Blog
Welcome to the Trioro Tech Blog.
On this blog we post some of the technical challenges and solutions that we've come across. From time to time we also post comments on new technology that we've come across.

Friday, August 04, 2006

Spam and the logbook

In an interesting and somewhat twisted endeavour, I am attempting to receive more spam. That's right -- I WANT MORE SPAM! Well, I obviously don't want it in my own inbox, but I want a good constant source of it to play with so that I can adjust our corporate spam filters.

One of the most common causes of excessive spam stems from the fact that people advertise their email addresses on their websites so that potential customers can easily find contact them. Spambots are programs that surf the internet much like search engine tools but the only information they save are the email addresses. They then use these email addresses to populate their email lists.

As I need source emails for my autotraining Bayesian filters, I decided to break my own rules regarding email addresses on website and leave a couple of addresses out in the open for spambots to harvest. I've chosen addresses and a domain that are brand new and not possibly tainted by any previous use on the internet to that I can be sure that any traffic that results is solely because of this logbook entry.

The first address will simply be logbook_simple@pleasedonotsend.com and this will be the one and only time that I enter that address anywhere. Any mail attracted to that address will be through spambots (or perhaps the occasional curious reader).

The second address will by logbook_reply@pleasedonetsend.com which will have an autoreply message tied to it that will automatically respond to any emails. This replicates the problem experienced by companies that utilize autoresponders on email accounts of employees who have left the company. They want to inform their clients that the user is no longer available but the spammers see the reply as a confirmation of a functioning email address.

When the opportunity arises for me to enter my email address into website forms, I will create a unique alias for pleasedonotsend.com and track any unrequested mail that I receive in return.

In the spirit of experimentation, I'll create 2 more entries that behave as above but with a different tld (three letter domain). What are the odds that spammers/spambots deal with market segmentation and concentrating their efforts on certain markets? Only one way to find out: logbook_simple@pleasedonotsend.ca and logbook_reply@pleasedonetsend.ca

I am aware that there are large scale projects on this topic (honeypot project etc.) but I don't put this experiment even in the same category as those. Those are mammoth projects that seek to put an end to spambots and the people that control them. I'm more curious about how one single logbook entry could balloon into a spam nightmare.

Once I have some data from this little experiment, I will post results in another logbook entry to show the differences between each of the addresses that I've used.

posted by Marc Baron @ 4:51 PM 2 comments links to this post

Tuesday, August 01, 2006

Desktop.ini hidden file attribute

This blog posting gets decent traffic, so let me preface everything by saying that if you're dealing with a file named 
_desktop.ini
instead of just 
desktop.ini
then you likely have a virus.  This posting deals with the scenario where you DO NOT HAVE A VIRUS.


I was recently faced with this confusing situation after doing some recent spyware & virus cleanup...
  • Two notepad windows would open at startup with desktop.ini files
  • ALL of the deskop.ini files on the entire computer were NOT hidden
  • The Hidden checkbox on the file properties was unavailable (greyed out)

You can fix the notepad startup problem by simply deleting the desktop.ini files that have landed in the startup directories.
http://support.microsoft.com/?id=330132

The hidden attribute in the file properities is greyed out because desktop.ini is a "system" file.
So, you need to remove the system file attribute, then add the hidden file attribute. Here's what to do:

  1. Open a command prompt (Start -> Run - "cmd")

  2. Switch to the root of your C drive 
    cd c:\

  3. type 
    attrib -s -h desktop.ini /s
    this removes the "system" attribute (-s) and the "hidden" attribute (-h) and does that to all desktop.ini files it finds in all subdirectories (/s)

    the hidden attribute is removed to avoid any error messages - we're going to add that attribute back to ALL files next.

  4. now to make all those files hidden, type 
    attrib +s +h desktop.ini /s

This essentially restores the file attributes for all desktop.ini file to what they should be.


Labels: ,

posted by Scott Snowden @ 2:18 PM 2 comments links to this post

 Subscribe in a reader




This is our tech blog.

For the suits in the crowd, check out our Trioro Blog.

Resources that have come in handy

Previous Posts

Archives