Bend over!
Two South Korean computer programmers have been arrested on suspicion of sending out 1.6 billion spam e-mail messages in violation of the country’s commerce laws, police said on Tuesday.
The two men, one aged 20 and the other 26, are suspected of sending out the unsolicited e-mail messages between September and December last year in what police describe as one of the biggest spam blasts in the country’s history.
The two are suspected of obtaining personal and financial data from 12,000 South Koreans who responded to their spam messages. The pair then sold information on those people to lending services firms in return for 100 million won ($106,400), police said.
12,000 gullible people!
1.6 *billion* in 3-4 months?! Throw them into the ocean with cement blocks on their feet.
No wonder my inbox was a little “lighter” this morning…
Is there a tree high enough in Korea to hang these animals from?
12,000 gullible people!
12000 replies is only 0.00075 percent of 1.6 billion emails
Hanging isn’t the right response. Take them out in the desert, chain them to a thermonuclear device, then detonate it. Not only is that the only appropriate response to the most heinous of all crimes (spamming), but we could also film a good mushroom cloud in HD. There aren’t enough really good films of mushroom clouds out there.
#3 — right — and they got $106K+ selling the info to loan companies.
Percentages don’t count. Being paid for being a criminal counts. They should bust the loan companies, too.
#3 Hence the popularity of spam among the spamers. When I was in direct marketing a 3% response rate was pretty much break even for us.
With spam you can make money if a micro percentage respond and even if you get zero responses you aren’t out any money.
And I agree with everyone else these guys should be shot. And I will continue to agree with that until I can come up with a could spam idea. 🙂
If only Comcast, Bell Atlantic, AT & T, and other such providers BLOCKED outgoing port 25 except for their own email servers . . .
(that’s where most of the spam attempts come from for me)
Here in Canada Bell have done it, but not Rogers Cable.
(I get some spam connects from Rogers)
There is absolutely no reason a home user needs full access to port #25, and that act alone would eliminate 95% of North America’s spam problem.
American & Canadian ISP’s are so bloody slow in implementing anti-spam measures, THEY are the ones that should be sued for making it too easy. A simple email anti-virus filter for POP3 emails would also help.
My funniest story is how I tracked a company owned fixed IP (thus no blocking) here in Montreal. Called them up, a lawyer firm. Told the secretary the problem, who quickly passed me to her boss & the president.
At first he thought I was extorting them – wanted my complete name, address, phone #, wanted to tape the conversation. They had a Win2K Exchange server that had never been patched since installation two years previously, totally in the DMZ.
They had complained to their ISP, Bell (where they bought the Win2k Exchange server from), of slow Internet recently, like slower than a 56K. They were paying 2K$ per month on a 3 yr lease.
What losers. Didn’t even have Admin password.
I was being hammered by them, because I had put their IP in my servers’ anti-spam software, which would drop the connection after the initial HELO. The bloddy botnet would reconnect immediately in an endless loop.
My first solution was to put their IP in the router’s block list. However putting hundreds of IP’s in the router made it’s CPU skyrocket and slow down our Internet. Same endless loop.
Then I discovered Tar Pitting ! Let them connect, send them Unknown User after 2000 seconds if they don’t time-out.
“Tar pitting” – I hadn’t heard of that. Very descriptive. Coupla questions – does it work by creating problems for whoever is misusing their mail server, and didn’t it slow things down for you as well? Okay a third question: did the lawyers finally do anything about their problem?
Does this mean I’ll finally get the penis pump I ordered?
Tar pitting – instead of disconnecting an SMTP session when the IP is blacklisted – your SMTP server waits for XXXX seconds before “answering” the HELO request.
So the sender either gets a TCP/IP timeout, or after many minutes, an answer to the HELO, then another tar pit before my server sends UNKNOWN EMAIL ADDRESS.
The botnet / spammer then proceeds to the next email to spam in the list. From my logs, I can see most spammers group together the domains. So often there’s 3-4 different people on the spammer’s list, and loses easily twenty minutes just with our server.
You can do this with Unix based SMTP mail programs, or recompiled for Windows (what I use). MDaemon does it nicely, good cheap 3rd party Exchange replacement.
By tar pitting the bad guys, you either get off their list, or seriously slow them down.
No effect for everyone else, and doesn’t affect your server from sending outgoing mail.
The Lawyer Co :: They had someone call me, a total IS n00b, that wanted me to train him for free because he didn’t know himself and probably didn’t want to tell his boss (the lawyer).
I offered the lawyer/president to go down for a day for a (cheap) 60$/hr plus travel expenses, instead they sicked this 21 year old n00b puppy on me.
Told him politely that I can also charge the same 60$/hr over the phone, to who do I send the invoice to? For free, I told him, do all the MS updates, and full virus scan, of not just the server, but all the Windows machines in that office.
I think it took them three weeks to sort the mess. I simply tarpitted their IP and forgot about them, except when I want to talk about IS + Windows typical marketplace stupidity that is all too common.
My thoughts of building a quick business model doing reverse lookups, from my SMTP connect logs, on companies (fixed IP’s are so easy to trace) in driving range to go fix their botnets.
Well, those lawyers killed that idea in the bud. I was the bad guy, and 60$/hr was extortion. That’s Can $…
you know that S. Korea is the most “wired” society – over 70% of the population.
So they spammed, big deal – people should have anti-spam technology in effect now, if they dont then its just stoopid user error.
#11, I disagree. You blame the victim for what the bad guys are doing. It shouldn’t matter if you leave your car or house unlocked; you still haven’t put out a sign allowing others to enter and steal.