Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies



10:34 am on Jun 18, 2004 (gmt 0)

10+ Year Member

The Boston Globe has a story today about a recent study that claims 80% of spam email is generated by home PC's running Windows that have been "secretly taken over by spammers." Interesting story - I've no idea if it's accurate or not. What gets me is, if someone is able to get millions of PC's working together to produce a product (spam), why wouldn't they go commercial with their code? Talk about grid computing! Imagine the use in the life sciences, or other fields where complex tasks are performed with mounds of data. What do you think about it?


10:42 am on Jun 18, 2004 (gmt 0)

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

There has been a lot of good to come from similar tech, for example "folding @ home" or "seti @ home"

Folding @ home is similar to what you mentioned, folding at home is used to try and understand protein folding.



12:20 pm on Jun 18, 2004 (gmt 0)

10+ Year Member

why wouldn't they go commercial with their code?

I guess people would start asking questions about how the code was tested :)


1:12 pm on Jun 18, 2004 (gmt 0)

10+ Year Member

What gets me is, if someone is able to get millions of PC's working together to produce a product (spam), why wouldn't they go commercial with their code?

They're making too much money off the code and don't want to share? ;)


3:42 pm on Jun 18, 2004 (gmt 0)

10+ Year Member

Besides, if you think about it, the spamming zombies aren't really that much of a distributed app...

I am not a spammer, and don't personally know anyone who is. The stuff below is based on several security articles I've read along with logical extrapolation. I'm not trying to provide a recipee for how to write a spam bot, and I'm not saying anything that isn't already commonly available to anyone with access to google and a few spare brain cells *grin*

GRC [grc.com] has a fascinating account of tracking down a ddos who was using similar zobmie bots. It includes some very good insigits into how these things work.

The comprimized PC (zombie) just logs in to some IRC channel whenever the internet is available and sends a mesage saying it's ready to accept a command. Commands are issued via sending specially worded messages. The zombie client would listen for commands sent to its nik as well as commands for all in the channel.

The controller application (probably logged in with channel operator status) provides filenames for the email text and the first chunk of addresses to the zombie would then download the message text file and first batch of addresses. At this point, the zombie will just happily send messages out as fast or slow as its programmed to, and will report back to the controller when the work package (address list) has been fully processed (There should be a certain amount of client autonomy to reduce overhead for the controller app). When the zombie reports back that the messages were sent, the controller will assign another mail list file with a chunk of N addresses and the process will continue until there's nothing more for it to do.

a simple perl script could take a master email list and slice it up into a bunch of files with N addresses each. When a zombie reports in that it needs another work block, the controller would respond with the name of the file with the next N addresses for it. The controller would keep track of what lists were assigned to where. When the zombies report back, they would tell the controller what file they last finished, and if they are ready for another. The conroller could be smart enough to keep track of what lists are outstanding. If foo-1000.txt is out with some zombie for more than N days, the conrtoller will assume the zombie has been cleaned/removed and will reallocate the package.

Now, change it from zombie to seti client and change email list to data blocks to process, and you have the basis for SETI. The big difference is that with spam, you would just need the email text and a simple list of addresses to send to, but with seti, you've got to figure out how to break up the data into meaningful chunks. Also, with SETI and other legitimate apps, you would have to be more aggressive about guarantees... and have ways that the data analysis would overlap so that you aren't taking the word of just one client on whether to call Agent Mulder *grin*.


Featured Threads

Hot Threads This Week

Hot Threads This Month