Mactron
el camino Real
Premium
join:2001-12-16
CM94sv
1 edit | Whack a mole.
"any time for celebration will be short lived"
 |
|
Camelot One
Premium,MVM
join:2001-11-21
Sarasota, FL
clubs:
| Time for a BBR Task Force?
The government/local LEOs form a "task force" for just about everything these days. Knowing that SO much spam comes through host, couldn't we put together our own BBR Task Force to track which ISP this one company moves to, and contact them? I'm sure it would be a never ending battle, but it's a start.
--
Intel Q6600 @3400Mhz/GA-EP35-DS3P/2x 2048Mb G.Skill/Seagate 750.10/EVGA 8800GT's SLI/Silverstone 850W/Custom water cooler |
|
morbo
Complete Your Transaction
join:2002-01-22
00000
clubs: | can we call ourself BANK BBR with a minor emphasis in spam fighting? that way, we at least can get a couple billion from the bailout. |
|
knightmb
Everybody Lies
join:2003-12-01
Franklin, TN
 ·AT&T DSL Service
| reply to Mactron
Re: Whack a mole.
LOL, good one.
Yeah, where there is money, someone else will fill the spot. It's not like the spammers got shutdown, only one of their many data/zombie centers. 
--
Fight NebuAD and the like:
Click Here to pollute their data |
|
birdfeedr
Premium,MVM
join:2001-08-11
Warwick, RI
 ·Verizon FIOS
| reply to Camelot One
Re: Time for a BBR Task Force?
Well, there's certainly plenty of talent that could be put to use for a BBR Task Force, but it remains to be seen what can be done about it. From the Washington Post article in yesterday's news item:
Multiple security researchers have recently published data naming McColo as the host for all of the top robot networks or "botnets," which are vast collections of hacked computers that are networked together to blast out spam or attack others online. These include SecureWorks, FireEye and ThreatExpert.
Reports by Joe Stewart, director of malware research for Atlanta-based SecureWorks, said that these known botnets: Mega-D, Srizbi, Pushdo, Rustock and Warezov, "have their master servers hosted at McColo.
Stewart said he has complained to McColo several times about botnets operating out of the company's servers, and each time, he said, the company claimed it was addressing the problem. But according to Stewart, they did so by just moving the offending Web sites to a different section of their network.
"McColo runs a service that offers its clients quite a bit more protection from takedowns than the average Web host," Stewart said. "If they get abuse complaints they will try to appease whoever is complaining, but the end result is usually they just end up moving their Internet addresses around." Of course, if SecureWorks, FireEye and ThreatExpert, and any newly established BBR Task Force makes a big splash about their findings, it might result in action sooner.
By going to McColo's providers, they (spammers and botnets) got shut down. |
|
Dennis
Premium,Mod
join:2001-01-26
Algonquin, IL | musical chairs
Maybe this is why I noticed a spike in comment spam on my moveable type website yesterday. Sad to say they are just changing battle fronts until they can dig back in somewhere else. |
|
Noah Vail
Premium
join:2004-12-10
Lorton, VA
 ·RoadRunner Cable
| reply to birdfeedr
Re: Time for a BBR Task Force?
said by birdfeedr  :Of course, if SecureWorks, FireEye and ThreatExpert, and any newly established BBR Task Force makes a big splash about their findings, it might result in action sooner. By going to McColo's providers, they (spammers and botnets) got shut down. Plan 'B' might be to locate and openly publish the home address and phone number of the MoColo owners and operators along with some light reading about how much k-porn they host.
They CAN be found.
»en.wikipedia.org/wiki/Alan_Ralsky
NV
--
Abortion: A Republican Plot to Thin the Liberal Herd. |
|
mobbo
join:2005-04-13
Denton, TX
·Verizon FIOS
| Noticeable
Our company's Barracuda Spam Filter daily traffic chart showed about a 50% drop in spam yesterday to about the levels we see on a Sunday. The most reduced spam were ones with "Bad Recipient" errors... less than 200 were even sent to our network. I guess that shows most of McColo's thugs were using bad addresses or just guessing... although that does create backscatter problems. |
|
fireflier
Coffee. . .Need Coffee
Premium
join:2001-05-25
Limbo
 ·Skype
1 edit | Now embarrass those who failed to act.
Now would be a good time to follow-up and name those people and entities who knew about this activity and were unwilling to do anything. Corporate and government.
The fact that action has been taken is suggestive that it's no longer a debatable issue as to whether there really was improper activity taking place. In addition, the fact that it WAS stopped is indicative of the fact that it could have been stopped earlier.
With that out of the way, they should move toward holding those who could have stopped it and were tasked with stopping this kind of activity accountable or at the very least embarrasing them so perhaps they'll move a little more swiftly in the future. The warnings from security firms and various IT personnel seems to be well documented. The lack of response to those warnings appears to be equally well documented. |
|
Halo5
join:2000-07-20
Dayton, OH
clubs:
| Keep it up!
Even though some other scumbag will take their place, it's nice to know that at least some effort is being made.  |
|
IT Guy
Ow, My Balls
Premium
join:2004-07-29
Las Cruces, NM
clubs:
·Comcast
| Damn Spammers
Our company uses Postini for spam filtering, and while I have noticed a significant drop in total spam volume over the past couple months, there has been a resurgence of attempted directory harvest attacks. I had notification of 5 attempts just this morning. To put it in perspective, I get **maybe** one attempt per month.
--
My time is a piece of wax, falling on a termite, that's choking on a splinter. --Beck |
|
S_engineer
join:2007-05-16
Chicago, IL
·Comcast
| reply to knightmb
Re: Whack a mole.
Problem is they were shut down prematurely. Not all of McColos clients were spammers. They had legitimate sites being hosted. So this opens up liabilities on that front. Not to mention McColo hasn't been formally charged with anything.
"Also unclear is the extent to which McColo could be held legally responsible for the activities of the clients for whom it provides hosting services. There is no evidence that McColo has been charged with any crime, and these activities may not violate the law."
this is from krebs himself...»www.washingtonpost.com/wp-dyn/co···oduletmv
By talking these actions, McColo may not only be entitled to damages, but ironically enough so may their clients.
All Krebs had to do was contact the proper authorities. But he decided that the rag post needed a sales spike. This route almost guarantees McColo part deux 1
--
"For duty and humanity!"
- Moe Larry and Curly (MEN IN BLACK, 1934)...These are the guys we have in Congress |
|
rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| reply to Mactron
Nice drop! |
--
Fed Up With Stupidity?
Patentlystupid.com |
|
SilverSurfer
join:2007-08-19
| reply to morbo
Re: Time for a BBR Task Force?
said by morbo :can we call ourself BANK BBR with a minor emphasis in spam fighting? that way, we at least can get a couple billion from the bailout. And a tax break on top of it. |
|
DeeplyShrouded
@comcast.net
| It starts at your home PC
Is your AV up to date?
Best way not to be part of a botnet is to be sure your own
PC is infection free. I was telling another gentleman
in another post that it's not the responsibility of an ISP
to regulate what data goes over it's network. That's up to
law enforcement and our courts.
What I WOULD like to see from an ISP or email provider is the
option to block out whole top level domains in their filtering
software. I don't know anyone who uses *.wannado.fr, nor do
I know any Prince, King, Barrister, or official from Nigeria.
I know it may not be much of a difference, but every piece of
spam I get, I forward it to the abuse department of the sender's ISP.
Does it help? I don't know. But I'd like to see the whole
net or at least the email protocol re-written so that
people can either block everything and let only what they
want in, or at least the ability to block mail from any
.TLD they don't know.
--Deeply Shrouded & Quiet
--Central Control! D-Dial #49 |
|
iansltx
join:2007-02-19
Golden, CO
·Comcast
·Qwest.net
·magicjack.com
 ·BeeCreek Communica..
·Sprint Mobile Broa..
| THere are antispam programs (whitelist) that do just that.
As for me, after four-plus years of training, I can honestly say that I get less than five spams flopping into my inbox per week on my GMail account. The rest, which saw a significant drop when McColo was shut down, are routed to my Spam folder. Awesome. Distributed spam reporting FTW.
This is from a person who has his e-mail address posted a few different locations around the web. The worst stuff I get regularly are press releases...meh...let's call 'em tofurkey bacon  |
|
bent
not broken
Premium
join:2004-10-04
Loveland, CO
clubs:
·Comcast Formerly ..
1 edit | reply to S_engineer
Re: Whack a mole.
said by S_engineer :Problem is they were shut down prematurely. Not all of McColos clients were spammers. They had legitimate sites being hosted. So this opens up liabilities on that front. Not to mention McColo hasn't been formally charged with anything. "Also unclear is the extent to which McColo could be held legally responsible for the activities of the clients for whom it provides hosting services. There is no evidence that McColo has been charged with any crime, and these activities may not violate the law." this is from krebs himself...» www.washingtonpost.com/wp-dyn/co···oduletmvBy talking these actions, McColo may not only be entitled to damages, but ironically enough so may their clients. All Krebs had to do was contact the proper authorities. But he decided that the rag post needed a sales spike. This route almost guarantees McColo part deux 1 Time for a law change. If it's on your servers and you know it's there, and you know it's illegal, you're complicit. The ISPs that pulled the plug were confronted with enough evidence that they really had no other choice, and the spam data certainly backs up their position. Im sure their TOS with McCulo (pun intended) included a prohibition against any illegal activity.
If you lie down with pigs, you get up smelling like shit. Next step should be the FBI seizing McCulos hardware as evidence and let a judge sort it out.
--
»www.lp.org/issues/family-budget
"That government is best which governs least" - Thoreau |
|
amigo_boy
join:2005-07-22
Tempe, AZ
·Cox HSI
·magicjack.com
| reply to S_engineer
said by S_engineer :Problem is they were shut down prematurely. Not all of McColos clients were spammers. They had legitimate sites being hosted. That's convenient. An organization can act with obvious complicity hosting malicious sites, but as long as they have at least *one* legitimate site, they're immune from disconnection by their upstream providers?
said by S_engineer :McColo may not only be entitled to damages, but ironically enough so may their clients. Damages from whom? The Wash. Post is protected under the First Amendment, especially if what it printed is true (and in many ways even if it wasn't). I'm sure the upstream providers know what they're doing.
said by S_engineer :All Krebs had to do was contact the proper authorities. But he decided that the rag post needed a sales spike. This route almost guarantees McColo part deux 1 The scale of the problem makes a reasonable person wonder why the authorities hadn't tracked down long ago what Krebs did. I'm glad he published his story.
Remember, he quoted security experts who corroborated his findings. That means they hadn't notified authoties either.
My guess is (considering how many people knew about it), it was reported to authorities, but they chose to do nothing. Have you ever listed to Citizen Band Radio? The FCC knows there are widespread violations of the rules. It does very little.
Mark |
|
amigo_boy
join:2005-07-22
Tempe, AZ
·Cox HSI
·magicjack.com
| reply to bent
said by bent :Time for a law change. The change I'd like to see is in 39 USC 3008. A statute which gives individuals *unlimited* protection against mass mailers. If you read the 1970 Supreme Court decision concerning this law, it's obvious it should be extended to apply to email.
See »Re: Global Crossing & Hurricane Electric looked other way ??
Mark |
|
bent
not broken
Premium
join:2004-10-04
Loveland, CO
clubs:
·Comcast Formerly ..
| reply to iansltx
Re: It starts at your home PC
I'm almost never one to kiss Comcasts ass, but my comcast.net emails are almost spam-free. Good on 'em.
--
»www.lp.org/issues/family-budget
"That government is best which governs least" - Thoreau |
|
