Porn site chat bots

So how did Krebs On Security tie the spam that was sent to promote these two adult dating schemes to the network of spam botnet panels that I mentioned at the outset of this post?I should say it helped immensely that one anti-spam source maintains a comprehensive, historic collection of spam samples, and that this source shared more than a half dozen related spam samples. All of those spams had similar information included in their “headers” — the metadata that accompanies all email messages.After that, each address happily loaded a Web page displaying the number of bots connecting to each IP address at any given time.Here’s the output of one controller that’s currently getting pinged by more than 12,000 systems configured to relay porn spam (the relevant part is the first bit on the second line below — “current activebots=”).Currently, the entire botnet (counting the active bots from all working bot panels) seems to hover around 80,000 systems.At the time, the spam being relayed through these systems was advertising sites that tried to get visitors to sign up for online chat and dating sites apparently affiliated with Deniro Marketing and Cyber Erotica.This type of spamming is known as “snowshoe” spamming.

Porn site chat bots-50Porn site chat bots-4

Worse, porn spammers are some of the lowest of the low, so it’s only prudent to behave as if any and all of their online assets are actively hostile or malicious.

For several months I’ve been poking at a decent-sized spam botnet that appears to be used mainly for promoting adult dating sites.

Having hit a wall in my research, I decided it might be good to publish what I’ve unearthed so far to see if this dovetails with any other research out there.

What’s unusual (and somewhat lame) about this botnet is that — through a variety of botnet reporting panels that are still displaying data — we can get live, real-time updates about the size and status of this crime machine. I was unable to load these panels in a Google Chrome browser (perhaps the XML data on the page is missing some key components), but they loaded fine in Mozilla Firefox.

But a note of caution: I’d strongly encourage anyone interested in following my research to take care before visiting these panels, preferably doing so from a disposable “virtual” machine that runs something other than Microsoft Windows.