Feeds

back to article Lethic botnet knocked out by security researchers

The command-and-control servers of the Lethic botnet have been taken out following a spam-busting collaboration between security firm Neustar and ISPs. The botherders behind Lethic specialised in distributing unlicensed pharmaceutical, diploma and replica goods spam. Compromised machines in the network are reckoned to have …

COMMENTS

This topic is closed for new posts.
Silver badge
Go

Ive always wondered why...

... they dont chase after the producers of the pills rather then the botherders. Dont get me wrong, im more then happy to see a botnet go down if it stops the cr*p getting into my inbox! But surely the pills being shipped have to come from somewhere. And even if the manufacturer supplying the pills thinks their supplying a legitmitate enterprise they can provide an address for the bot herders and its much easier to stop the botnet by arresting the bot herder rather then just taking down there servers. Its kinda hard to re-engineer your botnet from jail!

Obviously this only works for botnets pushing a physical product but its got to be significantly more effective then just taking out the control network...

Thoughts?

2
0
Anonymous Coward

Bot herders != seller

Whoever sell the goods is simply a reseller, and selling something (that is not illegal) is not illegal. There is no base for arresting the supplier of the goods, whoever does click on the link and order doesn't pay the bot herder, he only pays the supplier.

What you need is a proof that somebody down the line (or up the line) did paid the herder to send the spam. But that's a though call, you'll never find an invoice with "sending bazillion of spam mails" in it so following the money ain't an option.

0
0

assuming....

that these goods even exist and its not just a trick to get stupid people's money with no comebacks when the stuff dont arrive!

1
0

Botnets don't push physical products

One needs to realize that botnets don't push physical products. While there are a few "legit" online pharmacies out there (in that they ship you a product, not that they are actually legal) the vast and overwhelming majority of them that are advertised via spam don't ship products - they make their money from phishing your personal information and credit card numbers and reselling it. Identity Theft is a multi-billion dollar industry.

Of the ones that do ship products, they are shutting those down too. If they sell the drugs without a prescription they get shut down for violating those laws, and if they try to get around it by having "company doctors" write the prescription, the DOCTORS are getting busted, losing their licenses and some even seeing jail time.

0
0

Good luck with that, lglethal

Too many countries and too many local laws. The guys making the pills, the guys selling the pills and the guys herding the botnets are all different and normally located in different countries with very little in terms of formal liability for each other and nothing by way of support from local laws to criminalise what they are doing. Remember that one man's spam is another man's advertising.

The way to go about this is exactly how it's being done, take down the botnets en mass with the assistance of it ISPs because let's face it, if there is less spam on their creaking networks they'll be happier.

0
0
Silver badge

@lglethal

I get your point but rather than manufacturers, I think that the companies behind the sales sites that are linked to in spam emails should be prosecuted. Spammers would not spam if they were not being paid to do so, or receiving payments as affiliates of such sales websites/companies.

Manufacturers can not always be held responsible for how retailers market the product they make.

Of course manufacturers could refuse to supply companies who use spam to promote the product, so they are not entirely blameless.

0
0
WTF?

Eh?

Do you really think that these sites are supplying legitimately-sourced/non-counterfeit/any product at all?

Steve

0
0
Silver badge
Thumb Up

hmmm

Ahh the old head in the sand defence... "Honestly guv we thought these sales were coming from our legitimate advertising not from a botnet".

I would question whether many of the things that are sold via spam ARE legal - im sure considernig that many of these "Viagra" pills are actually sugar tablets, etc. or fake/unlicensed knock offs that they might very well be illegal for either a) false advertising (ie not the actual product ordered) or b) not being approved by the regulators (FDA in america, dont know the UK equivalent, etc). The other items sold by spam are also unlikely to be the real deal but cheap illegal knock offs. So it would be possible to go after the suppliers in that case (although not so much for the spam side of things).

I also wonder whether there is some law stating that if you obtain sales (even for fully legal things) through illegal means (which im sure spam counts as) then you can be liable. This would be one way to effect the sellers and reduce the demand for botnet services. It would certainly make real suppliers more careful with how they handle their advertising budgets...

Of course this does depend on there actually being a product to buy and the spam not just being an elaborate phishing scam.

0
0

WoW

Would be nice if they could take down the fake World of Warcraft spams. I can't tell you how many times my account has been involved in "unauthorised activity", and I don't even play World of Warcraft or have an account!

0
0
WTF?

Isn't this illegal?

I'm pretty sure taking matters into your own hands, vigilante-stylee and taking down a botnet is highly illegal, and why it isn't done more often... There's also a distinct lack of details on how they did it.

I may be wrong though.

0
0

Why Illegal

Simple and effective to way to deal wit botnet:

1. Take down the head

2. Instantly disconnect every single nod in the bodnet.

3. Problems solved.

How hard is that?

0
0
Anonymous Coward

@Iglethal

Even though they may say they're selling pills - there might not actually be any pills. Or they might be dummys/placebos knocked up by some manufacturer who doesn't know or care where they're going.

Anon - I'm in pharma

0
0
Badgers

who

Are the idiots who reply to spam and make it worthwhile, has anyone ever met one?

1
0
Boffin

Yes, I know a sucker!

One day I was looking at those adverts at the back of newspapers that incite you to telephone and talk sexy, and wondered out loud who on earth could be stupid enough to actually pay enough money to make those adverts worthwhile .... and one of our staff owned up. So yes, there really are people stupid enough to pay for sexy rubbish. Strangely enough, he was quite a useful employee, who was actually head-hunted off us to go and work somewhere else. His salient psychological charactertistic was a childish inability to postpone gratification. We had to pay him fortnightly because he was incapable of managing monthly paydays.

0
0
Gold badge
Thumb Up

Still can't see why users are *so* dumb

No one is paying them to have their system slowed down and their processor cycles and memory stolen and filled with crap.

Now if *only* there were a way to subvert the net and have it *only* send email to bot PC's. Something along the lines of "If your're reading this you are *part* of the xyz botnet. Contact an AV supplier to get you PC deep cleaned."

Thumbs up for the effort. Knocking odwn the level of crap by 10% (even if only for a while) lets the *whole* internet run faster.

0
0
Pint

Strange kind of pill

"temporary reduction in penis pill".

I thought it was temporary enlargement of penis pills that were usually sold ?

Pint for brewer's droop.

1
0

Control IPs

I wouldn't hardcode a control IP, I would scrape a craig's list post to obtain rotating control IPs.

0
0

they sell real products

The said truth is that real people are buying real products from spam email, otherwise they'd quit sending it.

My mom ordered ink in response to a spam email. It cost her $4 more than the manufacturers ink and clogged her printer.

A friend stepfather used a spam email to find a place to buy the latest map for his GPS system. He paid $60 for what is normally a $80 update and what he got was a pirated DVD+R for an entirely different model and without the activation code to make it work.

0
0
Bronze badge
Alert

Vigilante Zombie Killer Disinfectant

YES- Most users are really, really dumb... get over it and fix the problem.

Since so many people are too stupid to prevent their computer from being infected or incapable of doing so, I believe it should be the responsibility of good netizens and ISP's everywhere to fix the problem for them. The increase in available bandwidth alone would pay for the effort.

These people do not even need to know that their computers have now become "disinfected".

Since it is possible to see the Botnet traffic at an ISP level, the ISP should simply hack the client's pc and install appropriate software to remove the zombie infection and prevent re-infection.

There are plenty of freeware solutions that will solve 98% of these problems, except Grandma/Grandpa/Etc would not know where to look for them and how to install or maintain them. All totaled it could be a 10 to 20 meg download for Malware Bytes, A Squared, Spybot, Avast, Zone Alarm, Combo-Fix, Hijack This, etc. Most will auto-update without user interaction.

Many of these software companies provide their freeware versions because they recognise this service must be provided for the greater good of the world internet community and that they will get paying customers in return.

All the ISP has to do is change their terms of service to say that they will occasionally scan a customers PC to make sure it has appropriate malware/spyware and anti-virus protection and that it is up to date. If the clients PC is spewing spam or other more nefarious crap, they either get fixed or shutdown.

The PC would get redirected to the download page after the scan closed and removed/killed the active infection. The proper software would be installed, rebooted without user interaction and a deep scan performed.

This process would be entirely legal if proper notification was provided when buying or renewing internet service.

1
0

Ah, this old chestnut...

There are a couple of problems here, the first and most likely is that you don't fix a hack with a hack, it's just not ethical, or (more importantly) legal. Other problems include: What about mis identification (false positives) you could remove someone's internet access or worse try to clean an already clean machine. What if the cleaning package interfered with the target computer in such a way that it crashed it or prevented it from operating? Now, what if that computer did something important? What if it was traffic lights, or worse some sort of system upon which life was dependent?

It's a nice idea, but it's just to potentially dangerous.

0
0
Paris Hilton

A flaw with Vigilante Zombie Killer Disinfectant

I don't use Windows, and the O/S I do use is not subject to malware, trojans, or viral attack; in this regard the 'big-players' in the ISP business are clueless. This is a non-solution.

0
0
Silver badge
Thumb Up

A simpler and more ethical solution

Would simply be for the ISP to phone the customer and tell them their infected and how to fix it. Hell the ISP could probably offer a service (at a fee naturally) to come and fix the problem for those without the skills to do it themselves. If they feel the need to show a bit of stick as well they could tell the customer they have a week to fix the problem or they will be disconnected until they "prove" their no longer infected.

The ISP would save some money (less bandwidth used), possibly make a few bucks (with the "services"), and we would all experience a reduction in spam. The only cost for the ISP is the phone calls (if they use VOIP this is minimised) and the cost of employing someone to do the calls and the services (ok considering the level of service at most ISP's this would appear to be an issue! =P)

The only potential problem is with false positives which see people disconnected when their not actually infected but considering that the simplest way to identify infected machines is that those machines are trying to connect to known botnet IP's this should not be a problem...

Again, thoughts?

1
0
Anonymous Coward

How do we know it wasn't their botnet

see that is the problem, who do you trust :)

0
0
Flame

WHEN OH WHEN?!?!?!?!?

When will it be legal to hurt these people?

When that day comes I will get them in every way possible.

1
0
This topic is closed for new posts.