Jameson
10-8
Premium
join:2004-05-28
Fallbrook, CA
clubs:  | Uhm..
This is nothing new.. |
|
shane349
Premium
join:2005-03-21
Delta, OH | stocks
in the last few weeks I've been getting a ridiculous amount of email about buying stocks and stuff like that. spam assassin scores them lower then my actual legit email. |
|
swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
| reply to Jameson
Good article, mixed up summary
Spam from botnets is nothing new, but there are some interesting new techniques used. It's a good article. There's a slideshow too.
The writeup above is somewhat confused.
botnets can be devastating, because of the way in which they may rapidly infect thousands of computers How rapidly computers are added to the botnet is independent of the harm that they do. In fact the article says little about how the member machines get infected initially. What's new here is how the botnet maintains its integrity against cleanup efforts.
, automatically forwarding the spam to other computers without the computer owners’ awareness. The Russian group has taken their botnet to the next level, using SpamThru Trojan and a built-in anti-virus scanner to ensure that the spam infects as many users as possible. This statement gets the function of the botnet mixed up with the question of how computers get infected. The particular botnets described are used to send spam, but spam is not necessarily the means of infection. In this case it's advertising stocks and bogus products.
The article doesn't go into the securtities aspect, but it should be pointed out that the companies whose stock is advertised don't necessarily have anything to do with these malware purveyors. The botmasters just pick some stocks that are big enough to make money on, but small enough so that spam respondents can move the price.
Another interesting aspect is that the spams used here are better at evading filters than most spams have been in the past. |
|
Kibbles
Premium
join:1999-07-31
Mission Viejo, CA | reply to Jameson
Re: Uhm..
It maybe nothing new...but as to why we still have so many compromized PC's in the US is odd...and yes I have been receiving a lot more spam lately..with a spam filter off 14-20 a day...with a spam filter on...2-3 a day. |
|
Jameson
10-8
Premium
join:2004-05-28
Fallbrook, CA
clubs:
 ·HughesNet Satellit..
·Time Warner Cable
| said by Kibbles  :It maybe nothing new...but as to why we still have so many compromized PC's in the US is odd...and yes I have been receiving a lot more spam lately..with a spam filter off 14-20 a day...with a spam filter on...2-3 a day. Man thats nothing, my gmail accounts junk folder got emptied the two days ago and is now at 500 messages..
--
DirecWay | DW6000-CE |SM5, 117 West, 970 MHz |3.2GHZ Intel|BFG GF 6800 OC |Win XP Pro SP2/98SE/ Macbook Pro OSX Tiger |PCs connected via Linksys WRT54G | DD-WRT firmware: dd-wrt.v23 SP1 |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| reply to shane349
Re: stocks
I've noticed this too. It seems to be a combination of text that looks like legitimate content to the filters, and use of images for the spam message. The images are multi-layer gifs with text in one layer and junk in the others. And the images are continually changing. |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| reply to Kibbles
Re: Uhm..
said by Kibbles :...but as to why we still have so many compromized PC's in the US is odd... Notice the graphic about which operating systems are infected. It's literally 99.95% Windows. |
|
Fronkman
Macs Do It Better
Premium
join:2003-06-23
Saint Louis, MO
| keep it clean
please people, if you absolutely INSIST on using windows, run several spyware cleaners every week as well as solid antivirus program like AVG that update daily and also run a rootkit scan once a week. that is the price you pay for using that OS. If that is too hard, buy a mac or install ubuntu.
this applies to all windows users. i don't care how "secure" you think you are, these hackers are incredibly sophisticated.
--
Everyone should own a G4 cube or an iBook or the Mac mini! |
|
quatrix
Premium
join:2005-02-11
Davie, FL | reply to shane349
Re: stocks
Gmail and Thunderbird catch mine without any problems. |
|
Rejected One
I Suffer From Id10t Errors
Premium
join:2003-07-31
Wilmington, DE
clubs:
 ·Juno Express
| lol this is just from this morning
gotta love spam |
wonder if i have any of that russian love in that spam folder |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| reply to Kibbles
Re: Uhm..
said by Kibbles :It maybe nothing new...but as to why we still have so many compromized PC's in the US is odd...and yes I have been receiving a lot more spam lately..with a spam filter off 14-20 a day...with a spam filter on...2-3 a day. Meh... With spam filters off, I'd be at several thousand a day; with them on, still getting a few dozen of the "Hi, It's Stan" (and the like) emails.
They post a message that's about 80% "real" text, and then the stock pump is a single JPEG or GIF image in the message. So, most of the Bayesian filters just give it a pass. If it weren't for all of the MS mail users, I'd simply reject HTML email altogether.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| reply to quatrix
Re: stocks
said by quatrix :Gmail and Thunderbird catch mine without any problems. What the server-side filters don't flag, Thunderbird tends to flag (probably about 90%). But I still have to decide "is this actually junk or not." Simply allowing Thunderbird to auto-delete things it thinks is junk is information suicide.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis |
|
jsouth
Jsouth
join:2000-12-12
Wichita, KS | reply to swhx7
Re: Uhm..
So what? All that proves is that there is more windows machines out there.
--
Bush bashing is old. How about more solutions instead? |
|
jsouth
Jsouth
join:2000-12-12
Wichita, KS | reply to Fronkman
Re: keep it clean
Oh BS. If you have your system patched and run a good firewall and have a router you can get by too. There is no need to scan weekly for rootkits.
--
Bush bashing is old. How about more solutions instead? |
|
i1me2ao
Premium
join:2001-03-03
TEXAS | easy money
that about sums it up. penny stocks are easy to influence.. |
|
04875776
Rollin' up my dog ends
Premium
join:2006-11-14
Chicago, IL | reply to Fronkman
Re: keep it clean
I vote all the Mac trolls off this island. |
|
Mike
Premium,Mod
join:2000-09-17
Pittsburgh, PA
clubs: | reply to Rejected One
Re: lol this is just from this morning
I get on avg 25 - 30 penny stock spam on an address that's over 7 years old per day. |
|
batterup
I Can Not Tell A Lie.
Premium
join:2003-02-06
Netcong, NJ
clubs: | Vontage?
Isn't this the tool Vontage used to *pump & dump* their IPO dog? |
|
quatrix
Premium
join:2005-02-11
Davie, FL | reply to jsouth
Re: keep it clean
A software firewall and resident AV aren't necessary either. |
|
04875776
Rollin' up my dog ends
Premium
join:2006-11-14
Chicago, IL
| reply to swhx7
Re: Good article, mixed up summary
said by swhx7 :The botmasters just pick some stocks that are big enough to make money on, but small enough so that spam respondents can move the price. These same folks are big in the junk fax biz. Even though it's illegal to send them I keep getting "stock alerts" from offshore fax spamming operations in Romania and elsewhere...always not selling me anything. This is just a different delivery mechanism.
If it didn't work they wouldn't do it. Amazing how gullible people are. |
|
