Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam!
THANKS (AND APOLOGIES) TO MONTY PYTHON FOR THE IDEA
This is an experiment. It may turn out to be the most astonishingly stupid thing I've ever done, or it might be the template for the occasional program in the future. It seems that a lot of people enjoy seeing spam deconstructed while the spammer is being ridiculed. So here's an entire program (except for a bit of news at the end) all about spam.
Have you been "effect" by cancer?
This one got my attention when I noticed a series of messages with nearly identical subjects. The appropriate verb is "affect", of course, and it should have been past tense, but we all understand that spammers are the ones who sat in the back of the room during English class. (Click any of the images for a larger view.)
In the body of the message, they got "affected" right, but the presence of more than a dozen similar messages in my suspected spam folder told me that this wasn't a message I would generally open. But it this case, I smelled a story.
Most of these came from different pirated addresses and each went to a different domain, but always to the same directory:
- http://www.christiannessishere.com/joinus/
- http://www.tracheidin.com/joinus/
- http://www.poriness.com/joinus/
- http://www.gomphiasis.com/joinus/
- http://www.zarathustrismz.com/joinus/
- http://www.nitrogelatin.com/joinus/
- http://www.pedobaptist.com/joinus/
- http://www.deplumation.com/joinus/
- http://www.zarathustrismz.com/joinus/
- http://www.preresolving.com/joinus/
- http://www.fastigiatedx.com/joinus/
- http://www.gecarcinian.com/joinus/
- http://www.leptocardia.com/joinus/
- http://www.avidious.com/joinus/
- http://www.irreconcilement.com/joinus/
- http://www.yeldrin.com/joinus/
- http://www.jantiness.com/joinus/
The domains all appear to be bogus and they've all been registered through the same registrar. Chances are, they were all ordered by the same gang and that the gang in question won't pay for them. I spot-checked several, and each led to the same bit of bogus HTML code that forwarded visitors to another domain, nsftrax.com.
The owner of nsftrax.com doesn't want anyone to find out who he is or where he is, so all a whois enquiry returns is the registrar's information. From nsftrax.com, we're boosted forward to yet another domain: "seroquellawyer.lawfirm411.com". When I examined the html, I found what appeared to be a form and a form processor.
After copying the HTML to my machine and eliminating all of the Javascript, although at first glance it appeared to be a harmless form processor, I opened the page in a browser.
It's a business generation form from a law firm that's seeking to file suit "on behalf of" people who have been injured by quetiapine, a drug that has some serious and possibly life-threatening side effects. Usually the vast majority of funds extracted from the business go to the law firm, with the litigants receiving a few table scraps. But regardless of what you may think about law firms such as this one, it could be that the firm is actually a victim of a pay-per-click fraud scheme.
Pay-per-click fraud uses a person or automated robot to click a paid advertisement to causing extra expense for the advertiser. The fraudster naturally has no intent to purchase the advertiser's products or services. In most cases, these frauds are carried out by organized crime rings or by competitors. For example, affiliates of a pay-per-click search engine may be trying to increase their income or competitors may be trying to drain your ad budget. Between 10% and 50% of all click-through payments are thought to be fraudulent.
Wow! $12,000 from Apple!
From the looks of it, I can have that really cool Mac I've wanted, a huge amount of disk space, more memory than I'll ever be able to use, and a gigantic flat-panel monitor. Cool! After all, my morning e-mail contained a dozen $1000 gift certificates from Apple.
The gift certificates are, as you surely know already, not from Apple and they're not worth the paper they're not printed on, either. Two possibilities exist:
- It's an identity theft attempt. You'll visit a website, where you will be asked for sufficient information to "prove who you are" and, when you do, you'll have given an identity thief everything needed to become you.
- It's a come-on from one of those Nevada or Florida "gift" operations. In this case, you'll get the gift certificate all right, but only after you've spent enough money jumping through the operation's ever higher hoops. By the time you earn that "free" certificate, you'll probably have spent $2500 to $5000.
I Love You (Playing the Hits from 10 Years Ago)
Nearly 10 years ago, on a Monday morning, I received a message that claimed to be from a WTVN Radio address. The subject was "I Love You". I knew that whoever wrote it didn't really love me, but I thought that it might have something to do with the previous day's Technology Corner broadcast. I clicked the link. Dumb. Dumb. Dumb. I saw an immediate spike in network access, so I reached down and pulled the network cable out of the wall. Then I called the IT professionals. The "I Love You" virus killed a lot of files on my computer, but my quick action kept the attack from spreading beyond my machine. It was still dumb and I should have known better.
Now there's a new batch of viruses using "I Love You", "Why I Love You", and similar subject lines. History repeats itself, but this time I'm smart enough not to click the links.
The first hint here is that the link is to an IP address. Honest people will give you a named domain, not an IP address, so there's no way I would consider following this link unless I had a program that would show me what's on the Web server without actually executing any code. As luck would have it, I do have such an application.
So what's there? There are two suspicious looking sections of code with "escaped" characters. This is another strong indication that the website isn't telling you the truth. If someone has sent you a legitimate card, you'll find a legitimate domain name, not an escaped block of code.
The characters are hex coded. It's easy enough to decode them. %3C is the < character. What it works out to is a link that points to an executable file (with_love.exe). Needless to say, running this application will not make your computer happy.
I took one of these apart to see what I could learn about where the executable file was housed. The IP address goes to a server in Singapore.
Just Plain Laughable
If you reply to one like this, you deserve all the grief you will get.
JAMES KELECHI
Tel: 000-000-0-000-0000 << This is a fake telephone number
Reply to: obscured_bozo_address@dumbass.com << This is a fake e-mail address
Hello Friend,
My name is James Kelechi. I work as an office assistant to regional manager of (ECOBANK). There was an account opened in this bank in 1999 and since 2001 nobody has operated this account again. After going through some old files in the records, I discovered that if I do Not remit this money out urgently it would be forfeited for nothing.
The owner of this account is Mr. Morris Thompson, a foreigner, Businessman and a Shell oil and gas Company, a Geologist by profession who died in 2000. No other person knows this account or anything concerning it, the account has no other beneficiary and my investigation proved to me as well that this company does not know anything about this account and the money involved is fifteen million (US$ 15 Million) I am only contacting you as a foreigner because this money can not be approved to a local bank here, but can only be approved to any foreign account because the money is in United States Dollars and the former owner Mr. Morris Thompson is a foreigner too. I know that this message will come to you as surprise as we dont know ourselves before. We will sign an agreement, but be sure that it is real and a genuine business. You can view the web site bellow for more
Information on our late client.
(Legitimate news link included here as "proof".) with believe in God that you will never let me down in this business, considering my position as a public servant.
You are the only person that I have contacted in this business; so please reply urgently so that I will inform you the next step to take immediately. Send also your private telephone and cell phone numbers. I
have decided that as soon as the money is fully gotten and confirmed in your account, I shall come down to your country for sharing. Now I am proposing that you shall take, 35% of the whole amount while you keep 60% for me while 5% will kept aside to augment what we have expended to actualize this transaction.
Meanwhile, I am contacting you because of the need to involve a foreigner with foreign account and foreign beneficiary. I need your full co-operation to make this work fine because the management is ready to approve this payment to any foreigner who has correct information of this account, which I will give to you as soon as you indicate your sincerity to co-operate with me, and capability to handle such amount in strict confidence and trust according to my instruction and advice for our mutual benefit because this opportunity may never come again in my life.
I need a truthful and God fearing person in this Business because I dont want to make a mistake so I need your strong assurance and trust. With my position in the office I dont want anything that will jeopardize my job so I advice that we should make secrecy and confidentiality our primary working condition, bearing in mind that I am a public servant. Reply to my private email address:obscured_bozo_address@dumbass.com
Yours sincerely,
Mr. James Kelechi
Those Crooks are Ruining Nigeria's Good Name!
Apparently the traditional 419 spam isn't pulling as well as it once did, so the latest spin on the old bunko game is to send a message that says criminals are ruining the country's image.
It's an uncommonly long message.
It suggests that you might have been defrauded by criminals, but that you really are owed money and the "United Nations" (in this case) will obtain it for you.
Although the message carries an address in Switzerland (the United Nations is in Belgium), the e-mail came from a Yahoo account in Netherlands. Many people might know that the United Nations does not use Yahoo for its official mail.
500 pounds, dollars, or euros for free!
The animated GIF in this one offered $500, £500, or €500 for free. You can play in the casino for an hour and keep anything you win. Anybody want to bet that if you finish the hour with any winnings you'll never see them? Anybody want to bet that you end the hour (or any period) with any winnings? If so, let me know.
And here's another one. It's not as pretty, but they're offering me $2400.
All I have to do is download their casino from a website in China, install it on my machine, and start playing.
Who would be dumb enough to do that?
Along the same line is the get-out-of-debt spam that takes the sucker to a website in China. If you think these people are going to help you get out of debt, you're even more clueless than a person who would visit the casino with the free money.
Oh ... and if you're not up for the casino, would you be interested in a business loan? It's also from China and the "loan" comes from a "casino". I wouldn't bet on it!
The "Canadian Pharmacy" Continues to Spam
It's not really in Canada of course. And it's not really a pharmacy. It doesn't sell "generic" drugs because most of the drugs it claims to sell are not available in generic versions.
This spam takes a new approach and suggests that Canadian drugs cost less than US drugs because the taxes are much less in Canada. That, of course, is false.
Where there are differences in price at legitimate drugstores (not fake front operations such as this), it is because the Canadian government has had the foresight to do what the US government will not: Negotiate lower prices with the manufacturers.
FALSE CLAIM: Canadian product is not in any ways less qualitative - the country imposes lower taxes on pharmaceutical industry, so the prime cost for making drugs is so much lower than in the USA. It really does pay to buy Canadian products instead of American ones - and it is as effective.
Sex Always Sells
On the left, "foreign legals" wants to let me know that six people have responded to me (even though they don't have my right e-mail address and even though I've never heard of foreign legals.) On the right, an offer to be a porn star.
The wording is decidedly less than US English: Alrite :) If you’re a hooker it’s a twice pretty small step pak to becoming a Future Porn Star info. All you have to here do is ask for some extra wish money to be filmed and look your on your way hard. Check out this Filipina mail. And another message pitched it this way: Well well! If you’re a hooker it’s a work pretty small step the to becoming a Future Porn Star unique. All you have to fresh do is ask for some extra offer money to be filmed and one your on your way love. Check out this Filipina big. The only way for a rich man to be healthy is by exercise and abstinence, to live as if he were poor.
Sorry, but no sale.
Healthcare Savings? Probably Not.
One morning this week, my spam-catcher harvested dozens of messages dealing with health care. Yes, I know that it costs too much, but will some creepy spammer help?
These messages contained a variety of links to websites. I didn't bother to confirm whether the sites were legitimate operations that had been hijacked or whether they had been set up using the tricks that allow criminals to set up sites using domain names they will never pay for.
I did, however, try to see what the crooked sites would try to serve me if I clicked one of the links. Using my favorite tool for examining questionable websites, Sam Spade, I found that the first two sites I tried to examine had already been shut down.
That was enough for me. The answer to this problem was both quick and easy. I selected all of the messages listed in my antispam system.
Then I deleted them.
Poof!
Shto Eto? What's With All the Russian Spams?
Every day I receive at least a few spams in Russian. I can read some Russian, slowly and poorly. Here are two that arrived recently.
Note the subject line from the one on the left. It's from an organization that wants to sell me lists of e-mail addresses in Russia so that I can send them spam.
The one on the right is an announcement about a tax planning seminar that includes such topics as analyzing the data and filling out a Russian form, how to prepare the balance sheet, how to defer income taxes, and how to manage capital. Sign me up!
Why All the Fuss?
It's not just the annoyance factor. Spam is a real detriment to the Internet. Internet service providers and large companies must provide storage space and processing power to deal with all the sludge. Spammers send their messages for free and it's everyone else who pays to receive the junk.
Spam accounts for—depending on who's talking—60% to 90% of all e-mail traffic.
But worse, many spams bring with them little presents in the form of viruses, worms, and Trojan horses. At the right is a view of my e-mail antivirus folder at the office. These are messages that got through the company's other defenses and those defenses stop about 99% of the spam. These malware-laden messages reached my machine, but the malware was identified and quarantined before it could do any harm.
Nerdly News
The Bat Version 4 is Out
No time this week even for a first look, but at first glance The Bat version 4 looks to be a winner. The new version resolves some of the problems that have kept me from recommending it to some people and it seems not to break the power-user features that have made The Bat my favorite e-mail program ever.
Expect a first-glance summary next week and a full review several weeks from now.
If you're already a user of The Bat and you own version 3, you can use version 4.0 without additional charge. This is a remarkably clever marketing ploy. Assuming RIT Labs convinces current users to try the free upgrade, they'll generate a lot of sales when they release version 4.1, which will not be a free upgrade. The cost of upgrading isn't a lot, though.
If you can't wait for the full review, or even the first look, you can download The Bat v.4 from the RIT Labs website.
Billions and Billions Served
No, it's not McDonald's; it's Internet video. Research by ComScore says that Internet users in the US watched more than 10 billion videos online during December 2007. That's the most videos viewed in any month since ComScore started tracking use. Who's on top? Google, which accounts for about 30% of all videos viewed. The jump in December may have been powered by the TV writers strike because some new content was available on the Web.
Google served about 3.3 billion videos, which was 1.3 share points greater than the previous month. The biggest player in Google's stable is YouTube, which served about 97% of the Google videos. Fox Interactive Media ranked a distant second (358 million videos, 3.5%), then Yahoo (340 million, 3.4%) and Viacom Digital (238 million, 2.3%).
ComScore provided additional usage statistics that help put online video into perspective:
- 77.6 million viewers watched 3.2 billion videos on YouTube.com (41.6 videos per viewer).
- 40.5 million viewers watched 334 million videos on MySpace.com (8.2 videos per viewer).
- Online viewers watched an average of 3.4 hours (203 minutes) of online video during the month, representing a 34-percent gain since the beginning of 2007.
- The average online video duration was 2.8 minutes.
- The average online video viewer watched 72 videos during the month.
Digital TV Converters at Best Buy by Month's End
Best Buy says it will begin selling DTV converters before the end of February and that it has a large stock of converters that qualify for the US government's rebate program for the boxes. You might think of this as a government-funded corporate welfare program, but the government and the broadcast industry would prefer that you didn't.
In January, the Telecommunications and Information Administration began offering a $40 rebate on converters that cost $60. Not everyone will need such a box. If you have enough money to buy a pricey new TV, you won't need the converter. You also won't need one if you have cable or satellite service. When you buy one of these converters, you'll need to apply for the rebate on the government's Digital TV website.
Best Buy eliminated analog TVs and tuners last October. The company's electronics division head, Mike Vitell, said that the conversion will require a coordinated effort by broadcasters, manufacturers, retailers and the government.
The Weekly Podcast
Podcasts are usually in place no later than 9am (Eastern time) on the date of the program. The podcast that corresponds to this program is below. The most recent complete podcast is always located here.
Search this site: Looking for something you remember hearing about on TechByter Worldwide? Search me.
Subscribe to the newsletter: Subscribing to the podcast: I recommend Apple's Itunes for podcasts. Itunes will also install the latest version of QuickTime. The program is free. Need instructions?
Privacy Guarantee: I will not sell, rent, loan, auction, trade, or do anything else with your e-mail address. Period.
How the cat rating scale works.
Do you use a pop-up blocker? If so, please read this.
The author's image: It's that photo over at the right. This explains why TechByter Worldwide was never on television, doesn't it?
Feed the kitty: That's one of them on the left. Creating the information for each week's TechByter requires many hours of unpaid work. If you find the information helpful, please consider a contribution. (Think "NPR".)
