Comments on: Fake marijuana botnettery continues

by: Daniel Rutter

Sun, 16 Dec 2007 12:20:27 +0000

Almost a month later, another "Legal Bud Shop" e-mail turned up, with the same "buddy Mark at the post office" text, but this time promoting MyCrazyBuds.com , www2.MyCrazyBuds.com and 4e5U2.MyCrazyBuds.com. Which resolve right now to Road Runner and Comcast IP addresses, so it's clearly the same thing again.

by: Stark

Tue, 20 Nov 2007 03:48:11 +0000

Jax, I don't disagree with your assesment at all... however I think the major ISP's won't much care. The AT&T's of the world already don't much care if they lose a few thousand home customers here and there due to being a pain in the ass. And, frankly, the percentage of their home users using something other than Winduhs is small enough to really not bother them at all if they go away.

Although it strikes me that the easiest way for an ISP to deal with this might be to create their own bot-net out of everything that connects to their network. Then we can have massive bot-net wars! Eventually an intelligence will rise out of the massed bot-nets and humanity will be subjugated to its will...or something... ;)

by: Daniel Rutter

Sun, 18 Nov 2007 02:23:14 +0000

The latest spam to arrive was promoting YbA7mt.shabaaloo.com as well. At the moment most/all of the content you get from going to that subdomain is still coming from thebudshop.net, but it could all be YbA7mt.shabaaloo.com/whatever files any minute now.

by: Jax184

Sat, 17 Nov 2007 17:58:07 +0000

I realize that the current software is optional, but I was trying to show what a mess it would be if the software were to become mandatory.

I'm an E-Slut, err, Telus user myself here in Vancouver, but only because Shaw has a slower upload speed and more strict monthly transfer limits. Now if only I could get port 80 opened up so my domain would function properly...

by: Kahm

Sat, 17 Nov 2007 17:08:23 +0000

Hilarious comment to come home to, considering that I work tech support for TELUS. (Edmonton, Alberta, Canada) :)

Ironically, you don't require the Telus software at all to get going on the net, and the install CD lets you bypass our AV (which you have to subscribe to) and our (moderately useful) diagnostic software.

Our new standard modems also include routers, which we support, and that means it is much easier to eliminate the client's computer from the equation.

On the flip side, I've talked to people who changed ISPs because we cut them off for virus traffic, rather than actually fix the computer. :( One of the routers has a built in "excessive connections" warning that intercepts the webpage if you have thousands of outgoing connections on your computer. Unfortunately, client's are always "Just turn that off so I can connect" ;_;

by: Jax184

Sat, 17 Nov 2007 10:49:15 +0000

Setting aside the question of how a net provider would know if you were running their software, especially with the huge number of routers and such in service, I can still see a fatal flaw or two in mandatory net provider approved antivirus software. "Sorry sir, you must be running Telus branded antivirus, with added value links, desktop shortcuts and pop-up messages to inform you of our latest special offers in order to use the service you're paying for!" "But your software only runs on Windows Vista! I've got a mac/C-64/VoIP phone/Sega Dreamcast/windows 2000/windows CE/Newton OS/linux/Solaris/Irix based machine that can't run your software!" "Sorry sir, you'll have to upgrade your computer to meet the minimum system requirements before I will be able to help you." "But!" "Have a nice day sir, and thank you for choosing Telus."

by: Stark

Sat, 17 Nov 2007 10:03:53 +0000

I think you are, unfortunately, exactly right about the spammers moving to fast-flux hosting. I also think you are exactly right about the causes of reticence do do anything about bot nets as far as isp's are concerned. However, there is an alternative to cutting the bots off the net altogether and many ISP's appear to already be moving this way - that alternative is to require antivirus packages supplied by the isp to be on your pc and running in order to connect. Folks will cry foul at that but really, it's not an unreasonable proposition. It's certainly far more reasonable than cutting the poor clueless user off at the knees.

Personally I'm all for creating an international rapid strike force authorized to use deadly force in the apprehension and permanent removal of the bot net runners and spammers.... but that may be a bit drastic.