Everything old is new again. It’s been years since I got any spam trying to sell me legal herbal smoking mixtures, but here they come again. But, this time, there’s a lot more to the scam than meets the eye.
“Legal weed” concoctions seldom have any more actual effect than does snorting a fat line of baking powder. They invariably, however, have names that make them sound as if just opening the bag and taking a sniff would blow Bob Marley’s head clean off.
This time, the spam’s trying to sell “Big Buddha Bud”.
Or, as I discovered when I searched for that string, perhaps it isn’t!
It would appear that the Big Buddha Bud spams were, a week or three ago, promoting thebudshop.hk. That server had a protean IP address, shifting from one address that resolved to a home broadband provider to another, minute by minute if not second by second.
That could only mean that the site was being served by a botnet.
And that, in turn, probably meant that the site’s only purpose was to harvest credit card numbers.
If, after all, you’ve got an online shopping site that can only be traced to countless virus-infected home PCs, why on earth should you bother actually sending anybody anything they’ve bought from you?
Thebudshop.hk is gone now, but thebudshop.net is alive and well. And its shifting IP address remains.
When I looked at it it a few minutes ago it was at 220.127.116.11, an address in Verizon Wireless’s allocation. Then it changed to 18.104.22.168, which is a Road Runner address. Then it was 22.214.171.124; that belongs to ChoiceOne, a bank! And less than a minute later, it resolved to 126.96.36.199, an Earthlink address. And then 188.8.131.52, which is AT&T. I doubt any US ISP will be left out, if I keep on checking.
(If you manually point a Web browser at any of the botnet IP addresses, by the way, you get an interesting little page that says “Coming Soon! Please check us back later… Ddos Protection by the leet boys ;)”. This is an interesting thread to tug on, if you’re after more information on this particular botnet.)
I had no idea it existed until this moment, but it turns out that this “botnet hosting” is a known phenomenon. It’s a brilliant idea, too! Why use your army of zombified home PCs only to send spam, when you can also use it to host the super-dodgy sites you’re promoting?
Botnet hosting seems to have taken great strides, as well. Sites like this are supposed to be flaky, but thebudshop.net looks rock solid (not to mention professionally designed!) to me. This botnet seems to be delivering the kind of super-distributed redundancy that major Internet companies dream about.