New Spam Retaliation Tool

Discussion in 'other security issues & news' started by Paranoid2000, Nov 8, 2006.

Thread Status:
Not open for further replies.
  1. Paranoid2000
    Offline

    Paranoid2000 Registered Member

    Those who have the misfortune to have to deal with significant quantities of spam will have doubtless had many for one particular range of "pharmaceutical" products, specifically Spur-M, More-Size, Extra-Time, VigraMax, Rabbit Pearl Vibrator or Fat Blaster. These are all part of the same spam operation believed to be run by Alex Polyakov, by many estimates the Internet's worst spammer. The sites themselves use no encryption for credit card details (despite a "134-bit encryption" banner on some of them) so pose a danger to those naive enough to consider shopping at them.

    A web script has now been released (which should be usable with any browser) for placing fake orders (with plausible names, addresses and credit card details) directly to the backend databases used by this spam operation, meaning that large numbers can be submitted very quickly. See the Spur-M-Enator thread at the Kill Spammers for more details and download location.

    If enough people run this tool, flooding his database with fake orders, it has the potential to cause real financial harm to his business (forcing him to discard real orders or risk losing credit card facilities due to excessive verification failures). Anyone wishing to see a cutdown in spam should consider using this tool to help curtail the activities of one of the worst operators.
  2. Rmus
    Offline

    Rmus Exploit Analyst

    IMHO, retaliation - - taking revenge, returning like for like, especially evil for evil -- is an outmoded way of thinking, and puts the retaliator down in the gutter at the same level with the scumbag perpetrator.

    regards,

    -rich
  3. QBgreen
    Offline

    QBgreen Registered Member

    "Sometimes you gotta fight when you're a man" - Kenny Rogers
  4. Paranoid2000
    Offline

    Paranoid2000 Registered Member

    Perhaps you may wish to review the links above in more detail then before making judgements? In this case, you not only have someone who spams, who ignores complaints, uses complainers' email addresses as fake senders in future spam and sells illegal (and likely harmful) products but also one who has been involved in a host of other illegal activity ranging from identity theft and fraud to pump and dump stock scams.

    What this utility does is fill the spammers database with garbage data (though plausible enough to pass their filtering) which is pretty much what this vermin is doing to everybody's email inboxes. It is an escalation of previous attempts to stop their spamming (notably Blue Security's opt-out list) but one which recent events have justified in my view.

    This tactic is also effective - I used to receive regular mortgage quote spam which stopped after using one of the Kill Spammer's formfillers to deluge it with false leads. It is only by causing financial harm to a spammer that users can stop being deluged with junk and it is only when a significant portion of the Internet community uses such methods that spam will stop completely.

    It would be nice if spammers stopped when asked, didn't try to hijack PCs to bypass blocklists and poison spam filters but ultimately those who wish to retain the use of email will need to escalate their countermeasures against those willing to destroy it.
  5. Cerxes
    Offline

    Cerxes Registered Member

    I fully agree in this and I support this type of agressive defence, since it´s the most effective way of defending against spammers when they themselves are loosing money - the only thing that really hurt them...

    Regards, C.
  6. spamislame
    Offline

    spamislame Registered Member

    Hi.

    I'm the guy who wrote this utility (based on the collaboration of numerous others to whom I remain indebted.)

    To those who claim this is "stooping to their level" I say: what other options do we have? The precise reason that we're currently in a world where 91% (and rising) of incoming email to all accounts worldwide is spam: you tell me, what other retaliation do we as users of the Internet, which these malicious criminals are destroying on a daily basis, do we have?

    Filters don't work. Even if they do they take lots of effort to get working properly and even then the spammers seem to think we still want to see this stuff. So I hate filters. I use them, but I hate them.

    Complaining is of no use, and in the specific case of the Spur-M-Enator(TM) I discovered that their so-called "contact" form and "opt out" functionality perform absolutely no function whatsoever aside from presenting you a bogus "Thank you" page. They lie.

    They claim their site is secure ("134-bit encryption" is used?! Do they think we're idiots?) They lie. They claim to ship you products which are "safe". They often claim to be "supported" by groups like the Better Business Bureau, Visa and other third party vendors. I have contacted and worked closely with all of those vendors, and many more. I can tell you unequivocally: none of them support these spammers or their operations. The spam continues to arrive.

    The *only* time it has slowed was when I and others first began this type of retaliation against refinance and mortgage spammers, notably Alex Polyakov. That caused all refi spam to stop completely for a few days. I mean absolutely cold turkey: no more refi spam, to any account on my end for at least 8 days. If "stooping" is what it takes to get this to stop: sign me up. At least I'm being extremely up front about it: I hate these assholes, and I hate that they constantly stand behind their practices because they can call it "marketing".

    I refuse to buy the mentality that says to ignore or "just delete" these relentless emails. I don't feel that anyone should sit down and take that as any sort of solution against these criminals.

    I would also strongly recommend reading this tandem thread which describes in greater detail the fraudulent nature of all of these websites and their operations, and how the Spur-M-Enator came to be.

    http://www.thescambaiter.com/forum/showthread.php?t=8761

    The last two pages go into greater detail.

    In my opinion: people who claim we're just stooping to their level are merely afraid that something can actually be effective. I have no scruples about doing battle with bald-faced liars or criminals. I don't think anyone would ever mistake my actions for being anywhere near as fraudulent as what they do. If they were in any way legitimate, they'd track me down to put me in court for my retaliations. They know they have no legal leg to stand on, and they should be well aware: I have tons of evidence against them. So I say bring it on. I'm not going to sit back and just let these malicious savages ruin what should be a valid, effective communications medium.

    If there was a link to terrorism in any of this people would be taking the gloves off much sooner. This disappoints me greatly.

    Anyway sorry for babbling but I'm sick and tired of hearing this excuse every time somebody actually has a real, valid solution for fighting against these obviously illegal activities.

    SiL
  7. borat
    Offline

    borat Registered Member

    Hi, downloaded the tool. Would appreciate advice on how to install and run the utility.

    Browser: FF 1.5.0.8 on XP

    Thanks :)
  8. spamislame
    Offline

    spamislame Registered Member

    - Step 1: download [http://www.mytempdir.com/1047078]
    - Step 2: unzip
    - Step 3: (probably) read: "whatitdoes.html"
    - Step 4: launch "kill.html"

    It's javascript. Therefore you have to enable javascript. It installs nothing on your system.

    It also will attempt to post the form using a new window, but once that window is launched it won't launch any others. As such you may need to "allow" it to launch popups. Since this is completely run from your desktop you are at no risk of any rogue installations unless you personally manipulate the code to do so (which I do not recommend.)

    An extra note for the extra-paranoid: This utility merely generates values within your browser, then posts them to the processing servers of these miscreants. It contains zero viruses. It has no connection whatsoever to windows or any dll's or anything outside of plain, ordinary HTML and JavaScript. I wrote it that way so that it could be run anywhere, anytime.

    Thanx and hope that helps.

    SiL
  9. Devinco
    Offline

    Devinco Registered Member

    Hi SiL,

    Welcome to Wilders!
    Thank you for making this real solution to spam available to us all. :thumb: :thumb:

    Is the target window supposed to be blank?
    The window shows a different IP than mine.
    Won't their web logs show the visitor's real ip (or proxy ip) address?
    Maybe users should spread its use out over time rather than 1000 all at once like one user did so that they don't block your ip.

    Governments may arrest a big spammer very rarely only to pay lip service but they are basically ignoring this huge problem.
    ISPs and hosts turn a blind eye as they receive big payments from spammers.
    So who's left to deal with the problem except us victims?
    All that's needed for evil to spread is good people who do nothing.
    Spammers have boxed us into a corner, so I say it's time to fight back.
    Good work SiL. :)
  10. Paranoid2000
    Offline

    Paranoid2000 Registered Member

    Yes (this question was answered in the Kill Spammers thread linked above). It connects directly to the spammers' database which does not provide any webpage confirmation - their own webpages would handle this normally.
    The spam websites normally used for placing orders include the IP address - this script sends a random one in its place.
    As with any connection, yes. However given the illegality of their operation, it is rather unlikely that they are going to be able to complain to ISPs or law enforcement.
    It's very likely that the spam operation responsible knows about this and will take steps to block it as soon as they can (they probably have dozens of "affiliates" feeding data in making changes more difficult) so it would make sense to exploit this while it lasts.

    I'd like to thank SiL as well - this type of spam (which I find highly objectionable) has, for now, stopped completely.
  11. controler
    Offline

    controler Registered Member

    Download links do not work for meo_O

    controler
  12. spamislame
    Offline

    spamislame Registered Member

    It looks like mytempdir had some downtime earlier today. This was (I confirmed) NOT due to a DDOS attempt (which I thought it might be.)

    http://www.mytempdir.com/1047078

    That one is live as we speak. :)

    In any event this means I'm also making sure that alternate locations are available as well.

    Hope that helps.

    SiL
  13. Devinco
    Offline

    Devinco Registered Member

    Paranoid2000,

    Thanks for the answers and for bringing this to our attention.
  14. spamislame
    Offline

    spamislame Registered Member

    I was about to say the very same thing. :)

    I don't know about anyone else here but my spam count today was zero. I've received reports from several others around the globe that this is also the case on their end.

    This can't be a coincidence.

    The average person who runs this utility has been posting anywhere from 3000 - 7000 orders per day. Several have chosen to run it overnight. This is possibly overkill (though I would argue that spamming me 50+ times a day for a product I never asked to hear about is overkill) but it's definitely doing the trick.

    I get the sense that these tantrum throwing spammers will only start spamming twice as hard in a few days. If that's true, that leaves a huuuuge amount of traffic data which the FBI (whose IC3 group I have informed of this retaliation) are more than ready to track to its source. They aggressively monitor several botnets as well so we'll see if there's any correlation there.

    Thanx to anyone who continues to join in. It's definitely hitting somebody where it hurts.

    SiL:thumb:

    P.S. Thanks for the kind words
  15. borat
    Offline

    borat Registered Member

    Thanks, SiL, for the help and the utility :thumb: Couldn't get it to fuction with FF so launched with IE6.

    I have 2 Gmail accounts and the spam count today (Nov 10th) was 3 :D usually it's around the 17 mark.

    Btw, excuse the dumbass question(s) ..

    How long is the life cycle of this tool - is it to be used in a similar way to the SETI and Folding@home apps which utilise 'free' CPU cycles, ie, am I required to use it indefinately for the forseeable future utilising vacant bandwidth?

    Will there be a point at which I should cease, or will the tool be modified as and when the intended target(s) change or if and when they close the backdoor being used? How will I know when I can terminate this tool?
    Last edited: Nov 10, 2006
  16. Slovak
    Offline

    Slovak Registered Member

    hehe, I'm running it as well, overnight too!
  17. solarpowered candle
    Offline

    solarpowered candle Registered Member

    thank you for this its humming along nicely. a cool idea.
  18. Alphalutra1
    Offline

    Alphalutra1 Registered Member

    I got it up and running, and its going to stay that way while I am still on this computer. Suck it spammers :D

    Alphalutra1
  19. herbalist
    Offline

    herbalist Guest

    Nice idea! I'm launching it every hour for about 10 minutes via my task scheduler. I should put it on the dialup connected PC and take advantage of its floating IP.
    Too bad you can't make one that can automatically scan the spam folder of a mailbox and automatically attack whatever turns up there. My Yahoo spancatcher account gets about 50 new ones each day, more than I want to harass manually.
    Rick
  20. controler
    Offline

    controler Registered Member

    My Yahoo account gets hit hard also but this is one of my oldest accounts. After enough years they all get hit hard. I get about 30 a day in my bulk folder but still get about 10 or so inbox. I get about the same in my oldest hotmail account.
    Is this because of using better subject box info and picture info in main rather then text?

    controler
  21. Paranoid2000
    Offline

    Paranoid2000 Registered Member

    That would be the ultimate retaliator - but in practice each spam operation requires a custom script and spammers are increasingly using multiple levels of redirection to hide their real sites (e.g. using a free webpage or blog with a redirect) and are all too happy to try and break such a system by including links to innocent bystanders, so some level of human verification is needed.
    Spammers regard filters as an obstacle to work around, even getting Yahoo/Gmail accounts themselves to test out what gets through (images with junk text to poison Bayes filters being popular at the moment). Hence users will now need to be increasingly proactive in defending their email accounts.
  22. herbalist
    Offline

    herbalist Guest

    I didn't really expect it to be possible. Just wishful thinking. My Yahoo mailbox is a deliberate spamcatcher I set up for sites I expected to be spammers. Nothing useful gets sent there, save a few viruses/worms I can add to my collection. Yahoo is good for harvesting viruses as their AV is easy to bypass. My "normal" mailboxes stay clean, so I haven't needed to get too serious about filtering. Looking at that Yahoo box, I'd have no clue where or how to start. The vast majority of the spam uses what looks like real names and subject lines that vary from gibberish to authentic sounding titles. The only way I would know to start filtering it would be to use a whitelist and throw out everything else.
    Examples:
    http://i138.photobucket.com/albums/q277/herbalist-rick/yahoospam.gif
    Rick
  23. Smokey
    Offline

    Smokey Registered Member

    Txs for this post, i support it 100%.

    Therefore, I will put your post and "spamislame's how-to" unmodified on my Security Forums.

    Keep on going with the good work!

    Smokey
  24. Triple Helix
    Offline

    Triple Helix Webroot Product Advisor

    Just get a BIG stick and hit him over the Head with it! o_Oo_O LOL
  25. EASTER.2010
    Offline

    EASTER.2010 Guest

    Capital Idea!! And a long over due one in my book. When Gmail started giving out "invites" i took on some and for a long while experienced very little if no spam at all.

    Now it is identical to Yahoo's, which i still keep several accounts but select to use the option that doesn't even allow the crappy, time-wasting junk to accumalate.

    Gmail gives you an option for a one-click DELETE ALL SPAM but then they also show their endorsement of that crap on their servers with a NO SPAM HERE! message after dumping over 1,000 of them collected in the REPORT SPAM in the span of a day or two, only to return again sometimes immediately after clearing it. The next day they're right back there again.

    I'll make good use of this tool while it lasts, and thanks for offering it in this battle to curtail spammers.

    Orders Submitted: 569



    • Refreshing in 15 seconds!!!!!!!!...................... I'll leave it on all night too, and then some.
    Last edited by a moderator: Nov 12, 2006
Thread Status:
Not open for further replies.