Vampire spam
I think that we are in the calm before the spam storm. It could get a lot worse. Here's how:
Spam is mostly annoying right now because it is the McDonalds of the Internet, clogging the arteries and stopping the good stuff from getting through. Spam is annoying although it can be a little dangerous when it carries a viral payload.
Now imagine that a spambot can harvest your contact list that many of you (not me) give freely to sites like Plaxo or Linkedin. Perhaps it also sucks down some email headers seeing who you talk to. The bot now has an idea of who emails you frequently enough to be of interest along with your inner circle of friends, acquaintances and drug dealers. Now this is a bigger leap, but if the bot can guess who you are in the real world (thanks sig files), it can correlate your online identity (email address) to your relationship web of friends and acquaintances and tie the whole mess to your real world identity. Once that happens, it's trivial to enhance the report by using Google and other pay sites and if cheap enough, add credit bureau, telephone information and DMV (motor vehicle bureau) records including pictures to the rapidly increasing dossier.
You might be thinking that this is paranoid--why would anyone spend the money to come after little old me? The answer is that it's not that much money; the beauty of automated bots is that they're free; more or less; you fire 'em and forget 'em. The computational cost is transferred to some poor yutz's PC that has been zombified by a previous viral spam. If you take over enough computers by rapid proliferation of a virus, you could build dossiers like this on pretty much everyone in the country in a couple of weeks. Of course it would take a huge pervasive security breach to infect a lot of computers at once. Vista upgrades anyone?
So what do we end up with? Absolutely personal spam. Spam sent from our friends and relatives. Maybe from our family and with subject lines and text that appear eerily personal. How do they do the last thing? Easy--you figure out the key words in a body of selected text like your scarfed up emails and pull out the significant nouns and verbs, drop them into a sentence generator and there you go.
Now how the hell do you stop that kind of spam? It's no longer zombies, now the spam is going to come back at us looking like its someone we know. It's vampire spam. And you know what? It will suck.
Posted on February 08, 2007
