backtop

Print E-mail del.icio.us 46 comment(s) - last by alanrichards.. on Dec 3 at 5:22 PM
Spam on the increase a couple weeks after major spam shutdown

Security researchers who warned the shutdown of McColo Corp. would only lower spam levels for a couple of weeks were correct, as one of the largest botnets on the internet, Srizbi, has been resurrected.

After two ISPs stopped offering service to McColo about two weeks ago, global spam mail dropped 70 percent due to the shutdown.

Since last Sunday, spam volume sent rose around 37 percent of the original amount before McColo was pulled offline on November 11.

Srizbi, Asprox, Mega-D, Rustock, and other spam botnets are fully operational again, and in several cases using ISPs located outside of the United States.  Any time a botnet is hosted on an ISP not within the United States, it becomes even more difficult to shut down, security experts say.

At least 450,000 infected computers were found connecting to the Srizbi botnet over the past week or so.  

In case of termination, Srizbi bots are designed to create a unique web site address that will allow it to look for updates.  Botnet masters simply need to register the web domains each hijacked computer is trying to visit, and then they're back in business.  Security company FireEye said at least 50,000 Srizbi machines have found new homes, and are now receiving new instructions from Estonian-based servers.

A botnet called Cutwail, which wasn't hosted by McColo, also has reportedly increased its efforts to spam Internet users after the McColo shutdown.

Security analysts expect prior spam levels will be reached at some point in the immediate future.  Botnet masters were left temporarily crippled after the demise of McColo, but new hosts and bandwidth should be found soon.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
WTF
By GoOffroad on 12/1/2008 8:41:43 AM , Rating: 2
What's with these botnets? How do people find out if they are infected. I mean I reinstall my os every month or so but for others wth!




RE: WTF
By Gul Westfale on 12/1/2008 8:49:14 AM , Rating: 2
i use several adware/spyware programs, and i maintain a list of free security apps on my little website:

http://gulwestfale.net/securitytools.htm


RE: WTF
By retrospooty on 12/1/2008 8:57:07 AM , Rating: 2
Sorry... you lost me at Trend Micro. Worst AV I ever used. Is 90% useless.

I dont get the need for all of those apps, you just need one good one. Nod32 does the trick. I hear Kaspersy is good too and that IS on your list. Not sure why you would need all that other crap.


RE: WTF
By Gul Westfale on 12/1/2008 9:02:43 AM , Rating: 4
i agree that trendmicro sucks... but one program alone is never enough.

i recently had a virus that deleted .exe files from my machine and neither spybot nor adware detected it; so searched around and found malware bytes anti-malware program, and it did the trick.

so keep more than one program on your PC, just in case. they're free, after all.


RE: WTF
By amanojaku on 12/1/2008 9:06:22 AM , Rating: 3
quote:
so keep more than one program on your PC, just in case. they're free, after all.

So is AntiVirus Gold. The fact that something is free is sometimes more of a reason to avoid it. The best products to use are those recommended by people you trust.

http://en.wikipedia.org/wiki/AntiVirus_Gold


RE: WTF
By Gul Westfale on 12/1/2008 9:15:36 AM , Rating: 3
wikipedia is free... :)

antivirus gold is a malware program, not a malware remover, and therefore i would never list that on my site.

for people who are not sure about what they are about to download, here is one golden rule to keep in mind at all times:
if you're not sure, google it and check it on wikipedia.


RE: WTF
By amanojaku on 12/1/2008 9:26:26 AM , Rating: 2
quote:
AntiVirus Gold is a rogue software developed by ICommerce Solutions S.A. that poses as a legitimate antivirus program[1]. It attempts to persuade users to buy the software by displaying ads and other nagware. It is believed that the name of the program is an attempt at social engineering to confuse people about the legitimate program AVG Anti-Virus.
You missed my point. You said to use free software: how does one know to trust ANY software? Many free programs are made just to swindle you, as the Wikipedia entry about the fake AVG program explains (reread the quote.) That's why I said ask the people you trust.


RE: WTF
By Gul Westfale on 12/1/2008 10:24:05 AM , Rating: 2
quoting myself here...

quote:
if you're not sure, google it and check it on wikipedia.


as for people who don't like every single program i list, well too bad for you. i make no money from these lists (i don't sell anything, and there are no ads on my site), i just do this because i think it is useful. if you click the "Free Programs" button at the top you will get a full index of lists, btw. and don't tell me daikatana sucks now, I ALREADY KNOW. but someone with an older PC who doesn't have much cash at the moment could have some fun with it...


RE: WTF
By ShaolinSoccer on 12/1/2008 10:04:24 AM , Rating: 1
Comodo kinda sucks, too. Not only does it make you worthless in FPS games, it has constant popups for every single thing you try to do. Reminds me of the old Vista...


RE: WTF
By quiksilvr on 12/1/2008 11:54:12 AM , Rating: 2
OMG come on, you guys! I thought we were suppose to be nerds. This is all you need:

AVG FREE 8
ZONE ALARM FIREWALL (ALSO FREE)

Just install those two and disable AVG Safe Search on Firefox because I think it still has some issues, unless AVG fixed them.


RE: WTF
By Mitch101 on 12/1/2008 12:19:05 PM , Rating: 2
And Spybot.


RE: WTF
By Screwballl on 12/1/2008 12:18:18 PM , Rating: 2
Comodo is the best software firewall available... do you want to be protected or not?

AVG is crap

Check here for the Retrospective/Proactive testing:
http://www.av-comparatives.org/ and then Comparatives on the left.

AVG = 32%
NOD32 = 57%
Avira = 72%

On the on-demand page it shows Avira at the top again at 99.2%.
AVG = 94.3%
Avast = 97.3%
NOD32 = 93%

The geeks check multiple sources and unbiased testing locations. This is how we learn that of you need Windows, use Avira and Comodo.

http://www.personalfirewall.comodo.com/testyourfir...
http://www.matousec.com/projects/firewall-challeng...
Older but still valid site:
http://www.firewallleaktester.com/news.htm


RE: WTF
By Jedi2155 on 12/2/2008 2:03:05 AM , Rating: 2
Except you failed to point out that Avira has "many" false positives while NOD32 has "few" it gets really annoying when a supposedly excellent anti-virus program deletes a program you yourself know is a 100% safe. The reason avira gets such a high rating is because they heureustics is set to the maximum and becomes more of a nuisance than a helper.

I'll stick with my NOD32 thank you :). Although even that isn't perfect as it detected my Metal Gear Solid executable as a virus....:-/.


RE: WTF
By mixpix on 12/1/2008 10:29:36 AM , Rating: 2
Don't install two anti-virus programs at a time. They will eat each other alive and make your computer act like it's possessed.


RE: WTF
By AlexWade on 12/1/2008 10:43:02 AM , Rating: 2
Trend Micro sucks (although at one time it didn't) but it still is light years better than Norton or McAfee, which just goes to show how bad they are. Even with the new improved Norton I've seen computers loaded with spyware. The same for McAfee except that McAfee likes to replace everything you have with their slower less efficient version. Trend Micro went downhill when they started becoming popular. Before they had to make a name for themselves by being good, that is no longer the case.

For my money, I'm using NOD32 and Malware Bytes. Kaspersky is good but not as good as NOD32.


RE: WTF
By xsadusx on 12/1/08, Rating: -1
RE: WTF
By ShaolinSoccer on 12/1/2008 10:06:02 AM , Rating: 3
Can you install every single thing ever made for Windows? If not, please shut up...


RE: WTF
By xsadusx on 12/1/08, Rating: 0
RE: WTF
By Screwballl on 12/1/2008 11:55:47 AM , Rating: 2
quote:
i use several adware/spyware programs, and i maintain a list of free security apps on my little website: http://gulwestfale.net/securitytools.htm


Try this for anti-virus testing... this shows that Norton, Mcafee, NOD32, Trend and Kaspersky among others are second rate, or at least not as good.

Use Avira (free or paid version)

For software firewalls, Comodo is THE best out there... so what if there are a few popups, do you want protection or not?


RE: WTF
By Screwballl on 12/1/2008 12:01:16 PM , Rating: 1
oops forgot the url:

http://www.av-comparatives.org/

Try this for anti-virus testing... this shows that Norton, Mcafee, NOD32, Trend and Kaspersky among others are second rate, or at least not as good. Take a CLOSE look at the Retrospective/Proactive tests and come back and tell me that anything but Avira or Sophos is good.

If you use Windows, then Avira + Comodo Firewall is a minimum requirement. Otherwise, dual boot your system and use linux for your web surfing and Windows for those Windows-only programs that you cannot live without (for whatever reason).


RE: WTF
By bodar on 12/2/2008 9:45:38 PM , Rating: 2
A FEW popups? I installed it on my XP box 6 months ago and it absolutely refused to remember my responses, so I constantly had to tell it to allow certain programs (like Firefox), making UAC seem like a walk in the park. If it weren't for that, I would've kept it though.

Also, I second the Avira false-positives problem.


RE: WTF
By amanojaku on 12/1/2008 9:01:39 AM , Rating: 2
A combination of intelligence, diligence, and proaction is all you need. Intelligence enough to realize when your machine is behaving differently than before (higher CPU and/or RAM use, more network activity, etc...) Being diligent about regular scanning for viruses, spyware, etc... And being proactive in finding out about exploits and fixes.

There are some alternatives, like using Virtual Machines. I surf the web in a VM and have a separate VM for office productivity. If my web VM is compromised I just roll it back to a previous instance (not Windows System Restore, but a VMware disk snapshot similar to a tape backup.) Everytime my web VM boots it's as if it was the first time I used it. You can hack it all you want; it all goes away when I power it off, cookies, spyware, and all!


RE: WTF
By ShaolinSoccer on 12/1/2008 10:07:52 AM , Rating: 2
rootkits?


RE: WTF
By Master Kenobi (blog) on 12/1/2008 10:18:23 AM , Rating: 2
He's right about VM's. Rootkits are similarly removed.


RE: WTF
By amanojaku on 12/1/2008 2:32:17 PM , Rating: 3
EVERYTHING is removed that was created AFTER the snapshot if you configure the VM that way. Again, a VMware VM snapshot is like a tape backup. Let's say you install Windows on December 1st, snapshot it on December 7th and apply a service pack or patch on January 1st. On January 5th your UAT team tells you the patch installed successfully but broke applications. An uninstall doesn't fix the problem, so now you want to roll back. You never backed up the VM, but you do have it it snapshot mode. So you roll back to the December 7th snapshot on January 7th. You've just lost 31 days' worth of data updates, etc... but the applications work again.

A VMware VM's disks are files; the directories and files that make up the VM are just blocks in the file. When you put a VM's disk, e.g. windows.vmdk, into snapshot mode it examines all file changes and writes them into a separate file. If c:\autoexec.bat is updated with a new line that line is NOT in windows.vmdk; it's in the snapshot file. If the VM gets a virus in the MBR it goes into the snapshot file. If the VM gets malware that changes explorer.exe or svchost.exe (happened to me yesterday, damn IE) it also goes into the snapshot file. See a pattern? Remove the snapshot and remove ALL changes. This isn't a VM thing, this is just data backup taken to the next level; you could do the same thing on physical servers using tape, DVDs, hard disks, etc... VMs are just more convenient, if you have OS and software licenses.


Estonia?
By corduroygt on 12/1/2008 9:03:52 AM , Rating: 3
Why doesn't the US simply shut off its internet from countries that allow hacking activities or don't respect US copyright laws? I could live without accessing sites in Estonia or China, and I'm sure they'd be pissed if they couldn't access any US websites. Pissed enough that they would catch these hackers/copyright violators and punish them.




RE: Estonia?
By Bateluer on 12/1/2008 9:17:39 AM , Rating: 2
Most people in the US don't respect US copyright law, mostly because its horribly broken, but that's another discussion entirely.

Spamming is a profitable enterprise. Sending a billion emails costs next to nothing, even a handful of suckers generates a profit.


RE: Estonia?
By amanojaku on 12/1/2008 9:21:34 AM , Rating: 3
It's not so black and white as all that. This country has a hard enough time catching its own electronic criminals; how can you expect some bass-ackwards, poor country to catch the same type of folks? I remember consulting for a webhost that was notorious for getting hacked and being a launchpad for hackers. One day someone decided to use them as a mail relay for several million messages a minute. I had to block ALL of Asia and Australia because the IPs were coming from all over. Talk about fun! So I stop the spam relay but now I'm fielding calls from legitimate users who can't send email. What did I learn? I never really knew WHERE the hackers were coming from (nor did I care, because that was the security team's responsibility to follow up,) but I knew the addresses getting logged were either false, or worse, legitimate and indicative of a widespread infection. Sometimes you really are being hacked by a little old lady's PC; she just doesn't know it and the real criminal is long gone.


RE: Estonia?
By mmntech on 12/1/2008 9:38:43 AM , Rating: 2
Wouldn't that be censorship? That's like trying to put out a kitchen fire by blowing the house apart with a 1000lb bomb. Sure, it would probably work but you do more damage in the end.

The best way to tackle spam is through public awareness. The reason there is spam is because some moron out there actually bought into these scams. Take the woman who lost everything to that Nigerian scammer that was reported on here last week for example. Spam is one of the few things in this world that actually does go away if people just ignore it. The problem is getting these dolts to ignore it too.


RE: Estonia?
By ShaolinSoccer on 12/1/2008 10:13:36 AM , Rating: 2
I don't have a problem with spam. I use a web based email account that only allows people I allow it to. All the spam I get goes to a spam folder and I mark every single one (with one click) as spam so my web based email service blocks them forever. It doesn't get much simpler than that...

I get maybe 1 or 2 spam per day and check my email twice a week so it's not a big deal at all to me...


RE: Estonia?
By mindless1 on 12/1/2008 3:19:28 PM , Rating: 2
You are quite wrong, spam does not go away if you just ignore it, that is why we have so much spam! Ignoring it does nothing, they just devise ways to send more and more so that even if the % of users clicking through goes down, the increase in volume offsets that.

Someone clicking on a spam is not the problem, there will always be a very small number of people who let any kind of shady business make a buck once in a while. The real problem is you and anyway like you who things ignoring something is the answer. We need to once and for all put 100% of out attention on spam. International agreements that demand accountability for tracing spam origins and action in shutting down users.

Yes, cut off large groups of people and leave them cut off until they trace down where their networks were letting spam through. Let their cries of "I can't send email our business is ruined", rattle a few of their politicians and government officials till they take action to pass the buck, themselves blocking the source they see of the spam and so on. If they say it comes from many sources, fine, it's not a hard thing to script blocks where there are suddenly increases of millions of emails which are obviously spam. If they dont' volunteer to responsibly use their network, let it be shut off so they have the time to work that out.

In the end, not enough is done about spam because there aren't many repercussions if nothing is done about it. The problem will never go away until people have a motivation to put forth the effort because it will benefit them to do so. They need a kick in the pants.


RE: Estonia?
By JonnyDough on 12/1/2008 3:46:28 PM , Rating: 2
So why not allow us to choose what nations we can access via our ISP? I would love to tell my ISP to block incoming traffic from all non-US based servers before it reaches my home. If tech companies are based in Taiwan, fine. Get them to set up a legit server here. That way at least, I don't have to worry about suing a hacker outside the U.S. where litigation may or may not stick. Ever try to press charges against someone from another continent for f'ing up your system? I don't know if it's even possible.


RE: Estonia?
By JonnyDough on 12/1/2008 3:52:01 PM , Rating: 2
Public awareness? Today's youth are more keen about spam. It's part of our vocabulary now. The people being suckered are obviously older folks who are new to email. You can only be unaware until you are aware. If this is the case, then this problem should snuff itself out as the older generations die off.

I think that the real problem of education is that people don't know how to limit their in coming mail to addresses they know and trust. What we need are simpler tools and better free email. We need a more standardized address book for email, one that blocks all unknown email addresses with the click of a button. Most email has this feature, but it isn't staring users in the face.


RE: Estonia?
By wvh on 12/1/2008 5:07:53 PM , Rating: 2
That's funny. You would cut off random (even European) countries off for having hackers or people disrespecting copyrights? What about cutting off yourself? Do you think there's less piracy or less spamming from people in the US than in Europe? Think again. A lot of the major spammers are American, and even run their operations from the US.

And this arrogance makes you the prime target for all sorts of mischief – they will always find a way to get to you. It would be better to work with these countries than against them. We're all in this together, all governments should do more to catch major spammers. It really isn't that difficult to track them down with a (inter)national taskforce.

Besides, cutting off China might hurt the US more than China in these economically troubled times. Do you realise how many billions worth of goods come from China? Banning China – as if somehow feasible – is not going to do much good to businesses on either side.

Sure, it all sounds nice and feisty with guns blazing, but you're not thinking things through.


RE: Estonia?
By JonnyDough on 12/2/2008 7:14:59 PM , Rating: 2
Actually, Americans still have money and want to spend it. We were doing fine prior to Clinton's trade deal with China. I have to tell you, if we stopped buying Chinese we would be BETTER OFF, and THEY WOULD BE HURTING MORE. You talk about ignorance, but you're an idiot.


If you strike me down . . .
By Bateluer on 12/1/2008 8:15:59 AM , Rating: 3
I shall become more powerful than you can possibly imagine!




RE: If you strike me down . . .
By Barnacle on 12/1/2008 10:38:08 AM , Rating: 1
...with a power so great, it can only be used for good or evil.

Would that there were a way to tack even as little as a hundredth of a cent on each email: virtually no impact on legitimate emailers, but death-knell to the profitability of spam.


RE: If you strike me down . . .
By trabpukcip on 12/1/2008 10:57:15 AM , Rating: 2
Cause the spammers will probably find a way around it so they don't have to pay.

Then only everyday people will be paying for email.


RE: If you strike me down . . .
By PhoenixKnight on 12/1/2008 11:19:26 AM , Rating: 2
And in many cases, those everyday people will be paying for spam sent from their computer by a spambot.


RE: If you strike me down . . .
By corduroygt on 12/1/2008 1:04:45 PM , Rating: 1
That's not such a bad thing, it'll teach people some common sense when opening up the 13yearoldboy.jpg .exe attachment in their e-mail or visiting www.getafreeipod.com after they get stuck with a huge e-mail bill.


RE: If you strike me down . . .
By Barnacle on 12/1/2008 2:35:24 PM , Rating: 2
That reasoning could be used to support apathy about any solution for anything -- it'll probably happen anyway, maybe a different way, so there's no point in trying. Might as well just give up; woe is me.


RE: If you strike me down . . .
By mindless1 on 12/1/2008 3:49:37 PM , Rating: 2
I've a better idea, a per-email account limit on the number of messages that can be sent in one day. If someone needs to send more than that limit, they buy an upgraded account - and ISPs are prohibited from giving away a grossly increased email capacity without charge and consumer request for it, so customers don't inadvertantly make themselves targets and enablers for spambots.

The limit could be high, 500 emails? Even 2000 a day and it'd be quite a limitation on current spam.


am I missing something?
By HighWing on 12/1/2008 12:59:47 PM , Rating: 2
ok from these reports it sounds like they have a pretty good idea of what these botnets are doing, and how they do it. So much so, that they even seem to know where its all coming from and where its going.

Now with that information in hand.... why is it so hard to just block/stop it from happening? I mean seriously if they can say what computers are infected, than why not send the users a notification telling them so and turning off their internet till they fix it. And the same goes with servers sending/hosting this stuff. Have the other ISP's connecting to them simply disallow them access to their networks till they stop sending out the spam?

How is that such a hard thing to do?




By William Gaatjes on 12/1/2008 2:20:48 PM , Rating: 2
And since last friday some spam mail started dropping by again. But not in the quantity i was used too and i hope it stays that way.




Anti Cyber Crime ...
By DatabaseMX on 12/1/2008 3:39:16 PM , Rating: 2
Check this out - 3 years now and zero problems.

It uses the Kaspersky AV engine.

http://www.secureresolutions.com/Products/AntiCybe...

Very cool web based configuration utility ... and real live US based tech support people!




Cat and mouse game....
By alanrichards on 12/3/2008 5:22:56 PM , Rating: 2
Seems to me like all this stuff will always be a big cat and mouse game. You need to have things locked down to make sure the botnets don't use your equipment and you need to make sure you have a decent spam filter to battle the stuff. spam bayes and SpamBully have been decent. But most of my personal emailing has moved to social networks. Less of a headache!




“And I don't know why [Apple is] acting like it’s superior. I don't even get it. What are they trying to say?” -- Bill Gates on the Mac ads











botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki