Here at The Slacktiverse we hope to be as transparent as possible without violating confidentiality.
Unfortunately we don’t always know when things appear to be opaque simply because we incorrectly presume that other people know things that they don't actually know (imagine here one of those annoying rom-com movies where everyone is talking at cross purposes.) This is especially frustrating for the other people because from their point of view there is no reason why they should (or even could) know those things.
So today I will share some information about spam, and its removal and prevention, that some of us know and some of us have never had a reason to know.
What is spam? [7213]
To quote TypePad:
Spam comments are unsolicited and anonymous, and often contain links or offers. TypePad AntiSpam catches most spam.
Are the links always in the body of the spam?
No, sometimes the “name” of the poster will be the link
What type of places/things are linked to? [7214]
Sometimes the links are to sites that sell legal things like baseball caps, or get-rich-quick schemes and sometimes they are to sites that are illegal and (to our community) deeply disgusting.
Why are “they” spamming “us”? [7215]
Spammers work in volume. It basically costs them no more to send out a link-laden comment to 100,001 sites than it does it send it to 100,000 sites. Once a website’s address is on the spammer’s list it will be included whenever spam gets sent out.
Why can’t you/TypePad block them?
We try. Every time a comment gets reported to TBAT as spam we check it out and “mark” it as such. That removes the comment from the board and at the same time it is automatically reported to TypePad as spam. TypePad’s spam-catcher is heuristic. It “learns” from experience. If you go back through Fred Clark’s old posts you can read about the effort it took for the spam-catcher to become as sophisticated as it is today. The spam-catcher was at one point sometimes capturing innocent long term posters' comments while missing those of actual spammers. Fred had to go through thousands of comments and mark each piece of spam as such while individually “unspamming” comments incorrectly caught by the blocker.
If the spam-catcher is so good why does some spam still get through?[7217]
There is an arms race between spammers and spam catchers. There are people out there right now working on ways of “getting through” the protections that websites are putting up against them. Every time a piece of spam gets through it is flagged and reported. The people who maintain the “catcher” work to update it. The spammer works to break through again. TypePad updates their system. It never stops.
Why can’t you do something about the people who are doing the spamming?[7220]
Let’s leave aside the “annoying but not illegal” spamming and look only at the people who send out links to sites that contain material that is illegal. Since the people who are running those websites are doing something that could end in jail time (or death in some countries) they work to hide themselves.
Each “come to our website that contains illegal material” comment comes from a location/ip address/email address and links to one or more websites.
One of things people can do to deal with the problem is try to turn those websites off. We are usually able to track down the company through which these websites are registered. If those companies are located in the US, the UK, Canada, Australia and a number of other countries their own terms of service require that they remove any site which knowingly hosts material such as child p*rn*gr*phy. It is possible, however, for part of a website to be highjacked by someone who doesn’t own the website. Consequently many companies investigate the site and warn its legal owners about the problems before shutting it down.
What about catching the person who posted the comment? [7221]
It is hard to catch the commenter/poster for a number of reasons.
1) it is trivially easy to get a disposable email address, use it for a day, and then disappear never to use it again.
2) it is trivially easy to change the ip address from which you are apparently posting. It trivially easy to appear to be posting from different countries.
3) it is quite possible that the person who owns the computer from which the message was posted is completely innocent and unaware of that fact they have been unknowingly providing cover for the real commenter.
How can someond not know that they are sending out spam? [7223]
(Just caught a piece of spam the spam-catcher missed. The comment was short but generic. It was on an old post. The link was the poster’s url.)
That person's computer has become part of a botnet. What is a botnet? To quote the Microsoft Safety and Security Center: The term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the Internet, without you knowing it.
The botnets are very similar to armies of zombies. The computer user follows a link not realizing that the destination is actually a harvesting site. Once at that site malware is downloaded to their computer. Their computer is now under the control of people who will use it to send out comments to yet other boards where other innocent readers can be lured to sites that will harvest their
Why can’t you just go to the police? [7225]
Jurisdictional issues and lack of proof. If I drive down to my local police station, fire up my laptop and show them the spam on the website I will be showing them material that was posted on a website whose server is in another country. The comments themselves were apparently sent from a computer in a third country. The website to which the comments link is registered through a company in another country and the domain’s physical server appears to be in yet another country.
Does this mean nothing is being done?
No. People who have better protected computers than any of us will be going to those websites attempting to identify the people involved.
Should members of our community go to these sites looking for clues about the people involved/being hurt?
No. There is no safe way for the ordinary member of our community to go to these sites. At the very least you will probably encounter malware/viruses. At the worst, if the site is being monitored by the police, you could be misidentified as a client.
Then would can we do?
TBAT appreciates members of our community who find and report spam that gets through the spam-catcher. We remove the spam and report it to TypePad and other relevant authorities.
Keeping your anti-virus/malware programs up to date will help to protect you from becoming part of a botnet.
What are those numbers in square brackets [7227]
Those are updates on the number of spam comments in the TypePad spam catcher while I was typing this. It has been a slow day so far. [7228]
--mmy
[7252 after proofreading]
The Slacktiverse is a community blog. Content reflects the individual opinions of the contributors. We welcome disagreement in the comment threads, and invite anyone who wishes to present an alternative interpretation of a situation to write and submit a post.
The other, important message should be obvious:
Never, ever, EVER buy any product or service advertised via spam. The cost of spam is so low that if only one out of a million recipients buys the product, it has paid for itself.
Posted by: RodeoBob | Sep 16, 2011 at 09:48 PM
Hear, hear! (And by whatever you hold sacred, take heed!)
Thanks for posting this. It's old news to me, but it's a good and fairly succinct summary of a difficult and very annoying situation.
Posted by: Michael Mock | Sep 16, 2011 at 10:45 PM
A particularly nasty form of Malware I have *repeated* experiences with is the rootkit. Each time I get one of those damn things, it's usually to peddle some sort of antivirus software at me, by telling me I have 'x' amount of spyware installed on my computer. Sometimes, you can end up with popups that do that, too, if you go to the wrong site (And it doesn't always have to be pr0n related, either; I recall one time I was looking for a picture of lightning and I went to the fake webpage that the picture popped up on and volia - malware.) The only way to get rid of a root kit is to reinstall your OS, and wipe the hard-drive clean. And even then, I've heard rumors of some root kits that embed themselves in the BIOS of the computer, making them immune to an OS reinstall...
Public service announcement:
I recommend WOT for anyone who is using Firefox. It uses community ratings to grade webpages and displays whether or not they're safe links, and why. They learn so you don't have to. I also recommend a very good firewall, because that's your first line of defense.
Most subscription antivirus services come with firewalls (WOT has one too; it automatically blocks all sites that have poor ratings). Windows also comes with one built in, but like almost everything else Microsoft does, it's a joke. If you don't have another firewall and the Windows one is all you've got, it's probably in your best interest to get a real firewall.
Fret not, for I am here to assist (or get in the way, that happens too):
For those without antivirus software, go here:
http://download.cnet.com/windows/antivirus-software/?tag=rb_content;main
Those without firewalls, go here:
http://download.cnet.com/windows/firewall-software/?tag=rb_content;main
This site is also the home of legal freeware and shareware that serves a whole bunch of useful purposes.
/Public service announcement
Posted by: J. Enigma (the Transhumanist) | Sep 17, 2011 at 12:50 AM
Using an operating system not made my Microsoft protects to some extent.
Posted by: Irina | Sep 17, 2011 at 02:34 AM
@J. Enigma:
Thanks, I have followed your helpful links and downloaded myself a firewall thingy :)
Posted by: mercredigirl, who knows naught of these techy things | Sep 17, 2011 at 07:04 AM
J. Enigma, this is making me really glad I use a Mac. The Apple Store staff have told me that even an antivirus program isn't a necessity, and I've never had a virus in five years of running Macs. I did have a close call with a pop-up for Mac Defender that made it impossible for me to close the pop-up window or close Safari, but I knew not to click anything from the pop-up and a hard reset (turning the computer off by holding down the power button, and then turning it back on again) dealt with the problem. I know that Macs aren't intrinsically more secure, it's mostly just that people don't make as many viruses and malware apps for them, but I'm still glad I don't need to worry to the extent that Windows users do.
Posted by: kisekileia | Sep 17, 2011 at 09:49 AM
Thank you for taking on the hard work needed to make this blog run.
Posted by: Brin | Sep 17, 2011 at 10:37 AM
Pthalo: Actually as far as I can tell that's generally been the way that most Mac-based malware and similar get spread -- convincing a less-than-fully-educated user that they need to perform certain commands in terminal or need to run certain scripts.
It's not too different from "URGENT URGENT click this email attachment NOW" spam messages that show up regularly for Windows machines. Even so it's my understanding that it's not as frequent or usually as debilitating due to the restrictions Unix-based systems have on user priviliges.
(This is of course an annoying thing about legacy Windows applications, that they cannot be installed or in some cases even run without using administrator level permissions.)
Posted by: muteKi | Sep 17, 2011 at 02:52 PM
Unix malware is certainly not impossible. I was logged in when the Morris Worm hit the University of California Berkeley in 1988....every computer in the room, and, it soon appeared, nearly every computer in the building began to slow down and eventually ground to a halt. It specifically hit VAXen and Suns running Unix. But it has not had too many successors compared to the flood of Windows malware.
Some interesting theory has been done on the spread of biological and computer viruses, and the similarities and differences between the two. Unfortunately it is hard to do phylogenetics on computer viruses due to the human step in their modification, which resists statistical modeling. One definite similarity is, though, there were always be a greater diversity of viruses for a common host than a rare one--this fundamental process has guided evolution of the mammalian immune system, and it also applies to computer viruses.
My favorite memory of the Morris Worm: the local paper ran a photo of a desk completely covered with empty cans of Jolt, and a caption to the effect of "Computer specialists are working long hours to recover from the worm and secure their systems." But I happened to be sitting next to someone who knew the desk's owner, and she said "Nah, it always looks like that."
(I was in grad school in '88. Gosh, I feel old sometimes.)
Posted by: MaryKaye | Sep 17, 2011 at 07:42 PM
Over most of my academic career the real "issue" between Macs and PCs was the availability of statistical packages. Early on (yup MaryKaye, also feeling old here) all the statistical packages being used/written by my profs were either UNIX or DOS -- no Macs need apply. I am serious -- there was not one Mac in any of the stats computer labs.
It wasn't just that SPSS gave weak/no support for Macs -- it was that most of us wrote our own code for particular stats programs (STATA love here) and it was a easy as anything doing so using DOS.
As for the great worm -- whenever I taught that in the history of computers/the internet my students would find it hard to believe they had so bought into the whole "only PC get viruses" meme.
Among the computer scientists/hackers I knew the whole issue seemed to be exactly what MaryKaye described -- the population of PCs was large enough to host the development and evolution of viruses and for a long time the Apple world was just simply to small to make it worthwhile in terms of money or ego.
Posted by: Mmy | Sep 17, 2011 at 08:09 PM
I think a lot of the "only PCs get viruses" meme comes from the fact that Windows comes with a registry. To my knowledge, Mac OS doesn't use a registry, which means that key component for making computers so exploitable doesn't exist. Because most malware is written for the Windows registry, they don't work on Macs. Thus, to the non-computer person on the street, the Mac appears invulnerable to viruses and malware (there's a fallacy at work here who's name I can't remember right now. I want to say it's Selection Bias, but I'm not sure.)
Posted by: J. Enigma (the Transhumanist) | Sep 17, 2011 at 08:42 PM
You got another typo: in the part about botnets, there's a link to the Micosoft Safety and Security Center. Which made me want to see Kit do a bit with Mika and computer stuff.
Posted by: Mark Temporis | Sep 17, 2011 at 09:32 PM
An update on the "really horrible spam" situation.
Most of the spam that gets through the filter/catchers is *just* annoying but some of it is very distressing to those who come across it before it can be removed.
I have a update on the most serious/disturbing of the stuff that has been briefly visible in recent days.
To put it briefly -- the links promise child pr0n but the pages one finally arrives at do not contain the promised material.
No, I haven't gone there and I have no plans to do so. People whose computers would not be infected and who were not at risk of being misidentified as pr0n seekers were willing to check them out for us.
So why, you might be asking, would anyone send out these links promising child pr0n and not providing it -- what do they get out of it?
They get people (people would I really, really hope don't hang out here) to go to their websites.
Once there the following things can/may happen:
1) The frustrated pr0n seeker (who has disabled/doesn't have an anti-virus program) gets malware downloaded on their computer and the people who run the website enroll that computer in their botnet/harvest all the financial information on the computer
2) The fps (frustrated pr0n seeker) clicks every link on the page in an attempt to get to the promised material. The owners of the website get paid for every ad the fps clicked.
3) The material on the "front page" of the website is technically legal (all the "children" in the pictures are obviously of men and women in their 30s and with crappy "children" make-up) and the fps is promised that if they "enroll as a club member" they will get access to the "real stuff" -- and all they have to do to enroll is enter their credit card number "to prove that they are an adult." That credit card number will now be sold to others.
4) The website is actually part of a sting operation being run by the police
5) The website is harvesting identities in order to later "lean on" the fps by threatening to out them to their significant others/the police/their constitents
the list of ways in which this type of material is used to lure people into situations where they will be defrauded is long.
the idea that there might be members of our community who would be tempted to follow those links is disturbing......however
remember, spam works in volume. It is quite likely/possible that this website's address was harvested long ago and is on a list that includes hundreds of thousands of addresses. It will stay on that list whether or not they ever get a hit from here.
This does not mean that there isn't any child pr0n out there. There are places in the world where it is frightening easy to get away with mistreating and abusing children.
Posted by: Mmy | Sep 18, 2011 at 09:05 AM
the idea that there might be members of our community who would be tempted to follow those links is disturbing
Indeed. Though I can think of an innocent reason why somebody might: they might want to see if it really is what it says so that they can report it to the police. If they weren't very scam-savvy, they wouldn't necessarily realise the problems they were risking.
Posted by: Kit Whitfield | Sep 18, 2011 at 10:26 AM
@Kit Whitfield: Though I can think of an innocent reason why somebody might: they might want to see if it really is what it says so that they can report it to the police. If they weren't very scam-savvy, they wouldn't necessarily realise the problems they were risking.
I am sure that almost everyone in our community who did follow those links would do so because they wanted to get enough information to report this to the police.
The horrible thing is that the scam-merchants will take advantage of both the good hearted and those who are evil.
I want members of our community to let TBAT know when they come across something like this so that people with the technical and legal knowhow can investigate it. Much of what we can do is to forward the information to the authorities who have both and have them check things out.
Unfortunately the number people who want to steal, cheat and abuse others seem limitless.
But TBAT does report the stuff that comes to their attention. We do pass on complaints/notice to those who have legal jurisdiction. Unfortunately we (and they) cannot stop a new abuser from springing up for every one that gets shut down.
mmy (who sometimes despairs of the human race)
Posted by: Mmy | Sep 18, 2011 at 11:04 AM
To add to J. Enigma's rec of the Web of Trust - there's a version for Chrome too.
Posted by: Mike Timonin | Sep 18, 2011 at 03:34 PM
To misquote some wit on the net:
"Supposedly, there's only about 20 people worldwide responsible for 90% of the spam, so maybe we could have a quite whip-around to get the money to hire a hitman and have them all shot? If enough people donate, the governments couldn't possibly prosecute everyone. Maybe I should set up a PayPal fund."
The Apple Store staff have told me that even an antivirus program isn't a necessity, and I've never had a virus in five years of running Macs.
Hah, don't you believe it. I worked at a company that sold Mac parts over eBay for a while. Imagine the horrible sinking feeling we got when we realized we'd sent out possibly dozens of disk-drives with pre-installed viruses. (We emailed all our recent customers asking them to use a virus scanner, without mentioning why. I'm not proud of that at all.)
Posted by: Consumer Unit 5012 | Sep 18, 2011 at 10:28 PM
Consumer Unit 5012, what antivirus programs do you recommend for Macs, then? My system is running fine and I haven't seen any mystery downloads, so I'm inclined to think it is virus-free.
Posted by: kisekileia | Sep 19, 2011 at 10:29 AM
CU5012, if we ought to TW graduate school, then I think we /certainly/ ought to TW contract killing.
Posted by: DS | Sep 20, 2011 at 05:36 AM