Spam tracking



Some recent spam statistics prompted a couple of interesting articles about spam that both sourced a study by commtouch.com which reports that 71% of the URLs in spam messages have their web sites hosted in China. (Additional statistics from brightmail.com analyze the total number and the content of spam.) However, less emphasis was placed on another statistic: 60.5% of spam originates in the USA. An article on internetnews.com prominently reported this statistic whereas a businessweek.com article, under the headline “A New Chinese Specialty: Spam” did not report this fact but rather casually stated that the actual spammers are “probably American or European”. This provides a nice intro to a project that has been incubating for the last two weeks and is still under development: Spice: The Spam Tracker.

Much like other spam tracking systems Spice parses the headers from spam, particularly the received headers, and collects this information in a database. In addition, Spice also does a whois lookup, gets the latitude and longitude for the originating IP address and plot the source on a world map. Spice also Nmap’s the originating IP address to determine what ports are open and what operating system is being used. Ultimately, this data could be used to determine if the originating computer has been cracked, trojaned or infected with viruses. Further addition to Spice will include associating the originating IP and its geographical location with the advertised website and its geographical location as well as an analysis of intermediate hops to see if open relays are being used. Spice is very much in development and may be broken at any given time. There may also be test data in the database, so don’t source any of the information contained here as factual. In fact, don’t source it at all.

Post a comment.