Microsoft now employs 100 people with a budget of $10 million dollars (Ok,
if you do the math, the average salary is a bit low if they also have
benefits or any equipment) to track down people attacking Microsoft's
Hotmail service, online fruad, identity theft and spyware. The Direct
Marketing Association pays 15 detectives $500,000 (even a lower salary)
to work with FBI agents (which are paid government salaries).
http://www.iht.com/articles/522553.html
"Initially you start to work backwards from the e-mail and find that to
be a very frustrating route," said Daniel Larkin, chief of the FBI's
Internet Crime Complaint Center, the unit that is coordinating Project
Slam Spam. "that doesn't lead to a live body. We have collectively
realized you have to go the other way and follow the money trail."
Some of us are even on this list.
(I actually have no idea if I was counted in that 100, but my
salary is indeed a bit low.)
No doubt it is easier to follow the money... Although not impossible I find it frustrating that when I do find who is controlling the spam proxies, there is no one really to report it to. I feel sorry for the FTC as they no doubt get deluged with useless spam complaints, just like we do. (My fav's are "one of your users is abusing us. Stop them!"... No IP, no date, nothing!)... So how do you separate the useless complaints from the ones that are actually actionable.
On a number of occasions, I watched in real time as a spammer nailed up a connection to one of our infected users and started spamming out via them. I reported the info complete with tcpdumps of the entire session to the large colo provider in the US with no response / results. Yes, it could just be yet another compromised computer, but somehow I doubt it was. The rwhois info did look rather suspicious (PO box, phone # bogus, email contact bounced) and no public services what so ever on the /28 allocated to the group of servers. This was back in the deep dark days of 2000-2001 when times were tough for many such hosting companies and the temptation no doubt great to make a quick buck.
---Mike
Mike Tancsa wrote:
On a number of occasions, I watched in real time as a spammer nailed up a connection to one of our infected users and started spamming out via them. I reported the info complete with tcpdumps of the entire session to the large colo provider in the US with no response / results. Yes, it could just be yet another compromised computer, but somehow I doubt it was. The rwhois info did look rather suspicious (PO box, phone # bogus, email contact bounced) and no public services what so ever on the /28 allocated to the group of servers. This was back in the deep dark days of 2000-2001 when times were tough for many such hosting companies and the temptation no doubt great to make a quick buck.
There are quite a few hosting providers who specialize offering platforms for spammers and charge double or triple the going rate for hosting. As with other marginal products, if there is a market, there will be a seller at the right price.
And as stated previously, until the "big guys" start cutting these operations off their backbones instead of taking their money, hardly any real progress will happen.
Pete