Digital Choke Daynotes

 Sunday, October 31, 2004       mail    link   the story

Happy Halloween -- a quaint US custom specifically designed for extortion of candy from willing households.

An interesting report from an anonymous author who is claiming to figure out who wrote the "SoBig" virus from last year. His/her conclusion is based on the similarity between the virus and a well-known spamming software. There is some similar code, code-writing techniques, and other similarities that has brought them to that conclusion.

Their conclusion is that the SoBig virus' main purpose is to create spamming points on infected computers that the spamming software (written by the same 'group') can use as relay points for mail spam. Spam relay points are valuable to spammers because they are less likely to be on spam blocking lists.

This symbiosis between spammers and viruses has been suspected before, since many of the viruses use infection points that allow mail relaying. There are many suspicions that viruses are more of an organized crime activity, especially in Eastern Europe/Russia.

If you are interested in the report, it is here and here. The first site may not be available at all times; it's on a bandwidth limited site at GeoCities.

...and the doorbell keeps ringing....

 Monday, November 1, 2004       mail    link   the story

The Internet Storm Center has a "Handler's Diary" that I look at to see what's happening on the 'net. They are continually looking at traffic on the net to spot things that are out of the ordinary.

Last night's post was different. Judge for yourself. Sometimes things are scary out there.

I've been working on another "Simple Steps" report; this time it's on wireless networks, especially at home. An advance look at the report is here; comments are invited via our mail page. Just like the "Simple Steps for Safe Computing", the new page is not too technical, just the basic stuff.

There's a lot of insecure wireless networks out there. I found a new program for my iPaq that actually maps wireless networks on a radar "screen". It shows the direction of the wireless network in two dimensions. I just started using it tonight, but it seems like an interesting tool. I found the program here, if you want to try it out. I need to try it out a bit more to see if it will be a useful tool, but the initial look seems positive.

Tomorrow (finally) is Election Day. Our plan is to hit the polls when they open at 7am before going to work. I figure it won't be as crowded there. Lots of interesting things on the ballot around here.

For those of you regular readers (yes, even you in the back), it is important that you vote. If you don't vote, then you can't complain.

It should be an interesting next several days as the results get sorted out. And we'll see how many problems crop up (chad up?) with electronic balloting without paper backup.

 Wednesday, November 3, 2004       mail    link   the story

Did the Merit Badge thing again tonight. We finished up the Citizenship in the Nation badge, which was timely. We talked about the power of "We the People", and that we get to decide what happens in our country. Not many people in the world get to do that. I told the boys that the right to vote was important. I told them that if their parents didn't vote, they had my permission to whack them upside their head. No matter what your political leaning, you have the right and responsibility to vote. I did, and tried to instill that in the kids.

They were paying attention. We reviewed the "Nation" requirements, and they remembered what we discussed last week.

After our review, we started on the "World" merit badge. Got part way through that. I need to prepare a bit more on that one in order to finish it up next week. I was dancing a bit at the end.

A bit rainy today. Caused the morning commute to be much slower than usual, although the trip home wasn't too bad. Got a few things accomplished, a couple of meetings for some other projects, and started doing a bit of research on the 'top ten' security issues paper I need to write for the new CIO to take to the big bosses.

 Thursday, November 4, 2004       mail    link   the story

A brother and sister team were convicted in the nation's first felony prosecution of spammers. The jury recommended a term of nine years in prison for Jeremy Jaynes, and a $7,500 fine for his sister Jessica DeGroot, convicting them of three counts of sending emails with fraudulent and untraceable routing information. They used AOL to send their spam mail, and collected a few million dollars in orders for sham products and services. In one month, they got 10,000 orders at $39.95 each for people to sign up as a "FedEx refund processor".

Let's see, my calculator makes that $400,000 a month just for that scam. I suspect that they made quite a bit more than that.

Spamming is big business. Startup costs are fairly low. You can get a million names for under $100. Add in some software, and some willing mail relays (easy to find), and you're in business.

Send out the million names, and hope for a 1/2 of 1% response rate (typical response rate for spam email). Sell a product that gives you $20 in profit. One million names, 0.5% response rate, gives you 5,000 orders gives you $100,000 profit for one mailing. Yeah, you might lose some sales with credit card voids, but still not a bad return.

Now, do a few of those mailings. Include a link in the mailings that displays a page on your web site. The link includes a command that verifies your email address. Use those verified email addresses to fine-tune your mailing list. Now you have a more valuable mailing list of verified email addresses. Do that a few more times, and you'll start getting your own list of email addresses. Which you can sell to other spammers. Something that exists only electronically is easy to stock, sell, and ship -- minimal overhead.

That's why you and I are getting so much spam.