There are some things in life I feel like I will never truly understand. Those word problems where one train leaves Chicago going 100 miles an hour and one leaves New York going 250 (first of all, where did the infrastructure for these high-speed trains come from?) and where do they meet and why and show your work? Yeah, I never got those. I still can’t do those things. It bothers me to this very day.
And spam email. Sure enough, I know it when I see it—that’s not the issue. But in 2012, what’s the point of spam? Who’s making money off of the fake-ass advertising that come by the minute into my Aquarian account offering “Cheeep Medz Pharmacy” or “Order.Top Cialis?” Is there anyone left who doesn’t immediately recognize spam and delete it? I think at this point even grandmothers know to send it to the junk folder. Other than the basic human curiosity to find out what happens when you do, I can’t think of any reason anyone would ever click on a spam link.
This week, one Joshua Schichtel of Arizona was sentenced to 30 months in prison for having hijacked over 72,000 PCs—mine among them, I’m sure—and sold them to some unknown party for spamly purposes at $1,500. Not a lot of money, but still not bad coin for work that’s done the second the code is written. A Department of Justice press release put it thusly:
“Individuals who wanted to infect computers with various different types of malicious software (malware) would contact Schichtel and pay him to install, or have installed, malware on the computers that comprised those botnets. Specifically, Schichtel pleaded guilty to causing software to be installed on approximately 72,000 computers on behalf of a customer who paid him $1,500 for use of the botnet.”
I understand how he made the money, and I understand what a botnet is and what malware is, but two questions springs very quickly to mind from this story—to whose advantage is having access to malware on 72,000 computers, and how can they possibly hope to profit from it? Stealing credit card numbers is one thing, or if you were going to root around in someone’s hard drive to find their secret nudie pictures and hold them hostage. That I get. But how do you make money from spam?
Everything close to a scientific answer that I’ve seen seems to be, “Well, some people are really dumb.” Granted, that’s science that I can get down with based on a slew of daily empirical evidence, but still, it’s hard to believe. A study reported in Wired early last year showed a botnet of decent size leading to a fake internet pharmacy could potentially rake in up to $7,000 a day. I don’t know if Schichtel’s botnet was able to pull down that kind of money, but suddenly shelling out $1,500 for botnet access makes a lot more sense. It kind of makes me want to set up an internet pharmacy. I can sell sugar pills marketed as boner supplements as well as the next guy. We’ll call them Glucosaweiner, or something.
Nice as it would be for once to reside on the profitable end of everyone’s daily inconvenience, I don’t see Glucosaweiner taking off anytime soon, and for the life of me I still don’t understand how anyone out there, even one person, clicks on those links and downloads stock tips, or buys cheap Canadian pharmaceuticals, or sends their personal information to the Nigerian prince looking to channel funds into U.S. banks or whatever. Spanish lottery, satisfy your lover, fake UPS notices, on and on.
I get enough spam to kill a horse, and I guess until everyone, even the most basically curious of us, decides to stop clicking on every little piece of blue text that comes our way, that’s going to continue to be the case. If it’s not Schichtel, it’ll be someone else. If only they’d do something useful with the spam, like send a link on how to figure out where those trains meet. Use it for the purposes of good, as Batman used to say. I’d click it every time.
JJ Koczan
jj@theaquarian.com