back to article Researchers hijack botnet for spam study

Pharmacy-touting spammers can turn a decent return on response rates as low as one in 12 million, far lower than previously thought. So say security researchers at the University of California, San Diego and UC Berkeley, who infiltrated the control system of the Storm botnet to research the economics of spam. At the peak of …

COMMENTS

This topic is closed for new posts.
  1. Wade Burchette
    Paris Hilton

    Question?

    If the researchers could control a botnet, WHY DIDN'T THEY TAKE STEPS TO SHUT IT DOWN!

  2. J
    Happy

    Er...

    "In this way the researchers avoided the collection of any personal data."

    Except for IP?

    Anyway, will the researchers be prosecuted for unauthorized computer access or whatever is the name? I hope not, but who knows... The white hat is still breaking the law, unfortunately, it would seem from some recent reports.

    Smiley because I don't need Viagra. Well, at least not yet.

  3. Anonymous Coward
    Anonymous Coward

    stats stats stats.

    "Based on circumventing 120 million malware-propagating messages, that it might be possible to infect between 3,500 to 8,000 drones a year, the researchers say."

    Having been logged into over a dozen botnets numbering in over 50k+ each, i would say 3,500 per day not per year.. And that is based on propagating with reserve.

    As new infects come in they get scanned for readable files and email addresses are taken from these files and added to multiple organised databases. The average user only has some 50 or so emails on their pc but companies can have from 2000 - 500,000. On average we are looking at 10million fresh emails per 2,500 infects meaning that there is always a fresh batch to solicit for sales or infects to replenish stocks. The pro bot herders only use their bots to re-infect and harvest at intervals so as not to use too many resources, hosting a large botnet is a full time job in itself, as such, letting it grow too much may cut you off completely for a time.

    Storm is probably the least professional i have seen in action of the bigger nets. They got lazy, over used their net and stopped caring how they promoted their product. Almost as if they lost members and control was gained by the lower ranks.

    The sales ratio per spam and infect rate sounds about correct for the storm net however this is due to the decline in the quality of the messages they send.

  4. Anonymous Coward
    Anonymous Coward

    Unbelievable

    They sent spam, you cannot go around claiming that it would just happen anyhow.

    The cost of spam is the waste in time of dealing with it, if they want to research something they have to setup a controlled environment for it, and pay for the pleasure, not just ride rough shod over crack some systems and fire out their idea of innocuous spam.

    It is tantamount to saying, it is ok to wander off to a war zone, and then just go round shooting people in the leg with stolen ammo from one side, sure the ammo may have got fired and killed someone, much better to be maimed then killed and in research is going, but I still think they have the issue of theft, and the maiming to deal with.

    I have been waiting for this bit of news for a day so :)

    The real problem is if they get off, they have opened a loophole in the law, what is to stop people spamming, having the spam intercepted by a 'research party' redirected to an 'innocuous' website, that then subsequently gets cracked and redirects to another target.

  5. Keith T
    Heart

    More of this sort of research is needed.

    More of this sort of research is needed.

    We need to understand the motives and business models of spammers and their clients in order to work to decrease spam at its source.

  6. kain preacher

    @Wade Burchette

    WHY DIDN'T THEY TAKE STEPS TO SHUT IT DOWN!.

    Simple that would require them to make changes to people computer. You have no idea how screwed up those computers are. I believe altering the files on a computer with out permission is crime. You would also have some jack ass saying you messed his computer up.

  7. Chris C

    Liars or idiots?

    "At first sight it might appear that the researchers were sending spam to study spam. But the set-up is more complicated than that and above board, according to security experts we asked to comment of the ethical implications of the exercise."

    Then you need to stop talking to those "experts". They are either liars or idiots (or both). Whether the "researchers" sent the spam themselves or not is irrelevant. They created a spam message. They took control of (part of) a botnet and used it to send their spam message 350 million times. Hence, they are just as guilty of sending spam as the other botnet controllers are. Or are we now saying that it's the individual PC owners who are sending the messages and should be punished, and not the ones doing the actual controlling? I'm sure Robert Alan Soloway and Scott Richter would love that.

    And how, exactly, did they "subvert" part of the Storm botnet? Whatever method they used is virtually guaranteed to be illegal (at least in the US and UK where unauthorized access to a computer is a crime). Even if it was by hacking into the "bad" guy's command and control system, it's still unauthorized access, and so is still illegal.

    In short, there's no way in hell this was "above board".

  8. Anonymous Coward
    Thumb Up

    Internet 1 and Internet 2

    One for dummies

    One for non-dummies

    Come on now, you know it makes sense!

  9. Anonymous Coward
    Flame

    They SHOULD have got personal data

    Because then they would have had the names and addresses of the brainless twats who actually respond to the spam and make it profitable, and could have sent some vigilantes round to remove them from the gene pool. Once Johnny Dumbfuck Public got the message - respond to spam, get your brains blown out by a gang of machine-gun-wielding thugs - spam would quickly become a lot less profitable!

  10. That's IT
    Thumb Up

    Hell'o World

    Hello World,

    A good place to be in is TheReg.

    I am almost sure.

  11. Michael
    Linux

    Simple solution

    "More of this sort of research is needed.

    We need to understand the motives and business models of spammers and their clients in order to work to decrease spam at its source."

    The motives are to make money. To decrease spam once and for all you should have to pass a test to show you understand the fundamentals of how a computer works, understand what the internet is, and should only be allowed to use email or browse from an account which has no privileges on the PC to install anything.

    Of course my login is root....

  12. Anonymous Coward
    Anonymous Coward

    Re: Unbelievable

    >It is tantamount to saying, it is ok to wander off to a war zone, and then just go round shooting people in the leg with stolen ammo from one side

    No. It is like intercepting a bullet that has already been fired and replacing it with a sponge one. Neither more nor less spam was sent, just the message was altered.

  13. Phil Endecott

    Re: unbelievable

    > They sent spam

    No they didn't. Please read the paper. They intercepted messages between the compromised PCs that send the spam and their controllers to redirect them to send different messages. If they hadn't been there, the spams would have been more dangerous. If they had tried to break the flow of messages rather than changing it, the compromised machines would simply "heal" their connection to the servers by using a different route to it. So their actions did not make any more work for those (like you and me) who spend our time dealing with it, and they have given us a valuable insight into how the economics of spam work.

  14. Pascal Monett Silver badge

    @Keith T

    The source of spam if free email.

    ISP contracts should include limits on email emmission. Low count of like 10 per day is free, after that you get a fixed fee of 1 cent per mail. If you are a business, you can negotiate different rates.

    Clueless users will get a clue when they see a $200 mail tax tagged to their monthly contract. Then they will find out what security means right quick.

    Okay, the ISP can also send out alerts to warn people, and have a trial period for a few months where they indicate how much the email tax would actually amount to.

    If this means the end of spam, I will willingly pay a cent for every mail I send starting from the first.

  15. Anonymous Coward
    Flame

    Only way to stop SPAM...

    is to shoot the Morons who purchase stuff from spamvertised web sites.

  16. Richard Kay
    Boffin

    @Pascal Monett

    "ISP contracts should include limits on email emmission"

    Perhaps, for email emission going out through consumer ISP's own smart hosts, but how do the ISPs enforce the rest without scanning every customer packet and decrypting VPN traffic encrypted over their connections ? I host a number of active email lists for voluntary groups with around 1000 members in total (all subscribers fully confirmed opt ins), generating currently around 10,000 wanted message copies a week.

    "Low count of like 10 per day is free, after that you get a fixed fee of 1 cent per mail."

    So you are going to try to get my hosted server upstream ISP to charge me this on half a million or so wanted emails a year, and you imagine they will be able to keep my business ? Or you are going to get every ISP to do this all at the same time, despite the fact that they are competing with each other for customer business ? You have good intentions I'm sure, but you don't begin to know how to put them into practice do you ?

    I suggest you check this article:

    http://www.rhyolite.com/anti-spam/you-might-be.html

    It contains your plan to end spam alongside several dozen equally impractical and hair-brained schemes.

  17. Glenn Charles
    Happy

    damn

    No wonder only my leg got stiff.

    \Glenn

This topic is closed for new posts.

Other stories you might like