [cnn.com] sites [mattel.com] do have some way [amazon.com] to redirect [telegraph.co.uk].
No, simply slipping in goatse into a comment is so easy that it has become uninteresting. The real art now is to have a goatsy comment moderat
Re:Turnaround is fair play: SQL injection (Score:4, Interesting)
You forgot that we are talking about spammers here. And Windows administrators. Neither of which are known for their smartness.
they have most likely configured their server to automatically replace a single quote (') in a query string with two single quotes (''),
You'd have a case if that was a PHP server. By default, PHP escapes all input (i.e. ' is replaced with \'), which pretty much defeats most of such attacks. However, if there are some places where the web-app expects numbers (such as affiliate id's) it may still be vulnerable (no need to close a quote to slip SQL code into a number).
which will escape it to MSSQL server.
With ASP, the admin has to specifically set up his rig to do this escaping. With PHP, it is the default setting. However, an admin dumb enough to run sequel sewer in the first place would probably not even know about the issue.
Which means no matter how many single quotes you type, you won't be able to doctor the query. Sorry.
Try it out. Just search for aspx news.admin.net-abuse.sightings [google.com] on google groups and try out the links. Sort by date, or you'll find that most spams are too old and the site already has been closed. Or if you are in the habit of keeping your spam, just search your own collection for .aspx links. You'd be astonished at how many of these the SQL injection works! (I'd say one out of 3). However, for some weird reason, probability of success is much higher for .aspx than it is for .asp (For .asp it indeed takes quite a bit of patience to find anything worthwhile...)
Find out whether the spammer really sent the spam (Score:2)
The Group Against Harmful Programs (Score:4, Funny)
"With the brainstorming help of the Group Against Harmful Programs...".
The Group Against Harmful Programs. Wonderful. Sort of like the Fantastic Four, or the X-Men. Sounds like the sort of thing Tron would belong to. "That's Tron, he fights for the users under the banner of the Group Against Harmful Programs"...
Cheers,
Ian
Re:The Group Against Harmful Programs (Score:3, Funny)
Entertaining, yes. (Score:3, Interesting)
Re:Entertaining, yes. (Score:3, Interesting)
Of course, being the russian government, they do have other options, like sending in the special forces for example. It wouldn't have to cost them anything - spammers are not likely to fight back, and I'm sure people would pay to see footage of a swarm of Hinds obliterating a spammers hideo
China? (Score:5, Informative)
Wasn't there an article some months ago about something simimlar happenning in china? 'Entrepreneurs' would illegally put up advertisements (i.e. posters) all over the place where you have to phone a number to get the product. (Typically these would be mobile phone numbers that were prepaid so there was no name on the account.)
The law enformenet officials would leave an endless loop of messages on tht moble's answering machine that they must turn themselves in and such. I doubt that they actually expected anyone to turn themselves in, but it made all those posters with the number on them useless and thus discouraged putting them up in the first place.
I wonder if this russian fellow was inspired by that action.
Re:China? (Score:2)
I doubt it -- if you RTFA you'll see the minister trusted a spammer to remove him from their list -- not the act of a well-informed individual.
Logarithms suck (Score:5, Funny)
Spammers have ways to get around anti-spam filters, he said, but it's possible to collect patterns from their e-mails and block certain logarithms.
What's the point? They will use polynoms! Oh.. I guess they meant algorithms.
The biggest cost to them is toll free fax (Score:5, Interesting)
One of the things I learned is an incoming toll-free fax cost me a lot more than a voice call because a single page fax was completed very quickly and the charge was per call/per page.
So...if you're getting hit with crap like junk faxes, fax it back to them on their toll-free fax number about 30 times.
It took about a month of this but I don't get lots of junk fax anymore, except for the a**holes that block caller ID and don't list a number to get off their list.
Another fun trick was to use a standard fax machine with a continuous loop of paper. Let that baby run for about 10-15 minutes and you'll create a lot of clutter on the receiver's end.
Re:The biggest cost to them is toll free fax (Score:4, Informative)
Pretty neat, eh?
Re:The biggest cost to them is toll free fax (Score:4, Insightful)
Another fun trick was to use a standard fax machine with a continuous loop of paper. Let that baby run for about 10-15 minutes and you'll create a lot of clutter on the receiver's end.
Like somebody is still using paper faxes.
Gulag Archipelago (Score:5, Funny)
Make $$$ fast (Score:4, Funny)
- me
money fast!!! Just call 0900-555-555 (calls cost $9.99 per minute, children/ministers please ask your parents/president first)Top 6 Russian Spams (Score:5, Funny)
5. Enlarge your putin today!
4. If you order today, you get a free Russian space shuttle [space.com]
3. Free Vacation in Chechnya, Enlist today!
2. Out of work Russian comedian, will work for food. E-mail yakov@smirnov.com
1. Meet beautiful American wives!
I once tried something similar (Score:5, Interesting)
I didn't worry about the cost of the calls, because the people in Uzbekistan soon figured out that the calls were almost all faxes. I reckoned that even if they picked the phone up 10 times a day (to check to see if I'd stopped), it was worth the cost. Calls are only charged when they pick up the phone, right? So I let this go on for over a month.
Then I got my telephone bill. It was in the thousands. It turns out that there are three countries in the world where, if you phone there, you get charged even if no one answers the phone. And Uzbekistan is one of those countries!
I didn't know about that, and I complained to the phone company about the bill. But my case seemed weak because I was, it's fair to say, abusing the phone system. The phone company ended up splitting the bill in half, and I paid the rest.
I don't know if my attempts had any long-term effect on those nice folks in Uzbekistan. But at least I tried.
Re:I once tried something similar (Score:4, Funny)
UK Spam (Score:5, Interesting)
The kicker was that the disclaimer said it was impossible to unsubscribe, as it was a carefully crafted one-time mailing list. I imagine i'll be on all future carefully crafted one-time mailing lists for them in the future too.
The email was sent with a from line of "[something]@noreply.com" or similar (which breaches their ISPs AUP), and if I was to contact them via their email address listed on their website, by their logic i'd have contacted them, thus allowing them to continue to spam me (since we'd then have an existing relationship).
So - best course of action? The Advertising Standards Authority, whose standards they ahve breached, seems to be a toothless tiger set up by the industry to pay lip-service to the general public (any ruling against an advertiser seems to result in a ruling of "we advised them to contact us in future before undertaking a similar campaign"). I'm not aware of any specific legislation to stop this (although i'd like to know where they got my email address from. Should I unleash the Data Protection Act?).
So, what's the best way to hit back? Complain to the ISP? File an ultimatetly useless complaint to the ASA? What?
Re:UK Spam (Score:5, Funny)
D.
Re:UK Spam (Score:5, Interesting)
Give the ASA a try. They bitchslapped Telewest for me for repeatedly "forgetting" that I'd unsubscribed from their spam. The response was rapid, but they were fairly clueless - I sent full plain text headers, and they got back to me asking what the recipient email address was. D'oh.
Best case, I never get spam from Telewest again. Middle case, they spam me again and I get to find out what the ASA does to repeat offenders. Worst case, I get the spam, the ASA does nothing, but at least I get to piss off them by forwarding the spam. I have a vague hope that swamping the ASA with UK spam might get the problem addressed.
I don't believe that contacting someone to tell them to cease and desist constitutes having a business relationship. I'm sure that J. Random Spammer would assert otherwise, but you do need a record of telling them to get lost. What have you got to lose?
Re:UK Spam (Score:2, Insightful)
First, complain to their ISP. State clearly in the complaint that their customer is sending unsolicited email, and have not had your permission to mail them. If they are advertising a website hosted by a different ISP then complain to that ISP too.
According to the DPA, they need to have obtained your consent in order to process your data - ask the ISP if they can obtain that proof for you.
Second, post a copy to news.admin.net-abuse.sightings so evidence of their spammishness will be archi
Don't spam the people in power.... (Score:2, Funny)
In Soviet Russia, spam spams you back!
Re:Don't spam the people in power.... (Score:2, Funny)
No, I think you'll find this happened in capitalis Russia. In Soviet Russia the spammer would have been invited by some nice men from the KGB to go and play with their thumb screws, then sent on an all expenses paid holiday to Siberia. Don't you miss the good old days?
At last (Score:3, Insightful)
And yes, I know legislation is not the sole solution, but legislation plus technical solutions is the best bet in my opinion.
SCO legal department? (Score:2)
"Hello?"
"Theese ees caal frrom Russia. tsk tsk tsk... [click]"
In Soviet Russia (Score:5, Insightful)
Re:In Soviet Russia (Score:2)
Now before everybody goes doing this... (Score:3, Informative)
To Sum This All Up (Score:2, Funny)
Oh A customer!
(picks up phone)
Ni!
Hit them in the pocket. (Score:5, Interesting)
I started receiving almost weekly newsletters and updates and, despite numerous phone calls and e-mails with the usual promises to comply, I just couldn't get off the list... then they sent the 2.5 Mb Word document, you know the type!
I e-mailed back and told them that they'd filled up my e-mail account and caused me to miss some important e-mails, plus cost me time and money due to the download costs. I advised them that, as they were now affecting my business, I'd be invoicing them $25+GST administration fee for each and every e-mail I received from then on and that if they didn't pay, I'd hand the account to a debt collection agency - one that takes a cut of the recovery value.
I cautioned them that it would not concern me if I received nothing from the agency but that such action could affect their credit rating. What a surprise(!), I've received nothing since.
If you can justify charging a fee to the spammer for administration or storage or anything like that, sufficient to stand up reasonably in a small claims court, then you should threaten to invoice the spammer and use a debt collection agency - it just might work for you too.
Re:Hit them in the pocket. (Score:2)
FWIW I was cheering for the Aussies from the day I came back from Oz the first time and sent off for the migration doco. Let's face it, who'd cheer the English cricket team, except the barmy army?
Yeah, I know... flamebait! 8-)
Re:Hit them in the pocket. (Score:2)
If you can get to that point, you should be able to find a collection agency that takes it's fee from the claim - if the method works, who cares if you get no money from it at the end if it reduces the spam just a little bit.
At the end of the day it's going to take a lot more effo
Go for the source (Score:5, Interesting)
Exploit! (Score:3, Interesting)
Wild West (Score:3, Funny)
SETI-style spammer bamming (Score:5, Interesting)
Repeatedly loading the homepage of some spam-spawning viagra sales site would hurt the viagra sales company. Companies that advertize with spam would find their bandwidth charges skyrocketing and their conversion rates plummetting. The key is to create disincentives for the e-commerce sites that try to flog their products and services using spam. While spammers can be anonymous, the e-commerce sites that use spam to get eyeballs need more permanence. Eventually, these companies would even penalize the 3rd-party spam sending companies for using email lists that generate too many spurious requests or that have low conversion rates (the spammer's pay drops if they send emails that lead to long streams of spurious requests).
Re:SETI-style spammer bamming (Score:2)
Re:SETI-style spammer bamming (Score:2)
It wont take them long to realize they are marketing to people unwiling to buy. Thus they are wasting their time and money. They will then feel negatively about it without even ever knowing what really happened.
Re:SETI-style spammer bamming (Score:2)
The catch here is that if their servers get pummeled offline every time they boot back up, it might also occur to them that they rather dislike being unable to market and/or sell their products. They'll also (hopefully) get complaints from their ISP if traffic on the network gets bogged down. So, realistically, I doubt they'd be too impressed by 500 million hits if those hits tear their server to shreds. =)
Re:SETI-style spammer bamming (Score:3, Interesting)
Why is that? If the spammer sends you a link to his site, it means that he wants you to see his site, right? Why would it be illegal to click in a link someone sent to you? Even if you click a million times, there isn't any legal limit on how many times you can access a site, is there?
Re:SETI-style spammer bamming (Score:3, Funny)
Your Honour, my client was so excited by the prospect of increased penis girth that he inadvertently leant on his 'F5' key while reading the plaintiff's web page.
A person could really start some trouble (Score:4, Funny)
Re:A person could really start some trouble (Score:3, Funny)
Re:A person could really start some trouble (Score:3, Funny)
Let's Hire Him (Score:2)
In Real Russia (Score:2)
Easy Money (Score:4, Insightful)
2. Spam Russian minister.
3. Profit.
Ha!
The good old days (Score:2)
Choice Quotes (Score:3, Insightful)
This may sound cool and exotic, but it's actually pretty sad... Westerns are only fun to watch, they are not fun to live in. Especially when the robber gangs grow to the size of entire cities.
Re:Wild West - not quite (Score:5, Funny)
- praying for "shock and awe".
- hoping for bunker busters.
- expecting at least a few tanks.
- prepared to be slightly dissapointed by a few snipers.
But phone messages? Sheesh. Russia just isn't what it used to be.
Re:What a dumb idea. (Score:2)
But I've been thinking--what if every single spam that was sent got replied to by someone saying, 'piss off you,' and then their site visited by every person who received the 'invitation' to it? If it happened all at once, the internet would be FLOODED with mail, all of it going to either spammers, or (more likely) hapless drop-boxes on yahoo, etc. Web sites would crumble under the load--the internet would stagger for a day, and then the companies who suffered would start to get
Re:What a dumb idea. (Score:2)
RTFA. Anecdotal, but still evidence.
Please provide evidence that replying to spam WON'T get you added to spam lists.
Try it - create a new email address (say a bunch of random characters, @ your ISP's domain), then submit it to a 'remove me' list, and watch how much spam it gets. It really does work.
Re:What a dumb idea. (Score:2)
Some evidence for you.. (Score:2)
How about this [symantec.com]?
Re:Some evidence for you.. (Score:2)
That doesn't show it at all, it's just yet more supposition based on a bizarre assumption that spam is actually targetted.
All that it shows is that 37% of removal requests are respected, which is a hell of a lot more than I'd have expected. We're talking about replying to spam that's already been received. I'd be interested to know what happens if you create virgin accounts and try and unsubscribe to spam lists that you're not already on, but that's a different question.
Thanks for the link though, it
Re:Stupid and Childish (Score:2)
Hint - RTFA. He TELEPHONED their number, he didn't email them.
Re:Stupid and Childish (Score:2, Funny)
Re:Russian Rules of the Game (Score:5, Funny)
Very arrogant putting Russia among the communistic dictator countries it is a democratic country with free elections just as US.
Very arrogant to put the US among democratic and free countries such as Russia.
Re:Give this a guy a medal (Score:5, Interesting)
To date, my stats indicate that 98.3% of the spam I get originates from the US.