On the Trail of the Malevolent Redirect
Listener Jack Flynn had a question for me. "How do you disclose all of those redirects when you track down spammers?" Good question. In fact, it's not something that requires much know-how, just enough patience to perform a series of mind-numbing steps over and over. Prepare to have your mind numbed because I'm now going to show you how it's done.
The first step is finding a spam to analyze. Because my Gmail account receives copies of all e-mail messages (even the ones that are filtered out before reaching my standard account), I usually have a good choice. Spams stay on the system for 30 days and then Gmail deletes them, so I also have a running total of how much spam is trying to get to me.
I thought that maybe this Colonial Bank WebBiz Emergency Alert System message (left) might be a good candidate. To see larger view of each image, click the smaller image in this report.
So I opened the message and found that Colonial Bank (never heard of it) had installed some new security software and wanted me to update things.
That would have been difficult as I didn't have an account. And the message gave away a lot. My name was, of course, nowhere to be found and a series of grade-school punctuation errors revealed the message for what it was.
By hovering the mouse over the link that was provided in the message, I could see what the destination was.
So I copied the shortcut to the Windows clipboard. Then I pasted the URL into UltraEdit, but you can use any text editor (Notepad, for example.)
The domain is fnhgjd.com, which doesn't look much like a bank's URL. The next step I always take is to look up the domain registration information because I want to know who owns the domain and where that person is located.
CentralOps.net is a handy free online service that provides a lot of information.
The registrar for this domain is in China and it's probably safe to say the US-based banks never use domain registrars in China. So who does this domain belong to?
I scrolled down a bit further and found that the registration belongs to a gentleman in Saratov, the capital of the Saratovskaya Oblast (administrative region) in Russia.
Saratov is about 1000 miles southeast of Moscow, which puts it in central Russia. This is not an area known for international finance.
So now it's time to see if there are any redirects.
To find out, I use SamSpade. This is a free utility that you can download here.
I hand SamSpade the full URL and tell it to identify itself as a Windows 95 computer running an old version of Internet Explorer. This is safe because SamSpade will show just the raw HTML from the site. It has no ability to run any of the nasties that might be on the site, so it's a safe way to see what redirects are in place.
As it turns out, there aren't any redirects, the the site will attempt to run an executable file. Needless to say, this will do something to the computer that I won't be happy about. Although there were no redirects here, this explains how you can safely examine the target of a URL. Be extremely careful, though, when you're obtaining the URL because accidentally clicking the poisonous link will take you to the rogue site.
If at First You Don't Succeed, Try Second Base
So I went back to the starting point and scanned the list for another possible "winner".
Ah ... here's one. An offer for "free scholarships".
The URL is long and ugly, but that's not necessarily definitive. Legitimate URLs can be much longer than this.
Once again, I copied the link to the Windows clipboard.
CentralOps told me that the domain in question is registered to someone in Santee, California. So I asked Google Maps and, as it turns out, this is an area with a street-level view.
The view on the left is the overhead map view with a satellite photo. It appears to be a shopping center.
The view on the right confirms this. It's a small shopping center with a Von's supermarket. The address provided is probably nothing more than a mailbox.
Now that I know a bit about the spammer, it's time to look at the website.
SamSpade showed me the page. You'll note that the horizontal scroll bar reveals that some of the lines are quite long. Making it hard for someone to see the code is one technique spammers use to hide their work.
So I copied all of the text from SamSpade and pasted it into UltraEdit. I had UltraEdit remove extra vertical and horizontal spacing, then wrap the text so that everything would be visible. There wasn't much on the body of the page—just a form with no elements and no way to submit it.
But there it was, up in the <HEAD> element, a redirect.
I returned to CentralOps and found the address for the domain: San Francisco.
GoogleMaps was the next step, of course, and the address is in an area northeast of the Mission District. Keep this address in mind; you'll see it again.
It's SamSpade's turn again and there's another redirect.
You would be forgiven for thinking that we're going in circles here.
And this domain is registered to the same company at the same address as the one before. I can think of several reasons why one might do this, but I can't think of one that's ethical.
The next page is actually a legitimate HTML page with a form that allows the visitor to apply for a free college loan. This is probably a business that offers to find scholarships for students. Guidance counselors generally recommend avoiding these operations because they charge a fee and often find nothing more than students could find on their own. This isn't illegal. It may not even be unethical, but I'd certainly want to keep my eye on my wallet while dealing with someone who has sent me on such a circuitous path to get to the website.
I had questions about the operation, so I asked Google and the result was generally inconclusive.
There was no shortage of sites that claimed the operation is fraudulent, but none that I found was from a government agency or from the Better Business Bureau. And I found some colleges that provided links to the company's website.
When I checked with the Better Business Bureau, I was surprised to find that the company is a member of BBB OnLine.
Checking further, I found that the operation has only a few complaints filed against it.
Of the 4 complaints filed against the company, 2 were resolved and 2 were not.
At the left is the BBB's summary and it seems to indicate that the company is legitimate. One must question the justification that a legitimate business would use for sending spam, or the justification for a series of redirects.
If I am aware that a company deals with spam-spewing organizations, I will not deal with that company and I'm not bashful about communicating my reasons to corporate leaders.
There is a difference between commercial mail that I have invited to my inbox—from companies that I do business with and want to hear from—and that from people who have somehow managed to find one of my e-mail addresses and use it to send offers for things I don't want or need.
As I said at the outset, finding redirects isn't particularly difficult. But it is time consuming. Maybe it's a good activity if it's a rainy Fourth of July and you're sitting at home wondering what to do.
UltraEdit: Still the Champion, but Sometimes Annoying
"A new version of Ultra Edit is available," the message said. I downloaded it. I installed it. The next time I started my favorite text editor, I was told that it was now unregistered and that I had 45 days to register it. A flurry of messages between me and IDM revealed that: (1)The "step" upgrade from 14.0 to 14.1 was considered a "major" upgrade, (2)Some 14.0 users were eligible for a free upgrade to 14.1, but I wasn't one of them, (3)IDM provides no-cost upgrades for 1 year, regardless of version numbers, and (4)they were really sorry about the misunderstanding and hoped to find a better way to do things. As annoying as that event was, I'm still absolutely sold on UltraEdit.
So much, in fact, that I paid for the upgrade without even bothering to look at what's new in this version. That may be too trusting. That may be stupid. But I have a long history with UltraEdit and I know that each new version brings features that I didn't know I needed, but won't want to be without.
Ben at IDM said, "Because point releases (14.1, 14.2, etc.) are still considered to be major releases (based on the amount of development resources we commit to their new features/enhancements), they are considered to be major releases just as much as v14.00 was. V14.10 is as major release as v143.0, and many consider each point release from IDM as strong or stronger than the last. This is indeed a signature characteristic of IDM."
I would suggest to IDM that the value to the client has no relationship to "the amount of development resources we commit to their new features/enhancements". Users don't particularly care what resources were committed. They care about what the new version will do for them. I know that a small feature with minimal value to the user may consume an enormous amount of programming resources. If IDM chooses to commit resources to minor features, that's not the user's concern and presenting it that way isn't a convincing argument.
Ben also said, "I do understand your frustration, though, and we are evaluating options for making updates/upgrades clearer for users." That's good to know.
The enhancements in version 14.1 don't strike me as "major release" material, although they are certainly good and useful additions. For example:
- UltraEdit can perform find/replace in files. The new version allows the user to exclude file or folder names in the process. Previously, the user could select files and folders. This seems to be a minor upgrade at best.
- The user can find lines not matching a search string. This is a powerful feature, but not one that most users will ever need.
- The ability to detect XHTML code and provide the appropriate code folding and indentation. This is another powerful feature, but not one that most users will ever need.
- The bookmark limit has been increased to 500. I'm not sure what the limit was previously, but I know that I've never encountered the limit.
- The Windows right-click context menu is now available in file tree view/workspace manager. This is a nice usability feature, but hardly "major upgrade" material.
- The new version of UltraEdit has an "open as" box for binary, UTF-8, and other Unicode-based files. Yawn.
- Links opened from Quickstart guide now open in default browser. Yawn.
- There is now a separate "Insert" menu item for many commonly-used insert commands. Yawn.
- "Many internal performance enhancements and improvements." This is not "major release" material.
So maybe the problem is that over the years UltraEdit has become so competent and so refined and so powerful that there really isn't much more to do. There's not much profit margin in doing nothing, though. IDM will continue to improve UltraEdit, but the improvements probably should be considered tweaks and minor enhancements.
This criticism doesn't mean that I'll abandon UltraEdit for some other program or that I no longer like the developers. What it means is that this time around I bought the "UNLIMITED UPGRADES" option. According to IDM, this means that I will never pay another upgrade fee. The price of the unlimited upgrades option is 150% of the retail price of the application. So I could have upgraded to the current version for about $30 or I could buy upgrades forever for about $70. That was an easy decision.
Nerdly News
Another Netflix Oops
I knew something was amiss when Netflix acknowledged 2 of the 3 DVDs I shipped back on the same day. Usually, the confirmations arrive like clockwork, early in the morning. Three "we've received" messages followed by three "we've shipped" messages later in the day. The third "received" message never arrived and there were no "shipped" messages. Then, a day later, "We're Sorry DVD Shipments Are Delayed: Our shipping system is unexpectedly down. We received a DVD back from you and should have shipped you a DVD, but we likely have not. Our goal is to ship DVDs as soon as possible, and we will keep you posted on the status of your DVD shipments." Three days later, Netflix was back.
That's the longest disruption since Netflix began, 9 years ago, and the company says subscribers will receive a 15% credit. That's going to add up because about 1/3 of the company's 8.4 million subscribers were affected. Netflix says the credits will be automatically applied in the next billing cycle.
If you had just signed up for a 2-week Netflix trial, you'll get an extra week.
Netflix won't say what caused the outage, but they did admit that it affected all 55 of the company's shipping centers. Some discs went out Wednesday and Thursday, but nothing was shipped on Tuesday.
On Saturday, I received a shipping notice telling me that I would receive a DVD yesterday. I think I'll need to use the Wayback Machine again.
Just a few months ago (March) Netflix had a 1-day outage and the company was out of service for about 18 hours in 2007. Once again the company got high marks from customers and from public relations professionals for making customers aware of a problem they might not even have noticed and for offering credits without being asked.
R U a Moron?
Here is a law that should never need to exist: According to the New York Times, a city council member wants to ban sending and receiving text messages while driving. The common-sense response to that would have to be to ask what kind of idiot would try to send a text message while driving. But having noticed "drivers" with televisions on the dash and other "drivers" who are reading books or newspapers, I have to admit that councilman David Weprin is right.
This week Weprin introduced legislation that would ban the sending or reading of text messages while driving within New York City. A story in the New York Times quoted Weprin: "It’s a risk to drivers, obviously, and also to passengers and pedestrians. You’re not looking at the road and you don’t have both hands on the wheel."
Why should legislators have to point this out to us. Are we really that stupid? Unfortunately, it appears that some of us are. New York State and California both have bans on the use of cell phones when driving. California's law allows the use of cell phones, but requires that the motorist us a hands-free device. New York's law bans all cell phone use when driving.
How bad is the problem? Here's an example: Five New York teens died last summer when the driver of the SUV they were riding in lost control of her car and struck a semi head-on. The driver was using her phone to send a text message when she died, along with 4 of her friends.
New York's state legislature is considering a similar measure.
Alaska, Minnesota, New Jersey, and Washington already ban text messaging while driving. A study by Nationwide Insurance in 2006 revealed that nearly 20% of drivers text message while at the wheel. Given the lunacy of doing that, this may explain several things about the United States of America.
The Weekly Podcast
Podcasts are usually in place no later than 9am (Eastern time) on the date of the program. The podcast that corresponds to this program is below. The most recent complete podcast is always located here.
Search this site: Looking for something you remember hearing about on TechByter Worldwide? Search me.
Subscribe to the newsletter: Subscribing to the podcast: I recommend Apple's Itunes for podcasts. Itunes will also install the latest version of QuickTime. The program is free. Need instructions?
Privacy Guarantee: I will not sell, rent, loan, auction, trade, or do anything else with your e-mail address. Period.
How the cat rating scale works.
Do you use a pop-up blocker? If so, please read this.
The author's image: It's that photo over at the right. This explains why TechByter Worldwide was never on television, doesn't it?
Feed the kitty: That's one of them on the left. Creating the information for each week's TechByter requires many hours of unpaid work. If you find the information helpful, please consider a contribution. (Think "NPR".)