Blue Frog Anti-Spam Initiative, Part II: Flawed Methodology
Bringing Spammers to Their Knees
Tom Spring, PC World
Monday, July 18, 2005
[Full story]
The following are some concerns I see as flaws in Blue Frog's makeup or rationale:
*Voluntary zombies
Blue Frog's software causes all of its connected users to submit the request/complaint simultaneously--and repeatedly--for a period of time.Spammers take over innocent users' computers to send spam from them. This is only a voluntary verion of the same technique. What if the open-code program was hacked and gave spammers access to a wide network of computers which were already configured to be mail-sending zombies?
*Bandwidth
And because spammers typically must pay for the bandwidth of traffic to and from their sites, the massive flood of complaints means higher bills to keep the sites running, Blue Security argues.
[M]any of the recent viruses act as both DNS server and Web server for the spammers who also use them to send out their spam.[1]Spammers probably see bandwidth charges and frequent hosting changes as just another business expense, like paying rent. They expect and plan for it. Besides that, this is assuming that the spammer even pays for her hosting. They could run their own server or even use virus-infected computers to unwittingly host their sites and send spam.
*Registry doesn't stop spammers
Over time, however, spammers will be forced to stop e-mailing Do-Not-Intrude registrants in order to remain in business.There are an infinite number of new email addresses. They'll never run out of victims. Even if their site is shut down, they'll just move on to another one and start the cycle again.
*Hurting businesses on same ISP
Note that a DDoS attack can bring down an entire ISP--including legitimate sites that happen to use the same hosting service as a spammer's business.You wouldn't want to destroy an innocent group of sites just because they had the misfortune of being on the same hosting provider as a spammer.
References:
[1] enemieslist.com: Spam News: Blue Frog: Yet Another Fight-Spam-Through-DDoS Tool
2 Comments:
At 9:01 AM, Anonymous said…
Reading your items and Blue Security's information, this is what I came up with:
Voluntary zombies: that's an oxymoron, it's not a zombie. To the second point, why would someone "hijack" Blue Security's open-source program? Wouldn't it make more sense to "hijack" Jabber, eMule, Gimp, Linux? There are probably more Jabber users than there will ever be Blue Frog users. And you don't say Jabber's dangerous.
Bandwidth: If bandwdith is more expensive the spammer loses money. If the site stops working the spammer loses money. If the site is on a zombie machine, they can ask its owner to take it down and the spammer loses money.
Registry: exactly because there are so many addresses and so many users, spammers will not waste time fighting Blue Frog users and will rather just get them off their lists and go make money off all the remaining people, and live happily in their mansions.
Hurting business: Spammers have already been kicked out of all ISPs and left with those offshore ones that support them explicitly. Legitimate ISPs can be asked to take down the illegal sites without any harm to others.
At 1:19 PM, Adam Gentry said…
Voluntary zombies: By my definition, a zombie is a computer that is remotely-controlled by another person without the knowledge or intervention of the user. The reason it's voluntary is because the user chooses to allow the network to have access to its email program whenever it needs. After that, the computer can be used to send email, even though the user doesn't know when it's happening.
If you're referring to pure numbers, of course it would be more effective to take over an established service than one in its infancy.
On the other hand, Blue Frog is a program specifically designed to send email automatically. If an unethical person gained control of the network system, they could easily turn every user into an unknowing mass spammer.
Bandwidth: I concede your point that making spammers lose money is definitely a good thing. Stopping one site won't put them out of business, though.
Registry: Ideally that's true, but the possibility for harmful exploitation could be too big a risk. I've proposed another strategy.
Hurting business: Your solution is true on a case-by-case basis. Blue Frog responds to a spam with an attack intended to crash the spammer's server, though. This could potentially overload the ISP, taking legitimate sites down along with the spammer's. (Blue Security has since abandoned their plans [June 20, 2005] to multiply the attack and says they stagger responses to lessen the possibility of the site crashing.)
Thanks for your thought-provoking comments.
Post a Comment
<< Home