Undead botnets blamed for big rise in email malware Malicious spam volumes increased dramatically in the back half of 2009, reaching three billion messages per day, compared to 600 million messages per day in the first half of 2009. But this is still a tiny fraction of the estimated global spam volume, thought to be about 200 billion messages per day. A new report by net …
"Recommendations for the Remediation of Bots in ISP Networks"
http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-07
"This document contains recommendations on how Internet Service Providers can manage the effects of computers used by their subscribers, which have been infected with malicious bots, via various remediation techniques. Internet users with infected computers are exposed to risks such as loss of personal data, as well as increased susceptibility to online fraud and/or phishing. Such computers can also become an inadvertent participant in or component of an online crime network, spam network, and/or phishing network, as well as be used as a part of a distributed denial of service attack. Mitigating the effects of and remediating the installations of malicious bots will make it more difficult for botnets to operate and could reduce the level of online crime on the Internet in general and/or on a particular Internet Service Provider's network."
From a quick read, it should be easy for ISPs to detect infected PCs on their network through the use of traffic analysis. Getting the machines clean would be another thing altogether. As the document states, a lot of users would have no idea to clean up their own machines. The "Remediation of Computers Infected with a Bot" section really needs a lot of work.
User is kicked off ISP.
User gets sent letter stating why and offering services from the ISP to clean the machine (user to be charged a fee) or the user can take the PC to some kind of accredited repair engineer (if such things exist) or even clean it themselves (doubtful they'd have the skills though, seeing as they got infected in the first place). It's probably going to be a full re-install anyway.
Once cleaned and secured, user is allowed back on-line.
If the machine gets struck again the user has to get it re-cleaned. Maybe demand that they pass the "internet driving license" or whatever.
Get struck a third time and the user is black-balled. They now need a new ISP.
an ISP here in the States never removes the infected user from their services. That would be a reduction in profits. Easier to tolerate bot traffic spewing garbage than replying to or following up on ANY report of infected IP addresses (with supportive logs to determine the errant customer exactly). Here, ISPs turn a blind eye to the problem rather than risk offending paying sheeple. Is this the case in Europe?
I say we need to give the spammers a haircut--just below their chins. Key is that the number of suckers stupid enough to send money is MUCH smaller than the number of people who hate spam. Let us leverage large group B against small group A--and the spammers can't protect group A because they are humans and need to read the spam before they can act stupidly.
We need something like SpamCop on steroids. More iterations, more analysis, more confirmations--but we have a large surplus of people who hate spam enough to donate a bit of time to hurt the spammers. We don't need everyone, but if only 5% of the people sometimes feel like being good Samaritans, it will inundate the fools.
The targets? Right now, the main one should be the websites or phone numbers that the spammers use to harvest suckers. We can't get them all, but we can surely reduce their profitability, and at least some of the spammers will start looking for new rocks to crawl under.
Spam-creation is a distributed process so the only method that has a chance against it would be distribution of the fight against it and I'd personally love to donate time to such a project. However, recall the Blue Frog/Blue Security incident - I'm not sure I want to have that much attention called to me without serious protection, physical as well as virtual. This is big money and organized crime we're talking about...
What would happen if we all replied to these scam emails with false information?
"yes please send the money I won in the Nigerian lottery, my account number is 2983 8730, my PIN is 1066...".
If enough of us did this the scammers would have trouble finding the (hopefully very few) real replies amounst all the false replies. The article mentions billions of emails a day so even if only 1 in 1 million got a false reply the spammers would be overwelmed, and perhaps arrested trying to open open bank accounts as Hugh Janus or Ivor Largen.
I'm not an expert in IT scams so maybe I missed something - can anyone spot the reason why this wouldn't work?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
