12 Days competition: Day 8 – The amount of spam you can send is…

The Twelve Days of Christmas - melody

Here’s the melody – click to sing along!

Every month, at least one person proudly tells us that they don’t run anti-virus software and they’ve never had a computer virus.

To which we always reply, “How do you know?”

A few noisy exceptions aside, malware normally goes to great lengths to stay unnoticed so that it can steal from you over and over and over again.

But not being seen doesn’t mean it isn’t there or that it’s dormant – in fact you won’t believe just how busy a computer virus can be without drawing attention to itself…

How to send
5 million
spam emails without even noticing

And for your chance to win an exclusive, limited edition, Naked Security T-shirt, work out the answer to Paul Ducklin’s brain teaser below…

This December we’re celebrating Christmas by giving away five of our much-coveted, limited edition Naked Security T-shirts every day for 12 days!

We’ve selected twelve of the most interesting stories from 2014 and we’ll be writing about one of them each day.

All you have to do to win a T-shirt is read the story and answer the question.

We’ll pick 5 lucky winners out of a hat (OK, /dev/urandom) each day and those who answer the most questions correctly over the 12 days will be entered into our grand prize draw for a goody bag of geeky gifts valued at up to $500!

We need to know your email address so that we can contact you if you’ve won. When we contact you, we’ll need your T-shirt size, a delivery address and a contact number so we can ship your prize. We won’t use any of your personal details for anything other than this competition.

Entries close at 23:59 Pacific Standard Time (UTC-8) each day. Sophos staff, those pro­fessionally connected to the company, and their families, are welcome to submit answers for fun, but can’t win. T-shirt styles may vary from those depicted. Sophos’s decision is final, and so on. Please read our official competition terms and conditions.

What was Day 7’s answer?

On Day 7, we talked about ransomware, which is malware that locks you out of your computer or your files and demands money to let you back in.

Although ransomware often feels like a modern invention, thanks to the infamous CryptoLocker malware of 2013, the first widespread ransomware was the AIDS Information Trojan of 1990.

AIDS Info Trojan intro screen

More precisely, the company used to receive ransom payments was registered on 04 December 1989, and the first known mailshot of infected diskettes happened on 07 December 1989, almost exactly 25 years ago.

→ For a trip down memory lane, read the analysis from Sophos, written by Sophos co-founder Dr Jan Hruska on 13 December 1989. The date of the AIDS Information Trojan is often given as 1990 because that’s when the majority of disks were received and opened. Also, because of the delayed trigger, even those who installed the malware at the tail end of 1989 wouldn’t see the ransom demand until the following year.

You could license the software at install time for $189, but if you didn’t, and installed it anyway, it would wait until you had rebooted 90 times and then try to make you pay by scrambling your hard disk and printing out a menaces letter demanding $378 as a licence fee:

AIDS Information Trojan licence screen

You could get 50% off by licensing it for just 12 months. (Actually, 365 program invocations at reboot, optimistically assuming one reboot of your DOS computer every day.)

Day 7’s question was to identify the country to which you were supposed to remit the menaces money.

As you can see, the answer is Panama.

By the way, to learn more about ransomware, why not listen to our Techknow podcast on the subject?

(Audio player above not working? Download, or listen on Soundcloud.)