Posts Tagged: 3fn


15
Jan 13

Spam Volumes: Past & Present, Global & Local

Last week, National Public Radio aired a story on my Pharma Wars series, which chronicles an epic battle between men who ran two competing cybercrime empires that used spam to pimp online pharmacy sites. As I was working with the NPR reporter on the story, I was struck by how much spam has decreased over the past couple of years.

Below is a graphic that’s based on spam data collected by Symantec‘s MessageLabs. It shows that global spam volumes fell and spiked fairly regularly, from highs of 6 trillion messages sent per month to just below 1 trillion. I produced this graph based on Symantec’s raw spam data.

gsv07-12

Some of the points on the graph where spam volumes fall precipitously roughly coincide with major disruptive events, such as the disconnection of rogue ISPs McColo Corp. and 3FN, as well as targeted takedowns against major spam botnets, including Bredolab, Rustock and Grum. Obviously, this graph shows a correlation to those events, not a direct causation; there may well have been other events other than those mentioned that caused decreases in junk email volumes worldwide. Nevertheless, it is clear that the closure of the SpamIt affiliate program in the fall of 2010 marked the beginning of a steep and steady decline of spam volumes that persists to this day.

Of course, spam volumes are relative, depending on where you live and which providers you rely on for email and connections to the larger Internet. As I was putting together these charts, I also asked for spam data from Cloudmark, a San Francisco-based email security firm. Their data (shown in the graphs below) paint a very interesting picture of the difference in percentage of email that is spam coming from users of the top three email services: The spam percentages were Yahoo! (22%), Microsoft (11%) and  Google (6%).

WebMailSpamCloudmark

Continue reading →


12
Dec 11

Who Knows What Youhavedownloaded.com?

You may have never heard of youhavedownloaded.com, but if you recently grabbed movies, music or software from online file-trading networks, chances are decent that the site has heard of you. In fact, you may find that the titles you downloaded are now listed and publicly searchable at the site, indexed by your Internet address.

In many ways, the technology behind the site merely recreates in a publicly searchable way what the entertainment industry has been doing for years: It tracks and records information that users share when they download and upload files on public peer-to-peer file-trading networks. But the free service does have the potential to make people think twice about downloading pirated movies, games and music, because it shows how easily this information can be discovered and archived.

So far, youhavedownloaded.com has recorded more than 50 million unique Internet addresses belonging to file-sharing users. The site is searchable by file name and by Internet address. When you visit, it automatically checks and lets you know if your Internet address is in the database.

Youhavedownloaded.com offers only limited information about its founders. One of them is Suren Ter-Saakov, a Russian native who now lives in a suburb of Philadelphia. I first interviewed Ter-Saakov for a story I wrote in 2009 about the Federal Trade Commission’s unprecedented takedown of troubled Web hosting firm Triple Fiber Network (3FN). The FTC alleged it was hard to find any customers at 3FN that had legitimate, legal content. Ter-Saakov, better known in the Russian Webmaster industry as Mauser, disagreed and successfully sued the FTC to retrieve his domains and servers.

Ter-Saakov said he believes youhavedownloaded.com indexes about 20 percent of the file-sharing activity on the Internet. He maintains that the site was created merely as a proof-of-concept, and that it doesn’t have any commercial application.

“The whole thing started with a theoretical discussion I had with some friends about what is possible to track through software and what is not possible,” Ter-Saakov said in a phone interview. Continue reading →


27
Aug 10

Researchers Kneecap ‘Pushdo’ Spam Botnet

Security researchers have dealt a mighty blow to a spam botnet known as Pushdo, a massive grouping of hacked PCs that until recently was responsible for sending more than 10 percent of all junk e-mail worldwide.

According to security firm M86 Security Labs, junk e-mail being relayed by Pushdo (a.k.a. Cutwail) tapered off from a torrent to a dribble over the past few days. M86 credits researchers at LastLine Inc., a security firm made up of professors and graduate students from University of California, Santa Barbara, the Vienna University of Technology (Austria), Eurecom (France), and Ruhr-University Bochum (Germany).

LastLine’s Thorsten Holz said his group identified 30 Internet servers used to control the Pushdo/Cutwail infrastructure, located at eight different hosting providers around the globe. Holz said Lastline contacted all hosting providers and worked with them to take down the machines, which lead to the takedown of nearly 20 of those control servers.

“Unfortunately, not all providers were responsive and thus several command & control servers are still online at this  point,” Holz wrote on the company’s blog. “Nevertheless, this effort had an impact on Pushdo/Cutwail, which you can also see in new Anubis reports generated today  by re-running the analysis: Many connection attempts fail and infected machines can not receive commands anymore.”

Continue reading →


29
Dec 09

Story-Driven Résumé: My Best Work 2005-2009

I began writing for The Washington Post in 1996, and started covering computer and Internet security in 1999. Below are links to what I believe is some of my best work over the past four years or so. Virtually all of the stories and blog posts listed here were either Washington Post/Security Fix exclusives, or were the result of my investigative reporting and research aimed at shining a light on the Internet’s darkest corners, and educating readers about the importance of security.

Continue reading →