Theory

No doubt you’ll remember the recent wave of trojan-laden spam which is still trickling in.

I have a theory about what the Peacomm trojan’s been up to.

At 3:36am EDT, the floodgates opened and this site (and no doubt several million others) was bombed with comment spam.  For the next half-hour (exactly), 47 comments — all containing links to one of 5 sites on hometown.aol.com — were posted here.  Some of the IPs involved were:

58.216.243.2
59.31.53.252
60.31.167.224
61.133.214.194
61.253.171.235
65.184.195.252
66.230.167.213
68.23.34.164
68.101.37.15
68.216.187.22
70.227.232.194
71.84.196.11
72.187.201.227
82.114.68.194
82.242.222.98
121.155.56.59
125.178.179.207
195.175.37.6
200.88.125.9
202.29.22.197
203.28.159.167
203.144.143.2
203.144.144.164
203.144.160.246
203.144.160.247
203.144.160.248
203.144.160.249
203.144.160.250
211.99.196.117
222.235.250.112

What does all this mean to the average Joe/Josie?  Very little, I imagine, unless you click one of the links.  The addresses and text indicate they lead to pornographic writing, though I wouldn’t bet on it; if you went to the time and trouble of setting up a world-wide botnet, would you use it to drive traffic to dirty stories?

Only, I imagine, if the web pages either contain code to add aspiring pervs’ computers to the Borg collective, or contain a load of pay-per-impression ads . . . and that business model was dropped a day or two after it was implemented.

The only thing I can think of which obviates the theory is the small number; only 47 computers (including those from at least one LAN).
More on this as the morons phish.