## December 26, 2003

### Snap, Crack and Spam

A quite frightening story about the increasing sophistication of spammer/crackers [tip 'o the hat to Gary F]. It’s been clear for a while that spammers have crossed the line into computer cracking — using hijacked Windoze boxes to distribute spam and mount DDoS attacks on anti-spam sites. What’s new here is the sophistication of the attack, and the target — a linux system running GeekLog, a popular PHP-based weblogging program.

Cracking into a Windoze box carries very little risk of detection, much less of being tracked down. Windoze users are inured to the thought of their machine being compromised by viruses, spyware, etc. and they have relatively few forensic tools available for tracking down their attacker. Linux users are, by and large, a more sophisticated bunch, raising the stakes for a potential attacker.

I guess this is all the more reason to keep your software up to date, which includes upgrading MovableType to 2.65, plugging a hole in lib/MT/XMLRPCServer.pm.

Posted by distler at December 26, 2003 12:33 PM

TrackBack URL for this Entry:   http://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/276

### Re: Snap, Crack and Spam

Thanks for the hat tip.

It’s scary how sophisticated spammers are becoming. Long gone are the days of people with a remailer and harvester, churning through email lists.

Spam is big business, and the money men are throwing sophisticated email engines, distributed zombie networks, and much more at us.

They have the money, and they will win. The best we can do is try to minimise the damage.

Posted by: Gary F on December 26, 2003 2:29 PM | Permalink | Reply to this

### Re: Snap, Crack and Spam

Computer cracking is not “big business.” It is criminal activity in almost all juristictions. Spammers may always have been the lowliest scum of the earth, but they were not — by and large — criminals.

Never mind the feeble (and IMHO misguided) attempts some have made to criminalize spam. The spammers themselves have crossed over the line, and they have done so in a way destined to elicit much stiffer penalties than the namby-pamby fines mandated in the aforementioned anti-spam laws.

I view this as the beginning of the end for spammers. If they could ply their trade without risking serious jail time, then they would. The fact that they need to engage in computer cracking to distribute their spam is a sign of weakness, not strength.

But, yes, things will get uglier still before they start to get better.

Posted by: Jacques Distler on December 28, 2003 1:19 AM | Permalink | Reply to this

### Re: Snap, Crack and Spam

I disagree. It is big business, whether illegal, unethical, immoral or not. The spam industry is estimated at £5 million in the UK alone.

It is possible that spammers have moved into the illegal sector because traditional methods are no longer working (although I really don’t think this is true - I saw an article on one spammer who was making thousands from a single spam email campaign). It is also possible that this move is perceived as an acceptable growth of the industry by the more unscrupulous spammers.

The “they would ply their trade if they could..” argument just doesn’t ring true. If people can make more money doing things illegally, someone generally will.

Posted by: Gary F on December 28, 2003 5:17 PM | Permalink | Reply to this

### Re: Snap, Crack and Spam

I disagree. It is big business, whether illegal, unethical, immoral or not. The spam industry is estimated at £5 million in the UK alone.

I think we are using a different metric. The Mafia is, in that sense, “big business” too (and they gross a lot more than £5 million). But they are not viewed merely as businessmen in a somewhat disreputable line of work. They are viewed as criminals, and pursued relentlessly by Law Enforcement.

And no one believes that “They have the money, and they will win.”

The “they would ply their trade if they could…” argument just doesn’t ring true. If people can make more money doing things illegally, someone generally will.

If they could make the same money doing the same thing legally, they wouldn’t bother with gratuitious felonies.

Our success in stemming other vehicles for spam transmission has ‘forced’ the spammers into computer cracking.

Posted by: Jacques Distler on December 28, 2003 11:56 PM | Permalink | Reply to this

### Re: Snap, Crack and Spam

If they could make the same money doing the same thing legally, they wouldn’t bother with gratuitious felonies.

Almost certainly. What if they could make 10 times as much money? Or more? Crime might then seem like an acceptable option for the greedy and, let’s face it, spammers are nothing if not greedy.

Posted by: Gary Fleming on January 8, 2004 5:48 PM | Permalink | Reply to this

Post a New Comment