back to article Spam volumes double as Rustock botnet wakes

Spam volumes have returned to normal following a holiday lull that saw a drastic reduction of junk mail. The Rustock botnet is out of hibernation and back in business, spewing copious volumes of useless junk mail courtesy of hundreds of thousands of compromised Windows machines. Rustock (which specialises in spamvertising …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

death

Lets ban those people with compromised machines from ever using any type of tech, and publicly flog those which have ever clicked a link from spam email.

Done.

5
5

YES!!

let's do bugger all about those that write, distribute knowingly or use the malware for their own or others illicit gain.

no, let's not stop there, let's ban victims of anything.

4
0
Thumb Down

Works holidays?

Surely the armistice would suggest 'works' machines are a massive part of it? People taking holidays simply turned them off over christmas? Afterall many a company laughs at IT spending and even more at anti virus software (slows things down)

Or is that too obvious a guess

7
0

Yeah but...

How come a similar dip wasn't seen in previous years? *shrug*

0
0
Unhappy

(untitled)

"Afterall many a company laughs at IT spending and even more at anti virus software (slows things down)"

I thought most companies had the opposite view. Load the work PCs up with as much anti-virus and monitoring software as possible, and to hell with the performance (hence why my Core2Duo work PC performs about as well as my old Althon XP PC).

1
0

Likely not

It seems logical yes, but the folks who would know say that it isn't an annual dip, and one presumes little statistical variation in how many people are powering off work machines when going on winter/Christmas holiday.

0
0

This post has been deleted by its author

Kids on holiday from uni too

Kids on holiday from uni too. I see a drop when that starts and when it ends a spike.

0
0
Grenade

Simpler solution

Get the ip ranges of the russiomob-controlled CnC servers out to the more serious ISPs. If authorities can't disconnect those CnC servers (and preferrably their admins!) from the network of living, at least let the more serious ISPs block those CnC servers from connecting to their infested customers.

1
0
Gold badge
Unhappy

Re: Simpler solution

Yes, but. I thought that it had become trendy to avoid using fixed CnC servers to do the job in favour of such mechanisms as Twitter, for precisely this reason.

The plus side here is that we already know the IPs to block. The minus side is the howls of protest that would ensue from all those deprived of the ability to know instantly whenever their favourite Z-list celeb is taking a dump.....

0
0
Boffin

Even simpler...

Why don't the ISPs simply block the port (tcp/25) outbound from clients to anything but their own mail gateway? Maybe grant exceptions when specifically asked. This would at a stroke stop most of the spam flood, and be unlikely to affect 99.9% of normal users who will be using gmail or the ISP's own mail server.

But this would require work by the ISP for no financial gain, so that's out, then.

1
0

A lot already do

Most of the major ones in fact. Mine even blocks incoming port 25 because apparently there are a lot of viruses out there that _receive_ large amounts of spam instead of sending it. :-)

0
0
Bronze badge
Alert

The answer is at the other end of the rainbow?

Fighting the spammers upstream has failed for long enough. We need to destroy their economic model. My suggestion is that we make it easy for the large number of people who hate spam to get between the spammers and the small number of people who are stupid enough to send money. There's too much evidence that the spammers are still making a profit, but if we allow the good Samaritans to cut off the money, it will change things. I'm not suggesting the spammers will suddenly become decent human beings. I'm just saying we can encourage them to move under less visible and much smaller rocks.

0
0

possible explanation

From around mid/late Oct until around 26th Dec I was getting a lot of 'failed' spams - what looks to have been a spammer template typo was causing spams to fail (relatively) silently with a protocol error.

This now appears to have been fixed (so I'm not giving anything away here), and people seem to be making up for lost time because levels are back to (somewhat higher than) normal. Nice while it lasted though.

None of them would have registered as spam anywhere because they weren't getting far enough to be counted.

OK, so a relatively small sample set (low-volume private mail server) but during that period the number of connections remained at more or less normal levels, while the number of spams received dropped to almost zero. Enlightenment provided by tcpdump.

I have no idea which botnet these came from but they were all .ru pharma sites being advertised, which may or may not be entirely coincidental.

1
0
Grenade

Spammers are a global public enemy #1 - read on for the reason

Because spam makes up such a huge percentage of global data traffic it is consuming vast amounts of processor cycles and, hence, is directly responsible for generating truly huge amounts of CO2 and waste heat.

For this reason alone, governments must shut them down and use both civil and military resources to do so. The spammers are everyone's enemy.

0
1
Flame

why there's spam

When a kitchen's dirty, it gets cockroaches. That's not the cockroaches' fault, it's the fault of the lazy slob providing the habitat. We have spam because the vast majority of Internet companies are doing as little as they can get away with to keep spammers from using their equipment.

If Google's so smart, why can't they search out all those dropbox accounts? I see their domain in spam Reply-To more than any other! They could kill those things fast enough to chase the crooks back to Hotmail, but they can't be bothered.

Try reporting your spam for a while, and you'll notice that the vast majority of domains don't have a working abuse address. They may define it, but they don't bother to except it from content analysis, so "test" one-liners get through but spam reports containing samples don't.

Try reporting Yahoo.com dropboxes, you'll discover abuse@yahoo now requires a format which no known software generates.

If these companies were serious about stopping spam, spam would stop.

2
0
This topic is closed for new posts.

Forums