Artists Against 419 Releases Mugu Marauder 222
An anonymous reader writes "Similar in scope to the (now defunct) screensaver created by Lycos that targeted spam sites, the newly-released Mugu Marauder is intended to take fraudulent bank sites off the air by sponging up their bandwidth. Mugu Marauder can be downloaded at www.aa419.org/mm/ It's currently only available for Windows, though a Linux port is allegedly in the works."
FP (Score:5, Insightful)
Re:FP (Score:3, Insightful)
I disagree, It's actually a good idea (Score:2, Insightful)
That's a bonus!!!! If those affected website owners complain enough then the ISP will pull the offender!
Re:I disagree, It's actually a good idea (Score:2)
Re:I disagree, It's actually a good idea (Score:2)
Re:I disagree, It's actually a good idea (Score:2)
Quite often community involvement is the best way to clean up certain neighborhoods.
Re:I disagree, It's actually a good idea (Score:2)
Re:FP (Score:3, Insightful)
Re:FP (Score:3, Interesting)
So, how much data do you send/receive?
It's hard to judge the relevancy of what you say without knowing that.
Re:FP (Score:3, Interesting)
With "you" I meant "you as a user of this tool".
So...
How much data do this software transfer?
1 MB / month? As much as it can?
This is highly relevant to the "getting slammed by ISP for consuming tons of bandwidth", especially since this software may not consume "tons of bandwidth" at all. It would be very helpful to know how much it consumes.
Re:FP (Score:5, Informative)
Re:FP (Score:2)
Re:tsarkon reports DEATH TO ALL JEWS!! Katz must d (Score:2)
Ha! (Score:5, Funny)
Re:Ha! (Score:2, Interesting)
Where are all the Script Kiddies? (Score:2, Insightful)
I mean, then MS security vulnerabilities would suddenly make sense.
-silence
Never work (Score:2)
First, a slashdot effect only last a few hours. To really hit a site, the editors would need to describe the link as a photo site of Nathalie Portman dumping a bowl of hot grits down her pants.
But after a few fake postings like that,
Then you have the stories posted by Michael, which would have his bizarre editorial comments to drive people away.
Even worse, over the next weekend, Commander Toco, who never reads his own site, would post a d
Yay (*sigh*) (Score:5, Insightful)
So this will probably just end up DDoS'ing the real banks instead of the fake ones, these fake banks move around a lot and create extra damage in their wake as a result of something like this.
Fighting fire with fire just doesn't work like it should.
Re:Yay (*sigh*) (Score:1)
Re:Yay (*sigh*) (Score:1)
And crc'ing the index.html isn't always helpful either, since very often these places are using an *identical* layout and code to the real banks on their main page, also, they're likely to have small changes on them regularly, just like real banks, that would make verifying it with crc a nightmare.
Re:Yay (*sigh*) (Score:1)
Re:Further... (Score:2)
Re:Further... (Score:2)
Re:Yay (*sigh*) - Attack the IP, not the domain (Score:2, Informative)
So I'm guessing this problem you mention would not happen if you just attack the IP. When you attack the IP you'd be attacking their server, even if they point their domains to some other site.
Re: (Score:3, Interesting)
Re:Yay (*sigh*) (Score:2)
Design issues (Score:2)
I'd suggest a doubling delay time; start with a delay of 60 seconds -- a normal browser timeout-- after the fifth failure trying to load an image. If the picture doesn't load the next time, a two minute delay. Try again, four minutes. Probably cap it at 1024 minutes-- a little under a day, just because. In any case, such a delay would prevent a temporary /.ing from be
another dumb idea (Score:5, Insightful)
It's not sexy, or headline-grabbing, but the correct way to go about this is the same as it's always been: go after the ISPs to pull their accounts. If they're RFC-ignorant, add their IP blocks to the usual blacklists until they comply or are connected to an intranet.
Re:another dumb idea (Score:4, Interesting)
The extreme measure is to consume the alloted bandwidth to the account and thus take the fake bank offline.
Grump
Four words (Score:2)
Re:another dumb idea (Score:5, Informative)
-maztuh
Re:another dumb idea (Score:3, Insightful)
Who makes that choice? Do the sites have any recourse to appeal if you make a wrong decision?
Is the code which turns someones PC into your Zombie ever at risk of your benevolent control being taken over by someone else, or someone in your group wi
Re:another dumb idea (Score:2, Insightful)
Cry me a river. Better to "steal bandwidth" if we can stop these crooks from stealing real money from people. Wouldn't you put up with a slightly slower connection for a few hours if it meant a few thousand people didn't get screwed out of real money? If not, then you're a selfish ass.
Re:another dumb idea (Score:2)
Re:another dumb idea (Score:2)
Re:another dumb idea (Score:2)
Is it your contention that any collateral damage is worth it?
My point is that "then end does not justify the means"
Once a arrow is loosed, it can not be recalled. Actions
Re:another dumb idea (Score:2)
Look at the idea of just dumping pollution into the air. Good idea, its cheap, I can make lots of money at it. Pretty soon we can breath and we have to
Re:another dumb idea (Score:2, Insightful)
Regardless thou,even if every point you were spot on the wouldn't mean it was a mistake to try this. It may be very comforting that you have all the answer to all the issues reg
Re:another dumb idea (Score:2)
Let me start with your shallow qoute then. I never advocate doing nothing. Never had. My counsel was, as Doctors are under oath to do, "Do no harm".
Your quote "There might be some pain for some people but that is what life is about." is exactly my point and I think the term vigilante is apt. That is exactly what that mind set is. "We will take matters into our own hands, some people might get hurt, but it is for the greater good, and w
Re:another dumb idea (Score:2)
Not "every few minutes", but once a site is "dead", periodic checks are done to make sure that it doesn't come back up.
Linux/unix version (Score:5, Insightful)
Happy marauding...
Re:Linux/unix version (Score:5, Funny)
Such as:
-U "SLASHDOTTED 1.0/A"
-U "AND IF YOU DON'T LIKE IT, THEN HEY FUCK YOU"
-U "[insert long string here to flood logs]"
etc.
Re:Linux/unix version (Score:2)
Re:Linux/unix version (Score:2)
Lad Vampire (Score:5, Informative)
I like this, but prefer the lad vampire [aa419.org] at the same site. There is something somehow more satisfying about watching the images flash by.
Just put it in a browser tab and let it run!
Re:Lad Vampire (Score:2)
I giggled when I read one of the fake banks was named fichnet.net [fichnet.net]. At least some of the scammers have a sense of humor.
Gee, thats great (Score:5, Insightful)
(Yes, I know this has a slippery-slope element to it, but there are plenty of activist groups out there willing to be vigilantes, because they believe their actions to be either unambiguously moral, or divinely inspired.)
Not a slippery slope at all... (Score:2)
This is only a slippery slope if you think crooks who accidentally drop their guns at the scene of the crime - and go back to ask for it back the next day - have a "point" (it's their property after all!). For the rest of us, we understand that DDOSing democrats.org or gop.org is much more likely to get you in legal trouble than doing that to some random phisher. And rightl
Re:Gee, thats great (Score:2)
Re:Gee, thats great (Score:4, Insightful)
In short, I'm merely pointing out that accepting certain types of anti-social, vigilante behaviour (DDOS) *only* because we belive in their cause (hurting scammers) leads us very difficult moral ground when people with whom one does not agree use the same tactics.
Think about it. (Score:5, Insightful)
On the other hand, the rest of us pay thrice: once for the victimization of regular people not yet wise to this game, once for the waste of bandwidth because of the huge amount of spam being sent out for this scam, and now once for do-gooders pumping loads of worthless data back through our shared Internet at these websites, which are replaced faster than they go down.
On the surface it looks like a good idea, but it's just adding to the damage like all these other vigilante anti-spam tactics. A better technical solution already exists; switch from e-mail to instant messaging within a company and save all your instant messages.
Re:Think about it. (Score:5, Insightful)
You've got to be kidding...
That's like switching to pogo sticks because you're afraid of car-jacking.
How about instead: (1) use less brain-dead mail clients, and (2) educate your employees so they're not (quite) so brain-dead themselves. The advantage of being a company is that you can actually do these sorts of things.
[I know, I know, some companies demand brain-death. I suppose it's pogo sticks for them.]
Is this (Score:2, Insightful)
Re:Is this (Score:5, Insightful)
It's kinda like stealing pot from a dealer, chances are, he's not going to report the theft.
Regardless of what is worse, 419ing of DoSing, both are bad and both are illegal, and just like copyright infringement on P2P, people will try to justify it "it's not like I am going to pay for it anyway" and "they already have enough money".
Re:Is this (Score:2)
Say I'm intentionally and knowingly running this program, and the 419ers redirect their domain to, say
Leave well alone (Score:5, Insightful)
Re:Leave well alone (Score:2, Funny)
Re:Leave well alone (Score:3, Insightful)
See here: http://support.beamhost.co.uk/helpdesk/view.php?t i cketid=6360&auth=8f64e9b4
The site is probably going to reopen somewhere else. But I've probably spent less time than it takes for them to reopen it.
What's needed is a program that automates that.
You feed it an URL and the program automatically search for a contact email (e.g. abuse@) and prepares an email for you to send.
Then as most phishing sites are introduced by sp
Re:Leave well alone (Score:2)
It's called http://www.spamcop.net/ [spamcop.net]
Re:Leave well alone (Score:2, Informative)
Why a binary? (Score:4, Interesting)
>It's currently only available for Windows,
Why? I once saw a webpage that did this using only javascript. A simple page reload would give you updated arrays of images which your browser then loaded over and over and over again to exhaust the spamvertized sites bandwidth.
Re:Why a binary? (Score:2)
Yeah, it's called "Lad Vampire", it's also at Artists Against 419 [aa419.org], and you can find it here [aa419.org].
This is just an insanely stupid idea (Score:3, Insightful)
And will probably work just as well... vigilante justice never works and should not be tolerated.
Re:This is just an insanely stupid idea (Score:2, Insightful)
What you're referring to is the tyranny of the majority. In a representative democracy even the majority can't dictate all the rules - and that's a very good thing.
DDOSing is *not* illegal. (Score:2)
Re:This is just an insanely stupid idea (Score:2)
What majority? Do you seriously believe that a majority of Internet users will download this stuff?
Please somebody DDoS them. (Score:5, Insightful)
Re:Please somebody DDoS them. (Score:5, Funny)
Re:Somebody else is a dumbass. (Score:3)
From http://aa419.org/content/bandwidth.php [aa419.org]:
"Every image on our web site is hosted on a 419er's server."
So when you load their website, it also pulls images from 419-scam sites. Do you understand?
Apparently... (Score:5, Interesting)
Each one is something like this:
620ad934fc97bebb65f77bc883211351
That makes me wonder - just what does each one represent?
Re: Apparently... (Score:2, Funny)
> Each one is something like this:
> 620ad934fc97bebb65f77bc883211351
> That makes me wonder - just what does each one represent?
It's either a compressed and encrypted representation of everything on your hard drive, or else a fortune cookie in 4un94r14n 1337.
Spamming back the scammers? (Score:5, Interesting)
Imagine a 419-scammer sitting in an internet café in Lagos, getting thousands and thousands of mails appearing to be from people genuinely interested in the proposal, and having to follow up on them all just in case one or two are from real persons...
Re:Spamming back the scammers? (Score:2, Insightful)
The advantage of just emailing them back of course is that if enough people did it then the scam would stop. Imagine having to sort through 50,000 emails to find the real suckers, rather than a dozen or so. Identifying
Re:Spamming back the scammers? (Score:2)
Different idea (not automated), but some people make it a hobby: http://419eater.com
It's really hilarious stuff.
doesn’t work with websense (Score:2)
Why the pan? (Score:2, Interesting)
But there's a seed of a good idea here, if you throttle it. It would not take any serious bandwidth hogging to crud up the phishing net with data that the phisher has to carefully check by hand because it could lead the police to him/her. Likewise the spammers. Eat their profits by eating their time.
Taking networks down to squash the cockroach is bad, but there is no reason not to lay a little boric acid out, so to speak.
No mention of today's flash mob or Linux scripts?? (Score:3, Informative)
One of the links from the flashmob page is for bash scripts suitable for Linux/*nix [aa419.org] (and presumably OS X et al).
Block list (Score:5, Insightful)
A small change in functionality to your web browser so that when you attempt to connect to a site on your blocklist. your browser informs you and the reason why and then asks you if you want to proceed anyway.
its a much more economic use of resources and could be added to by local police agencys as victims become known or perhaps a phishing notify button added to our browsers.
when we wander upon a site thats dodgy that url can be passed on to the hosts of the blocking lists, a site would be verified to prevent malicious use and if checked out as being ok, it wouldnt be reexamined till a certain number of other referals took place.
No waste of bandwidth, no denial of service attack on any site just a hazard warning in your browser that the site may be harmful.
perhaps the banking sites might even care to host such a list.
Re:Block list (Score:2)
I'd be willing to work with some people to do this. Email me if you're interested.
Re:Block list (Score:2, Informative)
Perhaps that might be a start for you guys.
They released him? (Score:4, Funny)
As always the "experts" assume too much. (Score:5, Informative)
Re:As always the "experts" assume too much. (Score:2)
Oh come on, man. First of all, who made you a cop? Are you sworn to uphold the law?
Re:As always the "experts" assume too much. (Score:2, Interesting)
The sorry thing is that apart from South Africa, law enforcement is useless when it comes to enforcing or even recognising 419 fraud.
Case in point; One of our members had compiled an tracked down a 419 gang operating in the UK. This evidence was taken to the MET who promptly did nothing. The evidence was full correspondence, details of bank accounts owned by the gang, phone numbers, photographs of the gang and their location. And you know what happened, NOTHING!!!
Well, I lie,
Re:As always the "experts" assume too much. (Score:2)
Right. Because hitting a particular site hard will have no effect on other sites being hosted on the same shared server, or subnet?
Re:As always the "experts" assume too much. (Score:2)
If you need a court of law to tell you that http://www.tfisec.com/ is a fake bank site, then you need to turn off your computer now.
Take a look at ciribank.co.uk (Score:2)
Dear Sir (Score:5, Funny)
I am Dr. Muntange Dwambo, the nephew of the director of your internet service provider's Accepatble Use Enforcement division.
It has come to our attention that you are consuming an unusual amount of bandwidth. I am therefore here to give you a one-time opportunity. My uncle has recently passed away, and left me in control of THREE HUNDRED THOUSAND GIGABYTES PER MONTH of bandwidth. Unfortunately that bandwidth is only available to Verizon subscribers, and that company does not yet offer their services in my native Nigeria.
Re:Dear Sir (Score:2)
Pointless again... (Score:4, Insightful)
1) Find a vulnerable server and root it, or get just enough access (through something like a phpBB exploit) to upload a phishing site to the right directory. They will end up with a URL that probably looks like "http://aaa.bbb.ccc.ddd/online/wamu.html". Phishing sites don't bother with mundane details like DNS or domains (waste of time and energy) because the URL will be conviently hidden with javascript by your favorite HTML email client anyway.
2) Repeat the above step as often as you like to have a "cluster" of phishing sites.
3) Send out tons of spam advertising the phishing sites, randomly picking one of the above URLs to use for the login page.
4) By the time the phishing sites are detected, reported, and disabled (could be as long as a week or two or four), hundreds of people could have attempted to log into each of the fake login sites.
5) In most cases, the owner of the server being used for the phishing site is completely oblivious of the phishing site. (The rest of their web sites are working fine, so why should they be aware of any problems?) DDoS'ing them will only attack a confused victim.
Re:Pointless again... (Score:2)
Well, a couple of my points still apply. Such as the fact that a server owner may or may not be aware of the content hosted on their customers' web sites until after their box has been flooded off the Internet. I actually read through the site to see how it works, but right now one of the links (from the FAQ page) that lists their targets [aa419.org] is 404'ed at the moment. The other one [aa419.org] (which is also showing PHP errors) lists over 2000 taken down, but
Re:Pointless again... (Score:2, Informative)
Not quite, the targets are selected AFTER the hosts are notified on the content of the sites and who fail to act on our complaints. Our notifications contain fully presented evidence as to the legitimacy of the site in question. Most often the site breaches the hosts OWN AUP (or similar document). Other evidence presented is how the site is
You could use this software.... (Score:3, Funny)
Vigilante Justice? (Score:2)
The collateral damage on these sorts of things make the 'attackers' ( there is no better word for them ) no better then the scammers they are going after...
Definition of Mugu (Score:2)
anonymous (Score:5, Interesting)
Couldn't someone make a bookmarklet or javascript to fill forms with fake info? Here are some of the forms they use to get personal information.
http://www.raboswiss.com/housec/ACCSETUP.HTM [raboswiss.com]
http://www.swissroyallbank.com/onlinebanking/gets
http://www.kashbankcorp.com/contact_us.php [kashbankcorp.com]
http://www.alphapbonline.com/aibb/online_servces.
http://www.alliance-ctb.com/ebank/apply.asp [alliance-ctb.com]
http://www.libertystrongholdgroup.com/aindex.html [libertystr...dgroup.com]
http://www.fichnet.net/contact.php [fichnet.net]
great, this is exactly what i was afraid would.... (Score:2)
This software allows you to do exactly what I predicted: you can put in any site you want and it'll start leeching from that site. Now all we need is a few dozen people to start leeching from some website they don't like, for example, some guy's private site who is unpopular on a forum, and you're looking at huge server bills and likely the site would be shutdown within a day if bandwidth went from a few megs a day to gigabyte
Re:great, this is exactly what i was afraid would. (Score:2)
run the program moron, you can put any address in you want.
Re:great, this is exactly what i was afraid would. (Score:2)
shit... no you can't... i saw the open blank for "targets" and thought I could type them in... still if you can create this anyone can, just a matter of time before there is a program that lets you select your own targets.
Re:Soooo different to Lycos's effort (Score:2)