45 replies to this topic

[Mike]

Yesterday afternoon, SpywareInfo was hit by another distributed denial of service attack. At 12 midnight this morning, the site finally went down. Unfortunately I was offline because of a thunderstorm, so it stayed down until I got online today. Some changes have been made in the datacenter and the site should be fine now. Sorry for the inconvenience.

The forums were not effected by this attack.

[SirPeter]

Ddos them back starting with cws.
Make a tool and spread it the legal way and organise a ddos session on cws.org. Think you could even do it legaly becaurse if the things cws is doing is legal why should it be illigal when we do it. Ow not doing it in the name of SWI ofcourse but if an anonimous would make a tool and do it to them.
The law isn't doing anything to stop this so why not take action ourselfs.

Serious here.

[Muriel]

Doing that would only reduce us to their level, which I, for one, am not willing to do. I'm not trying to lecture here, but none of us on this site should even make suggestions like the one above.
Mike's been trying to spread the word about SPYBLOCK Act, S. 2145, which if passed should help ease the problems of malware a great deal, so contact your senators and spread the word.

[SirPeter]

While you wait 5 year cws(as example) will damaged numerous computers and waste valible time of computer owners. Also I dont see it as lowering to their level. This is a problem were the whole world have to deal with, not only the US so even if USA adops(sp) Mike's proposal the spyware will continue becaurse the spyware will come from other countries were USA cant get involved with becourse it has no jurastiction in that country.

Edited by SirPeter, 22 June 2004 - 04:09 PM.

[Mr. Swenk]

That Spyblock stuff, does it only affect USA laws?

I was wondering about DDoS again, is it even legal?

Cause honestly... I know this may sound dumb... but why not? They deserved it more than anything...

Otherwise, if it is legal, who's up for some secret meetings outside SWI

Hahaha, just kidding, I don't personally think we should lower ourselves to their level as a group... but thinking OUTSIDE of SWI, as individuals, if it is all legal, why not? As long as we don't do this on SWI's behalf, and we do it as individuals...

I don't know...


Bad Idea though...

[Exasperated in Phoenix]

DDOSes are a violation of your Terms of Service with most ISPs. If they catch you, they cut you off. Here in the USA, it's also a violation of the FCC "access to communications" act, probably at least a misdemeanor. I've forgotten when it was implemented, but it basically says it's illegal to restrict someone's access to communications, which a DOS surely does. I had to find a copy of it once 'cos a friend couldn't put up a small satellite dish, per newly instituted "association" rules. The association backed down when they got a nasty-gram from the FCC.

side note:
I used to mail-bomb spammers by sending 'em 500K chunks of aggregated spam that I'd gotten previously. After about 4 to 10 <send> buttons, they'd start bouncing as their server went full. Poetic justice, if you think about it. One of 'em complained that their mailbox blew up (my heart bleeds for you) and my ISP warned that further retribution on my part would end my access. I've played nice since then. The tech guy at the ISP was amused at what I was doing, but it was illegal and he had to play it hard. I'm sure he was wishing he could figure out a way to do the same thing legally.

Soapbox:
With this latest round of hijacks and malware the last several months, it's getting bad enough that The Herd may finally stand up and bleat their annoyance. If the entire Internet Community agreed, we could IDS (Internet Death Syndrome) the servers that are foisting this cr#p off by simply not routing packets to or from them. They do NOT have a "right" to attack computers at random, and we can stop 'em. It'd take coordinated effort with the routers surrounding 'em, but it's do-able. Personally, I'd take the same approach with SPAM, but it's getting a lot harder to track the idiots down. If you figure out how many man-hours have been lost due to SPAM and hijacks, this last several months counts as a worse disaster than most hurricanes, and it's approaching World War status.
It'd likely only work in a few countries, but we COULD filter out the stuff being thrown in from offshore with sufficient packet filtering. They'd have to beef up the main nodes to handle the excess processing, but it's just tech, and we can handle that if we choose to. What say you, sheep?

[TheAlmightyButter]

My father was so pissed when we got spyware that messed up our expensive new burner,he said he wanted to make a program that will get them back and wipe out their server...Anyone think this is possible?

[Tuxedo Jack]

Don't sink to their level. There are... more interesting... methods that are possible, and all of them are more morally satisfying than just DDoSing the rats.

Besides, it's illegal, and you don't want to end up in prison, not even a minimum-security one.

[Gwyrox732]

[...]
Besides, it's illegal, and you don't want to end up in prison, not even a minimum-security one.

Especially if the Evidence ELiminator site is right :eek:

[Mike]

The site is under attack again. For the moment I'm redirecting to a mirror on the same server as the forums. If the forums slow down too bad, I'll switch to another mirror.

Edit: Not a DDoS attack this time. The main web server has died.

Edited by Mike, 06 July 2004 - 03:21 PM.

[ravenwarrior]

Great. Just Great. Right when I'm helping someone.

[Mike]

It's not a DDoS this time. My main web server in Atlanta has died. The data center techs are pulling it apart now to see if the data on the hard drives can be saved :(

[jwbirdsong]

[...]
Besides, it's illegal, and you don't want to end up in prison, not even a minimum-security one.

Especially if the Evidence ELiminator site is right :eek:

They still use those????

[Mike]

Of all the BULLSHIT! The host for the server the forums run on SHUT THE DAMN THING DOWN! Completely without warning!

[SirPeter]

/me sees a spyware coder laughing and starts beating the crap out of the coder. Stop laughing at Mike!

Anyway I hope you can save the data

[jwbirdsong]

Of all the BULLSHIT! The host for the server the forums run on SHUT THE DAMN THING DOWN! Completely without warning!

Not the most professional act in the world; morons.

[racooper]

I would say they owe you a month or more of free service....go get 'em, Mike!

[stratamite]

I feel we do not need to use their methods. The work that is being done here must be having some effect or they would not pay any attention to the work being done here.Another point is that what is done in here is done for righteous reasons and not for monetary gain.That I assure you pisses them off.We are on the right track here!The attacks are a good sign.The more you figure them out and undue their evil the harder they have to work, and if they want to spend time DDosing us so be it. That's less time spent on writting new evil programs to get around us.We are in their face and they don't like it!!

[mrmecanx]

I am relatively new to this, having just (finally) cleansed my PC of multiple infections of spyware. (Thanks again!) You provide a valuable service to the public. I too have seen a dramatic increase of these infections in recent months.

It is certainly something the government should take an interest in. It is not only counterproductive for users to have to waste their time cleaning and defending against this unethical eruption of code, but could be considered a threat to national security. What if there was another Bin Laden patiently planning a multi DDOS attack to shut down critical systems in our country? (Power grids, defense communication sattelites, etc) "Can't happen" you say?

You need more than just a law. You need public awareness. That creates political pressure that gets things done. Maybe a good place to start would be getting large corps like Dell and Microsoft to acknowledge the problem and lend a hand. ($$$) After all it's in their interest as well. Then you will have $$$ not only to run your site, but hire a political activist to get that public attention you deserve.

As for me, I will do my little part and drop a check in the mail to you. My way of saying thanks for the help, and go get em!

[trinity71]

I feel we do not need to use their methods. The work that is being done here must be having some effect or they would not pay any attention to the work being done here.Another point is that what is done in here is done for righteous reasons and not for monetary gain.That I assure you pisses them off.We are on the right track here!The attacks are a good sign.The more you figure them out and undue their evil the harder they have to work, and if they want to spend time DDosing us so be it. That's less time spent on writting new evil programs to get around us.We are in their face and they don't like it!!

My sentiments as well. I also agree with Exasperated in Phoenix (earlier post)

We do have to take the high road. Why let them or anyone else think we are no better than they are? We ARE better. Those who sit around coming up with this crap have way too much time on their hands. And NO life at all, IMO.

I am turning into a crusader since my battle with these nasties. Just this morning, I got a pm from my sis at the ComputerCops forum. I had told her about how viruses can be sent through messenger systems and she doesn't believe it!

I sent a rant to her... Didn't mean to, but it turned out that way. haven't heard back, so she might be pissed at me. Let her be. If she wants to live in DeNile, so be it. I'll just tell those who will listen and when those who didn't come back for help.....well....I'll just hold my tongue and give them all the help I can or send them to someone more knowledgeable and stress that THIS TIME they listen to every word and do exactly what they are told to do.

ok...I'll quit now....guess I'm still on the rant, huh?

Deb

[lemp4]

Don't sink to their level. There are... more interesting... methods that are possible, and all of them are more morally satisfying than just DDoSing the rats.

Besides, it's illegal, and you don't want to end up in prison, not even a minimum-security one.

why is it illegal for us to do it and not for them? not that i'd know how...

[Tuxedo Jack]

It's illegal for both parties. They don't care about the consequences on their end, as they profit from the lack of our help.

[Xblock]

Don't sink to their level. There are... more interesting... methods that are possible, and all of them are more morally satisfying than just DDoSing the rats.

I agree completely.

Let's face it:
The adware pushers and the cws and alikes DON'T do this stuff because they get a sadistic pleasure out or messing up people's PCs, or because get off on knowing what Pr*n sites someone visits.

They are in it for the money. And they succeed.

This is why spyware busting is a lot harder than virus busting. These guys have money to throw at it, at monitoring boards, buying anti-spyware to get around it, buying dozens of domain names and hosting in some far-off places.

So if you want to kick them, kick them where it hurts. In the wallet.

This takes a bit more work, but it certainly is doable. We have been doing it also, with some mixed success.

How?
- Install the adware/spyware.
- Examine it to see if you can find the urls of the ads inside,
- Trigger the ads (by visiting popular shopping sites,...)
- Note and document the exact URLs of the ads
- When you have those, you can start complaining to the vendors of the advertised products (most of the time they don't know about this scam), and to the "affiliate processors": CJ, Linkshare. Chance are that they will terminate the adware owners affiliate account. Even if they don't, we can warn other vendors using the processor not to allow the adware guys to be their affiliates.

Getting them kicked out of an affiliate program for fraud or the likes WILL hurt them.

Come to think about it, it might be good idea to put up an article on this, and to have a central point to organise this.

Anybody interested in joining this fight?

[Xblock]

My main web server in Atlanta has died. The data center techs are pulling it apart now to see if the data on the hard drives can be saved

Had the same problem before. We actually melted 2 disks in 8 months on the previous server.

Our current provider also has the option for a backup data server, where we now backup all our data to every night.

Let me know if I can be of assistance,

[carmatic]

How?
- Install the adware/spyware.

yikes!
the 'isearch' thing took long enough for ad aware to get rid of... like, 2 months or something, when i highlight something on IE and right click, i get the option to 'isearch the web'
hmm maybe i dont run ad aware often enough... but it certainly did miss it for a long time
and maybe i should start using more anti spyware programs...

[Mike]

I'm taking care of the redundancy. Thankfully it was a raid array, so the other hard drive saved all the data.

I'll be saving the server backup files to another server from now on. I could have lost 14,400 newsletter subscribers, all the content on the site and the entire malware collection in that little disaster.

[lemp4]

Don't sink to their level. There are... more interesting... methods that are possible, and all of them are more morally satisfying than just DDoSing the rats.

I agree completely.

Let's face it:
The adware pushers and the cws and alikes DON'T do this stuff because they get a sadistic pleasure out or messing up people's PCs, or because get off on knowing what Pr*n sites someone visits.

They are in it for the money. And they succeed.

This is why spyware busting is a lot harder than virus busting. These guys have money to throw at it, at monitoring boards, buying anti-spyware to get around it, buying dozens of domain names and hosting in some far-off places.

So if you want to kick them, kick them where it hurts. In the wallet.

This takes a bit more work, but it certainly is doable. We have been doing it also, with some mixed success.

How?
- Install the adware/spyware.
- Examine it to see if you can find the urls of the ads inside,
- Trigger the ads (by visiting popular shopping sites,...)
- Note and document the exact URLs of the ads
- When you have those, you can start complaining to the vendors of the advertised products (most of the time they don't know about this scam), and to the "affiliate processors": CJ, Linkshare. Chance are that they will terminate the adware owners affiliate account. Even if they don't, we can warn other vendors using the processor not to allow the adware guys to be their affiliates.

Getting them kicked out of an affiliate program for fraud or the likes WILL hurt them.

Come to think about it, it might be good idea to put up an article on this, and to have a central point to organise this.

Anybody interested in joining this fight?

That is a great idea. I would def. do my part, although i don't have the most free time in the world. And also i dont know too much about computers i'm afraid to add ad-ware to my CPU, i already got some that i can't even get rid of. I have in the past written letters of complaints about one company to another, and to some FTC and other government places, probably wrote to the wrong department anyways...

but just tell me what to write and to who and i'll do it whenever i get around to it!

-Lem

[dowen]

I'm taking care of the redundancy. Thankfully it was a raid array, so the other hard drive saved all the data.

I'll be saving the server backup files to another server from now on. I could have lost 14,400 newsletter subscribers, all the content on the site and the entire malware collection in that little disaster.

Do you not backup the site to your own hard drive as well Mike?

[X0563511]

Things could be worse, there are worse things they could have done...

Just incase anyone doesnt know what a DoS is, heres some links (Gibson Research wrote up some reports when they got attacked - tells you pretty much everything from symptoms to solutions)

http://www.grc.com/dos/grcdos.htm
http://www.grc.com/dos/drdos.htm

This guy is bright! Even if you know what they are, i suggest you read. The guy even infiltrated the virus's communication system (the virus that goes to the 'zombie' machines)!

[Lord of The Rings]

I realise that at this point the sh*t hit the fan and everyone probably has a thousand things to do, rather than answer my question, however, please:-

Having been away from the forum for a month, my return found that my ID and Password had been lost. I have re-registered and set up my preferences once more, but my history, postings and just about everything else had gone.

My question: Is this permanent or some time later will it be recovered? Your answer will let me know how much time to waste or just to leave it all temporary?

Regards and Best Wishes,

[X0563511]

It happened to me. Mike had to move the forum database to a different server, and not every user ID survived. It's permanent.

[Lord of The Rings]

Dear X0563511,

Thanks for your reply, at least now I know that my previous work was worth absolutely nothing. Seems strange that before this, all memory and history was saved and brought forward.

I note that the "leaders" all have their history saved, but not the minions. I guess that we plebs have to start again from scratch, hardly seems worth it, just to have it all "lost" again, the next time all goes down?

The last time this happened, I found myself locked out, and it took some 4 weeks before I could get any answer to my entry problem, seemed just like no one even cared

Best Wishes,

[Fireflyer]

Lord of The Rings,

Actually, no one had anything saved. Mike posted that he couldn't move anything to the new site because the database was too big.

see: http://www.spywarein...php?showtopic=2

For instance, cnm, an Administrator, had around 12,000 posts on the old site - since moving here, and starting at 0, she's now up to over 1700 - but she started at 0 just like everybody else.

With tens of thousands of members, sometimes individual problems do slip thru the cracks.

But, if no one cared about other peoples problems, this site wouldn't even be here, would it?

[cnm]

Look at http://www.spywarein...php?showtopic=2
We all had to re-register.
You will see that none of us are shown as joining before May 15.

The old board is still there and is readable (on a good day, that is - there are still complications from the proxies that make it often very slow or unavailable).

[Bobby]

now I know that my previous work was worth absolutely nothing.

I wouldn't say that. If you helped a lot of folks in the past, including me, then we all remember what you did for us, regardless of your post count or other means of identification.

I am extremely grateful for all the help given to me, both in the old board and in the new one. When my machine is giving me trouble, I don't care about name, post count, member status, avatar...etc,; all I care about is the human being on the other side who is kind enough to give me their time and advice.

So, Lord of the Rings, and everyone else who gives of their time, either in the old board and/or the new one: Thank You

Bobby

[Lord of The Rings]

Aw Shucks!

I guess then it's back to normal, until the next time?

I just wish there was some way to strike back? (Just like the Empire)
without being illegal or dropping to their level. Does anyone have a real time address for the guys concerned? Just maybe I'd have enough time to visit with them, sometime .

Best Wishes and Thanks to all members.

[webicky]

Still down? I just tried it's 5:33 est July 25

[cnm]

www.spywareinfo.com works some of the time. Slowly, usually.

[macaroo]

This is the Wild West updated. You can't legislate people's morality. Just keep your software Peace Maker loaded and fend for yourself!!!

[Noone]

I find that www doesn't work _at all_, but www1 works like a dream. Unfortunately ~merijn is not mirrored there.

[kronos]

side note:
I used to mail-bomb spammers by sending 'em 500K chunks of aggregated spam that I'd gotten previously.  After about 4 to 10 <send> buttons, they'd start bouncing as their server went full.  Poetic justice, if you think about it.  One of 'em complained that their mailbox blew up (my heart bleeds for you) and my ISP warned that further retribution on my part would end my access.  I've played nice since then.  The tech guy at the ISP was amused at what I was doing, but it was illegal and he had to play it hard.  I'm sure he was wishing he could figure out a way to do the same thing legally.

I would be very interested in learning this technique because even us old 34 year old's need our fun.. I am normally very tolerant, and understood my hotmail account being spammed with over 120 emails a day, but my ISP based email has now succumbed to it, and some days, payback is the only thing on my mind, after sifting thru 40+ spam emails, looking for the one important one from my relatives or friends. Even just to hit one or 2 of them, would maybe help alleviate my sadness.

Im in New Zealand, and we dont have very good anything down here.

Edited by kronos, 20 August 2004 - 08:57 PM.

[Dragonslore]

I find that www doesn't work _at all_, but www1 works like a dream. Unfortunately ~merijn is not mirrored there.

You will find that Merijn has a mirror site here.

http://merijn.richar...lionhearted.com

I donated the space to Merijn to help in the fight against spyware and other parasites