Recent Tweets

Follow Me on Twitter

Powered by Twitter Tools

© 2012 BlogName - All rights reserved.

Firstyme WordPress Theme.
Designed by Charlie Asemota.

SPAM Analysis

January 29, 2014 - Author: Mike Bosland

Gmail Spam

I received a few viruses in my inbox during the holiday season and naturally, I downloaded and ran this malware to see what it’s purpose was. What did the authors want to accomplish? How are they planning on achieving said goal? Who are they? Where are they? So now I have a malware analysis lab set up and I am learning how to reverse engineer computer viruses, root kits and other types of malware.

During a particularly slow day of Jury Duty, I wanted to continue researching this malware, but being in a government building, I decided that’s probably a bad idea. So I downloaded the contents of my oldest email accounts spam folder. This is my sacrificial lamb account. I use it whenever I need to sign up for something or I have an feeling my email will be sold to the highest bidder. Naturally, it gets a lot spam, and a lot of attachments.

Armed with only the most generalized and probably offensive thoughts about spam I dove in and mined this data for trends and any other tidbits I could find. Here’s what I found:


The spam folder was analyzed. It contained messages from 12/14/13 through 1/14/14. During this 1 month period 151 spam messages were received. These were exported and analyzed using open source software, open source data and custom python scripts to tie it all together. As expected, the majority of spam messages resolved to China. 3 Servers in China. That is the cool part of all this research. 151 messages, on the surface all unique, linked to the same 3 servers in China.


Email messages were parsed using custom python scripts and the python open source mailbox libraries. The links were harvested with custom python scripts and queried against the various WHOIS databases online to identify an IPv4 address for each. These IPv4 addresses were geolocated using the pygeoip libraries and the GeoLiteCity database. Graphs were generated from custom python scripts using matlib libraries and Microsoft Excel.
Throughout the research here, one assumption used is that the destination IP and especially country is the final destination intended by the author of the spam message. However, it is possible some of these destinations are in fact intermediaries or compromised servers pulling malicious content from yet more servers or redirecting the user to a different location.

Where did the spam come from?

The spam messages were sent from a variety of locations around the world.
Using the emails ‘X-Originating-IP’ field, I determined the geolocation of the address sending the spam. This does not mean these are spammer IP address; these could be compromised machines, spoofed IP addresses or a variety of other possibilities as well.

Each message came from a unique IP address. This makes me think many of these might be spoofed. Here is the breakdown by country of origin. The Other category includes: Belarus, Canada, Japan, Malaysia, Philippines & Taiwan. Each of these had an individual percentage below 1% of the total Spam sent.


If you were to geolocate each of the servers and plot it on a world map…you’d get this:

Spam Contents

Attachments are a big concern, so we’ll discuss them first. Thanks to advancements in ant-spam, anti-virus technologies, most of these spam messages did NOT contain attachments. There 1 was message which did. The attachment was a virus sent from a Taiwan IP address. This virus is being researched and will be reported separately.
The other 150 messages contained links of some sort. These have not yet been determined if they are malicious or not. More research is required here.

Link Destinations
The 151 Spam emails contained a total of 1538 individual links. If we look at the various linked domains and see where the DNS servers resolve them, we can attribute them to countries and individual machines.
Here is the breakdown by country of destination. In other words, if you click the link, the computer you are accessing is located in that country. The Unknown category includes links or domains that I was not able to verify.


Like wise, if you plot these destination servers on a map…

Interestingly enough, while there are only 3 servers in China, the majority of spam links (69.3%), linked to these machines through a variety of domain names.

Chinese Servers
As mentioned before, most of the spam resolved to 3 chinese Servers. Server1, Server2 and Server3 for the purposes of this blog post (while I figure out the legality of posting IP addresses…)

Based on the similarity and sequential nature of the IP Addresses, it appears the first 2 are most likely the same individual, group or organization, however more research is required. These 2 machines are located in Beijing. The third is located in China but more specific than that is not clear. Multiple domains resolved to these servers. It is possible this is a virtual hosting provider using 1 IP for a variety of domains, but this requires more research.

25 Individual domains resolved to this server. 98 of the 151 Spam messages linked to this machine.

These 26 domains link to Server2. 98 of the 151 spam messages linked to this machine.
Most are duplicates of those linking to Server1 leading further evidence to suggest these are machines owned and/or operated by the same individual, group or organization. The highlighted domain is uniquely tied to this machine. Based on the domain name this could be the main web hosting server. Again more research is needed.

Only 3 domains resolved to this IP. They seem to be related. 3 of the 151 messages linked to this machine.


This section details the routing the spam messages are supporting. The originating country is the country from which the spam message was sent. The Destination Country is which country the server linked to by the spam message resides in.

Originating Country Destination Country Number of Links
Korea, Republic Of China 422
China China 361
China United States 277
Unknown Unknown 218
United States United States 108
South Africa United States 65
United States China 65
Germany China 22
Canada China 9
Ukraine China 6
Philippines United States 6
Japan Japan 3
United States Turkey 3
Russian Federation Korea, Republic Of 2
United States Czech Republic 1
Russian Federation China 1
United States Hong Kong 1
United States Poland 1
United States France 1
Ukraine Hong Kong 1
Vietnam Hong Kong 1
Vietnam Poland 1
Malaysia Germany 1

Malicious Content

Malicious Attachments
As mentioned above, only 1 of these spam messages contained an attachment. This was indeed malware. Preliminary analysis seems to point to this being a downloader and clickjacker. Detailed analysis is underway.

Malicious Links
Research is underway to determine which, if any, of the 1538 links contained in these messages are malicious. I’m researching the client side honeypot ‘thug’ to “beat up the hackers and steal their malware”. Awesome stuff.

Subject Line Analysis

Email subjects in the spam messages can be easily assigned to 2 main categories. There are those that are standard plain text and those that are base64 encoded. This encoding could be to support icons in the subject line or a way to evade anti-spam filters.

Categorizing Spam

Spam messages were categorized subjectively into the following categories:

  • Drugs – Messages selling or describing drugs
  • False Notification – Messages alerting that you won something, have a message waiting or are required to perform some action
  • News – Messages providing links to breaking news stories
  • Not Spam – Messages that should not have been in the spam folder
  • Porn – Messages pushing, providing or otherwise involving sex or unsolicited online dating services
  • Save Money – Messages promising to save you money
  • Traditional Looking Ad – Messages that resemble traditional, well intentioned, mass marketing campaigns.

Here is the frequency of each category:
spam categories

Coming into this research, I expected pornography and drug related spam messages to be the most frequent, however it is clear from this sample that traditional advertising themed spam messages are the most common.
Perhaps this is due to anti-spam filters concentrating on key words related to the pornography and drug themes. Or maybe spammers are getting craftier and making the emails more convincing. Of course, it could always be that these are legitimate ads being spammed.


Source and Destinations
The majority of the email messages were sent from The Republic of Korea (33%) and China (42%). Most of those messages link back to China (61%) and the United States (38%). To me this suggests Korean systems are used to send spam messages (infected/hacked machines?) that link to servers hosted in the US or China.
A majority of messages were sent from one country and linked to servers in other countries. These messages are suspicious but not definitely malicious. The variety of international machines involved, along with political issues related to law enforcement cooperation, provide shelter to criminals attempting to scam users.
As most messages resolved to 2 servers in China, further research is needed to determine what these computers are doing. Are they a virtual hosting provider; hosting multiple coincidentally suspicious domains from the same IP? Are they criminal servers using a variety of techniques to lure in victims to the same destination? The similarity in IP address makes me think they are more likely a shared hosting service, potentially a load balancing server as they share a multitude of domains? However, more research is required to verify this.

Encoded Subject Lines
When I noticed the encrypted subject line, my initial thought was these are malicious emails designed to evade anti-spam filters. However, after a little bit of research I found that this is a common way to support emoticons or icons in subject lines.

In Summary
I think this data supports expected findings. The most interesting findings, in my opinion, were most spam messages resolving to 2 related servers in Beijing, China and that pornography related spam messages were not the most prevalent. Traditional looking ads are the most common, followed by false alerts.

Congrats if you made it this far…you’re just as geeky as I am…

No Comments - Categories: Computers, Security

Commercial Photography

July 13, 2013 - Author: Mike Bosland

While doing some intense procrastinating, I decided to try my hand at table top photography, and those trendy high key object-on-a-white-background type photos. Looking around the house I found some apples, a wine glass and some cabernet sauvignon. I set up my white paper backdrop and a 150W fresnel light. This is a rather hard light source so I diffused it with some parchment paper from the kitchen. These were all shot on my Canon 50D with my 85mm Rokinon lens.

Starting with the apple here are the results:

I’m pretty happy with this. Not a bad first attempt. The depth of field is a LITTLE too shallow. The edges of the apple are out of focus but I think this is nice. But the background is nice and white. I like the exposure on this shot.


Then I tried a more complex set up. I really like this shot. I could probably pump up the white on this a little more. Unfortunately, by this point I ended up eating the apple so I moved on to the wine. I poured some into the glass and fired off a few frames.

Wine Glass Tall

This is my first frame. Not bad. The glass didn’t look that spotty in person…I guess you REALLY need to pay attention to polishing glassware before shooting it for real.

Wine Glass

To change things up, I grabbed my small variable color temperature LED light. Wrapped it in some more parchment paper and turned off the large light I had been using. I positioned the light in a variety of angles and stumbled upon this shot. I LOVE the color of the background and how it compliments the wine really well. Having found a lighting setup I liked I played around with the framing a bit and took these.

Wine Glass Artsy 2

I really like this shot too. I think it’s a pretty interesting perspective.

And finally…we have this.
Wine Glass Artsy 1

This is my favorite picture of the night. And to be honest…I have no idea why I love it so. But I do. I’ll be figuring out a use for this somewhere.

When shooting liquids I think I need to pay more attention to the lighting on the liquid itself. The wine is showing up really dark. I think in the future I’ll have to thin it out with some water so I can get some backlighting to shine through and give a sense of the transparency of it.

3 Comments - Categories: photography

Spiders and Webs and Scorpions, Oh My!

July 11, 2013 - Author: Mike Bosland

Walking the dog late at night now, I find I’m running in to a LOT more spider webs than usual. And tonight I found the culprit! After getting the dog back to the safety of the house, I went back outside. Armed with my canon 60D, my manual focus/aperture rokinon 85mm lens and a speedlight I captured these images.

That’s one heck of an industrious spider.


This is a terrible shot of the spider, but the web looks awesome I think.

And here’s a reminder Southern California is still a desert.

I don’t know anything about scorpions but this guy definitely looks cool.

If anyone knows the species these are let me know! I’d love to add that info here…and of course:

no animals were harmed in the making of these photos.

2 Comments - Categories: photography

Remembering is easy…now in video

June 20, 2013 - Author: Mike Bosland

Without further ado….

After a long and…arduous journey the Don’t text and Drive spot I’m affectionately (and creatively) calling “Forget” is now in video form. There were countless snafus and issues but in the end I’m pretty happy with how it turned out. I could tweak it forever. That’s the hardest part of the creative process…knowing when to call something finished…

This project was a lot of fun and originated with the Sound Effects story assignment. You can see my blog post about that here. Thanks to my sister Jen for volunteering to be run over for the common good. I think this also qualifies as a PSA Assignment.

Behind the Scenes

Basically this was a small production…my sister and I. It was shot on the Sony EX3, Canon 60D and Go Pro Hero3. The interior driving shots were shot against a green screen for safety sake and background plates shot with the Hero3.

One of the hardest visual effects shots to pull off believably has to be the driving composite. So tough to match the exposures so when the interior is properly exposed, the background is blown out and blurred appropriately. I think I did ok here. In the future I think it would be immensely helpful to have someone help shake the car while filming to give an more realistic sense of motion.

Also, due to circumstances beyond my control – the entire neighborhood thought it’d be fun to mow the lawn while we were filming, all the audio has been recreated in post using clips I recorded as well as clips from

No Comments - Categories: Assignments, ds106, Video

The Dilemma

June 16, 2013 - Author: Mike Bosland

A late night snack decision leads to an excepted encounter in the ds106zone. Submitted for you approval…The Dilemma.

Special thanks to my sister, Jen Carlson and my mom Debbie Carlson for helping out with this at midnight after I had a “brainstorm of an idea”.

While talking with Jim Groom and Michael Branson Smith about video tricks, the Multiply Yourself photo assignment popped into my head. That’s a simple trick with photography and not very complex in video. Although it definitely takes some planning.

The Basic Idea
Having a conversation with yourself for example is straightforward. Set your camera up on a tripod, or table…something sturdy so it won’t move between takes. Put 2 chairs in front of the camera. Roll the camera. Sit in one chair. Run through that clone’s side of the conversation – remember to pause long enough for the other clone to respond. Stop the camera. Roll the camera and sit in the opposite chair and run through that clone’s dialog. Bring that footage into the computer and using a screen wipe you can reveal 1 side of each clip and it appears as though two clones of yourself are talking.

The Breakdown
Admittedly, The Dilemma is a little more complex than that. I shot a normal shot of Jen saying her lines in the kitchen. After a quick wardrobe change I shot her against a green screen as an Angel saying her lines and reacting as if she got shoved. Finally, we shot her on the green screen as the Devil Jen. In hindsight, I should have taken more time arranging the green screen on the ottoman. The wrinkles and shadows lead to a nightmare key – but after a bit on detailed rotoscoping I was able to clean it up to be passable.

Here are stills from the 3 clips I used.

“Normal Jen”
Normal Jen
“Angel Jen”
Angel Jen
If you’re doing this…set up the green screen on the ottoman MUCH better than I did here. That was a pain to deal with.

“Devil Jen”
Devil Jen
(Notice the boom in shot again? haha I’m no boom operator)

Once all this was shot I lined up the performances in Adobe Premiere Pro, my editor of choice. I exported the edited clips to After Effects. The key for the Devil Jen was easier than the Angel Jen. For Angel Jen I had to bring the shot in to Nuke to do some advanced compositing tricks and export that back into After Effects. Using the pattern on Normal Jen’s shirt, I tracked the motion and parented the Angel and Devil to Normal Jen. Using some smoke elements and Trapcode’s Particular I created the smoke bursts as the Angel/Devil appear.

Once all the visuals were done, I did a little massaging to the audio – levels, noise reduction and EQ. I panned the Angel and Devil voices to the Left and Right respectively to try to give the audio more of a stereo dimensionality. Finally, I added a slight music bed underneath. The audio could still use some work.

Overall this was a lot of fun and I think it turned out pretty well. Give it a try. There are a TON of tutorials online about how to do simple cloning effects in iMovie – and probably Windows Movie Maker but I’m an Apple guy so I haven’t looked. If you have any questions or anything let me know. More than happy to help out.

No Comments - Categories: Assignments, ds106, Video

They’re Here

June 12, 2013 - Author: Mike Bosland

Re-Create a Horror Scene: PreProduction

Pre-production is the most important part of making a film, especially one involving visual effects. Films take a lot of work from a lot of people to pull off and know what you need from everyone involved is key. So when attempting to recreate a scene from a famous horror film, knowing exactly what the original film makers did is important.

I wanted to do a to recreate a scene from a famous horror film, an iconic moment and really study the scene. What choices the filmmakers made, why they work and attempt to recreate them. I was pondering what scene to do and scrolling through my film collection until I came across Poltergeist (1982) dir Tobe Hooper. Such a great movie. So I watched it and was amazed at how well most of the special effects held up by today’s standards even. I did some research and camea cross a few shots I had no idea where special effects.


The graveyard in this shot is a matte painting. For those of you unfamiliar with that term…it’s a painting. In this case painted on glass and stuck in front of the camera lens. How realistic does that look? It’s incredible!! I can’t draw to save my life so this level of painting and detail is mind blowing.

But back to the scene I chose. There is 1 scene that I think feels out of place. It’s the ‘They’re here’ scene. When the ghosts come out of the TV. To me the hand drawn animation (while great) feels out of place in the movie. A little too whimsical or Disney for the film in my opinion. And apparently being arrogant enough to question Steven Speilberg, I chose this scene. I’m hoping to learn from the cinematic techniques used to build suspense and tense in the scene. And I’d like to take a stab at updating the ghost look.

So I found a copy of the script online (seems to be a rough draft rather than the shooting script but it will work) and read the scene in question.

Then I scanned through the film until I found the scene. I played it taking a screenshot for each shot in the scene. I then put these in order into an excel file. Here’s a screengrab of how it looks.


This helps me make notes about what I need to pull off a scene. Location, actors, camera moves, and visual effects or sound effects. Once I know what I need I can start to plan how to get those things in place.

Actor wise, I’ll be recruiting my family. Location wise – our house. I’ll be doing the TV show/static as a visual effect to put those in rather than try to make a DVD to play and time everything right for each take. Lighting is crucial. Poltergeist has some awesome lighting so I’ll try to recreate that as best I can.

The earthquake scenes will be tricky. Still gotta figure those out. The objects falling isn’t too hard to figure out…but getting the room and bed to shake…

Once all this is done, I’m going to really dig in to the audio track. Hear the sounds and effects used. Learn why they work and then recreate those in my scene as well.

No Comments - Categories: Uncategorized

ds106zone bumper

June 11, 2013 - Author: Mike Bosland

In anticipation for video week, I created a short graphic for the ds106zone. I wanted to play around with some custom textures using the Element 3D plug in for After Effects. I love how close you can zoom in and the resolution is still great.

This was 1 text layer converted to Element 3D extruded text and a few animated cameras. Having just seen Star Trek Into Darkness I was planning on having a large number of lens flares as an homage to JJ Abrams…but after effects kept having render failures. I’ll have to look into that when I have some time. No idea why yet. I’m thinking memory issues…but I could be wrong.

Anyway, I’m looking forward to diving back into the ds106zone with a vengeance. I’ve got some ideas lined up for my Recreate a Horror Scene, just about finished pre production on my PSA and I have a song in mind for a kinetic typography video. That’s the plan for the week creation wise. I think I need another assignment in there somewhere. Perhaps I’ll shoot a dramatic scene…maybe write something for this…come to think of it I might have an idea…

No Comments - Categories: ds106, Thoughts and Ideas

Creepy Crawler MoGraph

June 7, 2013 - Author: Mike Bosland

My most recent business profile shoot was for a pest control company just starting out J&J Pest Control, Inc. Great guys…if you happen to be in the SoCal area and have an issue or want to avoid one give them a call…anyway…I was trying to come up with an interesting graphic to spice up their video.  I wanted to highlight the various critters that they deal with. After running through a few ideas I wasn’t happy with I came up with this.

Please forgive the slow start. I needed that header to time properly with the interviewee’s video clip. It’s built in 2.5D in After Effects relying HEAVILY on the the VideoCopilot plug in Element. Awesome plug in. 3D models in After Effects. What will they think of next?! I used a bed of grass and then animated each text layer to start and stop falling as the speaker is talking – the timing makes more sense with the audio but I can’t post that until the customer approves the final video. Some grain and a slight (or noticable) vignette over top.

This is the first time I’ve really dove into the Element plugin. This is the uber basic stuff since it’s all text layers so far, except the grass. That’s a 3D model. It’s so powerful and so many options. I’m really excited to get more into it and start using real models for crazy motion graphics stuff or quick visual effects composites.

No Comments - Categories: Commercials Work

Picture This

June 6, 2013 - Author: Mike Bosland

Picture this

Two lounge chairs sit alone on a quiet beach, a small table between them with two cocktails ready to be enjoyed. The sun is setting. The sound of the waves breaking. Seagulls in the distance. Cool breeze off the water. Perfection.

I’ll make it easy. Here’s an illustration of how I see it.

Perfect Day Comic

I put this together in GIMP. I found 3 base images on flickr all marked as creative commons, able to be modified and used commercially.

The base image: Beach

The Table: After Sunset

The Drinks: Honeymoon Couple (I love this image!)

This is for the ds106zone daily create.

Draw a representation of your perfect day as a comic. Use metaphors/symbols no text.

In GIMP, I extracted the table with the lasso tool and pasted that over the beach image. Then scaled and adjusted the perspective to match the photo a little better – not perfect yet but a good match so far. This image was off colorwise so I adjusted those with the levels tool. A good trick I learned in my visual effects work is to work with each color channel at a time.

A brief overview is this (I can do a more explicit demo/write up if anyone is interested)
Open the level tool.
Change it to effect the red channel only with the dropdown.
Then turn off the green and blue channels in the channel dialog.
Adjust the gamma slider under the histogram until the image looks good in black and white.
Repeat for the green and blue channels.

I did the same thing for the drinks. Extracted them, adjusted the scale and colors. Lastly I thought the table legs ended abruptly so I cloned some of the sand back over the top hopefully making it look like the table was placed in the sand.

Once that was done, since we were going for an illustration look I copied all of the layers I added. Merged those together and created a copy again. On this top layer I used a Filter > Edge-Detect > Edge… filter. It’s a sobel algorithm with an amount of 7.8 and smear checked. I inverted this layer to make the lines black on white and used a multiply blending mode to darken where the black lines are and not effect the white areas of the image. Finally a comic to me is printed on paper using a halftoning process – like in a newspaper. To simulate this in GIMP is used Filter > Distorts > Newsprint… and adjusted the settings a little. Mostly shrink the circle size so the image is still obvious and the halftoning effect is subtle.

The result can be seen above. I’m pretty happy with how it turned out and I’m counting the days until it is a reality.

1 Comment - Categories: Daily Create, ds106

Blending with the GIMP

June 3, 2013 - Author: Mike Bosland

Thanks to a comment by Christina asking me to clarify a brief mention I made to GIMP blending modes, I decided to do a little more research. The best resource I found was Grokking the GIMP. Very handy. But I’ll summarize some of the main concepts below.

Blending Modes

In photo editing programs there are a variety of ways to combine layers. GIMP has 16. They are different mathematics to combine the pixel values for the various layers. 


Basic Modes – The 3 basic blending modes. The blending does not create new pixels. Each uses the values from either the foreground or background layers


The normal blending mode uses the Foreground pixel values instead of the Background pixel values. If the foreground is completely opaque you will not see the content of the background layer.


This mode only effects semi transparent areas. Dissolve randomly sets some semi-transparent areas to completely opaque and others to completely transparent. These are selected at random. Giving a dithered appearance.


This mode allows you to draw behind a foreground layer. Imagine the foreground on a piece of glass. Behind allows you to draw on the back of the piece of glass.


Lighten Modes – These modes have the effect of lightening the background pixels – making them closer to white.

Lighten Only

Lighten compares the foreground and background layers, then keeps the lighter of the 2 pixel values. Black pixels have no effect and allow the background to show through. Completely white pixels remain white.


Similar to the lighten only. The lighter pixel is kept but the result is more subtle than lighten only.


White foreground pixels lighten the image.


Addition adds the background and foreground pixels together to create the pixel that is then displayed.


Darken Modes –  These layers have the result of darkening an image overall – making them closer to black

Darken Only

The exact opposite of the Lighten Only mode. The foreground and background pixels are compared. The darker pixel is kept.


The opposite of Screen. White pixels have no effect but black pixels darken the pixels.


Darker foreground pixels will darken the image.


Overlay Modes – Intensifies the light or dark areas of an image


Pixel values of 50% gray have no effect on an image. Darker pixels darken the image and lighter pixels lighten the image.

Soft Light

Soft light is similar to overlay, but the edges are softer and the colors slightly more desaturated.

Hard Light

This is similar to overlay however the effect of the dark or light pixels are exaggerated.


Mathematical/Mixing Modes – These modes can drastically alter a pixels value


The two layers are subtracted and the absolute value of the difference is used. Black pixels have no effect. White pixels invert the image.


The foreground pixel value is subtracted from the background pixel. If the result is negative, black is used.


This divides the background layer by the foreground layer. White pixels brighten an image.


Color Modes  – The previous modes deal with brightness of each pixel in the various color channels (RGB). Color modes affect the color.


Hue takes the hue from the foreground layer and mixes it with the background. If the foreground is grayscale, the image will become completely desaturated. This may increase the grain in an image.


Saturation takes the saturation value from the foreground layer and applies it to the background. Grayscale will result in desaturating the image.


Color takes the Hue and Saturation from the foreground layer and applies it to the background layer. If the foreground is grayscale, the result is grayscale as well.


Value is the reverse of the Color blending more. The hue and saturation of the background layer is applied to the foreground layer.


So that’s a brief run down of the effects of the various blending modes. While it’s helpful to understand the intended effect or even mathematics behind each blending mode, I find more often than not I’m selecting different blending modes to see which provides the effect I’m looking for. As an added bonus, each of these layers tends to behave the same regardless of the editing program you’re using be it GIMP, Photoshop or even After Effects.

Hope this was helpful for someone. If you have any more questions or want more information or examples let me know.



No Comments - Categories: ds106, Thoughts and Ideas