On Friday, Sep 26, 2003, at 14:06 Canada/Eastern, Mike Tancsa wrote:
But 3 days later, I got another email with the same scam, this time to a different provider in Korea.... Next.
Korea has a very large number of reliably- and permanently-connected windows boxes in comparison to most other countries (the OECD numbers on broadband access in 2001 ranked Korea way up there at the top of the list, with Canada a distant second, or so I heard on the radio the other day). You can buy residential 20Mbit/s VDSL services there over the phone, as a regular service, and people do. Given this, I'm guessing that if you choose a windows box with a stable connection on the net at random, chances are good that it's in Korea. All the network operators I have in Korea are both efficient and technically proficient, and I certainly didn't get any impression that people were lax or in any way irresponsible with respect to running networks: the fact that the networks there are still functioning at all suggests they are well-practiced at dealing with infected windows boxes. It's seems to be much less common to find people who speak English in Korea than it is in other places in Asia, though, which might help explain apparent unresponsiveness to complaints which are not written in Korean. So, here's my point (and I know I'm rambling, come on, it's a Friday): when every other back trace leads to Korea, it's not necessarily because Korea is irresponsible or incompetent; in terms of the global distribution of windows-based worm factories, they just account for a disproportionate amount of the Internet. Given the numbers of clients they have to deal with it's eminently possible that they're doing a much better job, in relative and general terms, than operators in the US, Europe and Australasia. Joe