Sunday, December 28, 2008

The Fall and Rise of Spam

You'll remember how I track spam. Back in October 2008, I observed a precipitous drop. Remember that my numbers lag about 30 days as that's how long Google leaves spam before they delete it. I continued to watch this drop rapidly until it bottomed out in early December 2008. Now it's clearly headed back up.

The Fall and Rise of Spam

While you have to look pretty closely at this chart, it represents a drop of almost 50%, 1500 to just over 800.

The story behind this is what's interesting.

Start with Brian Krebs' article from the Washington Post. It seems that the Internet backbone providers got together and took McColo off the air. McColo was a web hosting service that was accused of hosting 75% of spam. That's amazing.

Shortly after Krebs' article went up, FireEye began a series of blog posts about "the rest of the story." The links are here:

McColo shutdown Nov 11, 2008 16:23 EST

McColo found a new upstream provider (update)

But then the story took a twist. The spam had been emanating from a huge botnet known as Srizbi.

Srizbi control regained by original owner

It seems that this botnet had a plan to reestablish their command and control center in the event that they lost their host.

Technical details of Srizbi's domain generation algorithm

The good guys at FireEye even began buying up the domain names generated by the Sirzbi algorithm but to no avail. By late November, Krebs called it a "resurrection." He recapped it in this blog entry.

Andre' M. Di Mino of The Shadowserver Foundation discusses this in his podcast.

Monday, December 15, 2008

Good Job, Canon

My wife's work has a Canon PowerShot A95. It's a couple of years old but still a nice camera.

She came home one day and mentioned that there was something wrong with it. It wasn't taking pictures.

The next time I was by there I picked it up and played with it. When you viewed the pictures, it seemed to not display anything.

I kept playing with it and realized that if I continued to scroll backwards, I eventually got to old pictures.


Then I took some pictures and they too were black. You could see all the menus though.

Seemed like the capture thingy was busted. (Don't you love it when I talk techie?)

I fell back to my faithful Google search for "Canon PowerShot A95 black LCD." Wouldn't you know that the first hit told me about the problem?

Eventually I got to this page at Canon.

The bad news is there is something fundamentally wrong with the CCD Image Sensors on a number of Canon cameras in this era.

The good news is that Canon is doing the right thing. A quick call to Canon and they e-mailed us a pre-paid UPS label to return the A95 to them. Within 10 days it was back repaired for no charge.

Nobody likes it when a product they buy fails but the way Canon is handling this is exemplary.

published with Windows Live Writer

Monday, December 08, 2008

BartPE on SD Card

The Asus Eee PC 1000H has an SD card reader. I read on the forums that you could boot from that device.

That got me to thinking about booting BartPE from that.

I already had a BartPE CD so I just wanted to copy that to an SD card. I Googled "copy bartpe cd to usb drive" and got some pretty good hits. I chose this link.

Worked like a charm. Now I can boot BartPE from the SD card and use an external USB drive to Ghost to.

Tuesday, December 02, 2008

What's Google Up To?

I'm obviously a big Sitemeter fan. When I was looking at my report the other day, I noticed something odd. There were several entries from an ISP called Google! Look at this list.

Date/Time Entry Page Comments
10/05/08 5:21:20 pm testblog/2007_12_01_archive.html XP IE6
10/12/08 5:44:41 pm testblog/ XP IE6
10/12/08 10:00:55 pm 2008/09/thank-you-google-i-think.html From Google in NY OS X Firefox
10/12/08 10:52:20 pm testblog/2007/12/test-2.html XP IE6
10/13/08 2:35:03 am testblog/2007/12/test.html XP IE6
10/18/08 1:41:10 am testblog/2007/12/test-2.html XP IE6
10/18/08 4:48:18 am testblog/ XP IE6
10/18/08 11:21:47 am testblog/2007/12/test.html XP IE6
10/19/08 7:47:43 pm 2008/10/thinkpad-xp-sp3-wi-fi.html XP IE6
10/20/08 5:53:27 am 2007_12_01_archive.html XP IE6
10/23/08 2:51:24 pm 2008/10/thinkpad-xp-sp3-wi-fi.html XP IE6
10/26/08 3:12:51 pm 2008/02/gps-and-google-maps.html WinNT IE7
"can i imports maps to mio c320"
11/09/08 6:43:04 pm Javascript disabled Win2000 IE6

What on earth is going on with Google?

Why do they keep visiting my test blog? And those entries aren't even active. They're test entries when I was experimenting with using Blogspot's ftp method of publishing.

Someone from Google's New York office even visited.

I think it's interesting to notice that most visits were from Windows XP, IE6, and 1024x768 display. Probably the same PC.

Every now and then, you'll see an outlier, like the WinNT IE7 visit on 10/26/08. It looks like that visit was personal as it was the result of a Google search for "can i imports maps to mio c320." And the security conscious visitor on 11/09/09 who had his Javascript disabled.

Google, what are you up to?

published with Windows Live Writer