We launch our first issue with a profile of Mal Ishish, an up-and-coming, successful entrepreneur in the fast-growing and exciting fields of Internet Marketing, Keyboard Usage Analysis, and Credit Card Number Acquisition. If anyone doubts the potential for success in these markets, they need only check the books on Ishish’s unnamed company--a task admitted made complicated by Ishish’s refusal to keep books. Nevertheless, Ishish assures us that he grossed over $256,698 last year for a pre-tax net profit of $256,593 and an identical post-tax net.

Ishish lives in a spacious three-story house in a fashionable neighborhood of a city and country he would rather not name. For this article, he allowed us to spend a day with him.

The Morning Scam

Like any on-the-go executive, Ishish rises early every morning, jogs, eats a healthy breakfast, than commutes to the plush and well-appointed office in his basement. And like so many other business people, he starts the day by checking his email.

“Hey, that’s one of mine,” he eagerly cries, pointing to an unopened message on his screen. “‘Wild women like cheap software.’ Catchy subject, eh? If I were to open it, I’d be infected by one of my own bots.”

Ishish’s business requires a steady stream of new tricks to tempt people into opening email, clicking links, or filling out forms. “You must keep your finger on the public’s pulse to keep your hand in their wallet,” Ishish advises. “After all these years, most people know better than to believe an email offering great stock tips or natural v1agra. Luckily, if you send out 100 million messages, you’ll still get a sufficient number of positive reactions. It’s good to know that there are still people ready to believe anything; many of them, curiously enough, concentrated around Washington D.C.”

But fooling people takes more work than it once did. “By now, everybody knows not to trust an email that appears to come from your bank, so lately I’ve been sending out emails that appear to come from your shoe store. I’m building up a vast database of close to eleven million shoe sizes.”

What other marketing schemes bring in the unknowing customers? “We’ve had a lot of luck with our ‘Click if you hate Tony Blair’ link. And you’d be amazed how many people will launch a program called ‘This is not a trick.’

“But we get the most people by going after DNS servers. We currently have about 400 of them that redirect select domain names to our site. You don’t really believe you bought that book last week at Amazon.com, do you?”

Bot and Sold

Bots are big business for Ishish, who claims to command an army of over a million Windows computers, all owned by people who don’t know who’s controlling their PCs. He uses these bot-controlled zombies for a variety of purposes, a few of which don’t hurt the computers’ owners.

“Actually, I have an excellent, mutually beneficial relationship with my zombies’ alleged owners. I allow them to continue using their computers much of the time, and they provide me with all of the personal and financial information on their hard drives. It couldn’t possibly be any better if they knew about it.”

Many tools make this relationship work; first and foremost, a keylogger. “You must know what your business partners are doing--especially those that don’t know they’re your business partners. Thanks to my productivity tools, I can keep track of my partners’ banking activity as well as protect them from security software.”

But Ishish sees the information he pulls off his zombies’ hard drives as a side benefit. The big business is what his army can do to other computers. A big part of that, of course, is unsolicited email. “I prefer not to call it ‘spam,’” he explains. “The proper term is Special Permission-Absent Mail.

To keep his profits above the 99-percent mark, Ishish also rents his bot network out to other entrepreneurs. “For much of the last year, one of my clients was a big believer in distributed denial of service attacks. My zombies helped him destroy several Internet providers guilty of hosting security companies. As a hobby, he also destroyed some charities.”

But that story doesn’t have a happy ending. “Some horrible jerk--truly evil--destroyed this wonderful client of mine with a DDoS attack. Think of the nerve!”

Do security companies and their software products create a major problem for Ishish? “I’d be lying to you if I said otherwise. I sometimes feel that I can’t earn a dishonest living.

“The real problem is turn-around. Companies are plugging holes so fast that even zero-day exploits don’t have much of a chance. That’s why we’re working on negative-one-day exploits.”

As in any successful enterprise in our Internet age, Ishish’s company depends on innovation. “There’s always a workaround. Lately I’ve been looking into rootkits. It’s amazing what you can do once you’ve got code hidden inside Windows’ kernel! Just ask Sony…or Microsoft. You could put the Encyclopedia Britannica on someone’s hard drive and they’d never notice. Or care.”

Life isn’t all work for Mal Ishish. “It’s important to get out and enjoy life,” he states philosophically. “That’s why, after a long week distributing email, bots, and rootkits, I like to take a day off and go phishing.”

© Copyright 2006 by Lincoln Spector