Optimized
Premium,Mod
join:2001-05-03
Pompton Lakes, NJ
clubs: | Scary reality ...
That's probably a conservative estimate too! |
|
tdkyo
join:2002-12-07
Rochester, NY | Woa
Very interesting. Didn't know these underground losers had such a organized system of exchanging resources. I initially thought each group worked independently. |
|
Corvus
Flaming Tards Since 2003
Premium,VIP
join:2003-11-26
| 
From ThinkGeek |
copyrights ThinkGeek
--
Jesus saves, but only Buddha makes incremental backups. |
|
linicx
Caveat Emptor
Premium
join:2002-12-03
United State
 ·CenturyLink
| reply to Optimized
Re: Scary reality ...
It is very scary if you own a machine with a Microsoft Operating System running it.
Until someone gets a handle on this bot, the smart thing for every ISP to do is shut down the mail servers so it can't spread; locate the infected machines and notify the owners.
--
Macintosh: no windows, no gates and the Apple inside |
|
Corvus
Flaming Tards Since 2003
Premium,VIP
join:2003-11-26 | Humm, my example: you have 500 000 customers and they pay for the service, how can you shutdown mail servers without loosing money (you must refund them) and customers?
--
Jesus saves, but only Buddha makes incremental backups. |
|
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
| RICO Act?
quote:
"The trade of BotNets on compromised machines is becoming an industry in itself. Organised crime is making use of this industry,"
So . . . are broadband companies who fail to act on complaints of infected and compromised machines, as identified by their IP address, liable for inclusion in possible criminal complaints for "aiding and abetting"?
--
The Rules of Spam | Maryland's New Anti-Spam Law
Where are we going? And what's with the hand basket? |
|
Optimized
Premium,Mod
join:2001-05-03
Pompton Lakes, NJ
clubs: | reply to linicx
Re: Scary reality ...
I have not seen any abnormal requests in my logs during the past 24 hours.
Shields up |
|
INHCNN
join:2001-12-15
Lansing, MI
| reply to linicx
said by linicx  :
It is very scary if you own a machine with a Microsoft Operating System running it.
Yep, because *nix systems aren't ever compramised. (rolls eyes)
said by linicx :
Until someone gets a handle on this bot...
It's not just *one* bot. I've seen a large variety of IRC bots and FXP sites - and they all contribute to the same problem.
These kinds of activities though are going to be what blows the lid off of the computer underground. You have a lot of kids out there installing root kits, bots, and FTP servers en mass, and it is starting to draw attention. This has always been a problem for people like myself who deal with it everyday, but now the public at large is starting to get involved, and that will change the game.
Although, this is the first time that I've seen it all refered to as "organized crime". When I first read it, I got a chuckle out of it. But if you think about it: pre relase movies, music, and applications are very commonplace in the underground, and that can be used as a platform to call such activities "organized crime". Not that the older stuff isn't crime, it just doesn't have the same life as the major pre-release stuff.
-end-of-early-morning-rant- |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
·Speakeasy
| Some Numbers...
In an average three hour period, one of my mail servers allows 5000-6000 messages to pass through to the rest of the mail system. In that same three hour period, an average of 15000-17000 messages are rejected. In other words, 75% of the traffic hitting my front-line mail servers is rejected due to anti-spam rules.
Interestingly, of that 15000-17000, fully half are rejected by using an RBL that blocks SMTP connections from dynamic IP blocks (i.e., ones typically used by residential dial-up and broadband users). Prior to turning on that rule, an average of 68% of emails were bounced due to being spam (as determined by content analyzers rather than descriminating against source). What using the RBL did for me wasn't so much cut down on how much SPAM gets through as cut down on the computational expense of blocking that SPAM.
Given the numbers "zombies" out there (based both on publicised numbers and the per CIDR rejection numbers I see), descriminating based on source seems to be a valid form of filtering.
It should be noted that these numbers come from mail systems that serve a user base of less than 300 people.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" |
|
linicx
Caveat Emptor
Premium
join:2002-12-03
United State | reply to Corvus
Re: Scary reality ...
Yeah, you're right . 500,000 customers probably do prefer worms served with spam and morning coffee.
--
Macintosh: no windows, no gates and the Apple inside |
|
Corvus
Flaming Tards Since 2003
Premium,VIP
join:2003-11-26
| Unfortunately, yes. I deal with angry people who wants to quit us everyday, and when they loose business because the service was down trust me, they don't care about spam because money talks.
--
Jesus saves, but only Buddha makes incremental backups. |
|
B777300
join:2002-01-02
| reply to INHCNN
said by INHCNN :
said by linicx :
It is very scary if you own a machine with a Microsoft Operating System running it.
Yep, because *nix systems aren't ever compramised. (rolls eyes)
I hope that was a joke, or that would show your ignorance. |
|
russotto
join:2000-10-05
Collegeville, PA | Unix systems tend to be compromised, when compromised, by attacks directly addressed to the system which is compromised.
Microsoft systems are compromised by attacks addressed "to whom it may concern". |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB | Where the heck is law enforcement on this?
Where the heck is law enforcement on this?
And are there some ISPs or their workers getting kick-backs by keeping customers from knowing of complaints about their computers from places like DShield and myNetWatchman. |
|
rklein
God Among Hogs
join:2001-01-18
Worcester, MA | reply to linicx
Re: Scary reality ...
You don't run your own mail server, do you?
--
-Rich |
|
LrdVader
Premium
join:2003-12-18
San Diego, CA | reply to Corvus
Re: Woa
Actually, it's from »www.despair.com.  |
|
LrdVader
Premium
join:2003-12-18
San Diego, CA
| reply to linicx
Re: Scary reality ...
said by linicx :
Until someone gets a handle on this bot, the smart thing for every ISP to do is shut down the mail servers so it can't spread; locate the infected machines and notify the owners.
So every time there's a new virus found, email should grind to a screeching halt?
Do you know how ridiculous that sounds? Think about it. If ISPs listened to you, email would be down more than it would be up, and would be completely useless for anything even remotely important.
Is that really what you want? |
|
linicx
Caveat Emptor
Premium
join:2002-12-03
United State | If ISPs listened to me they wouldn't have few virus problems to begin with. and their clients would have safe email.
--
Macintosh: no windows, no gates and the Apple inside |
|
LrdVader
Premium
join:2003-12-18
San Diego, CA
| said by linicx :
If ISPs listened to me they wouldn't have few virus problems to begin with. and their clients would have safe email.
No, if ISPs listened to you they would go out of business, because their clients would refuse to tolerate the constant interruptions in service.
Here's a nice link about this type of practice going back to 1999. It was silly then, and it's still silly now.
»vmyths.com/rant.cfm?id=241&page=4 |
|
Vvian Kalyss
join:2003-10-14
Stage 5.0
clubs:
| reply to newview
Re: RICO Act?
They damn well better show they DID try to investigate the complaints. Right now their attitude seems to be "thanks for emailing us, stfu and have a nice day kthxbai". I'm not saying they're all bad, but this is the kind of response I got when I contacted my ISP months ago over this problem. Maybe I should've asked for a tech rep instead of talking to the PR drones but wth are clueless people manning the help lines?!
--
" Her eyes were just the end of Hell-- / All pain, / Articulate " |
|
