Bot Nets Behind Recent Spam Surge 389
gsslay writes "Everyone must have noticed a surge in spam recently, particularly for stock pump 'n' dump scams. The Register reports that anti-spam companies have seen a 30% increase in the last two months and, more worryingly, more of this spam is getting through to mailboxes due to the spammers' change in tactics. Rather than use unsecured mail relays spammers are using bot nets, making spam harder to identify and eliminate. Bounced spam is also on the up, and some experts reckon it's past time to start worrying. "
Not noticing the increase (Score:4, Informative)
I also haven't really noticed this increase that people have talked about lately. On average I receive over 11,000 spam messages a month to my primary email account. Here is the count per month for the past two and a half years:
2004-07: 9088
2004-08: 9057
2004-09: 8990
2004-10: 14318
2004-11: 9910
2004-12: 11521
2005-01: 11251
2005-02: 9381
2005-03: 10843
2005-04: 10084
2005-05: 11785
2005-06: 10987
2005-07: 10505
2005-08: 9333
2005-09: 9704
2005-10: 12329
2005-11: 12394
2005-12: 14934
2006-01: 13764
2006-02: 13235
2006-03: 14562
2006-04: 11946
2006-05: 14204
2006-06: 13801
2006-07: 9671
2006-08: 10395
2006-09: 11373
2006-10: 12221
Smarter Spammers (Score:4, Interesting)
Are your mailbox counts filtered or unfiltered? If so, what strategy is used?
Re: (Score:2)
Spam? I don't like spam. (Score:2)
+1 haven't noticed more spam.
One option is SpamBayes [sourceforge.net]. After a little training with the regular spam I was receiving, very few false negatives and I haven't seen a false positive in months.
Not affiliated, just a satisfied customer.
Re: (Score:2)
I've set my email to be whitelist only: if you aren't filtered INTO my inbox, you're rejected. However, the rejection message contains a whitelist keyword -- any message with my current keyword in the subject line gets through. The
Re:Smarter Spammers (Score:4, Insightful)
despite all their shortcomings, somewhere, someone is obviously making money, so they continue.
Re:Smarter Spammers (Score:4, Informative)
1) Spelling is not a skill they possess.
Spammers don't have to even try to be intelligent about the content of their e-mail, because the people they're looking to make money off of aren't the kind of people who have decent spelling skills.
3) The idea of 'doubling the flood' all the time, choking the internet and making email unusable, is plain dumb and equivivalent to sawing off the branch you're sitting on - if nobody can use email, nobody will be seeing your next spam.
Two thoughts: Classic prisoner's dilemma, and selfishness. (ie, "Who cares if I broke the internet? I made this fat stack o' cash!")
4) Doing business that annoys 99% of everybody else and breaking the law in the process is both dumb and asking for trouble. You will be shut down, you will lose your money and you will not get much sympathy anywhere, including from the courts. Wonder whether spammers or pedophiles are getting the worst treatment in the slammer these days...
If that were the case, then how come nobody has been able to curb spam, spammers routinely get away with extremely blatant practices like DDoS attacking antispam servers and using viruses to create zombie armies? How come spammers are continuing to make money almost unchecked?
5) Seeing interviews with spammers usually reveals that they're really stupid in every way of the word. Some may have a certain extent of technical knowledge, but as people they're bordering on the moron/retard level.
???
6) Smart people can strike it rich using regular sales methods with no need for spamming. Only those too dumb for that have the need for spamming.
A good number of folks feel that regular sales methods - annoying advertisements, billboards everywhere, planting "I'm ugly" mind viruses in children's brains so they'll buy more beauty products and who cares if it's also creating an eating disorder epidemic, planned obsolesence and congenital wastefulness, squeezing every penny you can out of workers in 3rd world sweatshopss, etc. are at least as troublesome and unethical as spam.
Re: (Score:2)
Re: (Score:2, Insightful)
Maybe spammers don't need to be technological geniuses, and maybe some of them can't spell, but they aren't dumb. In the classic manner of all human history, they are the slightly smarter making money out of the not so smart. The real morons here are the ones who, incredibly, actually take financial advice from spam.
Unfortunately the morons will always be with us, and perha
Re: (Score:2)
Re: (Score:2)
Although it would be nice to get something more proactive done about it.
Re: (Score:2)
However thought of these stock tips spamming was a genius. There is no way they can be traced to a company, and still a chance of making some money. Bastard.
I can't help but wonder but... (Score:2)
Re: (Score:2)
Conclusion: you can make 4-6% per day on this, which is an astonishing sum of money. Slashdot [slashdot.org] discussed it at the time.
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
Gmail to the rescue... (Score:2)
I've been noticing a Spam surge recently... but only because I keep an eye on my gmail spam category. Right now it reads thus:
Spam (5343)
That number represents the # of Spam in the last 30 days for those that don't use Gmail. For a while now I've hovered around 2000 or so... but it's been steadily climbing over the last several months. Luckily Gmail does a good job an
Re: (Score:2)
But google is (so far) a nice company, and I don't like to do that to nice companies. This is why I use hotmail for all subscription crap. I sign up for ALL the newsletters with hotmail.
Re: (Score:2)
BlueFrog (Score:2)
If you missed the story and don't want to read all the old Slashdot articles from a few months ago, there's a big article about it in this month'
Re: (Score:2)
Some people do do this, e.g. with "Nigerian" fraudsters. Problem is that it can take rather a lot of time.
Why not ask them to send some brochures by snail mail - that will cost them money.
Maybe see how many sets you can get them to send out to the wrong address.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
AI to Stop the Spam (Score:5, Interesting)
But this Bayesian strategy has been overcome by the spammers. They use hilariously strange word ordering trick the spam filter and lower their threshold (see Graham's Lisp code) down to an acceptable range. Here's a piece of text from some spam that made it into my mailbox this morning: And it goes on for about 7 paragraphs with absolutely nothing to do with its pitch. It's because of this nonsense that it makes it into my mailbox in the first place.
How do we eradicate this problem? What strategies do we use next?
Well, I would suggest that we stick to the Bayesian approach but instead of tokenizing via Paul Graham's proposed algorithm, we could investigate tokenizing the text based on letter groups (divide 'words' into 2-3 letter groups and test for those frequencies) or even natural language parsing. Yes, I know it sounds absurd but I really think that an engine could be written in Prolog using WordNet or another dictionary with some basic English rules in an attempt to parse and analyze incoming text.
Who knows? Perhaps our need for a spam filtering engine could breed innovation in the AI community?
Re:AI to Stop the Spam (Score:5, Funny)
Re: (Score:2, Funny)
Re: (Score:2)
But, I do a couple things that helps:
The filter doesn't 'auto train', I only train it on uncertain mails. I notice a problem before where overtraining could cause a lot of false positives. Also I have about 850 "spam" trained mails and about "450" not spma mails. So far, my false positives have only been from my boss sending me one-liners with just urls in them. My false negatives have been these "lotsa random words" things, but they still mostl
Re: (Score:2)
You really need to "train" your boss... :)
Re:AI to Stop the Spam (Score:5, Funny)
(X) technical ( ) legislative ( ) market-based (X) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(X) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Re: (Score:2)
The "enteral arms race of a filtering application." I mean, on one hand, sure, that's not the ideal solution, and it has its share of issues and kinks that need to be ironed out.
But on the other hand, doesn't this really seem like the ultime answer to spam anyway? From a practical standpoint, we just need to continually and vigila
Bayesian Has Failed (Score:5, Interesting)
No. Bayesian filtering has failed, just like every other filtering method before it. Modifying it will not work. Adding OCR for image text will not work. Creating a new filtering mechanism will not work. The spamming will continue, more and more of it will get in.
Frankly, given that both processing power, disc space, bandwidth etc, are all increasing, I for one foresee the current spam/ant-spam arms race continuing indefinitely, with the amount of spam sent slowly increasing, and the amount caught by the filters being just enough to keep the amount of spam you get into your inbox at in and around a constant level. It's an endless cycle.
I say, turn it all off. All of it. The filters, the blacklists, the whitelists, Spamhaus, the lot. Let every single spam sent reach its destination, if just for one day. Let Joe Sick Pack finally realise the scale of the problem and just how much strain is being placed on mail servers. It will be both terrible and beautilful at the same time.
Then take off and nuke the site from orbit. It's the only way to be sure.
Define "Failed" (Score:2)
Re: (Score:3, Insightful)
There are a lot of very innovative anti-spam techniques out there. Teergrubing, greylisting, blacklists, baysian filters, now we get OCR and what-have-you.
Problem is: Every filter is a tool for the spammer. Since the filters are readily available (and have to be), the spammer can just take them and tweak his spam until it passes.
I'm with parent. Let's make the problem obvious. Let the world drown in spam for a couple of days, a week or two
Re: (Score:2, Interesting)
There are already far better methods than Bayesian classification. For a comparison with neural networks [wikipedia.org] and support vector machines [wikipedia.org] see this blog posting. [peltarion.com]
So why aren't they used? The answer is two-fold. First of all Bayesian filters are very fast to train and very fast to use. Neural nets are computationally expensive to train and fast to use while support vector machines are expensive to both train and us
AI for spam?! (Score:2)
Who knows? Perhaps our need for a spam filtering engine could breed innovation in the AI community?
Such an approach may generate capable and powerful natural language parsers. Rock on. But as a solution to spam it really is a case of "naive (computer) scientist."
The most direct approach to stopping spam is breaking these botnets and the most direct real-world approach to breaking these botnets is cleaning up the mess that Microsoft has made of their OS.
And I'm not flamebaiting because if it were Lin
Re: (Score:2)
Unfortunately, it's not largely done in XP. Last I checked, it's still possible yield control of your computer by clicking on a popup box while in IE. Likewise, I can still install a malicious program from within Firefox, albeit with a couple more clicks.
I really don't blame Microsoft (or Mozilla) for this; if a user is bound and determined to do stupid things, they can't be stopped.
The solution? Beats me. Shoot all the idiots, maybe?
Pennies from heaven... (Score:2)
You mean I wasn't getting emails for being the most popular penny stock buyer in America?
Current Problems (Score:3, Interesting)
Like Nancy Drew used to say... (Score:2)
LOOK!!! A clue!!!
Re: (Score:2)
But a worthless clue, because they're little you can do about it. I was shocked last week when I found 2551 messages in my personal email inbox (where I normally get five a day). Holy crap! Bounced spam was coming in every couple of minutes.
This didn't happen because I had a bot, or was compromised, or was running Windows, etc, etc. It was because the spammers were spoofing my email address. My solution was to get my ISP to block all returned mails at the server. If you have a big mega-ISP,
Use IM Techniques + Captcha (Score:2, Interesting)
1- As in IM, no one can email you if you have not emailed before.
2- For first time email, the receiving server could sent back a http://en.wikipedia.org/wiki/Captcha [wikipedia.org]CAPTCHA or a product of two large primes to factorize.
The captcha would be solved by the human sender, or the factorization problem by her MUA. Nowadays email is almost instantaneous, this would not add a noticeable delay. All the protocol could be implemented over current email protocols with little mo
Re: (Score:2)
Captcha's are a little better, but only really slightly. Most of them can be busted quickly with
modern machines- and once they've done the captcha, they can spooge the crap to you indescriminately.
What needs to be done is better design and an actual re-think of email with a new RFC- but that's not
likely to happen; if it were it'd have happened a long time ago instead of all this reactive crap
to the problem.
Re: (Score:2)
The problem with using the MUA to factorize is that the spam spraying engines can do the same thing.
The point of the forced factorization wouldn't be to prevent a spam engine from being able to perform the same task. The point would be to make it financially infeasible for spam engines to do so. If it takes 10 seconds for an extremely fast processor to factorize the primes, it's going to be very difficult for a spammer to send out the 10 million emails that make him money. Make that 100 seconds and it's
And now you've made it obnoxious to users... (Score:2)
done in the background with a batch processing thread- it's stupid. It's as bad as the problem it's
attempting to solve. Sorry, just don't buy that one- answers to the problem need to be FIXING things
not just shifting the problems about. Also keep in mind that spammers aren't using a single machine to
spooge spam to you now- they're using botnets. What does it matter if you take 100 seconds to send the
ma
Re: (Score:2)
Re: (Score:2)
So what about prime factoring? Well, a huge amount of email no
Re: (Score:2)
Wrong. I get spam in my never-ever-used ISP provided address. The only thing that address is legitimately used for is to receive billing invoices from my ISP.
Re: (Score:2)
Factorization (Score:2)
SPAM processing - server meltdown (Score:4, Interesting)
Re:SPAM processing - server meltdown (Score:4, Informative)
It would certainly solve your load problem.
There are a couple of providers who can provide the lists commercially for heavy load mailservers.
See my post earlier today at: http://ask.slashdot.org/comments.pl?sid=203971&ci
(Ps. I'm just a very happy blacklist user)
Re: (Score:2)
Blacklists work now... (Score:2)
of legit domain name/address combos that have NOTHING to do with the actual spam (Hell, I've gotten all
kinds of bounces from my domain and others I get mail from, claiming I sent the spam and I never did any
such thing...). As they get more clever, blacklisting will become less and less effective- and can cause
other problems like blacklisting legit domains without open relays, etc. It's a reactive so
Real hardware cost (Score:2)
Legitimate senders are getting "warning: could not send for past 4 hours" and then phoning me to ask if I've received their mail. The CPU and memory load spikes from time to time, and then it's not possible to login until it settles. (A known weak spot in Linux.) If I lower the resources al
Original article (Score:3, Informative)
http://www.securityfocus.com/news/11420 [securityfocus.com]
Image to text (Score:3, Interesting)
I think law enforcement should be working harder at catching spammers (internationally, if necessary) than they are at tracking down copyright infringers. Not because of any moral posture, but because I suspect the total economic impact of spam is greater than infringing use of content. I also think the prohibition against cruel and unusual punishment should be lifted.
Hey, now that I come to think of it, maybe spam is a bigger issue than oil. I say we start invading countries with spammers!
Re: (Score:2)
I haven't gotten a single spam to my "real" email address, but my catch-all has been getting hammered the past month with bounces. It seems about time to disable them, I wonder what percentage of emails floating around are actually just errors from spammers sending to nonexistant accounts.
New Sophisticated eBay Phising Spam Scam Wrinkle (Score:5, Informative)
Most of the eBay phising attempts I get are pretty laughable, but this was good enough to be worth warning about, as someone has finally written a sophisticated enough phising bot to send these out based on listings.
So, if you weren't already doing this before, to answer eBay mail, go in through your MyEbay link rather than any mail link to answer eBay mail.
and? (Score:2)
*http://www.securityfocus.com/news/11420
I want to find these spammers (Score:2)
They'll have to do their spamming by holding a stick in their FN mouth.
I'm so sick of this shit.. They fly in totally under spamassassins radar. I have SA threshhold set at 2.1 and this shit still scores less than a 1.0..
I'm about ready to whitelist the people I know and blackhole everything else.
Re: (Score:2)
Not a bad idea but instead of a full blacklist, do a greylist and Whitelist.
Any address on the Whitelist gets through your email server @ full speed.
Any address NOT on the Whitelist gets through your email server @0.01% of full speed (or even slower).
This will bog down the spammers email server and make your server a place to avoid if they want to hit more suckers/hour.
I know the SW exists for email servers on Linux (?called Tar
Re: (Score:2)
Re: (Score:2)
I've seen more than a 300% increase in spam being blocked during the month of October. I've seen at most a 1% increase making it through; but, I attribute tha
ORDB Auto-Add (Score:2)
Obviously you'd have the problem of forged headers, but usually you can find an IP if you trace the headers back to the first "trusted" network (a major ISP or backbone server) and see who they received the message from. That's probably either your spam source or your open relay.
Then you could just dump the IPs into the ORDB for checking automatically, and put the zombie-ma
bot wars (Score:5, Interesting)
Maybe we need bots to fight the bots. Bot Wars. In a galaxy far, far, away...
Re: (Score:2)
Do you mean, "the more spam you filter, the more you should be paranoid about false positives"?
I do scan the subject lines and email addresses of the spam that makes it past spamcop, and I have had a false positive in the last year that I know about. The person appealed to spamcop, they asked me, and I confirmed the mistake, and the person got their email account back to normal. Also, any ISP, webhost, or any
Unsecured mail relays (Score:2)
Not so hard to catch (Score:2, Interesting)
Oh, and Slashdot? If you keep hitting me with animated advertisements that cannot be closed, I will be moving to Digg.
Re: (Score:2, Interesting)
Last weeks press relating to Ameritrade and E*trade taking huge losses (22Million+ in writeoffs),
Re: (Score:2)
It should be possible for law enforcement to track down the vast majority of spammers. Even if they are purely fraudsters they still need to have somewhere to ask people to send money to.
I doubt anyone cares enough to do it, though.
As with corporate crime...
"it's past time to start worrying." (Score:2)
http://www.heise.de/kiosk/archiv/ct/04/05/018/ [heise.de]
That was pretty much the time I started worrying.
When I read that Microsoft o
Something I don't understand about recent spam (Score:2)
I see a lot of nonsense text, but no ad. No stock tip, no viagra, etc. Just nonsense. How do you make money not even trying to sell something?
Is it just an attempt to desensitize my filters, so that maybe an ad can get through later?
Or are they just "email terrorists" trying to DoS email altogether, with no commercial agenda?
Email is a broken protocol (Score:4, Interesting)
Re: (Score:2, Insightful)
sendmail w/Joe Jobs (Score:3, Informative)
By default, sendmail uses a single queue runner. We found this, and not amavis, was our bottleneck. The single queue runner is fine for low and medium volumes, but fails miserably when presented with a huge volume of mail. So we fired 4 queue runners instead, and increased the number of available amavis children to compensate. The queue runners each have a behavior:
1) the default sendmail queue runner, starts at the front of the queue, and runs serial through it, then starts over.
2) tries to find the oldest members of the queue and process them first. Keeps stuff from being left alone for very long.
3) tries to find letters that are all going to the same mail server, and send them together. This one is awesome, as it opens a single tcp connection, and sends as many letters as it can. No time waiting for tcp handshaking per letter.
4) hops around the queue at random, and sends messages.
The combination of these four queue runners, and we have seen a huge increase in the load average on our mail servers, but we have also seen a great boost to performance. We are still seeing tons of postmaster bounces from Joe Jobs, but we aren't being slugged out by them anymore. If your mail server seems to be under performing, try this, it really does help.
Increase? What increase? (Score:2)
So yeah, haven't noticed it. Sorry.
( and yes, smartasses, if it makes you happy, sign me up for whatever spam you want to; it still won't bother me.
Re: (Score:2)
What's your point?
Email Weaknesses and Compromises (Score:3, Interesting)
Major increase for me (Score:2)
I have incoming port 25 firewall blocks set up for all the Chinese and Korean netblocks I could find, plus specific blocks for hosted spammers. A few weeks ago, right after entering some Russian hosting blocks to filter out a bunch of spam that my mom was getting, suddenly my own spam levels shot right through the roof. And they were from all over the place, quite obviously botnet spam. My increase was so dramatic specifically because I had blocks for my "usual" sources.
Thank you Microsoft, for focusing
Re: (Score:2, Informative)
http://www.okean.com/antispam/sinokorea.html [okean.com]
--Mike
Has this been tried ? (Score:2)
RFCs and best practices (Score:2)
Heck even Yahoo can't be bothered to add an SPF record to their DNS. (Ok, it's not an RFC but it's a good idea just the same.)
How do you feel about emails that become the casualty of the domain own
Allofmp3 sold their email address list (Score:3, Informative)
Where are the ISPs in all this ? (Score:2)
Port scanning other machines in the ISPs subnet is not normal and likey prohibited by TOS, sending thousands (even hundereds) or emails is not normal and likey prohibited by TOS.
Why do they do nothing ??
When I say normal I do not mean it would never happen in a real situation just unlikely).
Re: (Score:2, Informative)
Re: (Score:2)
I mean somebody does a couple of these pump&dumps where he or she is the primary profiter, or several people often appear in conjunction, isn't it traceable?
Forward it to the SEC (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
2: Spam millions of people telling them this stock is gonna make them lots of money
3: Some people actually buy the stock
4: Price rises
5: Spammer sells stock
6: Profit!!!!
It's a standard pump and dump scam.
Re:How to they make money (Score:4, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Chances are if they had hadn't spent all their money or porn and viagra with all that other spam, they wouldn't have any money to buy stocks anyways.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Users are idiots. There are Windows viruses that are encrypted zip files. The user has to save it, open the zip, type in the password, then run the executable. THESE STILL SPREAD.
How is it a big leap from those to a "patch from Apple" that tells you to save the file and chmod it? Or download this codec to get porn or any other number of social engineering attacks?
Re: (Score:2)
Another weird parallel-universe wormhole. (Score:2)
Could you do me a favor? Could you google "William Henry Gates III" and let me know what comes up? I'm curious what fast-food establishment he works at in your universe. Don't worry about who he is.
You're not going to believe what he does here.