Home Evil
Post
Cancel

Evil

This company is “paying people to spam.” The idea is that you install their scumware on your machine, and they pay you $1 for every hour of CPU time it uses. Sounds like a good deal, right? Wrong. First of all, it doesn’t use your CPU 24/7 (which would net you $720 per month) but rather with all settings maxed, it uses about 1% of your CPU, which would net you $7.20 per month… and a pissed off (and probably disconnected) ISP to boot.

Out of curiosity, I installed it in a closed-lab scenario, and poked, prodded, and port-scanned to get some info. Here are some basics:

<ul>
<li>CPU time is, indeed, CPU time. It is based on the amount of time the CPU actually spends on the given process ID. I cranked everything for 60 minutes, and the total CPU time was 41 seconds.
</li><li>It sends traffic on port 25 as expected.
</li><li>SMTP failure does not seem to have a short-term impact on the calculated CPU time. I ran it for 30 minutes where it was being tricked into thinking the messages were sent, and 30 minutes where it WASN’T being tricked into thinking the messages were sent. The CPU time was about the same for each of those half hour segments. (19 seconds for the first, 23 second for the second.) They don’t seem to be checking. These numbers WERE reflected on the web site’s management area as well.
</li><li>based on the above info (i.e. that they are not checking to see if the messages are actually being sent) I have to assume that they don’t plan to pay anyone. I can’t imagine they would have made that mistake otherwise.
</li><li>Their backend (which handles the requests) seems to be web services based, and doesn’t seem to have any form of authentication in place.
</li><li>The app is pretty configurable. Some screenshots below:
</li></ul>





This post is licensed under CC BY 4.0 by the author.