My God, it's full of stars! Botnet spam flood

So I got halfway through analysis of my first Javascript obfuscation discovered via spam, when another came in, and then another! And then I realized -- these were sent from botnet-controlled mailers that were slipping past my no-DSL filters at Despammed. So how many were getting blocked?

Turns out, a lot. Like, a lot. So I'm going to have plenty of grist for this mill -- and the very fascinating thing is that it sure looks like there is a change in tactics each day. So I'm going to try to go back through older instances and hope that people haven't fixed their servers yet for some, and I'm going to put up some early warnings to tell me about new ones -- but this is truly, truly fun.

Each of these mails has a faux news headline: "Michael Vick escapes from Federal jail", or "Beijing Olympics canceled", the one that first drew my attention. Then the body of the mail has a different headline, and a link.

Turns out that different headline is drawn from the same list. So I can check the Despammed.com spam archive (1.2 million spam emails on file at the moment) for other emails with that subject. And so on. This should allow me to build a database of subjects really, really easily. And then I can simply scan for those subjects to find new instances. If they select their headlines randomly (and I have no reason to believe they don't) this should allow me to find all their headlines and keep up with new ones at the same time. Fun!

Once I've got that coded, I'll post a database page in real time. [Updated to include link.] That will be even more fun. And then I can resume the de-obfuscation effort. Actually, I've dusted off some old project idea notes and started work on the monkeywrench to help me organize this stuff.

Note to anybody interested: the design philosophy of the monkeywrench is essentially a Hofstadter parallel terraced scan. But operated by a human (for now) in a workflow paradigm. I can sloooowly start to feel the various bits of my life coming together.






Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.