Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« December 2007 | Main | February 2008 »

January 24, 2008

Spammers and English Permalink

Fractured English has been a staple of non-U.S.-based spammers. I've seen variations of a particular message written under the auspices of the Roget's Thesaurus School of English Composition. I've seen content obviously translated from whatever to incomprehensible English via Babelfish. The subtleties of the English language are difficult to master, even for those of us who have used the language since graduating from "ga ga goo."

Thus, I admit to getting a chuckle from an erectile dysfunction medz spammer who combined his knowledge of the English language with a bit of American TV advertising culture. For a long time, TV ads for a paper towel brand used the tag line, "the quilted quicker picker upper," complete with one of those jingles that won't leave your head. The author of this Subject: line must have been exposed to this advertising, understood it, and made one simple substitution:

Subject: the quicker pecker upper

Although the spamvertised domain is (supposedly) registered to someone in China (created last week), this is just too American to think the true source comes from anywhere but the U.S.

UPDATE (25 January 2008) — Our punster is still at it, this time with a different spin on a well-known American advertising slogan:

Subject: It's driller time!

It was funny the first time. Now I'm bored. Perhaps the Americanisms will entice the Federal Trade Commission to investigate and trace this guy more closely for his multiple CAN-SPAM law violations per message.

Posted on January 24, 2008 at 08:41 AM

January 23, 2008

It's Greek To...Everyone Permalink

My BFFs know that I studied Latin and Greek in college—back in a time that seems almost as distant as the ancient civilizations, themselves. Although I can't imagine having studied any other subject, sadly the most practical application of that experience was that I sailed through reciting the Greek alphabet while a fraternity pledge.

But today, it also helped me recognize a spam message delivered in modern Greek (which my Mac rendered beautifully). There are differences between classical and modern Greek, but the alphabets are the same, and I can sound out the words to try to get a sense of what is going on.

But before getting to that, I have to say that the sender will probably get slapped by his ISP as soon as the spam reports start coming in. I don't recognize the sender, but one of my addresses appears to have been in an email address book that was wrung out to accumulate recipients. My copy of the message had 392794 recipient email addresses listed in plain view of the To: field (one of my pet peeves). This group accounted only for those addresses whose usernames began with "dakis" through "devilkins." Zeus knows how many of these batches went out. The majority of address domains were Greek (with the .gr country code top-level domain), but there were others that really point to an address book scrape (e.g., list owners of several Darwin-specific mailing lists at Apple, all in a row).

Attached to this email were no fewer than six files: one .jpg; one .rtf; one .pdf; and three .doc files. Microsoft Office and Acrobat files have been used as conveyances for malware, and you can bet your sweet souvlaki that Laocoön's paraphrased (and Virgilian) warning, "Beware Greeks bearing gifts," kept echoing through my head. I declined to open any of the attachments.

Another thing I didn't like about this message was that one of the few bits of English pointed to an official web site for whatever this thing was about. I don't know about you, but it's hard to ascribe gravitas to a sender whose "official site" is a MySpace page.

The end of this mystery was a bit of a let-down. The spammer appears to be a theatrical producer flogging his new production of one of Euripedes' plays. He's begging the world to schedule his production for the 2008-2009 season. Ugh. This sparks of someone who just discovered the Internet and intends to milk it for all its free advertising potential, including spamming from his own DSL connection.

Well-intentioned. Ill-informed. A tragedy not limited to the Greeks.

Posted on January 23, 2008 at 09:30 AM

January 22, 2008

The "You Registered" Lie Permalink

Second to the "this is not spam" lie, the insistence that I received a spam message because I had registered from a specific IP address is perhaps the most aggravating lie a spammer can use. By issuing that statement in the message, he might as well dance naked in the street while singing, "I am a spammer, and I think you're an idiot!"

Today's installment comes from a shoe spammer. After telling me I can save 70% on a laundry list of brand name shoes (yah!), he includes this little gem:

You registered from IP 152.163.[removed].[removed] on 1/18/2006 from  to receive special promotions and supplied email address dannyg@dannyg.com.

This guy is counting on the fact that 90% of his recipients don't know what an IP address is, nor would they have a clue whether the stated IP address really belongs to them.

Well, jerko, I do know what an IP address is and how to check to see whether it could be mine. In this case, the supplied IP address belongs to America Online. While I had an AOL account in January 2006, I never connected to it during that timeframe through its dialup or other connectivity service. Moreover, I had signed up for the account months earlier to perform some work for a client, and never did any kind of surfing or viewing of outside web content. Therefore, you are lying about that IP address.

I then compared the supposed registration date against the domain name of the sender. Not surprisingly, the domain name of this sender was created in December 2007 (last month). I could not have possibly signed up with you nearly two years before you existed.

Note, too, that there is an extra space after the "from" following the date, where your lying piece of crap software failed to fill in the site where I never registered.

What really pisses me off about this trick (which has been used for years—I mention it in Spam Wars) is that most recipients believe this technobabble lends authority to the claims. "Ooh, I don't know what an IP is, but the numbers look important...they must be true." Recipients might, therefore, believe that the unsubscribe link in the message will really cleanse their email address from the spammer's lists. Fat chance! Once this emailing list merchant gets your address confirmed, you'll get plenty more spam sent from this company that changes domain names like you change socks, and from other companies who buy his "confirmed" address lists.

Mr. shoe spammer, put on your Pumas and take a hike.

Posted on January 22, 2008 at 11:51 PM

January 18, 2008

Fighting Software Piracy vs. Fighting Malware Permalink

Here's one for the ethicists out there to figure out.

Let's say you are a blind or severely visually impaired PC user who must use screen reading software to turn text on the screen into audible speech.

[As a sighted person, I find it impossible to imagine what it would be like to use a graphical user interface computer (Windows, Mac, etc.) without being able to see the mouse cursor or know which window full of content is frontmost. Simply closing my eyes for a few minutes can't possibly recreate what for me would be incredible frustration. Thus, I am in awe of those who not only cope, but frequently excel at the computer using other senses exclusively.]

So, as I was saying, you rely on screen reading software. There are several commercial programs to choose from. You learn through the grapevine that you can download a registration cracker utility that lets you use one of the most popular programs without having to pay the licensing fee. The license fee isn't cheap—like Adobe Photoshop not cheap. You download that utility, run it, and, indeed, gain access to the screen reading program for free.

At this point, my "Not Kewl" buzzer goes off. While I appreciate the challenges facing the program's users, I also appreciate the cost of development and marketing of a product that a lot of people seem to like. There are plenty of competitors out there, and if the price were too high, sales would suffer. In other words, the high price, combined with the program's high popularity, indicate that the company produces a product of sustainable value.

That's one side of my tale. Onward to part two.

It turns out that the registration cracker software does a lot more than what it advertises. It also installs a background process that waits for a particular date in the future. When that date hits, the background process cuts off at the knees the screen reader that has been cracked as well as several others. This Trojan is apparently well-written, and is difficult to exorcise from an infected PC—even if you have vision (as reported by Sophos). For a blind user, the lack of screen reading facilities essentially turns the machine into a worthless hulk, and likely cuts off a primary communications medium.

One could speculate on the motivation behind the cracker's antics. A conspiracy theorist might even accuse the maker of the cracked software of releasing this Trojan as a punishment for those who try to get the expensive software for free. That, of course, is ridiculous. Is it some over-zealous anti-piracy freak? It would seem to me that there are more voluminous and juicier targets for that kind of crusade (snarky comment about Microsoft Genuine Advantage voluntarily withheld).

Was this perpetrated by a sighted programmer who got his toe tapped accidentally by a blind person's white walking stick? Or perhaps it's by a blind programmer who is eager to show that he is as blind as, but smarter than, your average blind software pirate (get that mental picture of a sea pirate with patches over both eyes out of your head!).

It's all very bizarre to me. And cruel.

While there actually are a handful of free lunches on the Internet (e.g., software from Mozilla), such gifts are few, well-known, and not spammed. Lures to free-stuff-that-normally-costs-money only lead to disaster. Even those who can see frequently fail to recognize when their pockets are being picked and their computers are being pwned.

Posted on January 18, 2008 at 10:52 AM

January 08, 2008

Best Tech Leaves You "Only" 14% Exposed Permalink

Spam Wars readers know about my belief in the triumvirate of defenses against spammers, scammers, and hackers:


  • The Law

  • Technology

  • User Education

Only the first two have gained any traction in the last 10 years, and of those two, Technology is the sexiest. It gets more consistent headlines and has become an industry unto itself, capable of supporting dozens of companies around the world (which generate more press releases for more headlines...the circle of PR life). But readers of my book and this blog know that I fear for users who rely entirely on technology to save their butts. Some more evidence surfaced to reinforce my fears.

As reported at the Sophos blog, an independent group called AV-Test periodically performs comparison tests of anti-virus software. Although the report referenced by Sophos is not yet at the AV-Test site, Sophos must have early access to it. The blog entry proudly shows the company's product's top-rated performance in detecting new viruses appearing in the wild (July-September 2007) without the need for a whack-a-mole-like virus definition update.

While it's true that, according to the chart apparently taken from the AV-Test report, Sophos was, on aggregate, way ahead of other name brands, the average success rate over the three-month period was 86%. Or, to flip it on its head, 14% of the time, your system was vulnerable if you hadn't fetched the latest update.

I'm sorry, but when it comes to relying on technology to protect our computers, grading on a curve just doesn't cut it. Getting the best score of 86 on a Calculus test when all of your classmates are armadillos is not something to be that proud of.

The test results reveal almost a contempt for potential customers when you consider the marketing hype accompanying every commercial antivirus product on the shelves (I'm not singling out Sophos on this point). Based on product "promises," users' expectations of automatic protection are very high, especially when typical users most likely don't fully understand the technological problems caused by malware or the cures offered by AV products.

Lest you think for a moment that I am anti-anti-virus, you'd be mistaken. I wouldn't let a Windows PC connect to anything by any medium without having both antivirus and firewall software running.

Messaging (email, IM, in-site message systems) is still the primary vector for infection, whether by attachment, embedded HTML retrievals, or lures to malware-infecting web sites. Informed handling of electronic messages that get through other front-line defenses needs to be improved everywhere. Once an Evil Message makes it into the inbox, an educated user is the best defense against attack. Let the anti-virus software be there to handle the accidents—to act as a kind of Depend undergarment for those times when you can't control your mouse button finger.

Posted on January 08, 2008 at 02:19 PM

January 02, 2008

One Last Spam Hurrah for 2007 Permalink

Ah, New Year's Eve. A time to reflect on the year just passed and dream of the year ahead...a time to perhaps get a little silly at having survived one more orbit around the Sun...a time to spam the crap out of one of my domains.

I knew I didn't get blitzed on the Eve, but I thought I was having the DTs when I saw my spam stats chart the next morning. On December 31, 2007, my dannyg.com domain had been dictionary-attacked more than 107,000 times! That's more than double the amount I ever recall seeing.

The pattern of these kinds of attacks varies (my earlier reports here, here, here, and here). This one was highly distributed, with each connection to my server attempting to drop but a single burning paper bag full of dog poo. The sources, presumably botnet computers sitting idle while their owners reveled with lampshades on their heads, were used a few times during the day for these singleton attempts.

I don't know what the spam content was—not that it matters. I'm just happy that someone spent money or something else of value to rent a botnet and got absolutely nowhere as far as my domain goes. My poor server, though, was probably smoking, and could have used a stiff drink at midnight.

Good health and happiness to loyal (non-spamming) Spam Wars Dispatches readers in 2008. To spammers and scammers, may 2008 be the year you take up butterfly collecting as a full-time hobby.

Posted on January 02, 2008 at 08:55 AM