Ninety-five percent of email never reaches an inbox.

Email service providers trash 95 percent of the traffic headed to their customers’ inboxes, according to a survey from a European security group.

“[S]pam’s impact on the business has been greatly reduced through effective anti-spam measures,” the European Network and Information Security Agency reported recently in its third annual 2009 Anti-Spam Measures Survey.

“Anti-spam measures are doing their job, reducing the threat of spam to a manageable security process,” it added. “This process still requires focus, expertise and resources, but it is arguably predictable.”

“These measures currently filter out over 95 percent of email traffic, using a variety of methods, greatly reducing the volume of spam that customers receive, without causing significant problems with false positives,” it continued.

The researchers found “alarming” the current state of blacklist management.

Blacklists are one of the most common ways service providers block spam from leaving their servers, followed by outbound virus scanning and port 25 monitoring. Yet some 66 percent of the survey participants said their servers had been added or retained on blacklists incorrectly. What’s more, the same percentage told the surveyors that they believe that major blacklists sometimes incorrectly include servers that do not or no longer send spam.

Continue reading Spam traps nab 95% of all email»

In an ironic twist, Tagged.com has won a lawsuit against a spammer. A California judge has found Erik Vogeler guilty of spamming over 6,000 of the site’s members with messages that directed them to adult websites. The judge ordered him to pay $25 per violation plus legal fees, for a total of $201,975. He was also ordered to stop his spamming activities at once.

The irony is that the site’s co-founder, Greg Tseng, was himself fined $900,000 back in 2006 when his company, Jumpstart Technologies, was found in violation of the CAN-SPAM Act. What’s more, this past November, Tagged reached a $750,000 settlement with the Attorney Generals of New York and Tennessee over its own invitation practices.

The site has had a bad reputation for some time, and some anti-fraud advocates consider it a phishing site.

Whether the suit and the site’s recent revamp of its invitation process means the site is turning over a new leaf remains to be seen, but the irony is hard to ignore!

Wednesday’s launch of the highly anticipated Apple iPad has resulted in a spike of Apple related spam. Security researchers say a 30% spike in phishing spam was detected following the announcement as spammers rushed to take advantage of the huge audience looking for info on the device. In addition to phishing spams hawking deals on MacBooks and iPhones, the researchers discovered widespread SEO poisoning designed to lure people searching for terms like “iPad price” or “iPad specs” to malicious sites serving malware, mostly fake anti-virus software.

Security experts are predicting such activities to keep rising as the iPad’s March release date draws closer. They advise users to keep their anti-virus software up to date and to get their Apple news from trusted, familiar sites. Companies should review their site security and keep a close eye on their code as many of the poisoned search results point toward legit sites that have been compromised by SQL injection attacks.

A survey conducted recently found that businesses are experiencing a 70% increase in spam and malware attacks from social networks in the last year.

Over half of the 500 companies received spam via a social network, and more than one third experienced a malware infection from one of these sites.

The perception is growing among businesses that social networks are a risk of more than just employees wasting time.  Most companies either take a blanket allow or deny approach to social networks but apply no other measures to address the larger risks that these websites expose them to.

Spam and phishing are rampant on the most popular networks such as Twitter and Facebook.  For all the attention paid to email security for businesses, often very little is given to the messaging capabilities of social network sites.  Clicking on a malicious link in a Twitter message is no different to the same link delivered via email.  From the spammer’s perspective the deliverability rate of their messages is much higher on social networks than it is for email.

These attacks continually come to light in the media.  Twitter has notified some users that they may have been subjected to a phishing attack and has forced them to update their passwords to ensure their accounts are not misused.  This reactionary step is the closest thing to protection that can be achieved on an unmoderated medium like Twitter that has no entry requirement other than a working email address, and exposes a rich API that is perfect for spam automation systems. Continue reading Social Network Spam Continues to Rise, Businesses Feeling Impact»

Security researchers have discovered a vicious new virus. Dubbed Win32.Worm.Zimuse.A, it appears to have originated in Slovakia but has been quickly making its way around the world with the highest rate of infection now in the United States, followed by Slovakia, Thailand, and Italy.  The virus and its variant, Win32.Worm.Zimuse.B, both work in the same destructive way. Once the system is infected, Zimuse creates between 7-11 copies of itself, installs a rootkit, alters system registry entries, and creates several driver files.  After a pre-determined number of days (40 for A, 20 for B) it springs to life with a poorly written fake Windows Defender warning:

          “System Defender – Kernel Error 0xC00000005

This problem is unambigously cause by malicious contents in IP packers in transport layer from website: www.offroad-lm.szm.sk. To bee patient, Windows Defender scan your hard drive(s) for bugs caused by system incompatible code. To recovery of system press OK button. Wait to successfull end of scanning. Inform about this administrator on www.szm.sk and incriminated web site.”

Once that appears, the system is doomed. The next time the user restarts the computer they will be greeted with the heart stopping error “FATAL: No bootable medium found.” This is because the virus overwrites the Master Boot Record, which permanently damages the drive. What makes this virus even more dangerous is that until the message pops up it’s nearly impossible to know the system is infected.

Win32.Worm.Zimuse A and B distribute themselves in very different ways. The first variant embeds itself on legit sites, possibly by poisoning an ad network, and pretends to be an IQ test. The second spreads via exchangeable media like USB flash drives. Experts think it was a malicious prank intended only for fans of a Slovakian motorcycle gang but it has gone far beyond that, destroying data wherever it lands. This could be especially devastating if it hit a critical government or business network.

It is extremely important to make sure your data is backed up safely and to be more cautious than ever about sharing storage media and clicking on links. All IQ tests should be avoided, and web surfing should be confined to familiar sites. If you aren’t sure if your system’s anti-virus programs are up to date, contact your IT department.

The CAN-SPAM Act is supposed to protect us from unwanted commercial email but some U.S. based spammers, who usually call themselves direct marketers, have found a loophole to get around the requirements placed on them by the law.

CAN-SPAM says commercial emailers must provide a clear and easy way for recipients to opt out of receiving further messages and they must promptly honor those requests. What some sleazy marketers have found however, is that they can get around having to do so by changing their name. They send a blast of spam as XYZCompany at XYZ.com. They get a flurry of opt out requests and instead of honoring them, they change their name to XYZCompany1 at XYZ1.com.  More spam sent, more requests received, and they change their name again, this time to XYZCompany2 and XYZ2.com.

What can be done? It’s up to the U.S. to change the law to say that direct marketers and commercial emailers must get permission from consumers BEFORE sending any of their spam. In doing so the U.S. will fall into line with spam laws in most other countries.

Will this happen? That’s anyone’s guess. The Supreme Court’s decision to allow businesses to spend as much as they want on political campaigns may have a less than pleasant effect on the law. In the meantime, if your company is using this practice, stop. It’s not legal and it’s not good business.

Australian financial services firm CommSec was fined $55,000 (roughly $48K US) for violating that country’s Spam Act. The Australian Communications and Media Authority (ACMA) levied the fine after it launched an investigation into the company’s mail campaigns and found they were in violation of the Spam Act. That Act, like the CAN-SPAM Act, requires that all commercial email include a way to unsubscribe and that emailers honor those requests. The ACMA’s investigation, prompted by numerous consumer complaints, found that the company’s emails had no unsubscribe directions and that they ignored requests from consumers who asked to be taken off their mailing list.

          “ACMA expects that Australian businesses take note of this outcome,” ACMA chairman Chris Chapman said. “Under the Spam Act, every person has the right to unsubscribe from receiving commercial electronic messages and to have that request acted on effectively and quickly. The failure to act on a request can result in significant penalties if a business is found to have breached the Act.”

CommSec sent over 6 million advertising emails in 2009. The company says it has agreed to have an independent consultant to review its compliance systems and to also provide additional training to its staff.

A research team from two Californian universities has developed what it believes will be a game changing approach to defeating spam.

The researchers used a captured spam bot to analyze a sample of the spam emails that it produced and then used this information to reverse engineer the template that the spam emails were based upon.  Once this template was known 100% of further spam emails from that bot were successfully blocked while avoiding any false positives on one million genuine email messages in the test.

Leading anti-spam products in the market today claim up to 99% accuracy for spam detection and use sophisticated analysis techniques such as Bayesian filtering to reduce false positives.  However a large part of the fight against spam remains reactive.

Continue reading Researchers Analyze Bots to Beat Spam, But Will it Work?»

Compromised computers spew spam.

In judo, an attacker’s assets are turned into liabilities by a defender. The attacker’s attributes like weight and size are leveraged against the aggressor and used to neutralize him or her with a flip. A similiar tactic to fight spam propogated by botnets has been developed by an octet of researchers.

The team from the International Computer Science Institute in Berkeley, Calif. and University of California in San Diego–Andreas Pitsillidis, Kirill Levchenko, Christian Kreibich, Chris Kanich, Geoffrey M. Voelker, Vern Paxson, Nicholas Weaver, and Stefan Savage–have developed a way to flip the software running a botnet so it assists spam fighters in blocking the cyber junk spewed by the malware.

Continue reading Botnet judo fights spam with a flip»

Experts say the Bredolab botnet is now linked to a spam engine called Webwail that has led to a huge spike in its activity. The spam it’s pumping out is nothing new-fake notifications from UPS claiming a package could not be delivered and directing the recipient to open the attached file to print out an invoice needed to pick it up. The attachment contains a hidden exe file that downloads the Cutwail Trojan and Webwail.

Webwail is a sophisticated engine that has library updates, a scripting engine and the ability to crack CAPTCHAs in 30 seconds or less. The engine also reports errors back to its command server so changes can be made quickly. Currently it’s being directed to create Hotmail accounts.

Captcha cracking is a hot business thanks to engines like Webwail. Botnet hearders and spammers advertise for people willing to crack them for .60 to .80  per 1000 CAPTCHA solved. Spammers want the free webmail accounts they can get by solving them so they can spam from an address not likely to be blocked by a spam filter.

Bredolab spent the holidays delivering the Zbot banking Trojan. Considered simplistic in the botnet world, Bredolab is little more than a “loader” that connects to a remote server, collects files, and executes them. Some experts think such loaders could be our next big threat.