How to Spot a Psychopath

Fake marijuana botnettery continues

17 November 2007 — dan

It would appear that the previously mentioned "herbal marijuana" business (which, as I explain in that earlier post, is probably actually just a scam to harvest credit card numbers) is burgeoning.

From: "Bud Shop" <dancitep_yzpsoy@gte.net>
Date: Fri, 16 Nov 2007 14:05:42 -0700
To: "dan" <dan@dansdata.com>
Subject: Smoke up the bud

Do You Smoke Big Buddha Bud Or Any Other Legal Bud To Go Crazy ?

http://shabaaloo.com

My buddy Mark stopped hanging out with me because he now works at the post
office and has to do a piss test every other week. Just last week though, i
see him sparking up. I'm like "Dude are you smoking bud again??" and he is
all "Yeah! i bought ONE POUND of Legal Bud at cheapestbuds.com and i dont
need to worry, this shit doesnt come up in piss tests and its some potent
shit!" cheapestbuds.com is too good to be kept a secret.

One warning though, Dont drive with this potent bud.
My friend blasted up before going on his mailing route and he ended up
crashing the postal truck LOL.
Oh and he still smokes up the Legal Bud!

http://www2.shabaaloo.com

OR

http://3I.shabaaloo.com

The shabaaloo.com site being promoted here looks exactly the same as the previous thebudshop.net. Note also the mention of "cheapestbuds.com", which was perhaps an earlier URL for the same scammers. That's dead now, but all of the other ones are still up. The "www2" and "3I" subdomains spread the botnet hosting out even further.

Once again, these sites are all shuffling from one home broadband IP address to another, a technique I now know is called "fast-flux", which was apparently originally used to hide spam mail servers. Their nameservers occasionally seem to be pointing more than one domain at the same IP address - both shabaaloo.com and thebudshop.net were at 69.141.166.10 (someone's virus-infected PC on a Comcast address) when I first checked. Mere moments later shabaaloo had moved to 75.22.25.116 (another zombie, this time connected via AT&T) and thebudshop had moved to 63.131.13.17 (Choice One Communications). Then shabaaloo was 82.10.184.121 (NTL Internet, a UK ISP) and thebudshop was 70.92.159.113 (Road Runner). The subdomains all have their own separate changing addresses, too.

Thebudshop's nameservers are still ns1.b4cf5f189.com and ns2.b4cf5f189.com; those are currently at 68.16.9.22 (AT&T) and 75.66.195.228 (Comcast), respectively. NS1 has stayed the same since I first checked four and a half days ago, but NS2 has changed at least twice since then.

The DNS entry for shabaaloo.com lists no fewer than five nameservers - four is the usual limit. It's got NS1 through NS5.b4cf5f189.com. As I said in the comments for the previous post, that probably makes it virtually invincible, at least by spam-site-hosting standards.

When botnets first hit the news, many people (me included) had some difficulty figuring out what they were for, exactly. Yes, you could use them to send spam, or to launch denial-of-service attacks, or as your own personal massively parallel supercomputer for cracking encryption or something. But none of those features sounded hugely marketable.

Bulletproof hosting for any site you want is different, though. There are plenty of people who already pay big bucks for that.

I think we'll be seeing a lot of spam-scam sites shifting to botnet hosting soon. Perhaps that'll be what it takes to get the major ISPs to start actually disconnecting people whose computers are part of a botnet. Thus far they've resisted taking such action, despite being urged to do so by such minor entities as the US Government for going on three years.

One might cynically surmise that the lack of action is because there's no money to be made in disconnecting zombies. Actually, there's money to be lost; even if all you do is direct all of the customer's Web requests to a "you've been quarantined" page with information about antivirus software, you're still going to get irate support calls that'll rapidly eat up every penny the customer's paying you. If you cut 'em off altogether, they'll probably tell all of their friends that you're a terrible ISP, and may file complaints with their credit card company. It's a nightmare.

And botnet members don't generally actually use a whole lot of the ISP's precious bandwidth, either. J. Random Hacker with his squeaky-clean computer that's downloading TV all day is the user an ISP really wants to cut off.

And if every ISP doesn't adopt a no-zombies policy, at least some disgruntled customers are not going to actually put their house in order - they'll just switch to an ISP that'll let their lurching zombie of a PC onto the Internet.

Here's a good article about the current sad state of affairs. Busting the people who set up the botnets seems to be the most promising course of action. That strategy hasn't exactly stamped out spam so far, though.

Posted in Hacks, Scams, Spam, Strange Tales. 7 Comments »

Bloodsuckin' fun

15 November 2007 — dan

I've just finished watching the first, and only, series of the inventively-named "Blade: The Series".

The show's cancellation after 12 episodes was a lot less of a crime than the cancellation of Firefly, but I still quite enjoyed it. The feeling of foreboding you get when some rapper with a silly name gets cast in a nominally serious show is, in this case, unfounded. Blade is an absolutely relentless downer who avoids anything resembling dramatic acting at all costs, after all. He's easy enough for any schmuck to play.

Blade: The Series often doesn't quite make sense. You'd think, for instance, that the shutters on the windows of Vampire HQ would have anti-daylight interlocks that couldn't be defeated by anything short of a shaped charge, but apparently they prefer to give the good guys a sporting chance. And vampires are supposed to have superhuman senses, yet none of them ever seem to overhear anything, or even be able to smell a sweaty, bleeding human who seconds ago crossed their path, when to do so would be inconvenient for the plot.

The upper levels of the vampire hierarchy also appear to be reserved for the exceedingly pompous, but there's nothing new about soliloquising expository villains. And there's a good laugh based on this in the last episode.

The low-ish budget also shows through from time to time. When, late in the series, it becomes apparent that something important will be happening in Toronto, you can't help but laugh. The show's meant to be set in Detroit, a mere hop skip and jump from Toronto - but I live on the other side of the planet and could still see that everyone's actually been Rumbling in Vancouver all this time. So now Blade would appear to have to drive his Cool Car 2700 miles.

Oh, and in the Drinking Game for this series, "someone walks somewhere in slow motion" would only be one very small sip of your drink, and "someone who is actually still alive is confidently declared to be dead by someone who hasn't even checked" would not be very much bigger.

(I was also downright surprised when a vampire told a human employee "your well-deserved reward awaits you" and it turned out that, for once, the reward was not death.)

But the acting's pretty decent, the fight choreography is OK, and nobody decided to cut the guts out of the show by shooting for a PG-13 rating.

If you haven't seen the Blade series but you also haven't seen Ultraviolet (the British TV series, not the lousy movie), you should see Ultraviolet first.

If you've still got a hankering for vampire-based fun after that, check out Blade: The Series' movie-length pilot and see what you think.

Posted in Movies, Nerdery. 5 Comments »

I know you're a liar paradox, but what am I?

14 November 2007 — dan

Herewith, Wikipedia's surprisingly learned article about Opposite Day.

(When it was nominated for deletion in 2005, only one voter was concerned that the vote might in fact be happening during Opposite Day.)

Posted in Humour, Strange Tales. Leave a Comment »

Big pink pigeons

13 November 2007 — dan

Our back deck ceased to be a restaurant for birds several months ago. I decided it was time to put out some seed again.

As usual, $US10,000 worth of brightly coloured beasties turned up shortly afterward.

Along with the usual Sulphur-cresteds and rosellas, this time we got a couple of galahs.

We've had a galah or two hanging around the seed before, but I never got any photos of them. They're pretty birds, and relatively reserved when there are only a few around. Get a few hundred of them in one place, though, and they turn into one of the world's premier sources of frivolity.

("Galah" is also a somewhat archaic Australian colloquialism for a fool. The birds haven't really earned that, but I believe the boobies deserve to have their complaint heard first.)

Galahs have a crest, but it's not nearly as impressive as that of the Sulphur-crested. As with the big cockatoos, they raise the crest when excited.

These two got to spend quite a while with their crests up...

...because the bigger birds, as usual, insisted on pointlessly bullying them.

This sort of inter-species animosity is one of the reasons why conservationists don't actually much like backyard bird feeders. An unnaturally large and reliable food source in one very small area forces different bird species to rub shoulders, and they never seem to enjoy that very much.

They never actually seem to come to blows, though. Even when the notoriously aggressive currawongs show up and start staring down the cats through the window, the other birds just give them a wide berth and come back later.

And now, I am pleased to present...

...a variable-geometry cockatoo.

Posted in Animals, Birds. 1 Comment »

More tales from the online Wild West

12 November 2007 — dan

Everything old is new again. It's been years since I got any spam trying to sell me legal herbal smoking mixtures, but here they come again. But, this time, there's a lot more to the scam than meets the eye.

"Legal weed" concoctions seldom have any more actual effect than does snorting a fat line of baking powder. They invariably, however, have names that make them sound as if just opening the bag and taking a sniff would blow Bob Marley's head clean off.

This time, the spam's trying to sell "Big Buddha Bud".

Or, as I discovered when I searched for that string, perhaps it isn't!

It would appear that the Big Buddha Bud spams were, a week or three ago, promoting thebudshop.hk. That server had a protean IP address, shifting from one address that resolved to a home broadband provider to another, minute by minute if not second by second.

That could only mean that the site was being served by a botnet.

And that, in turn, probably meant that the site's only purpose was to harvest credit card numbers.

If, after all, you've got an online shopping site that can only be traced to countless virus-infected home PCs, why on earth should you bother actually sending anybody anything they've bought from you?

Thebudshop.hk is gone now, but thebudshop.net is alive and well. And its shifting IP address remains.

When I looked at it it a few minutes ago it was at 75.208.93.134, an address in Verizon Wireless's allocation. Then it changed to 76.188.169.229, which is a Road Runner address. Then it was 63.131.13.17; that belongs to ChoiceOne, a bank! And less than a minute later, it resolved to 76.15.25.162, an Earthlink address. And then 76.247.75.67, which is AT&T. I doubt any US ISP will be left out, if I keep on checking.

(If you manually point a Web browser at any of the botnet IP addresses, by the way, you get an interesting little page that says "Coming Soon! Please check us back later... Ddos Protection by the leet boys ;)". This is an interesting thread to tug on, if you're after more information on this particular botnet.)

I had no idea it existed until this moment, but it turns out that this "botnet hosting" is a known phenomenon. It's a brilliant idea, too! Why use your army of zombified home PCs only to send spam, when you can also use it to host the super-dodgy sites you're promoting?

Botnet hosting seems to have taken great strides, as well. Sites like this are supposed to be flaky, but thebudshop.net looks rock solid (not to mention professionally designed!) to me. This botnet seems to be delivering the kind of super-distributed redundancy that major Internet companies dream about.

Posted in Hacks, Scams, Spam, Strange Tales. 8 Comments »

Another glimpse of the Dark Side

12 November 2007 — dan

My spam had two high points today.

One of them was not the terrible news that the invaluable link directory at teksavers.com was REMOVING MY LINK OMG from their site because I had failed to respond to their repeated unsolicited requests for a link from this ancient motherboard review to http://www.teksavers.com/, with the title "Buy Sell Refurbished Cisco".

I simply cannot figure out why I haven't done that. Too late now!

Spam high point one was brought to me by the new wave of random-subject-lined replica watch ads, which seem to be sourcing their random words from a much more awesome dictionary than most.

My favourite so far is today's masterpiece, "Rainbow Kaleidoscope Ice-cream Egg Magnet".

I opened that message, hopeful to be given the opportunity to purchase this wonderful-sounding product. But all it contained was the usual link to an odd-named and inaccessible server where, I fear, no Rainbow Kaleidoscope Ice-cream Egg Magnet would be on sale anyway.

(The next one to arrive had the subject "Solid Prison Post-office Necklace Fan", which sounds much less appealing.)

Later in the day, I received this pearler:

Date: Sat, 10 Nov 2007 19:04:47 +0200
From: "Igal K." <igalkr@013.net>
Subject: Article contribution proposal to www.dansdata.com
To: dan@dansdata.com

I've stumbled across your site - www.dansdata.com and
I want to make you an offer regarding contributing uniquely
written Insomnia & Sleep Problem related articles to your site.

As you know - Creating unique content for your site is the only
way to get high rankings in Google and other Search Engines.
Copying Articles from Article Directories became obsolete
now that Google is penalizing sites with Duplicate content.

This is where we can help each other in a win-win partnership - I
have a staff of skilled writers creating articles about subjects
such as ( Just to to name a few ) :

      Insomnia Treatment Tips
      What Are Sleep Disorders
      Chronic Insomnia Treatment
      Sleep Aid Guides
      Sleep Disorders
      Sleeping Pills Help

The articles that I'm offering will be unique and were never
published on any articles directory or website, therefore you will
have the full benefits of a unique content that is published only on
your website - in Addition you have full rights to edit and tailor those
articles to your own liking and your website needs.

The only thing I want in return are 2 links pointing back to my
Insomnia Related site at the bottom of each published article.

So if you're interested in my unique win-win proposal please let
me know so we can start helping each other get Higher Rankings
in Google.

Igal K.

You know how sometimes you click on a result for some obscure search or other, and then find yourself on a site with a buggerload of Google ads and some real actual readable text... but that text doesn't contain any valuable information at all?

In fact, the text looks as if it could be customised, with a quick search and replace, to apply to any subject?

I'm betting that this is the sort of "content" that Igal's "staff of skilled writers" are offering my poor little site, which with its miserable thousand or so articles and laser-like focus on sleep disorders is clearly in need of Igal's assistance.

(Amazingly enough, I don't think dansdata.com contains even a passing reference to insomnia at the moment. Usually, subject-specific spam like this comes to me because someone found the word "sauna" on my site somewhere and decided that I therefore must be interested in ordering a few container-loads of Chinese pre-formed hot tubs. Heaven knows how Igal came up with the insomnia connection, in the absence of such an obvious link.)

I suppose it's possible that Igal really does have writers on staff. If that's the case, I imagine they're the inexpensive and quirky kind.

Igal's a wily one, too; he doesn't mention the URL of his special insomnia site in his spam.

But I'll betcha any of you unfortunate enough to be searching for information on sleep disorders will be seeing Igal's site soon. At least until Google catches on, yet again.

Posted in Language, Scams, Spam. 3 Comments »

A familiar tale

11 November 2007 — dan

This Lego vignette/comic is funny, true, and an effective deployment of a microscale Millennium Falcon. I don't think you could ask for more.

(See also the classic "I'm naked! No clothes!")

Incidentally, the old #4488 Mini Falcon is a great set, and pretty easy to make up from stock pieces, though you'll of course miss out on the big printed dish if you make it that way. The comic refers to the gigantic #10179 Falcon, by far the largest Lego set released to date.

Lego have really milked the old Falcon since they got the Star Wars license - there've been no fewer than four quite different Falcon sets.

Posted in Humour, Nerdery, Toys. Leave a Comment »

Guardian Angel (battery)

11 November 2007 — dan

There I was, innocently reading Engadget, when I struck this post about how "Exradia suggests that iPhones could warp brains".

Exradia's argument is that cellphone radiation is harmful (which is dubious at best, but let's continue), and that the iPhone is particularly dangerous. That's because the iPhone battery is not user replaceable (not without soldering skills, anyway), which means, drum roll please, that you cannot buy one of Exradia's special after-market radiation-reducing batteries for an iPhone.

On the face of it, Exradia's claims sound like poppycock.

Let's assume that cellphone radiation is bad for you. Well, that's a shame, because mobile phones depend for their operation upon the emission of that radiation. A phone that cannot emit pretty much exactly that same radiation is a phone that will not work. Wrapping your body in earthed flywire is the only option, if you insist on still using a mobile phone.

So I was interested to hear Exradia's explanation of what their "Angel™ batteries" (available for all major brands!) were actually supposed to be doing.

That explanation can be found here.

Apparently, "Exradia's Angel™ technology superimposes a random noisefield on the bio-effective man-made EMFs that are typically emitted by cell phones and most other digital wireless devices. With Angel™, the body (cells) detects only randomised signals that cannot trigger a cell's response and therefore cannot be harmful to cells."

I've heard much worse scientific word salad than that, but this still sounds like nonsense to me. Exactly how a battery is supposed to be changing the output waveform of the phone's radio at all is a pretty big stumbling block; does the battery have its own antenna? If it broadcasts random noise in the frequency range in which the phone operates, wouldn't the phone just turn up its own radio volume, if possible, to compensate?

I could go on, but I'm just speculating. The Exradia explanation isn't clear enough for anything better.

Exradia's "Bioeffects of EMF" page refers to a 2000 University of Washington study that found that microwave exposure fragmented DNA strands in the brains of rats. Apparently superimposing a random signal on that field was somewhat protective. Nobody else in the world has been able to replicate these results - quite the opposite, in fact - but that hasn't stopped vendors of various allegedly-noise-emitting anti-radiation talismans from cashing in.

Hunting more info on this subject led me to The EMX Biochip™, and that led me... straight back to Exradia, who're currently hit number 1 for "EMX Biochip" despite not having that string anywhere on their site. According to this page, Exradia bought "the EMX technology".

What, exactly, the EMX technology actually is will remain a mystery, even if you read Exradia's "Science Whitepaper" (PDF). Not the slightest clue is presented as to how a component in a phone battery can semi-randomise the radio output of a phone.

If the magic batteries don't have their own antennae, all they could possibly do is try to inject RF noise into the phone through the battery terminals, hoping that it'll make it through the circuitry to the antenna without interfering with anything or being eaten by other components (hint: that won't happen), or find some resonant component before the antenna that can be used as an aerial in the absence of a proper one.

But here I am again, speculating. I'm forced to it by the vast windy wasteland that is Exradia's explanation of what the hell they actually claim to be doing.

The Exradia technology page does go on to say "Angel™ has been proven to eliminate biological effects in all instances in which it has been tested in labratory research."

If you're now waving your hand in the air and saying "Ooh! Sir! Sir! I bet that research cannot be found anywhere on the Exradia site!", then you get an early mark.

Everybody else now has to read this post on the Quackometer blog, which points out that Exradia seem to be a pretty serious business entity (compare the late and not very much lamented Batterylife AG), but which also expresses mystification about how the heck the Exradia/EMX technology is even supposed to be able to do the job they say it does. Never mind whether the job needs to be done at all.

The Quackometer blogger, Andy Lewis, managed to read more of the EMX intro page than I did before his brain seized up. He discovered that the EMX "technology" actually, on that page at least, claims to be influencing not the high frequency radio output of the phone itself - which, I remind you, is what has most cellphone danger enthusiasts hot and bothered - but the low frequency output (way down in the audio range) of other electronics in the phone, and the low frequency modulation of the microwave output.

Andy then makes the obvious point that if low frequency EMR is the problem, just squelching the small amount of it that comes from mobile phones is completely meaningless - every urban human is bathed in low level, low frequency EMR for most of their lives.

(And yet, when you control for other risk factors, even people who live under power lines - let alone the rest of us with our TVs and computers and clock radios - don't seem to get any disease more often than other people.)

I was surprised about the whole low-frequency thing, because Exradia's tech page specifically says "cell phones and other digital wireless devices emit man-made EMFs...". If they were concerned about low frequency emissions, they wouldn't have said "digital wireless devices", which in this modern world all emit far more high frequency, gigahertz-range, radiation than anything else. And why would they have referred to that study of microwave effects on DNA if that wasn't their concern?

So it would appear, based on the incoherence of the arguments presented for it, that the Exradia Angel battery is as silly as the Q-Link pendant (which Andy mentions in passing).

It's not as obviously silly, and it does at least do something (power a phone). And I am grateful, don't get me wrong, for the fact that Exradia never use the word "quantum".

But the Angel battery's special reason for existing is questionable, its ability to achieve that goal is doubtful, and even the people whose motto is "we think everyone should have one" (of course you bloody do, you're bloody selling them) cannot explain what it is their product is even supposed to do.

[UPDATE: A few months after this post, Exradia ceased to be, joined the choir invisible, and screwed their creditors.]

Posted in Electricity, Scams, Science. Leave a Comment »

« Older posts

Newer posts »

How to Spot a Psychopath

Categories