If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Metro)   FW: FW:FW:FW:FW: FW: The end of spam may be in sight   (metro.co.uk) divider line 34
    More: Unlikely, computer security, botnets, spam, Grum botnet, Computer Crime, Rolex, metro, SOPHOS  
•       •       •

5061 clicks; posted to Geek » on 31 Jul 2012 at 1:29 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



34 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread
 
2012-07-31 10:45:48 AM
Just Click Here to learn more.
 
2012-07-31 11:26:18 AM
Could end of email spam be in sight after collapse of Grum botnet?

No.
 
2012-07-31 12:52:26 PM
What is this spam which you speak of?
I see less than 1 spam per week.

Doesnt everyone use gmail already??
LOL
 
2012-07-31 12:54:34 PM
Yes, I'm sure that's the end of it and nothing will ever replace it.
 
2012-07-31 01:14:13 PM
Then how will my grandfather let us all know that Obama is going to kill us?
 
2012-07-31 01:38:10 PM

I Said: Then how will my grandfather let us all know that Obama is going to kill us?


FreeRepublic is still running.
 
2012-07-31 01:39:09 PM
Now if we could just fix Twitterjacking
 
2012-07-31 01:41:17 PM
No. Vaccinating for polio doesn't stop all deadly viruses. Killing all of the rats may have stopped the plague, but it did nothing for whooping cough. Spam will exist. Get your shots, wash your hands, and stay educated.
 
2012-07-31 01:46:09 PM
Find spammer. Seal Team 6 his sorry ass. Repeat as needed.

Problem solved.
 
2012-07-31 01:46:35 PM
CSB:

I work at a company with locations all over the world. Yesterday, some goon forwarded a chain letter about Jesus to damn near everyone in the company. I'm pretty sure that guy is looking for a new job right now.

/CSB
 
2012-07-31 01:54:13 PM
Would you like a bigger penis? Where would you like it? I could suggest some places!


/Join the pen15 club today!
 
2012-07-31 01:59:16 PM

the_sidewinder: Would you like a bigger penis? Where would you like it? I could suggest some places!


/Join the pen15 club today!


imgs.xkcd.com

/oblig
 
2012-07-31 02:29:51 PM
Great post, I really like yuor arguement in this thread.

It reminds me of something Kathy said about how shes making $125/hour at home!! All she did was click on fr33j0bz.ru and take a simple survey
 
2012-07-31 02:36:30 PM
Could end of email spam be in sight after collapse of Grum botnet?

The botnet, which was four years old, was responsible for about 18 per cent of global spam


82% of global spam is still a lot of spam, so... no.
 
2012-07-31 02:37:59 PM
Judging from the amount of spam I'm getting just today, I'd say the collapse of whatever-this-article-is-about hasn't affected me
 
2012-07-31 02:40:30 PM
images.wikia.com

The end of Crackers and Snacks may be in sight!
 
2012-07-31 02:40:49 PM
It doesn't kill it, but it is nice when they get knocked back a bit. Our filter's processing 1/3rd the number of messages it did a few months ago.

/The numbers will go back up. They always do.
 
2012-07-31 02:47:17 PM
media.giantbomb.com


This just in! Many PC users are idiots, SPAM said to continue to flourish. More at 11.
 
2012-07-31 03:05:09 PM

poot_rootbeer: The end of Crackers and Snacks may be in sight!


Thank the Gods I wasn't the only one who thought of that creepy green bastard.
It haunts my dreams.
//really
 
2012-07-31 03:25:08 PM
Spam is a problem for the IT staff responsible for email at companies beside Google.So spam all you want, I'll never know about it.
 
2012-07-31 04:18:45 PM

23FPB23: This just in! Many PC users are idiots, SPAM said to continue to flourish. More at 11.


Even if people weren't stupid enough to fall for spam scams, the spam might wane, but it won't go away. Someone will probably keep spamming just to annoy everyone, the way some virus writers like to be d*cks.

But I won't care - I'll be able to buy the best anti-spam software out there. The FBI is holding an ATM card for me and it's totally got like $10 million on it.
 
2012-07-31 05:40:08 PM

JustGetItRight: The numbers will go back up. They always do.


Agreed. Public and private forces attacking the control facilities of botnets are simply swatting at flies. Every time a botnet is eliminated, a new one will take its place. Rinse and repeat.

One major issue I see is that while authorities are very active attacking the top of the issue, they're entirely too passive about attacking the bottom of the issue: end-users. Software firms encourage users to stay up-to-date on their software and patches, and that's about it. Responsibility ends there.

I'd like to see a more proactive approach. For starters, I'd like to see ISPs of residential or small business accounts monitor their users for signs of spam, worms, denial of service attacks or botnet control. If an account tests positive, then the user gets a small window to inoculate their systems before their ISP account is disabled.

Another option would be to require minimum OS versions and patch levels in order for a client to connect to their ISP. Easier said than done, especially with the prevalence of IPv4 NAT which can obscure the number of devices sharing a residential connection and the resistance to agents. Then you have the increase in embedded devices that might be hard to verify.

In short, the idiot behind the keyboard needs to be trained and/or conditioned to be better about security. Until that issue is confronted, botnets will never cease.
 
2012-07-31 05:55:27 PM

Dinjiin: I'd like to see a more proactive approach. For starters, I'd like to see ISPs of residential or small business accounts monitor their users for signs of spam, worms, denial of service attacks or botnet control. If an account tests positive, then the user gets a small window to inoculate their systems before their ISP account is disabled.


Yes, there is no possible way that this would be abused. No, I'd really rather not have ISPs randomly disabling accounts. Their job is to provide connectivity from one end to the other. What devices and software are at either end are none of their business. You can make a case for anti-flood, but it still needs to be agnostic to device/OS.

Dinjiin: Another option would be to require minimum OS versions and patch levels in order for a client to connect to their ISP. Easier said than done, especially with the prevalence of IPv4 NAT which can obscure the number of devices sharing a residential connection and the resistance to agents. Then you have the increase in embedded devices that might be hard to verify.


Great, so now we all have "Buy the newest version of 'single-supplier OS' and don't run any software we don't like, or you're banned from the Internet." Not that it won't be hilarious when one ISP goes Windows only, but seriously, it's not like a bot can't just fake all the packets that the ISP would look for... or did you want to go ahead and add Apple and Microsoft certified authentication appliances into every data center? Oh, you wanted to use a different OS?

I really can't stress how bad of a plan that is.

Dinjiin: In short, the idiot behind the keyboard needs to be trained and/or conditioned to be better about security. Until that issue is confronted, botnets will never cease.


Well, at least this part is right.
 
2012-07-31 06:55:35 PM

ProfessorOhki: Well, at least this part is right.


Since you threw cold water on my ideas, care to suggest a few yourself?
 
2012-07-31 07:06:21 PM
Goddamn it really? Cuz there's someone I really really really hate and I want to put their e-mail to subscribe on some site so this person can eat spam
 
2012-07-31 07:10:45 PM

Dinjiin: ProfessorOhki: Well, at least this part is right.

Since you threw cold water on my ideas, care to suggest a few yourself?


Nope. We're all doomed.

If I had the answers, I'd be doing something more interesting and, likely, more expensive than hanging out in the geek tab. You essentially get into an arms race between the anti-spam companies and the spam bots. The only things I can think of that even come close to effective are way worse than what you suggested. Would end up with a centralized e-mail authority where every message had to be keyed with some signature that was tied to an individual/organization and that's a logistical nightmare AND asking for abuse. You could make a case for throttling SMTP traffic I suppose, but I still don't like ISP interference.

Best I've got is to educate people to have basic knowledge about good practices. If there were no returns on the spam, they wouldn't bother coming up with ways to bypass modern filtering. Botnets and that sort of thing on the other hand, I've got nothing. Again, education, maybe home routers that look for suspicious traffic and notify you directly by default.

/I'm way better at breaking ideas than suggesting my own
 
2012-07-31 07:52:47 PM
Only one method is known to permanently stop a spammer.
 
2012-07-31 08:01:20 PM
Pretty much the pattern of spamvertising in media tends to go like this:

a) Someone invents spamming of (insert media here)
b) Spamming increases until media in question is rendered useless for spamming, either via all valid communication being run off and spammers taking over OR the earth being effectively "salted" in some manner
c) Lather, rinse, repeat on some other forum until lynch mob decides to permanently end spammer
d) Lather, rinse, repeat with some other sociopathic bastard who sees (insert media here) as their own personal wall to splatter their adver-feces on

To give a textbook example of this, let me tell you the story of one Sanford Wallace, who pretty much innovated every bad practice in place among spammers nowadays:

a) Became major junk-faxer. Inadvertently salted earth for himself when he made mistake of including multiple members of Congress in one of his spams, thus resulting in the provisions of the TCPA banning junk faxes (which was the RIGHT legislative way of salting the earth).

b) Wallace moves on to spamming Internet email (one of the first major spammers of email, along with "Krazy" Kevin Lipsitz--the latter of whom eventually goes honest and is in a much more moral business nowadays of competitive eating) and eventually is banned from (and ultimately sued by) both AOL and Compuserve in what amounts to one of the first major legal judgements against a spammer.

In fact, Compuserve Inc. vs. Cyber Promotions Inc. actually established the case law that an ISP can basically sue to get a de facto restraining order prohibiting a spammer from sending unsolicited commercial email to its customers.

c) Wallace proceeds to set up what is the first documented "pink provider" (explicitly spam-friendly hosting company), Cyber Promotions, along with several other notorious spammers on Usenet, and expands his own spamming to Usenet as well as email. Activity eventually results in first a major backbone provider for Usenet traffic (AGIS.net) being shunned off the rest of the Usenet in a "Usenet Death Penalty", eventually being expanded to an "Internet Death Penalty" where hosts throughout the Internet refused to share packets with sites hosted on AGIS.net.

Cyber Promotions eventually stops organised spamming of Usenet and email (after Usenet is all but rendered useless for its original purpose due to spamming) and Sanford Wallace makes the first of several bogus claims of going legit--largely due to the threat of lawsuits by several companies including (again) AOL threatening lawsuit for violation of a court order prohibiting sending email to AOL addresses.

Cyber Promotions (under the rebranding MTG) eventually has its feed dropped by its hosting ISP, and Wallace attempts to SLAPP a major anti-spam activist (and fails).

Of note--Cyber Promotions spam, along with other net.abuse (particularly Hipcrime floods of newsgroups) ends up pretty much being the death knell for Usenet as a functional discussion forum in the mid- to late-90s. The Cyber Promotions spam in particular also made heavy use of third-party proxies (resulting in the functional end of email and Usenet proxies) including use of proxies without permission (being an early shadow of how "zombie computers" infected by malware now operate), innovated the use of forged email headers (eventually prohibited in antispam laws), and innovated the use of explicitly spam-friendly hosting companies and backbone providers (now mostly showing up in Russia and China).

c) Sanford Wallace moves on to not only pop-up window spam (via web browsers) but Windows Messenger spam and (eventually) spamming via the use of adware and badware--eventually evolving to the point of frank ransomware in the early 2000s by installing malware on PCs (via exploits) and then demanding purchase of a $30 program to remove the malware. This scheme ended in 2005 when the FTC fined Wallace over US$5 million.

This was, as well, a prelude to the eventual preferred method of spamming--the deliberate infection of third-party computers on broadband connections with malware so as to not only send spam to those computers but to use them as third-party relays to send spam from (as by this point practically all the third-party relays for email had closed due to abuse).

d) Sanford Wallace moves on to spamming social networking sites--first MySpace with over 11,000 sock accounts used for phishing and spamming as well as distributing malware--by this point he had partnered with the infamous Walter Rines (operator of a particularly nasty malware distributor that can be argued to be an early botnet). Myspace wins a default judgement against Wallace and Rines, including not only a US$230 million judgement but a similar "do not use this service ever again" order similar to the order granted AOL and Compuserve banning Sanford Wallace from those systems back in the mid-90s.

Of particular note here, Kazanon--the particular malware distributed via Javascript vulnerabilities on MySpace by Wallace and Rines--was one of the first malware packages that explicitly included droppers for OTHER malware, and can be seen as the spiritual ancestor of modern spam botnets.

e) Wallace finally made his fatal mistake in spamming Facebook walls--not only engaging in similar behaviour as on MySpace, but also apparently deliberately compromising Facebook accounts to turn them into "zombie profiles" to distribute spam and malware. This led not only to Facebook suing the living crap out of Wallace (and getting a record judgement of US$711 million in damages) but also inspired MySpace to ask that he and Walter Rines be charged with contempt of court.

The compromise of Facebook accounts in particular led to an FBI investigation where Wallace was finally charged--and ultimately convicted--of electronic mail fraud, criminal contempt, and compromise of a protected computer (in this case, compromise of "federal interest" or "homeland security interest" computers--in other words, they got him in part using the US PATRIOT Act).

Facebook has since obtained a default ruling against Wallace and after a period where he ran from the law, he finally surrendered to federal authorities on 6 August 2011; when criminal indictment was filed against Wallace by the FBI in February 2012 it was revealed Wallace is suspected of having compromised over 500,000 Facebook accounts to use as "spam zombies".

After over twenty years of sociopathic forms of malvertising and (to this date) almost US$1.5 BILLION dollars in judgements against him, the only thing that may stop this particular spammer...is a potential 40-year prison term where he will hopefully receive a Mitnick-esque condition of release (that is, "no using anything resembling a computer at all for you, not even a smartphone").

With the Russian spamgangs in particular, I think about the only way to stop them permanently is imprisonment or, well, the "Chinese Method"--shoot them in the back of the head and send the bill for the ammo to their relatives :P
 
2012-07-31 08:16:29 PM

Great Porn Dragon: With the Russian spamgangs in particular, I think about the only way to stop them permanently is imprisonment or, well, the "Chinese Method"--shoot them in the back of the head and send the bill for the ammo to their relatives :P


As I said: only one method is effective for permanently stopping a spammer.
 
2012-07-31 08:20:10 PM

ProfessorOhki: Best I've got is to educate people to have basic knowledge about good practices.


That's just not going to happen. Unless you make users learn the lesson at gunpoint, they will do their best to avoid it. Even if the message is received, it'll often land on deaf ears. Just read any thread where people talk about helping friends or family with their computer issues. It becomes one giant novel regarding the futility of tech support with laymen.

I acknowledge your points, but I still see the cure as being several steps above the pain caused by the disease.
 
2012-07-31 10:31:27 PM

Dinjiin: ProfessorOhki: Best I've got is to educate people to have basic knowledge about good practices.

That's just not going to happen. Unless you make users learn the lesson at gunpoint, they will do their best to avoid it. Even if the message is received, it'll often land on deaf ears. Just read any thread where people talk about helping friends or family with their computer issues. It becomes one giant novel regarding the futility of tech support with laymen.

I acknowledge your points, but I still see the cure as being several steps above the pain caused by the disease.


I get where you're coming from too, but for me, the inconvenience of having to delete some v14gr4 ads is far less dangerous of a path than giving Comcast and co. a big foot in the door against net neutrality.

Eventually, the laymen will shrink in percentage as well, but by then we'll be arguing about abuse of some newer communication tech.
 
2012-07-31 10:37:47 PM
+1 subby, free internets is you, pick it up from Drew.

/long, extended chortle @ headline
 
2012-08-01 10:44:20 AM
I Said: Then how will my grandfather sister let us all know that Obama is going to kill us?

Fixed for my personal situation.
 
2012-08-01 11:15:37 AM

MoronLessOff: CSB:

I work at a company with locations all over the world. Yesterday, some goon forwarded a chain letter about Jesus to damn near everyone in the company. I'm pretty sure that guy is looking for a new job right now.

/CSB


Jesus is looking for a new job?
 
Displayed 34 of 34 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report