Like most people, I'm not fond of spammers. In fact, they drive me nuts. My old Internet connection was usage-based, meaning that the bill went up for every piece of spam received or transmitted through the gulker.com domain. When spammers hijacked my mail server earlier this year, I got downright testy.
As competition has driven down the price of spam software and mailing lists, the quality of spam has fallen tremendously, if you can accept the notion of "quality" and "spam" in the same phrase.
Spammers who misspell their pitch - in the subject line, no less - have become routine. Recent offerings include "aprodesiac", "debt to high", "risk fee!", "for are clients", "frequent asked questions", "hot address's", and "co-branbing program". Worse, lately, not a few spammers who clog bandwidth with hundreds of thousands of missives have somehow neglected to actually include a message.
What, I wonder, prompts a person to go to the effort of buying spam software, sign up for an Internet account that will be suspended immediately after the first spam (at a loss of set-up charges and first month's fees), and then forget to include a message? Are a few of us in the spam community running a few packets short of a datagram?
So, to get back to my tale, here it was, the fourth subject-less, text- less message in a row. I figured it was spam, for sure. Curiously, this latest one had an attachment "notice.htm", which contained the following:
PGh0bWw+PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+bmFtZT0id2lueHoiOzwvc2NyaXB0Pg0 KPGZyYW1lc2V0IHJvd3M9IjEwJSwqIj48ZnJhbWUgc3JjPSJodRwOi8veHpsMy55ZWFoLm5ldCIgbmF tZT0ibGR4eiIgbm9yZXNpemUgc2Nyb2xsaW5nPW5vPg0KPGZyYW1lIHNyYz0iaHR0cDovL3d3dy56aG FuamlhbmcuZ2QuY24 vbmV0aG9tZS9zdXNpL3N6eC9pbmRleC5odG0iIG5vcmVzaXplIHNjcm9sbGluZz1ubz4NCjwvZnJhbW VzZXQ+PC9odG1sPg==
Why, I wondered, would you bother to name something as if it were a Web page, attach it, and e-mail it if all it contained was garbage?
But, was it? ASCII text is encoded by a byte - an 8-bit binary number than can encode up to 256 characters. Since there are only 52 alphabet letters (26 lowercase and 26 uppercase) in an ASCII set, most true random garbage mainly contains the weird punctuation and figures that are encoded by the other 204 numbers.
But this missive contains mainly letters, along with a few other characters. Letters and "regular" punctuation are "safe" characters, that is to say, they probably don't represent binary commands. Many Internet transport protocols require that data be transmitted as only "safe" characters, lest a router or computer interpret them as a command to, say, reset or shut down.
Could this be a kind of encoding? The plot thickens!
My modern e-mail client hides most of the stuff that's attached to an e-mail message like Internet headers and MIME specs. Thoughtfully, it has a "View source code" menu item that allows the user to see all the gory details. "View source" revealed the line: "Content-Transfer-Encoding: Base 64."
Aha! Base 64 is another encoding scheme that uses safe characters. Now all I needed was a Base 64 decoder. A quick visit to a freeware/shareware site revealed nothing, since most modern e-mail packages have built-in decoders (and who knows why mine wasn't kicking in?). Fortunately, Sherlock, my Mac's find-it program, turned up a folder called "YA Base 64" on an old, long-neglected hard drive connected to one of the oldest computers gathering dust on gulker.com's LAN.
"YA" in freeware parlance stands for "Yet Another". Freeware programmers, God bless their souls, are like any other community - they have vogues and fads. Whenever a bunch of programmers tackle the same topic, like decoder utilities, they not infrequently name the result YA-something, as in YA-Newswatcher for a Yet Another Usenet news reader. The program's creation date was 1996. Vintage software! I wondered if it would run.
It did. But when I dropped "notice.htm" on it, nothing happened. Back to the drawing board.
Inspiration struck - notice.htm was devoid of the content encoding string and other markers in the source e-mail. Decoder programs rely on markers - words like "BEGIN" or "Cut Here" to find the bits to decode. I saved the e-mail to disk, and dropped it on the decoder - a new "notice.htm" file appeared immediately. I dropped it on my browser.
A page appeared, a Java applet launched, question marks began to parade across the browser's bottom border, a new window appeared and the browser suddenly transported itself to a site (http://www.zhanjiang.gd.cn/). But ".cn"? This was in China!
One of the windows began to display a mesmerising 3D graphic, while a "Christmas Benediction" scrolled. In another window a photo collage appeared, and then, suddenly, its surface rippled as if a drop of water had fallen in a still pool covering the image. Then a wave undulated from one corner to the other. The effects were dazzling, and had downloaded so fast from a server across the Pacific, that I knew these were no mere animated GIF files. I clicked on the image.
A new window appeared: "Wormhole Applet by Fabio Ciucci", with the line "You can connect to my page" and a button. I clicked the button. We were transported to: http://www.anfiteatro.it/java.html - Italy, this time. Another wizzy rippling image appeared. Fabio is a programmer, and his Java applets are for sale.
Thirty minutes of detective work on three continents, only to find I'd spammed myself! Fabio, you're one brilliant spammer (the alternative is I'm the world's dumbest spammee). Oi vey.