I’m sitting here in Holland, checking on mail and such after having a meal with some of the other speakers. From the conversations we’ve been having, I think the Symposium tomorrow is going to be very interesting.
Check out the webcast tomorrow (Thursday), or watch the archived webcast later:
I better get to bed, I’ve got a full schedule tomorrow!
A friend asked me about getting on the internet again. She’d moved, and hadn’t been connected at home for a while.
Not thinking, I’d given her an old modem a while ago (she’d had ISDN at her old place, and just regular phone line at her new place, so I knew she didn’t have a modem that would work).
Now she was talking about broadband connections, and if nothing else worked, she’d use the regular modem.
And I said, wait a minute!
You can’t bring your old computer online now! It’s got 16 MB RAM and 166 MHz AMD processor, you may be able to download mail with it, but I’m not even sure the latest browser would run on it, and your old browser would only throw up javascript errors on just about every page you’d visit!
So we talked a while, and I was berating Windows 95 compared to newer versions of Windows. And then she said: Oh, but we upgraded it to Windows 2000, so then it’s OK!
I burst out laughing. I know, not cool, but I couldn’t help myself. The thought of Windows 2000 on such an old machine had me in stitches, and her satisfied tone when she told me was a hoot too. She very nearly got offended with me. And I’m sure she would have been, if I hadn’t been genuinely trying to help her.
I guess the morale is: Don’t assume regular users know what they’re doing. They’ll gladly make a mess of their computers, thinking they’re improving them.
There has been a lot of talk about zombies and how ISP’s are the ones that should catch and quarantine them. You won’t get an argument from me about that. They should, period.
But why don’t they?
They are in the business of making customers happy, period.
And customers who feel spied upon and vilified by their ISP aren’t happy.
So we need the zombie catchers to tell us how we can spy on our customers in such a way they won’t feel like we’re reading their mail, or know what they’re doing. They want to be able to keep using P2P networks in peace, and whatever else they’re doing, short of child porn.
Looks like Dyakon aka Alexander Morozov is active again. I had two comments in short succession about him. No reports about spam this time, but he’s snapped up some newly expired high value domains.
Spam Huntress » Blog Archive » Dyakon aka Alexander Morozov
Remember I talked about eWay?
I just found a press release about them. They’re touting a new creepy tracking system for their e-mail campaigns.
I have only one question: Exactly how are they going to trick aunt Emma into installing this thing on her computer?
I just got a spam comment from a guy who appear to have hacked the databases of some dating sites to get the e-mail addresses.
luckylovers.net
neu.com
rsvp.com.au
match.com
americansingles.com
I guess the owners of these sites will want to bring this guy down? He’s Russian speaking, so it may take some time to flush him out. So how about getting started? I believe he just recently translated his pitch to English, so this may be the first instance of publicity about this outside of Russian speaking territory.
He came to my site with a referrer from my site, and went to the forum spam category before selecting the first post in that category to post to. And he’s using what appears to be a bot
66.226.75.89
66-226-75-89.dedicated.abac.net
The e-mail address is Russian.
I’ve been following him around the web and looked at his earlier posts in Russian. He said he’d stolen match.com addresses November 20, 2005. This was from a post on a forum in Russian, posted January 2006. He also claimed to have hacked perfectmatch.com and personals.yahoo.com.
Update:
I got another message from the same IP number. This one is about forum registrations and spamming. And there’s a domain name owned by Alexey A Gusarov. I’ve tracked him before, and he appears to be a real person.
The same domain name is involved in multiple spams before, each time promoting e-mail lists.
I may put up a full profile on him later on.
Most of us have received several waves of garbage blogspam. Either obviously fake domains, and obviously random characters in the message itself, or spam with google.com as the URL.
I just read a thread on a typical webspammer lair forum, and saw a discussion on a submitter software. One of the participants advocated doing a test run on a junk domain first. My guess is that the garbage runs we’ve seen are people testing “new” software where they don’t want to risk their own domains just yet.
I was reading the excerpts of the papers due to be presented at The Conference on Email and Anti-Spam.
One of those papers is this one:
“Introducing the Webb Spam Corpus: Using Email Spam to Identify Web Spam Automatically”
According to what they’re saying about it on the excerpts page, I can tell you one thing: They’ve missed the mark entirely.
Why? Because the URL’s used in webspam do not point to typical mailspam webpages. They point to throwaways, designed to shield the end point website (which may in some cases resemble mailspam webpages) from getting zapped by search engines and hosting.
The throwaway sites do not resemble mailspam sites for a simple reason: They’re not there to snare attention from visitors, but to funnel the visitors on to the end point websites, without the search engines following along!
Think of it like this: For each website the webspammers are promoting, there are hundreds of throwaway sites that redirect users to the site, but it’s the throwaways that are ranking in search engines.
Which means looking at mailspammed websites from the point of view of analyzing webspam websites completely misses the mark.
We’re usually talking about a different set of spammers, with different payoffs.
Hey, if you want an analysis of the typical webspam website, ask me, eh?
I just found a new hungry java-bot in my logs:
Java1.4.0_01
In the past, the java-bots have all begun like this:
Java/1.
So time to update the .htaccess blocks!
This one was wielded from:
70.19.6.16
greenwich.vettro.com
(in Verizon space)
173 accesses from 05/Jun/2006:02:41:55 to 05/Jun/2006:02:46:11
A friend lives in an old farmhouse miles from civilization. Miles from broadband connections.
He had an older computer that had been upgraded until it got way too slow.. And when I asked about it last time we met, he said it didn’t work at all anymore.
Mice had gotten into it and chewed through the wiring during the winter, according to his best calculations.
!!!!
I guess there’s a reason for cats being the favorite geek pet?