Snap, Crack and Spam
A quite frightening story about the increasing sophistication of spammer/crackers [tip 'o the hat to Gary F]. It’s been clear for a while that spammers have crossed the line into computer cracking — using hijacked Windoze boxes to distribute spam and mount DDoS attacks on anti-spam sites. What’s new here is the sophistication of the attack, and the target — a linux system running GeekLog, a popular PHP-based weblogging program.
Cracking into a Windoze box carries very little risk of detection, much less of being tracked down. Windoze users are inured to the thought of their machine being compromised by viruses, spyware, etc. and they have relatively few forensic tools available for tracking down their attacker. Linux users are, by and large, a more sophisticated bunch, raising the stakes for a potential attacker.
I guess this is all the more reason to keep your software up to date, which includes upgrading MovableType to 2.65, plugging a hole in lib/MT/XMLRPCServer.pm
.
Re: Snap, Crack and Spam
Thanks for the hat tip.
It’s scary how sophisticated spammers are becoming. Long gone are the days of people with a remailer and harvester, churning through email lists.
Spam is big business, and the money men are throwing sophisticated email engines, distributed zombie networks, and much more at us.
They have the money, and they will win. The best we can do is try to minimise the damage.