Microsoft's Contribution to Spam
Wednesday, July 19, 2006
While investigating the comment spam problem, I did a random sample of IP addresses and found that every one of those from my sample is under the jurisdiction of APNIC (i.e., they are physically located in the Asia-Pacific region). My first thought was, "okay, so all the spam is coming from Asia; that's no big surprise." In a region where the rule of law is weak at best and where shady businesses such as counterfeiting is the norm, this was no surprise. But what intrigued me was that the variety of addresses. The same spammer would have access to dozens of varied IP addresses across different blocks. This shouldn't be surprising. In this day and age, spammers have become more sophisticated; they no longer use their own machines to do their dirty work. They will infect other machines and use these "zombie botnets" to send spam. Not only does this increase their available bandwidth and capacity, it also makes shutting them down much more difficult as it defeats the tactic used a few years ago of blocking select IP addresses.
The question is thus no longer so much a question of why Asians are spammers (after all, how many Asians have even heard of Texas Hold 'Em--the subject of a recent burst of spam?) but a question of why so many Asian machines are compromised and under the yoke of a spammer (who may not necessarily be Asian). Which brings us to Microsoft. In Asia, estimates place the number of pirated Windows installations somewhere around 90% of the installed base; it is virtually impossible to buy a computer with a legitimate copy of Windows in China (I know from experience). This is not surprising given the relatively high price of Windows and given Microsoft's weak token efforts to stop piracy there (they are more focused on richer countries; they know that people in poorer countries can't afford Windows and Gates has admitted that piracy is effective in protecting Windows' market share against free operating systems like Linux in such price-sensitive markets). Although Microsoft unofficially and quietly condones piracy in places such as Asia and Russia, their official condemnation of such activity means that the copies of Windows in that region are relatively insecure. Updates such as SP2 won't install, and thanks to their pushing things like WGA through automatic updates, it is common practice for Automatic Updates to be turned off. The result is a massive population of unpatched, insecure systems in Asia. Coupled with the relatively impotent ISPs and network-level security, this leads to an army of compromised machines used by criminals to send spam and launch DDOS attacks.
In the meantime, I've finished hacking up new anti-spam measures for this blog; let's hope they hold...