Ryan Naraine at eWeek has a must-read article on how the recent surge of “pump and dump” spam is being delivered. Working with Joe Stewart, a senior security researcher at SecureWorks in Atlanta, Ryan was able to deliver a detailed picture of how these sleazy operations work and why they’re so hard to shut down.
Sobering numbers: 70,000 infected machines capable of pumping out a billion messages a day, virtually all of them for penis enlargement and stock scams.
Excellent graphics, too. This one shows that Windows XP Service Pack 2 is hosting nearly half the attacked machines.
It would sure be interesting to find out which exploits are responsible for all these infections.
… as Mike Dimmick points out in the comments, many of these bots are installed because users download and install dangerous software and hand the keys to their system over to the bad guys: “That’s why the ISPs have to take charge and block spam from leaving zombie computers – ordinary users frankly can’t be trusted not to infect themselves.”
Sad but true.
Ed Bott (@ wordpress.com) 
If you compare to the reported usage share of the various operating systems (e.g. http://marketshare.hitslink.com/report.aspx?qprid=2), XP actually has proportionally less of the spambots than earlier OS versions. Sadly that site does not give an indication of the percentage of Windows XP users that have applied SP2. I’m horrified that many people seem to be using XP with no service pack at all.
Also, I’m afraid it’s common that the zombie software doesn’t get on there through exploiting vulnerabilities. It gets there through users downloading and installing malware, whether by accepting ActiveX controls or other social engineering means. That’s why the ISPs have to take charge and block spam from leaving zombie computers – ordinary users frankly can’t be trusted not to infect themselves.
(By the way, your JavaScript spam-comment-bot-detector doesn’t work with my RSS reader, RSS Bandit, because that does not permit JS to run inside a webpage.)
Quote: “… these bots are installed because users download and install dangerous software and hand the keys to their system over to the bad guys: “That’s why the ISPs have to take charge and block spam from leaving zombie computers – ordinary users frankly can’t be trusted not to infect themselves.”
This is what I have been saying for years now – but not just the ISPs – the major carriers and backbone equipment makers too. If Sprint, BT, AT&T, etc. teamed up with Cisco, Sun, HP, McAfee and Symantec, they could block nearly 100% of all malware from being dumped onto the web, and hogging up so much bandwidth, in the first place. But as I have asked many times before too, what incentive do any of those companies have to drastically reduce the amount of data (good or bad) that goes through their systems? None! Cisco wants to sell more routers, Sun more servers, Sprint more bandwidth, and McAfee more anti-virus licenses.
Time to wake up folks!!!! The ENTIRE Internet support and service industry is making fortunes off of spam, other malware, and illegal file shares – at OUR expense!!!!!
We need international laws with teeth, aggressive well-trained and funded law enforcement, and judges with no agendas other than protecting the innocent.
@Mike and/or Ed – please help with a statistic. Various reports have spam as up to 80% of all email traffic. What I cannot find is, of the total bandwidth consumed, how much is email?
In other words, “IF” ISPs, carriers, anti-malware makers, and governments stopped all spam (and other malware – viruses, worms, spyware, etc.) at its source, how much bandwidth would be freed up? Is it significant, or a drop in the bucket?
This seems to be a very hard number to nail down. Urban myths abound. I can find reports that porn consumes up to 85% of all Internet traffic. And I can find where P2P eats up 60%. And I also found where BitTorrent is 35%, and so is eDonkey! In 2005, Jon Yarden @ TechRepublic reported that “approximately 7 percent of all incoming Internet traffic to my organisation’s network fell under the junk traffic classification.” I wonder if that is still true (1), but (2) a fair assessment in the first place? I sure get a lot more spam at my personal (home – ISP, Yahoo, Gmail) addresses than I do with my corporate (work) addresses.
-bill