The zombie machines which formerly powered the infamous Rustock botnet are down to half their original number, according to Microsoft. Redmond ran a successful takedown operation back in March that effectively knocked out Rustock's command and control nodes. That meant that infected PCs were no longer being sent spam templates …
Good on Redmond
Yup, I'm a Mac man (although I run Windows as a VM), but what a good move. Yes, progress could be quicker but "Well done!" to Redmond for addressing the issue and taking positive steps to bring down these Russian rotters!
re: progress could be quicker
@Ted Treen: Good on Redmond: Yes, progress could be quicker but "Well done!" to Redmond for addressing the issue and taking positive steps to bring down these Russian rotters! ..
I don't see why they need congratulations for fixing their own mess. If it wasn't for how easy it is to compromise an end user Windows computer then none of these spambots would be possible or commercially viable. It would also help greatly if the ISPs blocked OPEN EMAIL RELAYS and blocked email providers that propagated spam.
Yes because other OS's are impenetrable
Well all of them except for anything running Apaches, MySQL, sendmail, BIND, or anything else that communicates with the internet. I have sen far more compromises Linux email servers than I have Windows-Based server.
Every OS is vulnerable and can be compromised at any time, it is foolish to think otherwise.
How are email addresses collected?
A colleague of mine who is immune to any explanation of IT makes a fuss about having his name on email lists because of spam. He believes that the recipients of multi-cc emails pass the addresses on to spammers.
I used to think that they were collected from mailto: links on webpages, but that also seems unlikely given that most people's email addresses don't appear on webpages.
Email is not of course secure but it seems unlikely that it is so insecure as to allow wholesale harvesting of addresses in transit.
That seems to mean that they come mainly from malware that purloins the contents of people's address books. I wouldn't like to speculate on which operating system might be most vulnerable to this.
Can someone with professional knowledge of this enlighten me, please?
Marketing lists are definitely one way, and then you have:
1. We'll only share your details with carefully selected partners. [Translation: Anyone who'll pay us]
2. We never sell your details. (Unless we go bust and the receiver / new buyer decide there's money to be made.)
3. Remember to send a thank you note to companies and the government for sending (and losing) unencrypted CDs via the postal service.
4. Losing unencrypted laptops or left in back of taxi / bar... ooooops.
5. Compromised websites, where it was vitally important to keep customer data on public facing servers. Play.com and Travel Lodge being the latest.
I'm sure there are lots more ways...
signs up to other websites mostly
you know - like the shopping websites where you shop online, or the social media websites you interact with, they sell on the address lists to people who sell the lists, who sell the lists etc etc (and getting shadier with each step) until you end up with your email address on a botnet list.
just set up a hotmail/gmail/some-other-web-mail-that's-got-good-spam-filters account and use that for all sign ups.
spammers paying for lists?
Viagra and Nigerian spammers would be unlikely to pay for email lists, whilst any company with an ounce of respectability would not sell them to criminal organisations, so I am sceptical that this is the explanation.
What About the Rest?
>whilst any company with an ounce of respectability
Well that covers a few of them but what about the other 80%?
Do spammers chance their luck?
Quite often I have seen spam with emails addresses that look like they have simply taken a big list of common forenames and surnames, harvested a big list of domain names then simply mashed the three lists together in loops to send their cack emails to every combination possible.
Don't hit "unsubscribe"
yup - they do that, and an actived unsubscribe link is just a confirmation that the email is live.
For a long time, my domain name had email set up so that *@domain were forwarded to my actual email address. I generally only received spams at a username on that domain which I'd been stupid enough to put online somewhere (probably a forum system which was stupid enough to put your email address on a public profile page). Blocked that one from receiving anything and forgot about it. Back then, it looked like they mainly harvested email addresses from websites and Usenet posts.
One morning somewhere around 2003 or thereabouts, I woke up to several thousand spams in my inbox, and more arriving as fast as I could download them. They were addressed to all kinds of usernames@mydomain, looked like they went through a long list of names and appended the domain to the end. Since then, I no longer receive mail to anything other than legit usernames. It helped, a lot.
These days I get a couple of hundred spam mails per day, but GMail for all it's other faults does a near-perfect job of dispatching them. I doubt that having an email address on a web page would make much difference now and I tend not to worry much about spam. Still, it's good to see active effort being made to take these scumbags down, even if it is just Microsoft clearing up the mess their dog made on the carpet.
@Do spammers chance their luck?
Yep, I own my own domain and at one point I experienced what was clearly a "telephone book" attack with hundreds of mails addressed to john.smith@... jane.smith@... fred.bloggs@... etc
A title is required
Talk about great PR and karma boost for Microsoft and more bandwidth for the rest of us.
Where spammers get your email address from
Spammers source their target e-mail addresses in various ways
1) Harvested from websites (see proof at Project Honey Pot http://www.projecthoneypot.org/home.php )
2) Harvested from Domain Registration information (I get some SPAM to an e-mail address I've only used as the contact for my domain).
3) Dictionary attacks (trying different names at a Domain)
4) Compromised web mail accounts (harvesting their address book etc.).
5) Dodgy sites that sell the e-mail lists
6) Compromised personal computers (harvesting their address book etc.).
7) Harvesting e-mail addresses from mailing lists
8) By compromising databases that contain e-mail addresses.
Do a Google search for "where do spammers get my email address from" and you will find many pages that will list those and more.