[SA-exim] teergrubing

[jvanasco at mastersofbranding.com]

The idea isn't to DOS -- the idea, is to have a clickthrough for every=20=

recipient.

Mr.Spammer sends out 5,000,000 emails.  5,000,000 x 1k isn't much=20
bandwidth.  He only needs 5 people to buy his wares to turn a profit on=20=

the mailing =96 and he doesn't expect more than 200 people or so to =
click=20
through to his website.

His website though, if you visit and click around, is over 200k with=20
images and html.   Every 2,500 visits to that site will cost him as=20
much as emailing 5,000,000.

10,000 people using a plugin in their email app that downloads the=20
contents of a spammers website drives his costs up 500%.

Its not a DOS attack.  Its not illegal.  It is a simple response to an=20=

advertising callout.  "Buy my stuff: click here for info".  A plugin=20
automatically clicks the links for you and saves them to disk.

If 100,000 people used the plugin then, possibly, it could have the=20
same effect as a DDOS -- but technically, and legally, it wouldn't be,



On Thursday, August 21, 2003, at 03:21 PM, Tony Earnshaw wrote:

> jvanasco at mastersofbranding.com wrote:
>
>>>> anyone have info on the machines that spammers host their=20
>>>> shoppingcarts on though?
>>>
>>> Let me guess :o) You want to become a spammer and want to set up a=20=

>>> shopping cart site. You want info from us all over the hardware on=20=

>>> which to set that up.
>> Totally.  I want to spam you, your mom, and your mother's religion.
>
> I use SpamAssassin. My mother's been dead for many years.
>
>> If spammers are mailing their shit from hacked machines, it makes me=20=

>> think that *possibly* they are hosting their shopping cart sites on=20=

>> hacked machines too.
>
> Point is, that those machines are not hacked. Or very few of them.=20
> They don't have to be. Those machines have been configured by people=20=

> (sysadmins, ordinary people who bought a machine at the computer=20
> store, you name it) who have no idea. There are millions of such=20
> machines on the Internet. They are badly configured MTAs, http proxies=20=

> (Windows of all kinds, Apache), socks5 proxies and even other server=20=

> types.
>
>> If that is a high probability, I don't want to up the bandwidth of=20
>> people too dumb to configure a server securely.  If most spammers=20
>> sell their wares off of their own websites though -- I have no=20
>> problems with the idea of upping their bandwidth bills.
>
> They're fly-by-nights, most of them at any rate. Today they are one=20
> place, tomorrow another. If a new on comes in their place, who cares?=20=

> You do an (illegal) DoS attack on one site one day, tomorrow it's=20
> someone else's property and legal. And how would you mount a DoS=20
> attack anyway, technically?
>
>> Their business model depends on low overhead.  They count on nearly=20=

>> every person they spam trashing the message.  But what if every=20
>> person they spammed visited their website?  Multiple times? =20
>> Bandwidth is cheap
>
> You have to be be joking. Though it's possible -=20
> www.ilovetheirakiminiinformationminister.com was forced to its knees=20=

> for a few days, through everybody visiting it. Not any more though.=20
> Ganging up on some temporary Viagra or penis growth site isn't going=20=

> to work. Unless you invent some new trojan to bomb them with. Odds are=20=

> I'll be reading about you in SANS or somewhere, if you try, though.
>
> Tony
>
> --=20
> Tony Earnshaw
>
> Looking backwards is always easy with hindsight
>
> http://www.billy.demon.nl
> Mail: tonni at billy.demon.nl
>