From: "Eric D. Williams" <eric(_at_)infobro(_dot_)com>
...
such [code] is a present starting point for 'spammer adaptability' using
particular tools. You could, I think, infer some metrics from whatever
results
you could derive and gain insight into the paths presently available for
further adaptability.
...
I would add how/in what technical framework (given the present state or
sophistication of technology) does this impact 'spammer adaptability' and
spamware?
What that about metrics, paths, and sophisticated technology? Don't
you ever throw out an entire modest package (say <20K lines) and
rewrite it from scratch? Are you assuming that spamware is not so
minor that it can't be (re)written from scratch in days? Judging by
its output, the desirable aspects of any spamware could be duplicated
by a comptent programmer in less than a week. Judging from my
experience, a nice WIN32 GUI could take a lot longer, but the meat of
the engine of any spamware package is almost trivial, assuming you're
willing to copy code from any of the many available SMTP clients or
you are interested in non-compliant command pipelining.
I'm sure you can find spamware that took its authors eons and lots of
pain to write and would take longer and more pain to understand, but
that's not illuminating.
Spending a lot of time reverse-compiling (or whatever) spamware makes
as much sense as paying a lot of attention to the imfamous "formail"
scripts that are commonly (but less so lately) exploited by spammers.
Those broken-by-amazingly-wrong-and-naive-design CGI scripts are not
a interesting to a competent programmer. As for what people who
aren't competent programmers think of them--excuse me, but isn't that
as boring and useless as my notion of what makes a baseball pitcher?
...
That is one prediction, but it lacks the insight into the technical
adaptability of 'spamware', to me that a 'spammer' would do something is
rightly pointed out in your previous bullet "the ... pressures on spammers and
spamware" the so called pressures would not IMHO be limited to a single
recourse, e.g. "Spammers will tend ...". It may be "Spammers will opt for ...
Various spammers will respond variously, but that bit about "technical
adaptability" does not apply to small software packages like spamware.
You can talk about the technical adaptability of large systems like
UNIX, Windows, or Oracle that need lots of time and people to
significantly change, but not about things that can be implemented in
500 lines of any reasonable higher level language.
...
That is the goal of forensic analysis in this
case by my estimation - through public discourse to determine the challenges
for spammers and the available architectures to address them (their code
should
reveal the engineering problem they are trying to solve, style is irrelevant).
IMHO, we may benefit from knowing what problems the 'spammer' really is
facing, and by that architect countermeasures based on that problem space.
You seem to be assuming that the problems they face are not obvious
and straightforward, once you have surveyed spam defenses. I disagree.
You also seem to be assuming that public discourse has something to
do with "available architectures to address" small technical problems
like spewing spam. I really don't think much of design-by-committee,
or the views of the uninformed on minor technical details.
Spewing spam aint rocket science. I figure competent programmers can
make more money writing code they can sign than writing spamware.
The major talents of spamware vendors are in sales to convince the
suckers that the nonsense "cloaking" really works, the response rates
will be great, and so forth. As a result, most spamware authors aren't
serious hacks and most of their solutions of their minor problems are
lame. We can assume that occassionally competent programmers take a
weekend to hack out a spamware package for a lark or their pushy
brother-in-law, but that won't tell us anything interesting.
...
Once again Vernon thanks for the pointers to information. Do you think it
could be determined whether the 'readily' available software is the same that
is utilized by the small number of 'serious' spammers?
Certainly, just look at it to see what sort of spam it generates, and
compare that with your stock of spam. If you don't have a good stock
of spam, look at news.admin.net-abuse.email via Google.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg