A British security vendor has discovered that the ZBot Trojan has harvested the FTP credentials of over 68,000 websites including Bank of America, the BBC, Amazon, Cisco, Monster.com and most of the major anti-spam software makers. The credentials could allow hackers to compromise legitimate sites with malicious code and drive by downloads.

To make matters worse the list of FTP credentials is stored on a server in China in plain text, making it available to anyone who stops by. Experts say they were all stolen within the past 2 weeks and most are still valid.

The ZBot Trojan has also been spotted in several email attacks masquerading as everything from a ticket confirmation from Delta Airlines to a critical update for Microsoft Outlook. If downloaded it steals personal information using a keylogger.

It’s crucial to make sure any unused FTP credentials on your website are disabled and that active ones have their passwords changed regularly. As we saw recently when hundreds of government sites in the UK were compromised and redirected visitors to internet pharmacies selling Viagra or porn sites, hackers are eager to infect legit sites. If they hit yours it could be a real nightmare for you and your customers, so stay alert and keep an eye on your servers and FTP logins!

I was discussing a spam problem with a customer recently and they mentioned to me that one of their biggest problems is spam sent to their email distribution lists.  The problem had come about due to two things - firstly the email addresses for some of their distribution lists are very easy to guess (eg, the “All Staff email group has an email address of allstaff[at]company.com), and secondly there had been occasions in the past where staff exposed the email addresses by CC’ing them on emails sent outside the company.

Over time the problem has grown to the point where it is now very frustrating for their staff.  They’ve asked me for some suggestions on how to fix this problem, so I presented them with these options.

Requiring Authentication for Exchange Server 2007 Distribution Groups

The default behavior for newly created distribution groups in Exchange Server 2007 is to require that all senders be authenticated, or the message is simply rejected.  This is useful, however, for a vast majority of Exchange Server 2007 organisations their distribution groups existed prior to the upgrade to Exchange Server 2007.  In these cases the authentication requirement is not enabled. Read the rest of this entry »

A new malware attack is lurking behind emails made to look like Outlook updates sent by Microsoft. The messages look authentic and include a link that looks like it points to update.microsoft.com but actually points to a malicious domain. If clicked the link activates a download which contains the Zbot Trojan. Zbot steals usernames, passwords and banking information and installs a rootkit that could allow a hacker access to any network the infected computer is attached to.

Zbot even contains a list of specific sites to monitor including Facebook, MySpace, Bank of America, Amazon, HSBC, Paypal, Blogger, and just about every bank you can think of. This Trojan means business. Once a user on an infected machine accesses one of the sites on the list, a built in keylogger is activated and records their information. The stolen information is then uploaded to a remote server.

Read the rest of this entry »

The Sydney Morning Herald reported yesterday that a new scam is making the rounds in the land down under. A perpetrator of a phishing scam has created an email scam, claiming to be the Australian Tax Office (ATO). The email promises Aussie taxpayers a $250 bonus with their tax return, and sends them to an online form that asks for their tax information, along with their bank account data.

The web site containing the form then asks the victim to mail a printed copy of the form to an address. The print-and-send is just a ruse though, the data is actually captured through a hack when the victim presses the “print” button. The email, like many such scams, attempts to create a sense of false security, by claiming the print-and-send routine is being done for the victim’s safety.

Officials still have not been able to trace the source of the fraudulent email sender, who is using a bot network to send the emails. The ATO recommends that people delete emails like this immediately, and advises that they do not ask people to provide personal information by email. The same holds true for most, if not all, tax collecting agencies in other countries.

Just hours after Michael Jackson died yesterday, spam with subject lines claiming to have “exclusive information” on his death began flooding the net. The emails don’t contain any malicious links or attachments but seem to be an attempt to collect emails for a future attack. Researchers say anyone that replies to the spam will likely have their address harvested and that it wouldn’t be surprising to see future spams containing links to malicious payloads masquerading as exclusive video of Jackson’s last moments or autopsy photos.

News of the pop icon’s tragic death from what appears to be a sudden cardiac arrest caused an overwhelming spike in traffic that crashed Google, Wikipedia, AIM and Twitter for short periods and caused Facebook to slow to a crawl. Spammers and scammers are jumping at the chance to take advantage of all that traffic. Exploiting headlines and holidays is one of their favorite tricks. The last big headline they used was the Swine Flu outbreak, and before that President Obama’s inauguration.

Security experts are advising people to get their news only from reputable sources, and it goes without saying that you should never ever reply to a spam message. At best it will just bounce back due to a faked header, at worst it’ll just get you put on a list of people that respond to spam, meaning you’ll become a prime target for spammers.

British furniture retailer Habitat has apologized for exploiting the Iran conflict in an attempt to promote its Twitter feed. The company came under fire after it began using keywords related to the current conflict in its tweets, which otherwise had nothing to do with the subject. This is referred to as hashtag spam and is widely frowned upon by Twitter users. The company also used other high trending keywords such as #Apple and #iPhone.

          Sky News Online has reported a Habitat spokesman as saying: “This was a mistake and it is important to us that we always listen, take on board observations and welcome constructive criticism. We will do our utmost to ensure any mistakes are never repeated.”

The company has not issued an apology on Twitter but did quietly delete all the spam tweets it posted. It’s not clear why they felt hashtag spamming was okay to do, although they told a blog that it was done without their knowledge. That sounds a little hard to believe but it wouldn’t be the first time a rouge employee was blamed for a blunder that became a PR nightmare.

The moral of the story? Twitter can be a valuable tool to help you reach out to customers and potential customers, but tread carefully and follow the rules. Spam is no more acceptable there than it is anywhere else.

There is no question that spam is a problem for businesses who must deal with thousands or even millions of unsolicited advertising, phishing, and hoax emails every year.  But the problem of spam becomes more than just how to deal with the incoming junk.  Spam also hinders the ability of businesses to engage in effective email marketing.

What is Email Marketing?

Email marketing is quite simply the legitimate use of email for communicating with customers.  The problem today is that many people cannot tell the difference between email marketing and email spam.  In fact some spammers can’t even tell the difference, branding themselves as “internet marketers” and operating with no regard for the problems that they cause.

Read the rest of this entry »

A Michigan man faces up to 3.5 years in prison for his part in a penny stock spam scheme that involved the sending of millions of emails.  63-year-old Alan Ralsky and his son-in-law Scott Bradley faced a 41 count indictent under the CAN-SPAM Act. Ralsky also pleaded guilty to stock fraud and money laundering.

          “Alan Ralsky was at one time the world’s most notorious illegal spammer,” U.S. Attorney Terrence Berg said after the plea. “Today Ralsky, his son-in-law Scott Bradley, and three of their co-conspirators stand convicted for their roles in running an international spamming operation that sent billions of illegal e-mail advertisements to pump up Chinese ‘penny’ stocks and then reap profits by causing trades in these same stocks while others bought at the inflated prices.”

The pair and nine others operated a penny stock pump and dump scheme. They sent out unsolicited emails to millions hyping a worthless Chinese penny stock. When unsuspecting victims fell for the come ons and bought shares, it artificially inflated the stock’s worth. Ralsky and the others then sold their shares for huge profits and left their victims hanging.

They used forged headers, proxy computers and domains registered under fake names to send their spam without being detected. Prosecutors plan to recommend 35 to 43 months in prison, a term Ralsky agreed to as part of his plea deal. The deal also includes a fine of up to $1 million and an agreement on Ralsky’s part to assist government in future investigations.

A phish is a phish. We think we know one when we see one, and we wonder how people get away with such obvious attempts. I mean, come on! Sending m