

Botnet Responsible for 18% of World’s Spam Knocked Offline  - sheckel
http://mashable.com/2012/07/19/spam-botnet-taken-down/

======
0x0
I never understood why not the upstreams of "bulletproof hosts" simply
disconnect / de-peer the entire AS until they clean up their act? Why won't
their BGP neighbors take action?

If you can't get ScumBagISP-A to clean up their act, go to ScumBagISP-
Upstream-B, and then the next hop ScumBagISP-Upstream-Nexthop-C, and the next,
until you find a responsible carrier who can de-peer?

~~~
aristus
That was tried about 5 years ago against the "Russian Business Network",
AS40898.

[http://blog.washingtonpost.com/securityfix/2007/11/russian_b...](http://blog.washingtonpost.com/securityfix/2007/11/russian_business_network_down.htm)

As far as I know it only worked temporarily.

~~~
zcid
You're missing an 'l'.

[http://blog.washingtonpost.com/securityfix/2007/11/russian_b...](http://blog.washingtonpost.com/securityfix/2007/11/russian_business_network_down.html)

------
ChuckMcM
I read these numbers, and I look at my bandwidth costs at my data center, and
I think, "wow, it sure is fortunate that so much excess backbone capacity
ended up being build in the dot com era."

~~~
jannorthoff
> so much excess backbone capacity Do spam emails really consume that much
> bandwidth? I don't see long texts besides those from that nice Nigerian
> Minister...

~~~
Karunamon
An average email is roughly 75kb[1]. That same 75kb, plus TCP overhead, has to
touch every single email server between you and the destination (wasn't able
to find anything that suggested how many hops are average).

Some random googling specifies a number around 175 billion for number of spams
sent per day.

That works out to an average of 12,223 terabytes per day - of just spam. Now
multiply that by the number of hops that each message take. Assuming each
message only has to touch one intermediary server between source and
destination, that's still 3.6 petabytes.

[1]
[http://email.about.com/od/emailstatistics/f/What_is_the_Aver...](http://email.about.com/od/emailstatistics/f/What_is_the_Average_Size_of_an_Email_Message.htm)

~~~
Retric
Spam tends to be a lot smaller (~6.4kb) as longer messages take more resources
to send and are easier to detect.
<https://www.trustwave.com/support/labs/spam_statistics.asp>

Also, Email does not need to hop from mail server to mail server all that much
due to DNS. Granted legitimate mail might move around a fair bit, but as far
as the public internet is concerned the vast majority of spam is sender ->
possibly senders mail server -> spam detection software -> /dev/null.

------
nsns
Original post - [http://blog.fireeye.com/research/2012/07/grum-botnet-no-
long...](http://blog.fireeye.com/research/2012/07/grum-botnet-no-longer-safe-
havens.html)

------
Zenst
I keep reading about spam networks knocked out and yet like any crime, if you
take out the number one then everybody moves up a notch and somebody else
joins the bottom. So either maybe they could make it harder. ISP's do packet
inspection, maybe they could make it useful for the user. Block the sending of
spam - both ways. Anybody selling viagra and penil extensions realy should be
on a buisness internet account for a start.

The tools are out there, maybe the ISP's could give the users a configuration
screen enabling them to block spam upstream. User virtual firewalls could be
useful to the user and also the ISP. Maybe users could be tested on what they
know and from that certain default settings are made on the firewall and
options locked. If a user don't know what there doing then lets help them.
Then any block will point them to speak to a human on the phone as they need
that level of help. But instead we allow anybody to have a loaded electronic
gun drive around the whole of the internet, scary when you think of it like
that, but thats what you have, oh and spam.

~~~
0x0
Many ISPs around the work unconditionally block customers' outgoing TCP port
25 connections, to combat zombies sending spam over SMTP.

I used to find this annoying when running a private mail server, but then I
realized that relaying through the ISP outgoing SMTP proxies probably ended up
with net benefit in delivery rates anyways, due to IP reputation.

------
TamDenholm
Didnt this happen not so long ago and it only took a few months for the levels
to go back up again?

------
benmanns
Why don't botnet operators use a peer-to-peer style command centers? According
to the original article on the FireEye blog, the network was taken down with
only "three days of effort."

~~~
PotatoEngineer
Those might be vulnerable to anti-spam agencies actually hacking the control
protocol. Or maybe it's just harder and the spammers don't want to spend as
much time designing it. If government agencies keep taking these things down,
and if they can do it quickly (not four years later), then it might be
worthwhile for the spammers to have more robust control mechanisms.

------
donpdonp
And there was much rejoicing.

