Online Attack Leads to Peek Into Spam Den

If he were known at all to Western security analysts who track the origins of spam, and in particular the ubiquitous subset of spam e-mails that promote male sexual enhancement products, it was only by the handle he used in Russian chat rooms, Engel.

His pleasant existence, living in obscurity, changed this summer when a court in Moscow linked Mr. Artimovich and three others with one of the world’s most prolific spambots, or illegal networks of virus-infected computers that send spam.

The ruling provided a peek into the shrouded world of the Viagra-spam industry, a multimillion-dollar illegal enterprise with tentacles stretching from Russia to India. Around the world every day, millions of people open their e-mail in-boxes to find invitations to buy Viagra or some other drug, potion or device to enhance sexual performance.

Who sends these notes and how they make money had remained a mystery to most recipients. The court put names and faces to a shadowy global network of infected computers known outside Russia as Festi and inside the country as Topol-Mailer, named after an intercontinental ballistic missile, the Topol-M. It was powerful enough to generate, at times, up to a third of all spam e-mail messages circulating globally.

Prosecutors say Mr. Artimovich was one of two principal programmers who controlled the network of infected computers in a group that included a former signals intelligence officer in the Federal Security Service, or F.S.B., the successor agency to the K.G.B.

Once they control the virus-infected computers, they are able to use software embedded on home and business computers to send persistent e-mails. The owner of an infected computer usually never knows the PC has been compromised.

More often than not these days, those infected computers are in India, Brazil and other developing countries where users cannot afford virus protection. But the high-end programming of viruses often takes place in Russia.

While the business model has been well understood — it was the subject of an extensive study by the University of California, San Diego — the individuals behind one of the largest spam gangs using it have largely avoided official scrutiny, until recently.

The Tushino Court in Moscow convicted two people of designing and controlling the Festi botnet, and two others of paying for its services, but none of them specifically of distributing spam. Instead, the court convicted the group of using the Festi network in 2010 to turn thousands of browsers simultaneously to the Web page of the online payment system of Aeroflot, the Russian national airline, crashing it in what is known as a distributed denial of service attack.

The spambot problem has vexed Western law enforcement officials, who complain the Russians ignore losses to global businesses that pay about $6 billion annually for spam filters, and to companies like Pfizer for sales lost to counterfeit pills.

Computer security experts have long been intrigued by the possibility that the Russian government has turned to so-called black hat hackers for political tasks in exchange offering protection from prosecution. But any direct evidence has been lacking, though the Festi case adds to the circumstantial evidence.

Russian authorities deny creating or turning a blind eye to botnets used to attack the Web sites of dissidents, or banks and government institutions in neighboring countries like Estonia or Georgia.

Valery V. Yaschenko, a deputy director of the Kremlin-linked Institute for Problems of Information Security, said the Russian government “condemns the practice of using strangers’ computers for attacks, or for any reason.”

For years, spam has been a very good business for Russian criminal gangs. An estimated $60 million a year is pulled in through these networks. Despite the Russian prosecutors’ victory this summer, similar networks remain active as tools for fraud and hacker attacks. Computer security experts say that suggests either the wrong men were convicted or the controlling codes were passed to somebody else.

Stefan Savage, a professor in the systems and networking group at the University of California, San Diego, studied the Festi scheme, in part by making test purchases.

Bucks Blog: When Free Stuff Leads You Astray

The main menu on Waze, a navigation and traffic app.

We all like freebies. But sometimes, free stuff can lure you into making choices that may not really be best. I learned that lesson anew last week, while on a road trip that took me through rural parts of Arkansas and Missouri.

A quick comparison of flying time versus driving time had led me to choose the automobile for this outing. That meant I’d be behind the wheel for about six hours, but at least part of the route promised to include scenic foliage, and the weather looked good.

Since I was driving alone, I decided to use a voice-guided G.P.S. system, to avoid having to check maps while dodging road kill. I had recently acquired an iPhone (not the most recent version, infamous for its map snafus). So I did a quick online search to see what navigation app might work best. My cellular provider, Verizon, offered one, for an extra $5 a month. That might not sound so pricey, but I think my cellphone bill is already outrageous, so I balked and kept searching.

I quickly — too quickly, it turns out — settled on a free app called Waze that got high marks from various reviewers (including one for The New York Times). The app’s main benefit is that it pools information from its users and sends back real-time information about traffic conditions, making it particularly popular with urban commuters seeking to avoid freeway snarls. I perhaps should have realized that an app aimed at commuters traveling familiar routes might not be the best fit for my purposes. But I figured it could still give me basic directions — and did I mention that it was free?

I ran a short test of the app the day before my trip, as I was running an errand, and it seemed to work. So I was hopeful when, in my driveway in the predawn darkness, I fired up the app and typed in the address of my destination. But at the end of my street, it told me to turn left. The correct option was to turn right. O.K., I thought, it will recalculate my route when it “sees” where I’m going. Ten miles later, it was still haranguing me to turn left — as if I were driving in some alternate universe, in which Missouri is west of Arkansas.

Michal Habdank-Kolaczkowski, communications director for Waze, explained that the app, which was introduced in the United States in 2009, begins with maps from the United States Census Bureau’s Tiger system, but that they are tweaked and updated constantly by Waze users. That means that in areas like Los Angeles, where the app claims 10 percent of drivers as users, the maps get constant feedback from users, who help keep the app updated. In flyover country, however, there are fewer users — at least for now — so the maps are not always as accurate. (That’s too bad. I wish the app could have warned me about those early-morning rural school buses, stopping every mile or two to pick up farm children.)

He encouraged me to correct any errors in the map, which is how Waze users benefit the system and others. But that is more of a commitment than I want to make for a one-time trip. I guess Waze isn’t for me right now. Except for intermittent reporting trips, I work at home, so the commuting I do usually is from my desk to the coffeepot.

After realizing that Waze was not going to get me where I needed to go, I debated whether to forge ahead without electronic assistance. The directions on my print map looked simple enough, but I had an appointment to keep and didn’t want any delays. So I pulled over and hunted down a new app on my phone. Not wanting to waste time, I opted for the Verizon app, VZ Navigator. It would give 30 days free on trial, it turned out, and it got me to my destination without a hitch. I wish I could say the same for the radio options on my route. I didn’t have satellite radio or an iPod jack, so I had to choose between classic rock (Pat Benatar is as annoying now as she was then) or Glenn Beck (news flash: stockpiling nonperishable food is the new version of investing in gold).

The trip back home was almost as smooth, after an initial problem. When I tried to retrace my route in reverse, the VZ Navigator kept telling me to “take the next legal U-turn” for the first 20 minutes or so. It finally gave up and reset itself — just before I was about to turn it off and sing along to some vintage Journey.

Have you had any disappointing experiences with free stuff? What happened?

Xbox Music Leads Microsoft’s New Push to Challenge iTunes

SEATTLE — Music fans have often viewed Microsoft as something like a bad cover band, one that pumped out uninviting facsimiles of Apple’s iPod and iTunes with its Zune music players and service.

Now that the Zune brand is dead, Microsoft is once again in search of a hit in digital music. But this time, to improve its odds of success, it is marshaling some of its most powerful brands as never before: Windows and the Xbox.

On Monday, the company plans to announce a service called Xbox Music that will offer access to a global catalog of about 30 million songs. The service will let consumers listen free to any song on computers and tablets running the latest version of its Windows software, as well as on the Xbox console. Microsoft will not initially limit how much music can be streamed, though that could change over time.

The service is part of a broad set of bets Microsoft is making this fall to help regain ground it has lost to competitors, especially Apple and Google. In addition to Windows 8, a major new version of its flagship operating system that will start shipping Oct. 26, the company is close to releasing a new version of its Windows Phone operating system for mobile phones and its first Microsoft-designed computer, a tablet device called Surface.

In an aggressive push to persuade lots of people to use the service, Microsoft will package the software for Xbox Music with Windows 8. The arrangement could awaken antitrust concerns about Microsoft’s use of Windows to gain toeholds in new markets.

Microsoft’s do-over in the market is a sign of how a strong music service has come to be seen as a prerequisite for any serious player in the gadget business. Apple first showed the way with that strategy by making it simple to buy songs from the iTunes Store, helping it sell more iPods. Google and Amazon have also gotten in on the act, adding music stores to their Android and Kindle devices.

In addition to competing with those big companies, Xbox Music is entering a landscape thick with independent music services that offer their own variations on the listening experience. Spotify, for example, provides on-demand listening to a large library of music, while Pandora programs radio stations tailored to its listeners’ individual tastes.

Scott Porter, principal program manager for Xbox Music, said many music fans today relied on a variety of services like those, along with more traditional sellers of songs like iTunes, to satisfy all their musical needs. This approach, though, can be tedious.

“The dilemma is that music has become work,” he said. “Our vision for Xbox Music is that it shouldn’t have to be work.”

Xbox Music incorporates elements of all of those services. There is an option to buy songs, so a music fan can own them permanently with minimal restrictions. There are Pandora-like radio stations built around songs and similar-sounding music.

And there is an option akin to Spotify that lets users listen free to any music from their computer, though they will get audio and visual advertisements. (Some major bands, like the Beatles, are missing from the catalog.) Like Spotify, Xbox Music offers a $10-a-month ad-free service that includes many other features, like the ability to listen to music on smartphones and the Xbox 360 game console.

While finding music on other services can sometimes feel like studying a glorified spreadsheet, Xbox Music is much richer visually, with artist photos that can be flipped through quickly.

Analysts say the success of Xbox Music will depend on far more than whether the service itself is any good, since the strategy is to have it enhance the appeal of Microsoft-powered gadgets that have much broader functions. “This is not going to matter if no one wants the devices,” said Richard Greenfield, an analyst at BTIG Research. “You need to have a killer device.”

That will be tricky on phones. The first smartphones on which the service will be available are those running a new version of Microsoft’s mobile operating system, Windows Phone, which has struggled to gain traction.