Features

net.wars: Spam today and spam tomorrow

by Wendy M Grossman | posted on 30 November 2007


Admittedly you have to be really not paying enough attention to do this... but in the last couple of weeks I've discovered torrent spam.

Wendy M Grossman

Here's how it works: you download a file you think is something you want, and discovered it's been RAR-compressed. When you uncompress the file, you get a second RAR file that requires a password and a Readme file. The Readme advises you that to get the password you need to go to a Web site and enter an email address – any email address. I'm not quite demented enough to do this, even with the venerable black-hole address nobody@nowhere.com. Who knows what evils might be lurking on that Web site?

This is the more or less harmless kind. Other stories say that there are more dangerous types of torrent spam, where to play the file you are required to download a new video player that is typically infected with malware.

For once, this seems not to be an RI or MPAA initiative. It's just spam, reflecting the reality that any time anything on the Net gets sufficiently popular someone tries to turn it into a vehicle for unwanted crap. And you know they know it's unwanted, because otherwise they wouldn't be trying so hard to trick you into reading it. At one time – oh, say, a year ago – a lawyers' mailing list agreed that at the threshold of around 10,000 readers you have to turn off or moderate comments because the comment spam got too heavy.

Page rank can do it, too: the pelicancrossing.net site that hosts one version of this column gets something like 1,000 comment spams a week – and hardly any real ones. (Moveable Type, which powers that blog, does have anti-spam settings, which trap most, but not all, of the junk. Unfortunately, the price is that for some reason it rejects all comments I make myself, which means that people who do comment don't get responses from me. Despite a lot of trawling through settings, I have yet to find a solution to this.)

Appropriately diligent research shows that torrent spam isn't new; it was first reported in 2004, and by 2005 there were efforts to create a reporting service. That service now has very little traffic in its forums, and that makes it hard to tell from its stats whether this is a growing problem. Despite the egocentric desire to see it as one – hey, I noticed it! It must be big! – it's probably just a footnote to the great tide of spam that washes over us in so many other ways. A modest amount of attention paid to checking the torrent you're downloading defeats it.

Still, it's arguably yet another reason why the *AAs - both RI and MP - should have fought back by creating their own cheap, reliable, widely available services.

They may pick up some short-term advantage by being able to campaign semi-truthfully on the idea that using P2P to download copyrighted material is risky. But long-term the educational task they'll face in trying to explain to ordinary consumers why we should trust that their systems are safer, will be a bigger disadvantage.

On the wider Internet, of course, spam continues to be a relentless flood. Google broke ranks this week to claim that the amount of spam reaching its network is declining. I find it hard to believe this. It's certainly true that spam does move on if a particular technology goes out of favour – the areas of Usenet I frequent are now almost completely spam-free though not, unfortunately, devoid of single-idea-obsessed idiots with a trigger-finger on the abusive adjectives.

But if email spam does start to die because too many people have moved their real communications to IM, Skype, Facebook, and other newer, more carefully gated media it seems unlikely that any one service provider will be singled out. Given that the single biggest reason email spam is popular is that it costs next to nothing to send, I really can't see botnet designers sitting around their labs going, "Oh, listen, this time let's not bother sending anything to gmail addresses; they just bounce it." If there's one thing we know about spammers it's that they don't care about targeting.

I find Facebook, LinkedIn, and the other social network platforms painfully irritating to use for communications compared to email; but for a lot of people they work as an elaborate form of white-listing. But others do not find them painful. "I'm more likely to have Facebook open these days than Outlook," one such correspondent wrote just this morning when I suggested taking it to email.

The longer-term prospects, though, are for much more "legitimate" marketing email. Spamhaus has a really interesting article up about a recent flood of sales messages it's received from one of the lifetime menaces on its ROKSO list advertising cheap home delivery of the New York Times. That same article talks about the many ways email addresses find their way onto marketing lists: sharing with third-party companies and database-matching being the most significant.

Then, also this week, Adobe and Yahoo! announced that we can have – oh, joy! – ads in PDFs downloaded dynamically while we try to read.

Doesn't anyone get it? The difference between marketing and spam is user choice. Take that away, and it's all just spam.


Technorati tags:   
Spammerday night fever - You can discuss this article on our discussion board.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, follow on Twitter or send email to netwars(at) skeptic.demon.co.uk (but please turn off HTML).