June 2008 Archives

Some spammers apparently have a sense of humor. Some of our spam traps were recently hit with a run of test messages with the subject line:

in sov r bot test you

The spamtrap addresses affected were originally 'scraped' by spiders running on servers rented from Everyone's Internet/EV1Servers, and gather the usual mess of penis enlargement, pills and fake watch spam.

Using a distinctive test message rather than simply sending out another batch of pill spams would make sense if spammers were collecting bounces in order to eliminate undeliverables from their spam lists. This doesn't seem to be the case, however: the 'From' addresses on the messages use randomly-generated addresses at other people's domains, so there's no way for the spammer to collect the bounces. They could monitor the actual SMTP transaction — but then there's no advantage to using a distinct test message. It's therefore likely that the messages are no more than they appear to be: simply test data used for checking a botnet or trying out a new email module.

One type of spam that I've been spared so far is SMS spam, where spam messages are sent directly to your cellphone (often very expensive for the recipient). Stock spammers in the US often use SMS spam, while in places like China it's already a huge problem. In Britain, two-thirds of cellphone users have received SMS spam.

Jonathan Zittrain, co-author of an excellent study of stock spam, has just released a book called The Future of the Internet - And How to Stop It, available both on paper or as a Creative Commons-licensed download.

The book isn't primarily about spam, but any discussion of the future of the Internet — which Zittrain sees as potentially bleak, by the way — must necessarily cover the topic. Zittrain outlines the problem and then talks about responses to the problem in the form of open collaborative grassroots projects. I haven't had time to do more than skim it, but it looks like it might be worth a read, if only as a possible source of new ideas and a way to look at spam as an instance of the larger problems facing the Internet.

Over the last couple of days, we've seen a number of spams with titles like ‘Amazon.com is down?’, ‘Amazon.com crashed’ and so forth. The body of the spam reads:

Hello! News agency Reuters informs about not to working capacity of a site amazon.com in current of two weeks since June, 9th and corresponding it to falling of share price. Be close at work with them.

The message contains no URLs, no malware payload, nothing except the text above. It's difficult to tell what the purpose is - a botnet capacity test, a short-and-distort attempt on AMZN, a test to identify active addresses — or just another spammer misconfiguration?

It's true that Amazon recently had system problems that took it offline for a couple of hours. What's not clear is why spammers want us to know that.