advertisement

Print

Spam from Iraq

by Brian McWilliams, author of Spam Kings
11/09/2005

Back when Saddam Hussein and his sons ran the show, Iraqis shared only a handful of Internet Protocol (IP) addresses. That way, the government could better monitor their online activity.

But according to the latest data (see also spamkings.oreilly.com/alloclist.txt) from the RIPE Network Coordination Centre, Iraq now has thousands of IP addresses allocated to it. (It's still in the process of getting its top-level domain, .IQ, up and running.)

Much of Iraq's burgeoning IP space is as yet undeveloped. Unfortunately, some of it is already being exploited by spammers.

Last August, spam for fake Rolexes and "high flying" stocks flowed out of an open proxy computer connected to Kurdistan Net, an internet service provider in northern Iraq.

Similarly, an IP address allocated to SpaceNet Online in Baghdad is listed in several anti-spam databases as being an open spam proxy.

Alpha ISP, a broadband ISP in Sulaimania, also in northern Iraq, has had one of its IP addresses blacklisted by SORBS for being connected to a "likely Trojaned machine" used to send spam.

Alpha's upstream ISP is SkyVision, a British firm providing satellite service in Iraq. A number of other SkyVision IP addresses from Iraq have been blacklisted by the Spamcop spam reporting and filtering service for sending email to Spamcop's spam traps.

Insecure proxies are nothing new in Iraq. Years ago, before the war, spammers regularly abused one of Iraq's few IP addresses--62.145.94.250--to send mortgage and porn spam, which resulted in a blacklisting.

Related Reading

Spam Kings
The Real Story behind the High-Rolling Hucksters Pushing Porn, Pills, and %*@)# Enlargements
By Brian McWilliams

So far, there's no evidence that Iraqis are behind the spam coming from their net space, or that they've embraced the idea of using spam to advertise their proliferating websites. But there have been a number of false alarms.

About a year ago, a spammer touted prescription drugs and mortgages via a domain named KMFDLCB.INFO, the registration of which listed a Baghdad phone number and the IQ country code. But the domain is actually believed to be connected to a spam operation known as the Russian Spam Gang, which apparently forged the Iraq contact information.

In the middle of 2003, Iraqi themes began to surface in new renditions of the typical Nigerian advance-fee fraud or "419" scam spam. One version appears to be from a 29-year-old Baghdad resident with $20 million she wants to share in exchange for getting her out of the country. Other messages seem to come from American soldiers or Iraqis who looted banks during the fall of Baghdad.

Check a little closer, however, and the message IP addresses invariably show the scams were sent from Nigeria.

With its expanding internet presence, will Iraq soon join the ranks of the top spam-producing nations? It seems highly unlikely, given the continuing fragility of the country's infrastructure and its relatively small number of both ISPs and PC end-users compared to spam havens like the U.S., China, and South Korea.

On the other hand, there are some troubling signs from Iraq. None of the nation's leading ISPs appear to have published an acceptable use policy that expressly prohibits customers from sending bulk unsolicited commercial email.

As I learned while researching Spam Kings, junk emailers are often born out of an amalgam of technical skill and economic hardship. Iraq's certainly got a lot of both of those elements right now.

Brian McWilliams is the author of Spam Kings and is an investigative journalist who has covered business and technology for web magazines including Wired News and Salon, as well as the Washington Post and PC World, Computerworld, and Inc. magazines.


Return to the O'Reilly Network