CourseCast of the Week

Episode 0077, 11/29/2008

Title/Description: Spam Battle Continues, Suicide 2.0, 5 from IBM

Welcome to Course Technology's CourseCast of the week, Episode 77, recorded November 29th, 2008. This is Ken Baldauf bringing you this week's technology news and information. This CourseCast is brought to you by Course Technology. Check out www.cengage.com/coursetechnology for innovative textbooks and creative electronic learning solutions.

Story 1 - Spam Battle Continues

You may recall in my CourseCast two weeks ago, I reported on the shutdown of McColo, a California Web Hosting company. McColo was host to spammers, scammers, and cybercriminals. Closing McColo resulted in a more than a fifty percent drop in spam across the Internet. The closing of McColo turns out to be just the tip of the iceberg in efforts to control a thriving underground cybercriminal culture.

McColo hosted software that controlled one of the largest spam spewing botnets in existence, a botnet named Srizbi. It is believed that over 450,000 PCs have been infected by the Srizbi trojan, working together as a botnet to distributed spam. The owners of these PCs are unaware that their PCs are infected. While the owners are busy checking email, and surfing the Web, their computers are communicating with the Srizbi Command and Control servers from which they receive their instructions, and then fire off spam to long lists of email addresses.

Up until two weeks ago, the command and control botnet servers were running on McColo hardware. So when McColo was shut down, the infected PCs had no way to receive new orders -thus the dramatic reduction in spam. However, Srizbi included a fallback procedure to compensate for this eventuality. The software is programmed to automatically generate new domain names to use as command and control servers. The idea is that the human controllers of the botnet would purchase the new domain names generated by the software as needed to keep the botnet alive.

Security agents who have been studying the Srizbi code discovered this procedure in the software, and began buying up the software-generated domain names before the criminals had the chance. By purchasing over 200 domain names, security agencies were able to keep Srizbi shut down for a week and a half. FInally, they abandoned the temporary and costly defense, and turned to plan B.

Along with a domain name, a botnet command and control server needs a Web hosting company on which to reside. Once obtained, the domain name is associated with the IP address provided by the Web hosting company. Plan B was to keep the Srizbi server from finding a new hosting company. Within days of abandoning its effort to buy up all the Srizbi domain names, Srizbi infected PCs were able to find and connect to a new command and control server, and once again began spewing spam. The server was traced to the country of Estonia and a small ISP named Starline Web Services. The security group fighting Srizbi contacted Starline, and the Estonian company that provides Starline with Internet connectivity, Compic, along with Estonian law enforcement informing them of their new cybercriminal customers. Starline responded by shutting down Srizbi on its servers, and Compic is threatening to cut off Starline from Internet access saying that the ISP has a history of hosting illegal activities on the Internet.

Where Srizbi servers will pop up next is anyone's guess, but there are dedicated techies watching closely.

There are a number if interesting and important lessons to learn from this story. The first is that cybercrime has become a huge business and a highly organized form of crime. The ISPs and Web Hosting companies that host botnet servers are typically well aware of the illegal activities taking place on their servers, and often times refuse to cooperate with requests to shut them down. This suggests that they may be getting a share of the illegal profits.

Another interesting point is that it is not law enforcement agents chasing down Srizbi, its private security and tech companies. It wasn't the US government that shut down McColo, it was pressure from private security researchers and a revealing article that they helped publish in the Washington Post that finally brought pressure on McColo's Internet supplier to cut the company off. So obvious questions include, "Why isn't law enforcement involved?", and, "Why aren't servers being impounded and their owners being thrown in jail?"

A Computerworld article sheds some light on these issues. The Federal Trade Commission has almost certainly been aware of illegal activities occurring on servers owned by McColo and other ISPs and Web hosting companies. However, current law makes it very difficult to prosecute anyone in such cases. First, the individuals running command and control servers typically reside in countries like Russia, and eastern European countries that generally do not prosecute cybercriminals. Secondly, Internet hosting companies, and ISP's are typically not held liable for what users of their systems do. Judges are not easily convinced to approve warrants to seize hundreds of servers owned by such companies. The balance between privacy and liability currently tips towards privacy allowing cybercriminals to take advantage of the system.

Jon Praed, a founding partner of Internet Law Group says that the US government is still in the process of building a mature cybercrime enforcement process. In the article, Praed told Computerworld that, "Criminal prosecutions require a lot of resources and prosecutors are unlikely to go after someone unless they know they're going to get a conviction."

There are efforts underway to create laws that will hold Web hosting companies liable for hosting botnet servers and other illegal enterprises. Those involved believe that through a combination of new laws, and the efforts from private companies and security groups, there may come a day when cybercriminals find it no longer worth the effort to set up bot nets. However, in the meantime, security researchers will be playing whack-a-mole, knocking back Srizbi and other botnet servers as they pop up, hoping to gain the cooperation of the international community in stemming the growth of malware and spam.

Estonian ISP cuts off control servers for Srizbi botnet [Computerworld]
Massive botnet returns from the dead, starts spamming [Computerworld]
Spam is silenced, but where are the feds? [Computerworld]
Spam levels fluctuate as crooks try to revive botnets [Computerworld]

Story 2 - Suicide 2.0

Two sad news items this week… A 19-year-old community college student committed suicide in front of online witnesses utilizing the message board at bodybuilding.com and a live video stream on justin.tv. Police are looking into the role that the many onlookers played in this death, as some were said to be encouraging the student to take his life.

Meanwhile you may recall the story about a mother who used My Space to pose as a teenage boy to encourage her daughter's 13-year-old schoolmate, Megan Meier, to kill herself. The woman, Lori Drew, was convicted last week in federal court in Los Angeles on misdemeanor charges of accessing computers without authorization and faced up to three years in prison and $300,000 in fines. The victim's mother, who was hoping for a felony conviction, is working with a group to tell Megan’s story in an effort to protect other children from cyberbullying.

Live Web Suicide Shows Dual Nature of Forums [NewsFactor]
Police Probe Roles in Live Online Video of Suicide [NewsFactor]
Florida Teen Commits Suicide in Front of Webcam [NewsFactor]
Mother Wants Maximum Penalty in Cyberbullying Case [NewYorkTimes]
Verdict in MySpace Suicide Case [NewYorkTimes]
Woman cleared of felonies in MySpace suicide case [Reuters]

Story 3 - Five from IBM

In its annual conference, IBM revealed five Innovations that it believes will change our lives in the next five years:

1. Thin-film solar energy collectors will be pervasive --- built into asphalt, paint, and windows.
2. A personalized genetic map will make it possible for you to accurately predict the future of your health and possibly head-off diseases and disasters.
3. You will talk to the Web, and the Web will talk back --- the semantic Web, where useful information is instantly available, will finally arrive.
4. You will have your own digital shopping assistants, finding what you need and want at the lowest price will be easier than ever.
5. Forgetting will become a distant memory. A digital record of all your actions and interactions will be recorded, stored, analyzed and readily available to compliment human memory.

IBM Reveals Five Innovations That Will Change Our Lives in the Next Five Years [Physorg]

And that brings us to News Briefs.

• The latest contender to take on the iPhone 3G was launched Wednesday. The Touch HD handset from HTC has iPhone-like features, running Microsoft Windows Mobile operating system. Impressive features include a 5 megapixel camera, and video chat. The handset is due out in the U.K. and Singapore shortly.
  HTC's real iPhone rival stands up: the Touch HD [Computerworld]
• Lenovo Thinkpad PCs, formerly IBM Thinkpad, have a reputation of providing the most robust security features available. This week, the company announced a new technology that keeps criminals from accessing information stored on a stolen Thinkpad. Lenovo's new Constant Secure Remote Disable service allows users to remotely disable their PC by sending a text message.
  Lenovo service disables laptops with text message [Computerworld]
• The US National Intelligence Council released a report that includes the prediction that by 2025, robotics technology will be far enough along for robots to take over most low-skill jobs.
  U.S. agency sees robots replacing humans in service jobs by 2025 [Computerworld]
• Intel and partner Micron Technology have begun mass production of the smallest flash memory yet - 34 nanometers. The tiny memory is being produced in 64 GB packages for use in mobile phones, media players, and other handheld devices.
  Intel, Micron Start Mass Production Of 34-nm Memory Chips [InformationWeek]
• Virgin America is the latest airline announcing the launch of in-flight, Wi-Fi Internet access, at rates of $9.95 - $12.95 depending on the length of the flight. Virgin America is the only airline promising unfiltered Internet access. Others will be filtering out adult content.
  In-Flight Net Access Takes Off on Virgin America [NewsFactor]
• Google has rolled out GoogleWiki. Google search results now allow users to vote search results up or down to customize their own future results. The customization does not impact other Google user's search results.
  Google Offers SearchWiki Custom Search Tools [NewsFactor]
• Facebook has won more than $873 million in a court case against a Canadian spammer responsible for spamming Facebook users with lewd advertisements. I wonder what the odds are that the Facebook users impacted will see any of that money.
  Facebook Wins Big Against Canadian Spammer [NewsFactor]

That's it for this week's CourseCast. Links to this week's stories and many more news and information resources are provided at the CourseCast Web site at coursecasts.course.com. Email us with your suggestions for the show at course.coursecasts@cengage.com. Until next time, have a great week and be sure to take advantage of the Power -- of Technology!