[LINK] RFC: Spambot Pollution of a User's Mailbox
Roger.Clarke at xamax.com.au
Sat Sep 8 16:53:40 EST 2007
I received valuable responses to my RFI on 23 August, thanks!
I've drafted a few paras. on the question as a small part of expert
evidence in a criminal matter.
Normally I wouldn't go looking for 'free consultancy' in such
circumstances. But this is one little corner of the case (most of
which is about P2P downloads), and the defendant is unlikely to be
able to pay me very much. So this part is very much pro bono; so
I'm less embarrassed to put a request in front of the Link Institute.
Basically, does anything in the following smell wrong, or inappropriate?
Note that it's expressed in a manner that is intended/hoped will be
understandable by a Dictrict Court judge *and* a jury. And it's
based (for reasons that are 'good' according to the logic of
court-cases) on only partial information, and hence the conclusions
are necessarily hedged.
Thanks in advance for your thoughts!
A 'bot' (an abbreviation of 'robot') is software that is contrived to
be inserted into a user's machine without the user's knowledge, and
which can perform functions for the benefit of some party other than
the user. From the viewpoint of that party, the most 'useful' kind
of bot is one that the party can exercise control over, in particular
to initiate particular kinds of actions by the user's machine.
A 'spambot' is a particular kind of bot whose purpose is to enable
the other party to distribute spam, in the sense of unsolicited
If a party is successful in infiltrating the software into a number
of user-machines, the collection of machines is referred to as a
The last 5 years has seen an explosion in spambots. This explosion
has been stimulated at least in part by the gradual emergence of laws
in various jurisdictions that criminalise the despatch of spam.
Spammers have used established techniques (involving 'viruses',
'worms' and 'trojan horses') to infest very large numbers of
user-machines with 'spambot' software. It has been estimated that a
substantial proportion of user-machines are infested with one or more
The function of a spambot comprises the following:
* it receives from some other location that is controlled by the
spammer a message that is to be despatched by email, and a set
* it generates a copy of that message to each of those email-addresses;
* it sends the messages out, or arranges for them to be sent out,
through the user's normal send-email channel, i.e. through their
Internet Service Provider (ISP).
To perform the last step - the actual despatch of the message - there
are broadly three ways in which a spambot can be programmed, and it
appears that all of these techniques may be in use:
(1) include in the software a complete 'sendmail' function;
(2) assume that a particular and very common software-library (called
MAPI) is available on the user's machine, and invoke that
(3) assume that a particular email-package is available on the user's
machine, and invoke that email-package. The most numerous
email-package on user-machines is Microsoft Outlook, which is
installed on the machine in question, and also uses the MAPI library.
In case (3), a copy of the outgoing spam-message will appear in the
'Sent' category of the user's email-files.
In case (2), a copy of the outgoing spam-message may appear in the
'Sent' category of the user's email-files, depending on a number of
In my opinion, it is technically feasible that malicious software in
the form of a spambot could have caused messages to appear in the
'Sent' category of the user's email-files, even though the user did
not send them.
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link