Comments on: Filling The Spam Vacuum http://www.opensrs.com/blog/2008/11/filling-the-spam-vacuum/?utm_source=rss&utm_medium=rss&utm_campaign=filling-the-spam-vacuum Happenings at OpenSRS. Talk of Domain Names, Email and SSL Sat, 04 Feb 2012 11:59:00 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Peter Blair http://www.opensrs.com/blog/2008/11/filling-the-spam-vacuum/#comment-840 Peter Blair Tue, 09 Dec 2008 14:05:42 +0000 http://opensrs.com/index.php?option=com_wordpress&p=837&Itemid=149#comment-840 People have been reporting an uptick in spam received from the C&Cs previously hosted at McColo: http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212300170&subSection=Attacks/breaches People have been reporting an uptick in spam received from the C&Cs previously hosted at McColo:

http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212300170&subSection=Attacks/breaches

]]> By: Garrick Lau http://www.opensrs.com/blog/2008/11/filling-the-spam-vacuum/#comment-839 Garrick Lau Fri, 05 Dec 2008 15:33:39 +0000 http://opensrs.com/index.php?option=com_wordpress&p=837&Itemid=149#comment-839 Great comments! Yes, re-installing is more of a corrective approach and I agree wholeheartedly that education will go a long way in prevention. Corrective is immediate and results driven... Education is key, but couple that with an easy way to take corrective action and I think we have a winning combination! Great comments! Yes, re-installing is more of a corrective approach and I agree wholeheartedly that education will go a long way in prevention.

Corrective is immediate and results driven…

Education is key, but couple that with an easy way to take corrective action and I think we have a winning combination!

]]> By: NetMidWest http://www.opensrs.com/blog/2008/11/filling-the-spam-vacuum/#comment-838 NetMidWest Fri, 05 Dec 2008 09:25:09 +0000 http://opensrs.com/index.php?option=com_wordpress&p=837&Itemid=149#comment-838 I don't agree that re-formatting and re-installing OS is the cure. Prevention and maintenance is; before there was great software out there to kill spambots, that made sense. Your advice is out of date... all but the very latest trojan and virus creations can be blocked or removed from the PC (That's PERSONAL computer, don't let uncle touch it!), and regular updates of the software can insure that the volume is turned down significantly... and it's much easier to keep up with the updates than to reinstall an OS. Perhaps education is the real key, anyone with a few hundred bucks can now buy a PC and get online, with no real idea of the domino effect problems that owning a PC can create... I don’t agree that re-formatting and re-installing OS is the cure. Prevention and maintenance is; before there was great software out there to kill spambots, that made sense. Your advice is out of date… all but the very latest trojan and virus creations can be blocked or removed from the PC (That’s PERSONAL computer, don’t let uncle touch it!), and regular updates of the software can insure that the volume is turned down significantly… and it’s much easier to keep up with the updates than to reinstall an OS.

Perhaps education is the real key, anyone with a few hundred bucks can now buy a PC and get online, with no real idea of the domino effect problems that owning a PC can create…

]]> By: Brian Hawthorne http://www.opensrs.com/blog/2008/11/filling-the-spam-vacuum/#comment-837 Brian Hawthorne Fri, 05 Dec 2008 04:31:49 +0000 http://opensrs.com/index.php?option=com_wordpress&p=837&Itemid=149#comment-837 Wow. How about reformatting all those computers and installing a better operating system? My computer is bot-free and virus-free and I have never reformatted it. Of course, I'm running a modern operating system, not a toy from Redmond. Wow. How about reformatting all those computers and installing a better operating system? My computer is bot-free and virus-free and I have never reformatted it. Of course, I’m running a modern operating system, not a toy from Redmond.

]]> By: Arthur http://www.opensrs.com/blog/2008/11/filling-the-spam-vacuum/#comment-836 Arthur Fri, 28 Nov 2008 15:14:45 +0000 http://opensrs.com/index.php?option=com_wordpress&p=837&Itemid=149#comment-836 Ah, yes, I think that's what the newspaper referred to. I'd say going one step further and pushing the top-level domain registry to block those registrations would be really helpful in such cases. Cheers, Arthur. Ah, yes, I think that’s what the newspaper referred to. I’d say going one step further and pushing the top-level domain registry to block those registrations would be really helpful in such cases. Cheers, Arthur.

]]> By: Garrick Lau http://www.opensrs.com/blog/2008/11/filling-the-spam-vacuum/#comment-835 Garrick Lau Fri, 28 Nov 2008 14:56:56 +0000 http://opensrs.com/index.php?option=com_wordpress&p=837&Itemid=149#comment-835 Hi Arthur, I believe you are speaking about the Srizbi Botnet. There was an effort lead by FireEye to register the domains before the "bad guys" could but I believe at the rate of 450 domains a week, they ran out of funds to continue the effort after spending around $4,000 in domain registrations. http://voices.washingtonpost.com/securityfix/2008/11/srizbi_botnet_re-emerges_despi.html?nav=rss_blog We discussed this internally and have reached out to FireEye to let them know that we would be willing to collaborate in the future and not to hesitate to reach out to us. Hi Arthur, I believe you are speaking about the Srizbi Botnet. There was an effort lead by FireEye to register the domains before the “bad guys” could but I believe at the rate of 450 domains a week, they ran out of funds to continue the effort after spending around $4,000 in domain registrations.

http://voices.washingtonpost.com/securityfix/2008/11/srizbi_botnet_re-emerges_despi.html?nav=rss_blog

We discussed this internally and have reached out to FireEye to let them know that we would be willing to collaborate in the future and not to hesitate to reach out to us.

]]> By: Arthur http://www.opensrs.com/blog/2008/11/filling-the-spam-vacuum/#comment-834 Arthur Fri, 28 Nov 2008 08:37:43 +0000 http://opensrs.com/index.php?option=com_wordpress&p=837&Itemid=149#comment-834 According to information from my local newspapers it's the very same botnet that is now under control by the same people as before. With loosing the McColo hosting they've lost their command infrastructure. The bots in the wild try regularly to contact new (new as in generated according to a rule set/hash sequence) domain names for instructions. Those domain names are what a few anti-spammers have bought up in the days before to stop the spammers from regaining control. Now the spammers have managed to register one of those domains and regain control of the bot-net. Would be nice if known lists of such controlling domains could be blocked permanently at registry level. Those domains aren't worth anything anyway as they look like (and are) a hash value and nothing ayone else would be interested in registering. According to information from my local newspapers it’s the very same botnet that is now under control by the same people as before. With loosing the McColo hosting they’ve lost their command infrastructure. The bots in the wild try regularly to contact new (new as in generated according to a rule set/hash sequence) domain names for instructions. Those domain names are what a few anti-spammers have bought up in the days before to stop the spammers from regaining control. Now the spammers have managed to register one of those domains and regain control of the bot-net. Would be nice if known lists of such controlling domains could be blocked permanently at registry level. Those domains aren’t worth anything anyway as they look like (and are) a hash value and nothing ayone else would be interested in registering.

]]>