 
Jameson
10-8
Premium
join:2004-05-28
Fallbrook, CA
clubs:  | Uhm.. This is nothing new.. | |
|
 | 
swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
| Good article, mixed up summary Spam from botnets is nothing new, but there are some interesting new techniques used. It's a good article. There's a slideshow too.
The writeup above is somewhat confused.
botnets can be devastating, because of the way in which they may rapidly infect thousands of computers How rapidly computers are added to the botnet is independent of the harm that they do. In fact the article says little about how the member machines get infected initially. What's new here is how the botnet maintains its integrity against cleanup efforts.
, automatically forwarding the spam to other computers without the computer owners’ awareness. The Russian group has taken their botnet to the next level, using SpamThru Trojan and a built-in anti-virus scanner to ensure that the spam infects as many users as possible. This statement gets the function of the botnet mixed up with the question of how computers get infected. The particular botnets described are used to send spam, but spam is not necessarily the means of infection. In this case it's advertising stocks and bogus products.
The article doesn't go into the securtities aspect, but it should be pointed out that the companies whose stock is advertised don't necessarily have anything to do with these malware purveyors. The botmasters just pick some stocks that are big enough to make money on, but small enough so that spam respondents can move the price.
Another interesting aspect is that the spams used here are better at evading filters than most spams have been in the past. | |
|
| | 04875776
Rollin' up my dog ends
Premium
join:2006-11-14
Chicago, IL
| Re: Good article, mixed up summary said by swhx7  :The botmasters just pick some stocks that are big enough to make money on, but small enough so that spam respondents can move the price. These same folks are big in the junk fax biz. Even though it's illegal to send them I keep getting "stock alerts" from offshore fax spamming operations in Romania and elsewhere...always not selling me anything. This is just a different delivery mechanism.
If it didn't work they wouldn't do it. Amazing how gullible people are. | |
|
| 
Kibbles
Premium
join:1999-07-31
Mission Viejo, CA | Re: Uhm.. It maybe nothing new...but as to why we still have so many compromized PC's in the US is odd...and yes I have been receiving a lot more spam lately..with a spam filter off 14-20 a day...with a spam filter on...2-3 a day. | |
|
| | |
| |
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| said by Kibbles :...but as to why we still have so many compromized PC's in the US is odd... Notice the graphic about which operating systems are infected. It's literally 99.95% Windows. | |
|
| | | jsouth
Jsouth
join:2000-12-12
Wichita, KS | Re: Uhm.. So what? All that proves is that there is more windows machines out there.
--
Bush bashing is old. How about more solutions instead? | |
|
| | | | DebianDog
join:2003-08-13
Chester, VA | Re: Uhm.. No there is only about 10,00 copies of Vista out there (legally) and they are already infected. Once you start really using another OS you will see the faults of Windows. All windows has on the competition is currently "marketshare". | |
|
| | | |
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
1 edit | said by jsouth :So what? All that proves is that there is more windows machines out there. Consumer and business desktops are about 90% Windows, something like 7% Macintosh, and most of the rest Linux. Internet-facing servers are about 70% Unix or Linux and are much better for sending spam or viruses or other malware.
The compromises on Windows are much higher than in proportion to its share in every one of those segements (servers, business desktops, consumer desktops). It's just easier to hack, harder to secure and tends to be maintained by less competent administrators. | |
|
| | |
| | | 
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: Uhm.. said by nixen :They post a message that's about 80% "real" text, and then the stock pump is a single JPEG or GIF image in the message. So, most of the Bayesian filters just give it a pass. If it weren't for all of the MS mail users, I'd simply reject HTML email altogether. SpamAssassin is getting pretty good at catching the quirks that seperate these messages from real mail.
One thing that really helps is automating "sa-update" to grab the latest rules from the SpamAss folks. I didn't even no about that until a few weeks ago - previously they released new rules with each version of spamass, but now the rules are continuously updated.
I would imagine if you greylist and use spamass, you don't see too much of this crap.
I wonder how long it will be until they have botnet clients that are compliant enough to make their way through greylisting (ie: include a queue)? I mean if they can generate a unique image for each email, queueing sounds pretty darn simple in comparison. | |
|
| | | | 
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
 ·Speakeasy
| Re: Uhm.. said by sporkme :SpamAssassin is getting pretty good at catching the quirks that seperate these messages from real mail. One thing that really helps is automating "sa-update" to grab the latest rules from the SpamAss folks. I didn't even no about that until a few weeks ago - previously they released new rules with each version of spamass, but now the rules are continuously updated. Hmm... perhaps it would be helpful if I read the Release Notes to see these new tools? Just ran it in debug mode. Nifty tool. I got it croned now.
said by sporkme :I would imagine if you greylist and use spamass, you don't see too much of this crap. Yeah, I use a greylist daemon. However, the bot-nets are getting a bit more sophisticated. They aren't just attempting single delivery any more.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis | |
|
| | NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| Whether my filter is off, or on, I am seeing about 30-35 spam email messages per day in two 'pacbell.net' accounts. The difference is whether the messages reach the Inbox (filter off), or the "Bulk" folder (filter on).
I am seeing nowhere near that level of spam to my personal domain; but not for lack of trying by the spammers. I see a lot of this in my mail server logs:
T 20061119 035025 455fb8df Connection from 81.50.67.217
T 20061119 035025 455fb8df HELO APoitiers-155-1-148-217.w81-50.abo.wanadoo.fr
T 20061119 035026 455fb8df MAIL FROM: <miat@dawsontechnology.co.uk>
E 20061119 035026 455fb8df Host 81.50.67.217 blocked by NJABL - message rejected.
T 20061119 035027 455fb8df QUIT
T 20061119 035027 455fb8df Connection closed with 81.50.67.217, 2 sec. elapsed.
T 20061119 035028 455fb8e0 Connection from 81.50.67.217
T 20061119 035028 455fb8e0 HELO APoitiers-155-1-148-217.w81-50.abo.wanadoo.fr
T 20061119 035029 455fb8e0 MAIL FROM: <miat@dawsontechnology.co.uk>
E 20061119 035029 455fb8e0 Host 81.50.67.217 blocked by NJABL - message rejected.
T 20061119 035029 455fb8e0 QUIT
T 20061119 035029 455fb8e0 Connection closed with 81.50.67.217, 1 sec. elapsed.
E 20061119 035347 0 Connection from 125.142.206.225 refused because of restriction.
T 20061119 035706 455fb8e1 Connection from 71.17.24.217
T 20061119 035707 455fb8e1 EHLO ahie.apu0eyra.rr.com
T 20061119 035707 455fb8e1 MAIL FROM: <circumventioncomplaisant@xr23.com>
T 20061119 035707 455fb8e1 RCPT TO: <%User_ID%@aosake.net>
E 20061119 035707 455fb8e1 554 This email address was disabled because it was harvested from a web page.
T 20061119 035708 455fb8e1 Connection closed with 71.17.24.217, 2 sec. elapsed.
T 20061119 040844 455fb8e3 Connection from 88.233.142.244
T 20061119 040847 455fb8e3 HELO dsl88-233-36596.ttnet.net.tr
T 20061119 040848 455fb8e3 MAIL FROM: <fdqloe@huntjewellers.ie>
E 20061119 040848 455fb8e3 Host 88.233.142.244 blocked by NJABL - message rejected.
T 20061119 040848 455fb8e3 QUIT
T 20061119 040848 455fb8e3 Connection closed with 88.233.142.244, 4 sec. elapsed.
T 20061119 040849 455fb8e4 Connection from 88.233.142.244
T 20061119 040850 455fb8e4 HELO dsl88-233-36596.ttnet.net.tr
T 20061119 040850 455fb8e4 MAIL FROM: <fdqloe@huntjewellers.ie>
E 20061119 040850 455fb8e4 Host 88.233.142.244 blocked by NJABL - message rejected.
T 20061119 040851 455fb8e4 QUIT
T 20061119 040851 455fb8e4 Connection closed with 88.233.142.244, 2 sec. elapsed.
T 20061119 041543 455fb8e5 Connection from 59.95.162.84
T 20061119 041543 455fb8e5 HELO aosake.net
E 20061119 041543 455fb8e5 554 Forged host name - message rejected; see: HTTP://antispam.aosake.net.
T 20061119 041544 455fb8e5 Connection closed with 59.95.162.84, 1 sec. elapsed.
T 20061119 042329 455fb8e6 Connection from 81.37.29.194
T 20061119 042330 455fb8e6 helo localhost
E 20061119 042330 455fb8e6 554 Forged host name - message rejected; see: HTTP://antispam.aosake.net.
T 20061119 042330 455fb8e6 Connection closed with 81.37.29.194, 1 sec. elapsed.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum | |
|
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| said by Jameson :This is nothing new.. The sophistication, sheer volume, image-based junk and non-irc command and control sure looks new to me.
And this:
"According to data from Barracuda Networks, an enterprise security appliance vendor in Mountain View, Calif., there has been a 67 percent increase in overall spam volume and a 500 percent increase in image spam since Aug. 2006." | |
|
| 
peter_m
Premium
join:2005-07-13
Canada, QC
2 edits | If we know who is responsible, why doesn't the CIA use one of it's drones to deliver a "package" on the people responsible for all this spam. I'm sure the savings in CPU load and electricity alone are worth it... Not to mention the convenience of having only desired e-mail in your mail box.
In a previous article, it was mentioned that less then 10 men are responsible for 80% of spam. Sounds to me like an easy, useful, morale boosting mission for the CIA.
Just kidding... but you all know you feel the same way  | |
|
shane349
Premium
join:2005-03-21
Delta, OH | stocks in the last few weeks I've been getting a ridiculous amount of email about buying stocks and stuff like that. spam assassin scores them lower then my actual legit email. | |
|
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| Re: stocks I've noticed this too. It seems to be a combination of text that looks like legitimate content to the filters, and use of images for the spam message. The images are multi-layer gifs with text in one layer and junk in the others. And the images are continually changing. | |
|
| quatrix
Premium
join:2005-02-11
Davie, FL | Gmail and Thunderbird catch mine without any problems. | |
|
| |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| Re: stocks said by quatrix :Gmail and Thunderbird catch mine without any problems. What the server-side filters don't flag, Thunderbird tends to flag (probably about 90%). But I still have to decide "is this actually junk or not." Simply allowing Thunderbird to auto-delete things it thinks is junk is information suicide.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis | |
|
| |
peter_m
Premium
join:2005-07-13
Canada, QC | Yahoo mail is letting allot of the stock spam through... sad! | |
|
Fronkman
Macs Do It Better
Premium
join:2003-06-23
Saint Louis, MO
| keep it clean please people, if you absolutely INSIST on using windows, run several spyware cleaners every week as well as solid antivirus program like AVG that update daily and also run a rootkit scan once a week. that is the price you pay for using that OS. If that is too hard, buy a mac or install ubuntu.
this applies to all windows users. i don't care how "secure" you think you are, these hackers are incredibly sophisticated.
--
Everyone should own a G4 cube or an iBook or the Mac mini! | |
|
| jsouth
Jsouth
join:2000-12-12
Wichita, KS | Re: keep it clean Oh BS. If you have your system patched and run a good firewall and have a router you can get by too. There is no need to scan weekly for rootkits.
--
Bush bashing is old. How about more solutions instead? | |
|
| | quatrix
Premium
join:2005-02-11
Davie, FL | Re: keep it clean A software firewall and resident AV aren't necessary either. | |
|
| | |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: keep it clean said by quatrix :A software firewall and resident AV aren't necessary either. That attitude is why this botnet is 75,000 Windows PCs strong and growing(mostly XP SP2, too). | |
|
| | | |
peter_m
Premium
join:2005-07-13
Canada, QC
| Re: keep it clean That is not the reason. It's just bad habits that users continue to live with that cause the problem. No mater how much I protect a PC for my customers, I always know which ones will be infested within weeks.
To my surprise, the biggest culprit was a young user that went to children's game sites and installed things left and right. The only way to prevent that is to have them run as a limited user and NOT admin! | |
|
| 04875776
Rollin' up my dog ends
Premium
join:2006-11-14
Chicago, IL | I vote all the Mac trolls off this island. | |
|
| |
peter_m
Premium
join:2005-07-13
Canada, QC | Re: keep it clean What trolls? What island? You must be mixed-up again Stevie Nicks. Just increase your dosage and you'll be fine  | |
|
| | | |
| | | 04875776
Rollin' up my dog ends
Premium
join:2006-11-14
Chicago, IL | Re: keep it clean Look in the mirror. | |
|
| | | |
peter_m
Premium
join:2005-07-13
Canada, QC | Re: keep it clean I do every morning, thanx. Which would be the right about the time you take your medication
Too funny | |
|
| thomasthered
join:2006-11-18
Freeport, IL
| jsouth was wrong with is quote! "Oh BS. If you have your system patched and run a good firewall and have a router you can get by too. There is no need to scan weekly for rootkits."
I have a lot PC freinds that send me e-mail with viruses and malware. My Mac catches all of these busy little e-mails. I then have to send, my freinds the PC users, an e-mail to let them know that they are infected, "again".
Weekly scans if not daily should been done on PC's. What do you expect, it's Windozz. | |
|
| | jsouth
Jsouth
join:2000-12-12
Wichita, KS | Re: keep it clean Yawn is tat the best you can do to make fun of windows? Oh yeah. your like Steve Jobs, haven't had anything original since the 80's.
--
Bush bashing is old. How about more solutions instead? | |
|
| | |
peter_m
Premium
join:2005-07-13
Canada, QC
| Re: keep it clean Well,
he doesn't really need anything more original then an OS that isn't bogged down by silly malware. Also it's got the best video editing software for both home users and pros.
Look-up the 3 most popular movie editing software for PC on cNet and see what the users post in the user reviews. | |
|
| | | thomasthered
join:2006-11-18
Freeport, IL
| I'm not bashing windows. I'm telling it like it is. Any way I make more money fixing windozs machines then I do Macs, and the is telling it like it really is. You must live in a cave though. Mac has move on, windozs has not, with more power OS. The fact is for windozs user to be on the internet you have to have, antivirus, pop up blockers, spy ware software. If you don't you get boo jacked. Mac doesn't need any of this, and agian that's just telling it like it is, the true. Hurts don't it!!! | |
|
| | | | jsouth
Jsouth
join:2000-12-12
Wichita, KS | Re: keep it clean Nope. It doesn't hurt. Also I don't speak ebonics. | |
|
| bradleym
join:2002-08-05
Dunfermline, IL
·Mediacom
| 
Yeah, learning Ubuntu or affording a Mac is probably easier than running an updated, memory-resident AV program. I'll get right on that weekly rootkit scan, too. Thanks for your advice for 'all' Windows users, but I'd take computing advice from my cat before I listened to you... | |
|
| | dda
Premium
join:2003-12-29
Bolton, MA
| Re: keep it clean said by bradleym :...I'd take computing advice from my cat before I listened to you... If your cat is giving you computing advice, I think you have far more important things to take care of than running an AV program.
Get that cat on Letterman and then hit the daytime talk show circuit. Some podcasts might help with buzz but definitely get something on YouTube this instant! | |
|
| 
ChrisXP
United We Stand, Divided We Fall
Premium
join:2002-12-13
USA
| said by Fronkman :please people, if you absolutely INSIST on using windows, run several spyware cleaners every week as well as solid antivirus program like AVG that update daily and also run a rootkit scan once a week. that is the price you pay for using that OS. If that is too hard, buy a mac or install ubuntu. this applies to all windows users. i don't care how "secure" you think you are, these hackers are incredibly sophisticated. I insist, and so happy that not only that my mailboxes aren't spammed, that the only virus my computer ever found was caught and destroyed upon opening an attachment for a friend (who didn't have Wordperfect). And this is going for 10 years now -- all Windows boxes.
It just takes simple common sense with network security, attachments, what sites you visit, and what you are downloading.
--
"It's not what you see that's suspect, but how you interpret what you see." ~~~ Isaac Asimov
Zionism is a crime
»www.jewsagainstzionism.com/ »www.nkusa.org/ »www.christianzionism.org/ | |
|
| |
| |
|
| |
i1me2ao
Premium
join:2001-03-03
TEXAS | easy money that about sums it up. penny stocks are easy to influence.. | |
|
batterup
I Can Not Tell A Lie.
Premium
join:2003-02-06
Netcong, NJ
clubs: | Vontage? Isn't this the tool Vontage used to *pump & dump* their IPO dog? | |
|
| 
jgkolt
Premium
join:2004-02-21
Lakewood, OH
clubs: | Re: Vontage? is there a tool to scan kaspersky for the malware mentioned?
--
www.LakeSemaJ.com | |
|
| |
batterup
I Can Not Tell A Lie.
Premium
join:2003-02-06
Netcong, NJ
clubs:
·Verizon Online DSL
| Re: Vontage? said by jgkolt :is there a tool to scan kaspersky for the malware mentioned? What is and what is not a virus is a decision made by the managers of the company that writes the program. M$ Back Office was not a virus but *Back Orifice* was. They both did the same thing, one was free one was M$. M$ secreted a virus onto millions of PC with their*validation tool* and no anti-virus made a peep. | |
|
| | OB Kenobi
join:2005-05-29
Brooklyn, NY | Are you using the specific pirated copy of Kaspersky mentioned in the article? It doesn't affect anything else. | |
|
Gandalf4503
join:2002-06-27
Las Vegas, NV
| Users are the problem No matter how much you try you can't make people read those messages about installing an ActiveX script or installing some other piece of software in order to browse a website. They get tunnel vision, have little patience and just rush forward clicking yes on everything they see.
I work with a lot of people that just don't know anything about computers or how to protect themselves. No matter how much you try to teach them, the average person doesn't have the capacity nor the time to learn all the little quirks of securing their system (especially those that are married and with kids).
I think you will only see the problems get worse and worse as hackers become more and more innovative and the average user remains impatient and uneducated. There are plenty of free resources out there to educated them, so there really is no excuse for your wifi to be unsecured, your computer to be without even a basic firewall or antivirus, etc. | |
|
| Timmn
join:2000-04-23
Tinley Park, IL
·AT&T Yahoo
| Re: Users are the problem I think the answer may be much simpler than anyone has mentioned here so far.
The ultimate control over a computer is the power switch. A bot master can't control a machine that's turned off.
The problem is that too many people don't want to spend the extra time to wait for it to boot. Unless you are running a server, there is no need to leave a computer on 24/7. | |
|
| | 
Ignite
Premium,VIP
join:2004-03-18
UK
clubs: | Re: Users are the problem Most hardware failures happen at boot time, which is why a lot of sysadmins I know have the machines running 24x7 whether in use or not. | |
|
Johnny
Premium
join:2001-06-27
Atlanta, GA
·Comcast
| Windows apologists again. It's Windows, people. Here we see the same tired excuses:
- "the user doesn't know not to visit dangerous sites"
- "all you need is a firewall"
- "don't run in admin mode"
blah blah blah.
The facts are that most servers run Unix and they are not getting owned - Windows machines are.
Blaming it on the user and expecting the user to "know" what sites "not to visit" is idiocy. If there is a list of these "sites" somewhere, why doesn't MS include the list in the damn operating system? Because there is no list.
And to the guy who said there are undoubtedly Macs which have gotten owned by these bots, prove it.
--
I ignore all anon posts. | |
|
| 
Yauch
join:2005-06-24
| Re: Windows apologists again. Wait, wait, wait. Are you really comparing a Unix based server OS to the vulnerability of Windows workstation OS?
Oh and if "The Facts" are that most servers run Unix, then how did Microsoft sell the largest market-share last year? (Source)
In all seriousness though, you are directly comparing a server admins knowledge to that of an average windows user. | |
|
| |
Johnny
Premium
join:2001-06-27
Atlanta, GA
·Comcast
| Re: Windows apologists again. said by Yauch :Wait, wait, wait. Are you really comparing a Unix based server OS to the vulnerability of Windows workstation OS? Duh, obviously not. Windows Server vs Apache - Apache is used more, but Windows is owned more. It's the design, not the marketshare.
Oh and if "The Facts" are that most servers run Unix, then how did Microsoft sell the largest market-share last year? ( Source)
In all seriousness though, you are directly comparing a server admins knowledge to that of an average windows user.
Knowledge of anything is irrelevant. The admin shouldn't have to do anything to make up for the deficiencies of the OS.
--
I ignore all anon posts. | |
|
|
ChrisXP
United We Stand, Divided We Fall
Premium
join:2002-12-13
USA
| *Nix apologists again. said by Johnny :The facts are that most servers run Unix and they are not getting owned - Windows machines are. They're only getting owned because the code to hack Windows XP and Windows Server isn't that much different. Because Windows is the leading OS, the hackers/crackers/SKs attack them as it's worth it by OS coverage. If *nix was the dominant OS, it'll be targeted more.
One of my relatives that's been a network engineer/system builder for over 25 years will get *nix boxes in the shop as screwed over as any Windows box. Why? Because it still comes down to the operator (and *nix has as many dummies operating their OS as any other). The repeated argument from these *nix "True Believers" is "*nix is safer" or "it couldn't be a [insert problem] as *nix is better". My relative just shows them how untrue it is, and the *nix "True Believer" got a valuable lesson that -- An OS is only as good as the operator and their knowledge of their computer.
There's a lot a person can do to secure a Windows box, but what's most important is some basic common sense approaches to attachments and handling email addresses (so your important inboxes aren't flooded with spam to begin with) -- and not believing all of the *nix anti-Windows fear mongering.
--
"It's not what you see that's suspect, but how you interpret what you see." ~~~ Isaac Asimov
Zionism is a crime
»www.jewsagainstzionism.com/ »www.nkusa.org/ »www.christianzionism.org/ | |
|
|
|
|
What's Behind the Penny Stock Spam Surge
·
·
