Google: botnet takedowns fail to stem spam tide
Spam levels have remained resolutely stable despite recent botnet takedowns, according to a survey from Google's email filtering business. Google Postini reports no lasting effect from the recent takedown of spam-spewing botnet, such as Mariposa and Mega-D. The command-and-control servers associated with the Mega-D botnet were …
If they can't do anything substantive about the spam problem, why don't they give US better tools to help fight spam. Something like SpamCop on steroids, with more rounds of analysis and human confirmation, and targeting not just the ISPs and webhosts, but EVERY other resource exploited by the spammers, such as reply addresses, fake opt-outs, link shorteners, slandered brand names, and especially the registrars.. Don't bang heads on the strongest defenses the spammers have (the sadly robust spambots), but go after them everywhere with some serious collective intelligence. Anyone else want to join an army of "ANGRY Good Samaritans Against Spam"? (Call it AGSAS?)
Reasons why I think this would be more effective in reducing spam:
1. There are lots of people who hate spam and only a few suckers the spammers are hunting for.
2. Whatever else the spammers automate, they can't automate the suckers.
3. However they obfuscate, they can't obfuscate beyond the suckers understanding.
Just for the obvious example, if Gmail included such a power spam-fighting tool, would you use it? Would the spammers even spam Gmail if they were certain of aggressive and intelligent countermeasures against ALL of their spamming infrastructure?
No one would have to participate, but even a small number of volunteers would be far more numerous than the suckers. Me? I want to be a spam-fighter first class.
Spam in my inbox was down by at least half since the beginning of this year. It shot back up to early 2009 levels this weekend, though.
In any case, even if takedowns only have a temporary effect, I'm still all for them. It's not because crooks are hard to fight that you shouldn't fight them.
Taking down the c&c servers is never going to be a long term solution. The zombies themselves need removing from the network.
I'm usually against getting the government involved in matters like this, but people with zombied machines need protecting, and there are shedloads of them. I think they should introduce legislation to force ISPs to detect and sandbox zombied machines on their networks. This would have a real impact on reducing credit card and identity fraud.
If one major country does it, and it's successful, many others are likely to follow.
I know some will say that it may end up going further than what I am about to say. But sometimes extreme measures are needed. Just have ISPs terminate any broadband connections the moment they detect massive amounts of email going over it unless the owner informs them of legitimate sending.
IMHO 60-80% of internet users are stupid and they never know if they have a virus or don't care and the only way to get them to listen and look is to force them.
"Sorry sir your line has been flagged as a spam line. Please check your computer and provide evidence it is clean then we can reconnect you"
FAIL? Because I work in IT support. Its not because users don't know. It's because they don't want to know. Always thinking someone else will take care of their stupidity.
And it takes Google, what, 4 years to work that out. Basic economics me ol' mateys. Even a UK primary skool child knows that if you nearest shop runs out of sweeties you go to the next one.
Playing whack-a-mole with the ISPs and the botnets is pointless, the only way to really make a dent in the spam industry is to change the economics, make it no longer profitable. The only ones who ever got near achieving that were the guys at Blue Frog.
I have never understood why the governments of the world don't just go after the places that advertise via spam. This would really hurt the botnets where it counts.
Dealing in widgets? Got a tough competitor to take down? Get a botnet herder to push adverts for your competitor and sit back and laugh while the government take your competition to pieces. Simples! *squeak*
Going after the manufacturers of products advertised by means of spam would be over-simplistic. The main problem is, it's open to abuse: all you have to do to cost your competitors big money, is to send spam purporting to originate from them.
If you start targetting the companies being advertised, exactly how long do you think it would take before a company started sending out spam plugging their business rivals?
As long as there's millions of completely unprotected PCs connected to the internet at any time, there's no problem in building a new botnet, or activting one that has been slowly(and stealthily) building up.
If we want to stop the tide, we need to educate PC owners, and get infected computers off the net!
just imagine, there are people who doesn't see the danger of surfing with an Admin account, and at least one big ISP in America discourages thir customers from setting up a Router/Firewall between their modem and the customer's PC.
And 99% of all home routers run with the default passwods...
We also need to have 'bulletproof hosters' thrown off the net quicker than they are now, as that at least seems to slow the deluge somewhat.
Spam will be around as long as there are idiots who respond to it. And while the world will never want for idiots, the numbers of the simply naive or inexperienced are diminishing daily as people generally become more internet savvy. Also spam filters are getting better (I hardly ever see spam in my gmail inbox these days).
So while spam will never go away, I suspect the effort-to-reward ratio is increasing. Even MS is making it harder for computers to be pwned into botnets in the first place.
(I'm optimistic today - it must be spring)
The problem with spam is who's actually benefiting from it.
It's a two-card monty since the anti-spam business is big business. If there were no spam or levels that bothered people where would the anti-spam people be?
Theres alot of talk about governments causing war and attacking their own people. It's been documented having been something on the US governments agendas.
When you look at as much spam as I do on a daily basis you quickly realize no real rocket science goes into how these emails are sent. 99.5% of our daily spam is from outside of the US making it exempt from the can-spam act. While the can-spam act was recently declared a failure I think it's only because it only applys to US companies, doesn't it?
Spam could be stopped, but then corporate america would be in an uproar, they need spam.
It's just like the whole sender-verify and defensive network arguments. Opponents of sender-verify say it creates backscatter that could be connecting to the wrong server to begin with. With that point taken what gets contacted when a server bounces an email based on a spam filter? Don't spam filters also create backscatter?
If you go outside the whitehouse and take some shots at the whitehouse missing your target(s) do the capital police ignore you like the anti-defensive network folks would like you to do with your network? Corporate ISP America wants you to get attacked and take it, don't do anything in return that could affect their hosting of spammers and hackers. After all they are too big to regulate what goes on, except of course when it involves P2P, Torrents, Streaming, VOIP, or favoring their peering partners over the competition.
Kudos to google for at least not allowing itself to send garbage. Can't say the same about hotmail and yahoo.
As every bl**dy SPAM message has faked sender info, it just means some poor schmuck somewhere gets bombed with hundreds or thousands of messages.
(You REALLY don't want that to happen to you... )
I make it a matter of fact to contact every business I come across who does this, and explain in no uncertain terms how bad their practice is.
(We get a few now and then... more than a few, sometimes, too... )
If the bouncer at least included the complete header of the message it received, then it might be worth looking at by someone with more than two braincells, but...
or at least purporting to be from GMAIL accounts,
I believe Google provides a very accessible botnet that spammers regularly take advantage of. Excuse me Google, doesn't look like spam levels have been going doing... but Stock Market, look how many people have signed up for Gmail and all that ad revenue. Who cares if Google generates a bit of spam... as long as nobody actually quantifies how much spam they get that originates from Google, they'll be in the clear.
I agree with you, and maybe it's time that the Blue Frog idea (as mentioned above by Gabor Laszio) was tried again. After all, if even the spammers admit that this is the one approach so far that they're really scared of, then maybe one of the big players like Google could earn themselves several million brownie points by hosting such a service.
"too big to block" has been a big talking point on various anti-spam forums.
However a number of business ISP's block gmail et.al and consider this a USP so blocking gmail is something most businesses think worthwhile.
Also, a number of the big ISP/MSP's have laid off thier talented (read expensive) abuse teams and offshored the work to indian "script droids". And spam volumes have gone through the roof but somehow "botnets" get the all the blame...
Never mind "too big to block", what else is too big?
Why aren't new PCs delivered with some decent protection installed?
Shouldn't Windows be better protected? Why does everyone seem to sell Norton, despite a long history of lacklustre results in testing?
What alternative do the less-informed users have? What alternatives do the ISP helplines offer? My analogy, based on experience, is agricultural crops, attacked by an incredible range of diseases, protected by a variety of chemicals, and with far more genetic variety for just one species of plant than there seems to be variation in protections for computers.
Farmers value the variations, both for the different qualities of the final product and for the reduction of risk. Business IT, it seems, wants an intense monoculture which is horribly vulnerable to the virtual-world equivalent of an Irish potato famine. They don't want to change. They use old versions of Internet Explorer with all the certainty of a rabbit staring blindly into the headlights of an oncoming car.
I don't have an answer, but they're not going to call me Bright-Eyes.
Sign up, sign up for The Register's weekly IT security newsletter - click here
