What is this?
You've been getting spam lately saying "John Mccain Taps Osama Bin Laden As Running Mate" or "Beijing Olympics cancelled"? And a couple of weeks ago, CNN kept sending you their Top 10, and then msnbc.com's BREAKING NEWS hit you?

It's the botnet, trying to suck you in so they can use your computer to spam people and take Estonia offline; if you follow the link, you'll regret it.

The way this works is:

  1. Hijack thousands of servers to serve up malware disguised as videos or Flash updates,
  2. Spam people with provocative headlines to get them to visit your hijacked servers,
  3. Watch as the foolish humans click on links telling them they need to upgrade things,
  4. Take over their computers,
  5. ???
  6. Profit!

Actually, they're pretty good at the ??? part, and the profit. They spam pharmaceuticals, they DDoS people for pay, they do ... well, anything they want to that can benefit from ownership of thousands of PCs on DSL lines that you don't have to pay for.

I run the Despammed.com free spam filter. So at any given time, I have thorough records on more than a million spam emails (about 300,000 per month). That makes data mining pretty easy -- and when I started to get into this, I started to do some real data mining. First, it was the subject lines (you can find a partial list on the status page, with a link to the full list). Then, it was the hijacked servers (also on the status page). Then I started to get interested in watching how often the landing pages changed (linked on ... you get the picture). Now I'm going back and analyzing older stuff in July, and trying to delineate the botnets I'm actually seeing.

Yeah. My spam habit is under control. I can totally quit any time I want to.

The project status page is here.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.