On the weekend of October 27, 2007, the Internet was suddenly bombarded with a rash of spam emails promoting U.S. presidential candidate Ron Paul. The spam run continued until Tuesday, October 30, when it stopped as suddenly as it began. At the same time, political blogs began to light up, accusing the campaign (or at least its ardent supporters) of running a criminal botnet for political purposes. We decided to cut through the spin and take a closer look at this botnet to determine its origins and shine some light on who might be responsible.

The investigators traced the source as far back as a small affiliate spammer who was probably running other spam jobs in addition to the Ron Paul spam.

With the facts above, we are left asking the question, “who paid to have the Ron Paul spam sent and how did they connect with the spammer, “nenastnyj?” The evidence shows that despite being capable of sending upwards of 200 million messages a day, nenastnyj is not one of the major spammers of the world, and seems to focus on spamming as an affiliate for larger “kingpin” operations. The Ron Paul spam was very much a “one-off” job among the other tasks in the Reactor interface. It almost seems as though there may have been some pre-established relationship between the sponsor of the spam and nenastnyj.

The report includes details on how the investigators traced the spam and includes a discussion and screen shots of a template driven spam management system. Sending spam with that system is as easy as online banking.

Will spam, a YouTube video or some other Internet based ploy be the Swift Boaters of 2008? Clearly candidates can't control what supporters do and the 2004 election showed how effective unauthorized activities can be. It will be an interesting year.