A friend manages an Internet list, and got some of the spam so familiar at other sites. She doesn’t follow geekdom, so after bouncing the spammer she asked

“…would I be safe in assuming that there is a way that he could simply set things up to post to every thread sequentially, without the intervention of human hands?”

O yes, and in fact it’s worse than that. Antivirus software sellers always make their pitch by referring to loss of data, compromise of identity, and such, but the most malicious computer malware nowadays goes out of its way to do no damage and remain as unnoticeable as possible. All it wants is a few processor cycles and an Internet connection, and once it has those it communicates with other computers thus infected and with the master controller of what is called a “botnet”. (The neologism is derived from “robot”, of course, but for those of us with horses the resonance with the little yellow eggs of the botfly, found on the hair and capable of maturing into a parasitic pest, is remarkable.) The function of a botnet is to send email messages and posts to blogs and the like, and the reason for that is search engines.

Google, et. al., use complicated algorithms to decide which twenty of the 2,349,994 results of your search to display first, but down at the root of all those methods is popularity. The more often a term appears, and the more often it is referred to from elsewhere, the more popular it is assumed to be. This gives rise to a minor sub-industry called “SEO” or “search engine optimization”, which tries to insert keywords and other search terms in such a way as to raise visibility to the search engines. If there are millions of emails, blog comments, and other items out there, all of them with links to a particular site and associated keywords, then a search on those keywords is more likely to return the site on the first page of the results, and it’s therefore more likely a person searching for that item will go to that site to buy. Botnet controllers use their hijacked networks to spam the URLs of their customers to as many places as possible, so the search engines will see that URL as “popular” and promote it to an early place in the search results list. If they did it all from their own computers they’d be easy to frustrate. Having thousands of computers, each with its own Internet Protocol address, doing the spamming makes it hard to block them.

So unknown and invisible to you, your computer may have been incorporated into a botnet. If so, it’s the source of some of the spam emails we see every day. The first bots were resource hogs; a computer thus infected ran notably slower. Newer ones are more discreet, even noting your usage and shutting down while you’re downloading, so as not to be noticeable. One of the things you can do to help the fight is CTL-ALT-DEL or otherwise call up the “Windows Task Manager”, and learn which “tasks” are normally there. Even the most discreet bot has to have a task name, and if it’s running it’ll be on the list. If you don’t know what a particular task is you can usually Google or Bing for it, but be careful about spelling, especially single-letter substitutions.

Many years ago the magazine InfoWorld carried a cartoon showing a massive atomic attack, followed by urgent inquiries from the Kremlin. The response was, “Oh, never mind, we’re just nuking a spammer,” and the Russians reply, “Da, need more rockets?” The kicker, in the last panel, was the spammer himself emerging from the rubble, battered and scarred but with his precious disk of fruitful email addresses in hand. It always seemed to me that the useful approach would be to track down the “Johns”, the people who profit from hiring spammers. Find out where the credit card payments go, and nuke it from orbit… recently a slightly more pacifistic approach has been used, working back from who got paid to the operators of the botnets, and several such nets have been shut down in the last few months. It’s a story that stays under the radar except among the geeks, and that’s just the way the geeks like it.

There are still vandals around who giggle at having screwed up other peoples’ computers, and probably always will be, but when you send your money to the antivirus people the main thing you’re supporting nowadays is the bot-battle. This is because a botnet doesn’t have to be a relatively innocuous spammer — the bots have taken over computers at the deepest possible level, and there’s no reason the Master Control couldn’t simply issue a command to disable everybody. Remember the Stuxnet story? Shutting down Iranian nuclear research by poisoning the computers that run it? That isn’t even the tip of the iceberg, it’s more like the sun-glint off the tippy-tip of the ship-wrecker. Needless to say the Intelligence and Military Intelligence people are deeply concerned, but their main value is that, of late, they’ve been willing to deploy goons to deal with the offenders in meatspace. The expertise in tracking them down belongs to Aspies in dim rooms, surrounded by empty Jolt Cola bottles and flat screens, with OC3 connections blinking on the nearby wall.

Advertisements