Tag Archives: Viagra

From the Ashes of Blue Frog

The Blue Frog may be no more,  but the vigilantes are. Seems that despite the death of Blue Security in the face of a spammer’s wrath, the service has built an appetite for fighting back. Eric B. Parizo of SearchSecurity.com reports on a new independent group called Okopipi who intend “to pick up where Blue Security left off by creating an open source, peer-to-peer software program that automatically sends “unsubscribe” messages to spammers and/or reports them to the proper authorities.”

Okopipi has already merged with a similar effort known as Black Frog and has recruited about 160 independent programmers, who are dissecting the open source code from Blue Security’s Blue Frog product. The idea seems to be the same: automatically sending opt-out requests to Web sites referenced in received spam messages, the idea is to over-burden the spammer’s servers (or those of the product he’s advertising) as a deterrence and incentive to register with Okopipi. By registering he can cleanse his spam list of Okopipi members.

Some tweaks seem to be under consideration: Processing will take place on users’ machines and then on a set of servers which will be hidden to try to prevent the kind of denial-of-service attack that brought down Blue Frog.

Possible problems: I noticed that some of the half million (quite a feat, when you think about it) Blue Frog users were quite, shall we say, passionate about the endeavour. These are the kind of folk now switching to Okopipi. This, then, could become an all-out war in which a lot of innocent bystanders get burned. The Internet is a holistic thing; if Denial of Service attacks proliferate, it may affect the speed and accessibility of a lot of other parts of it, as the Blue Frog experience revealed. (TypePad was inaccessible for several hours.)

Another worry: Richi Jennings, an analyst with San Francisco-based Ferris Research, points out on Eric’s piece that project organizers must ensure that spammers don’t infiltrate the effort and plant backdoor programs within the software. “If I’m going to download the Black Frog application,” Jennings said, “I want to be sure that the spammers aren’t inserting code into it to use my machine as a zombie.” I guess this would happen if spammers signed up for the service and then fiddled with the P2P distributed Black Frog program.

Another problem, pointed out by Martin McKeay, a security professional based in Santa Rosa, Calif., that spammers will quickly figure out that the weak link in all this is it rests on the idea of a legitimate link in the email for unsubscribing, and that spammers will just include a false link in there. Actually I thought the link Blue Frog used wasn’t unsubscribe (which is usually fake, since if it wasn’t would then pull the spammer back within the law) but the purchase link. How, otherwise, would folks be able to buy their Viagra?

One element I’d like to understand better is the other weakness in the Blue Frog system: That however the process is encrypted, spammers can easily see who are members of the antispam group by comparing their email lists before and after running it through the Blue Frog/Black Frog list. Any member who is on the spammer’s list will now be vulnerable to the kind of mass email attack that Blue Frog’s destroyer launched. How is Okopipi going to solve that one?

News: Hanging’s Too Good For Spammers, Says Joe Public

 
 Just when you thought there was nothing more to say about spam, someone goes and says something. This time it’s the turn of Harris Interactive, which has conducted two polls. (Neither seem to be on their website at the time of posting this.) Their conclusions?
  • 80% of online adults (whatever that means) now favor making mass-spamming illegal. Only 10% oppose doing so.
  • On average people online estimate that they receive more than 40 emails a day, including those at home, work or at other locations, and that 40% of these emails are spam.
  • The types of email which annoy the most people a lot are pornography (86%), mortgages and loans (71%), prescription drugs such as Viagra (60%), and investments (59%). Many, but fewer people, are annoyed a lot by spam selling real estate (51%), software (36%) and computer and other hardware (31%).
All that makes sense. But there are paradoxes. Those who favor making spamming illegal have increased (from 74% last December to 79% now). But those who find spamming very annoying have declined from 80% last year to 64% now, and somewhat fewer people (but still substantial majorities) are annoyed a lot by the main types of spam. Harris reckons that “while people may have become more efficient at identifying and deleting spam, this has not in any way reduced their desire to eliminate or reduce it”. That, or people are getting used to spam.