Spamming vendor launches managed spamming service

Spamming vendor launches managed spamming service

Summary: A spamming vendor known as the SET-X Corporation, has recently launched the distributed SET-X Mail System, a sophisticated managed spamming service available for rent on a monthly basis starting from $2000, promising to achieve "spamming speed" of 5000 to 7000 emails per minute and over 1 million spam messages per day, courtesy of the 5000 bots it comes preloaded with.

SHARE:
31

Spam customer supportA spamming vendor known as the SET-X Corporation, has recently launched the distributed SET-X Mail System, a sophisticated managed spamming service available for rent on a monthly basis starting from $2000, promising to achieve "spamming speed" of 5000 to 7000 emails per minute and over 1 million spam messages per day, courtesy of the 5000 bots it comes preloaded with.

Let's analyze the spamming service, what makes it tick, and discuss some of the emerging trends related to the overall outsourcing of each and every segment of cybercrime.

The market segment for managed spamming services is still in its introduction stage, with several unique providers of suchManaged Spamming Appliance managed services whose do-it-yourself systems and zero complexity mentality are poised to empower many new entrants into the spamming business. The SET-X Mail System in particular, is a typical example of a "one stop spamming shop", which compared to legitimate companies that are able to occupy and serve all the market segments related to their particular product or a service through M&A (mergers and acquisitions) with different companies, has managed to vertically integrate on their own and logically provide anything a spammer could possible need from a spamming service such as :

  • dedicated staff of four people updating the malware binaries and reachable 24/7
  • daily introduction of new malware infected hosts
  • the ability to purchase recently harvested email databases for a particular country in order to use them in localized spam campaigns, with the translation service for the messages provided by the same vendor
  • the option to purchase an unlimited number of automatically registered email accounts at popular web based email providers in order to integrate them within the "unique legitimate senders" spamming method
  • unlimited support of spam templates also known as macroses
  • unlimited number of email databases to integrate and use simultaneously
  • low total cost of ownership (TCO) and 99% uptime of the command and control server due to the fact that the malware infected hosts obtain commands dynamically from secondary servers in order to ensure that they never expose the central one

Managed Spamming ApplianceSpeaking of vertical integration, SET-X Corporation's current inventory of harvested email addresses available for sale to customers of its spamming service seems to have been anticipated as a possible revenue source, aiming to further develop the business relationship with the current customers. Their current inventory :

"Russia (private citizens) - 16 000 000 emails Ukraine (commercial) - 3 300 000 emails U.S.A (private citizens) - 118 000 000 emails Western Europe (private citizens) - 13 000 000 emails Europe (private citizens) - 46 000 000 emails"

How sophisticated is in fact the service? SET-X Corporation has extensively described the spamming service in their marketing pitch, translated from Russian to English as follows :

"- Flexible and convenient Web based interface, detailed statistics while sending, changing any settings (mail databases, texts, macros)

- User-friendly web based interface - start spamming from day one

- Automatic "spamming capabilities" assessments of the bot allowing you to think about your business and not about the technical details behind it

- Daily malware updates, four programmers allocated for every server, sending automatic ICQ notifications whenever the malware gets updated

- Automatic optimization of the spam campaign by first allocating the bots with clean IP reputation

- Optional is the option to chose whether or not a dedicated "spamming engineer" should be allocated to your server

- His responsibilities include introducing a higher number of bots if requested, ensuring that dead bots get disconnected from your server, and providing personal advice on optimizing your campaigns and bypassing anti-spam filtering through the built-in multi RBL checking feature

A brief description of the system:

1. The system is automatically harvesting the outgoing and incoming email addresses on the infected hosts and the associated accounting data, supporting the following clients : - Mozilla Thunderbird - Outlook Express - MS Outlook - The Bat - Opera

2. The bot automatically defines its MX and PTR records, if they are present it switches to Direct SMTP mailing which means that it can send the spam directly to the recipients using the MX and PTR DNS records of the bot, enforcing direct sending even without MX and PTR records is also possible

3. The bot automatically defines its MX and PTR records, if they are present it switches to Direct SMTP mailing which means that it can send the spam directly to the recipients using the MX and PTR DNS records of the bot, enforcing direct sending even without MX and PTR records is also possible

4. The central control server automatically assigns different regional servers to the bots, and rotates them periodically for security purposes

5. All the information about the spam campaigns and the bots can be exported and syndicated with another regional server as requested, with the regional server dynamically establishing links with other regional servers so that it never really knows the address of the central command server

6. There are several different ways of sending spam using this service :

1) Direct spamming from the legitimate email accounts of the infected computers, with the system automatically syndicating all the available legitimate emails whose accounting data naturally stolen due to the malware infection is again, automatically integrated in a "unique legitimate senders" database. Full support for web based email accounts in the form of domain:username:password

2) Sending via Direct SMTP: send messages directly using the MX and PTR records of the infected host's gateway

3) Sending to direct recipient

4) Sending through open relays and socks servers, both of which can provided at an additional cost

7. SET-X Mail System is highly modular, with unique features easily coded and implemented as requested by the customer

The average speed from one server is 5000/7000 emails per minute, over 1 million emails per day, and if requested you can purchase as many servers as you would like. The price of rent per month is $2000 with additional $1000 for each additional server if the servers are ordered at the same time."

An inside look of the system obtained on 2008-08-12 indicates that they are indeed capable of delivering what theySpamming Service Bots promise - speed, simplicity and 5000 malware infected hosts. Moreover, the attached screenshot demonstrates that 20 different email databases can be simultaneously used resulting in 16,523,247 emails about to get spammed using 52 different macroses. Furthermore, what they refer to as a dynamic set of regional servers aiming to ensure that the central server never gets exposed, is in fact fast-flux which depending on how many bots they are willing to put into "regional server mode" shapes the size of the fast-flux network at a later stage.

Spam is definitely not going away, especially nowadays when the whole process that used to require a decent investment of time and resources, has matured into an emerging market for managed service providers of spamming services whose web based interfaces successfully mimic the look and feel of anti-spam appliances. And whereas for the time being each of managed spamming services outperforms the other on different fronts, in the long-term the natural market competition forces will result in more extensive development of these systems next to the plain simple theft of intellectual property in the form of integrating a competing system's unique features within another service.

Topics: Security, Outsourcing

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

31 comments
Log in or register to join the discussion
  • Go into a little more detail on MX and Ptr...

    records being defined. There will have to be a domain registered pointing to a start of authority. DNS servers query for the SOA. Then proceed to the SOA to get the DNS records you are referring to. Plus, the ISP more likely than not has the SOA for the IP block where the PTR record will reside.
    bjbrock
    • No response from the author? Some...

      of your facts are wrong. Did you just make this stuff up so you had something to post?
      bjbrock
      • Who's facts are wrong?

        If in fact they are wrong?

        Read again.
        seanferd
    • RE: Spamming vendor launches managed spamming service

      Please accept my humble obeisances <a href="http://www.bootoutlet.us">ugg boots outlet</a>
      tank33
    • RE: Spamming vendor launches managed spamming service

      "Nice" is my new favorite word. <a href="http://www.watch-replica.org.uk">replica watches</a>
      tank33
    • RE: Spamming vendor launches managed spamming service

      Very nice post! So often we take the little things for granted...<a href="http://www.discountuggs.biz">discount uggs</a>
      tank33
    • RE: Spamming vendor launches managed spamming service

      <a href="http://www.chanelhandbagsreplica.org">chanel replica bags</a>
      xiaodou
    • RE: Spamming vendor launches managed spamming service

      <a href="http://www.replicacool.org">fake fendi bags</a>
      xiaodou
  • RE: Spamming vendor launches managed spamming service

    Could you plz give their name and addess? Especially of the owners?
    PaladinIII
  • Hoop De Doo!

    I wrote a c# sharp program that can do that.

    Big deal!
    jabailo1
  • We need email server registration.

    Currently it's very easy to abuse lots of exposed computers on the internet. They use such exposed systems to deliver spams dynamically. So we need centralized email server registry that maintain IP address to email domain name along with their credit card information. At $1 per year so that this does not make internet too expensive.

    This will make spammers difficult to create bogus email servers!

    Jeers spammers.
    joemartn
  • Create dummy mailboxes

    This is why I create a mailbox on Yahoo and give that address out. They can spam that thing all day long while my primary email remains clean and pure as the wind-driven snow. I go in once and a while and just delete everything that has accumulated in it.
    Carrion
    • Dummy mailboxes

      Sorry to be so dim, but if you only give out an email address that you don't use, how do people email you?
      compudog
  • hunt em down and hang em from the highest tree!!!!!!!!!!!!

    Make Set-X and their ISP examples. create an army that hunts them down and takes em out... it would be worth the money!

    monstrous tarriffs!

    Monstrous taxes!

    legislation please!!!!!!!!!!!!!!!!!!!!!!
    stso9daa
    • RE: hunt them down and hang them

      While I applaud your end result; hanging is just too civilized. I am thinking along the lines of something Medieval: [b]like being boiled in oil, the chopping block, etc![/b]
      fatman65535
      • post SET-X company address or residence pleeeeeeezzzz!

        the problem might get solved...
        stso9daa
      • AMEN! - Love it - Spanish Inquisition style - nt

        nt
        TheBottomLineIsAllThatMatters
      • 7 days in a tanning bed will make their DNA the same as John McSame's

        Why Medieval when there are so many cool 21st century tools available--even at your nearest strip mall...

        96 hours in a tanning booth...give them all the water they can drink while their subcutaneous DNA is altered.

        Leave them in for 144 hours and their DNA will be the same as John McSames-FUBAR by even the best DNA sequencers. Who needs 26 chromosomes anyway when McSame proves you only need 18-20 to live and lie...
        <meta name="robots" content="noindex" />
  • "5000 malware infected hosts" - Windows?

    These are WINDOWS hosts, right? Why do these articles always omit that fact?
    scott1329
    • Windows Hosts? How Do You Know?

      Umm, probably are, but, hey those shiny new security patches for Apple do give you pause, don't they? If your O/S of choice ever becomes efficient to add to bot nets, you'll probably be the first to know.
      PMC-CON