Category Archives: Measurement

Global Crossing spam spike, November 2011

In the November SpamRankings.net from PSBL data, Global Crossing’s AS 3549 GBLX spiked on 17 November and a few days before, pushing it into fifth place.

Did this spam spike come from any particular botnet?


AS 3549 GBLX PSBL spam volume left axis, CBL botnet volume right axis
It looks like GBLX is infested with many botnets, but the spike on 17 Nov roughly corresponds with a cutwail botnet volume peak on 16 Nov. Given that the ASN volume spike is from PSBL data and the botnet volume peak is from CBL data, a day off is plausible, due to different collection and delivery times.

There’s also a peak for grum (green line near the bottom) on 17 Nov, and peaks for festi and n/a on 18 Nov, where n/a is CBL’s marker for spam they detected without having to look as far as determining which botnet they think sent it.

So the spam spike could be from cutwail. Or it could be because of a coincidence of several botnet peaks. Or it could be some other botnet that happened to do a spam campaign on that day. Given that the PSBL GBLX peak builds up on 16 Nov, I’d guess it came mostly from cutwail.

We could try to resolve this question by digging into the specific addresses the GBLX spam PSBL saw came from and see if they match addresses CBL assigned to botnets.

-jsq

Coal company reputation

Good news from the SEC for a change! They’re requiring coal plant operators to report health and safety violations, including fatalities, within a few days of occurence.

FuelFix posted from AP on 23 December 2011, SEC requiring coal firms to report safety problems

Earlier this week, the SEC announced new rules that require mining companies to start reporting any fatalities and all major health and safety violations, mine by mine, in their quarterly and annual financial reports. The filings are mandated in the wide-ranging Dodd-Frank Wall Street Reform and Consumer Protection Act, which Congress passed to try to increase corporate accountability.

The rules take effect 30 days after publication in the Federal Register. They require companies to report within four days any “significant and substantial” violations, citations, flagrant violations and imminent-danger orders issued by the federal Mine Safety and Health Administration.

Coal operators must also include the dollar value of proposed fines, whether the company has been or may be designated a pattern violator by MSHA, and any pending cases with the Federal Mine Safety and Health Review Commission.

What problem does this reporting solve? As the article points out: Continue reading

World PM2.5 Map as reputation

NASA posted 22 October 2009, New Map Offers a Global View of Health-Sapping Air Pollution
In many developing countries, the absence of surface-based air pollution sensors makes it difficult, and in some cases impossible, to get even a rough estimate of the abundance of a subcategory of airborne particles that epidemiologists suspect contributes to millions of premature deaths each year. The problematic particles, called fine particulate matter (PM2.5), are 2.5 micrometers or less in diameter, about a tenth the fraction of human hair. These small particles can get past the body’s normal defenses and penetrate deep into the lungs.
Even satellite measurements are difficult (clouds, snow, sand, elevation, etc.). But not impossible:

Continue reading

Air reputation in Beijing

Measuring something as basic as air quality and posting it frequently can have reputational effects, demonstrated by the U.S. Embassy in Beijing.

France24 posted today, Beijing air goes from ‘hazardous’ to off the charts, literally,

Two years ago, Chinese officials asked the US Embassy to stop tweeting about pollution in Beijing on the grounds that the information was “confusing” and could have “social consequences”, according to a confidential US State Department cable made public by WikiLeaks.
Hm, so measurement can affect reputation and have social consequences….

The measurements postings didn’t stop, and the pollution got worse: Continue reading

China does not lead Country Rankings from SpamRankings.net

An area where China does not lead the world: Country rankings by SpamRankings.net. China is only #13, but Brazil, Russia, and India (the other three BRICs) are in the top five countries by total spam messages for October 2011. U.S. is #10.

Vietnam came from behind a few months ago to place second for October.

Brazil had slumped as low as #6 in July, but has pulled back up into the leading pack.

After the top five, it’s a long-tail distribution indeed. Continue reading

What is IPWORLDNET and why is it spamming from Canada?

In the October SpamRankings.net for Canada (from CBL data), IPWORLDNET is that big blue molar tooth in the graph on the right. In the interactive chart you can see IPWORLDNET’s Autonomous System (AS) 19875 winning the month with two bursts of spam, and then dropping almost to zero.

That’s not the only spamming churn activity in Canada for October. The log chart shows MetroBridge Networks Corporation AS 25976 METROBRIDGE-NET jumping up from zero to take ninth place. It looks like one organization may have cleaned up its act while another got infested.

Last month’s winner, Canaca-com’s AS 33139 CANACA-210, came in second. From there down it’s mostly the usual suspects in slightly different orders. Interestingly, longterm winner Bell Canada’s AS 577 BACOM only came in fourth. This is unusual for a national telco. Maybe they’re watching the rankings?

-jsq

Upset in Canadian spam rankings: Canaca took first, Bell Canada down to fifth!

Canaca-com’s AS 33139 CANACA-210 rose from sixth place in August to first in September in SpamRankings.net for Canada from CBL data. Long-time winner Bell Canada’s AS 577 BACOM fell from first to fifth.

Two ASNs had big spurts of spam in September. iWeb’s AS 32613 got to second place in the last two weeks of the month. Like in August, IPWorld’s AS 19875 did one big spam spew, but this time it almost doubled its closest competitor, breaking 100,000 messages!

What is making Canada suddenly attractive to spammers?

-jsq

Massive effects of reputational rankings on law schools

Law schools game weak reputation rankings, which could be fixed, if the law schools, the bar association, or the ranking organization wanted to. If anyone doubts that reputational rankings can have massive effects on ranked organizations, read this.

David Segal wrote in the NYTimes 30 April 2011, Law Students Lose the Grant Game as Schools Win:

How hard could a 3.0 be? Really hard, it turned out. That might have been obvious if Golden Gate published a statistic that law schools are loath to share: the number of first-year students who lose their merit scholarships. That figure is not in the literature sent to prospective Golden Gate students or on its Web site.

Why would a school offer more scholarships than it planned to renew?

The short answer is this: to build the best class that money can buy, and with it, prestige. But these grant programs often succeed at the expense of students, who in many cases figure out the perils of the merit scholarship game far too late.

What makes law school rankings so easy to game? Continue reading

“botnet herders can add it to its spam-spewing botnet” —Fahmida Y. Rashid in eWeek.com

This reporter spits out a string of alliterative language that labels the problem that SpamRankings.net helps diagnose.

Fahmida Y. Rashid wrote in eWeek.com 8 June 2011, UT Researchers Launch SpamRankings to Flag Hospitals Hijacked by Spammers:

“Poor security measures are generally responsible for employee workstations getting compromised, either by spam or malicious Web content. Once the machine is compromised, the botnet herders can add it to its spam-spewing botnet to send out malware to even more people. The original employee or the organization rarely has any idea the machine has been hijacked for this purpose.”
That’s a pretty good explanation for why outbound spam is a proxy for poor infosec.

-jsq

Krebs on SpamRankings.net

Brian Krebs wrote on his blog, Naming & Shaming Sources of Spam:
A new resource for spotlighting organizations that are unwittingly contributing to the global spam problem aims to shame junk email havens into taking more aggressive security measures.

SpamRankings.net is a project launched by the Center for Research in Electronic Commerce at the University of Texas at Austin. Its goal is to identify and call attention to organizations with networks that have been infiltrated by spammers.

Andrew Whinston, the center’s director, said the group initially is focusing on health care providers that appear to be infected with spam bots. “Nobody wants to do business with a bank or hospital or Internet hosting company that has been hijacked by spammers,” Whinston said. “It’s an environment in which user data can be stolen or compromised.”

The rest of his writeup quotes me quite a bit, and everyone knows I’m quite shy, so please go read his blog!

I will add that May data is live now on SpamRankings.net. Also, organizations that do better over time may want to brag, as has happened with a couple of U.S. organizations in May.

Here’s Krebs’ final paragraph:

I applaud this effort, and hope that it gains traction. I remain convinced that the Internet community would benefit from a more comprehensive and centralized approach to measuring badness on the Web. There are many existing efforts to measure reputation and to quantify badness online, but most of those projects seek to enumerate very specific threats (such spam or hacked Web sites) and measure the problem from a limited vantage point. What is lacking is an organization that attempts to collate data collected by these disparate efforts and to publish that information in near real-time.

-jsq