A security vendor in the UK has discovered a new trojan. Called Limbo 2, it is designed to steal information from financial institutions and banks. Jacques Erasmus, director of malware research at Prevx says it may be the most sophisticated Trojan ever. The Trojan’s power lies in it’s stealth characteristics. It is able to bypass anti-virus software thanks to it’s own cryptor that obfuscates it.

Read the rest of this entry »

Spammer Robert Alan Soloway is facing heavy prison time and stiff fines after pleading guilty in U.S. District court to single counts of mail fraud, email fraud and tax evasion. The original indictment included over 40 criminal charges including aggravated identity theft, money laundering and wire fraud.

Read the rest of this entry »

The new updates to the federal CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act of 2003 are now in effect. The rules, which we’ve gone over in detail in a previous post, include changes to the unsubscribe (also known as opt-out) requirements, the definition of “sender” and allow commercial email senders to use a P.O. Box as their physical address. The updated law now will also require non-profits to comply with the requirements. Any commercial sender who does not faces stiff penalties.

Read the rest of this entry »

Yes, really! A new wave of malicious spam is proclaiming the Internet will come to an end in 2012. Obviously if this were true, spam would also come to a screeching halt. The messages have subject lines such as “Secret Plan To Kill Internet By 2012: Leaked?” and “2012: The Year The Internet Ends” and suggest a secret conspiracy is at work to kill off the Internet as we know it and replace it with a highly controlled subscription model. The claim is false of course, and the PDF attachment that comes with the spam (yes, PDF spam is back!) actually contains malware-a Trojan called Pidief.A, aka PDFex-A that quietly disables Windows Firewall and then downloads even more malware.

Read the rest of this entry »

A study by Roaring Penguin has discovered that during the past three weeks, the amount of spam originating from Gmail has risen sharply while spam originating from Yahoo and Hotmail remained flat or dipped slightly. Experts say this huge rise in spam is thanks to the cracking of Google’s CAPTCHA system. Spammers came up with an OCR scanner that was smart enough to read it and as a result were able to create large numbers of accounts to spam with.

Read the rest of this entry »

Colin Wells, a Workshop Foreman for Stagecoach buses in the UK, holds a dubious honor. According to a study by ClearMyMail, his email account gets more spam than any other in the UK-over 16 million a year! That works out to an inbox busting 44,000 a day, fortunately all of it blocked.

Read the rest of this entry »

Phishing is a very big problem on the net, and Ebay and Paypal are the two biggest targets. Everyday scammers send hundreds of thousands of phishing emails claiming to be from these net giants. The goal is to fool people into giving up their personal info so that the phisher can drain their bank accounts, hijack their ebay accounts, and more. Yesterday Gmail announced they have partnered with Ebay and Paypal in the fight against these scammers. The weapon of choice is Domain Keys and DomainKeys Identified Mail. From now on Ebay and Paypal will sign all emails coming from their domains, and as a result, Gmail will automatically reject any that are not authenticated-the users will never even know they were sent.

Read the rest of this entry »

The U.S. has invaded Iran. Well not really, but that’s what the Storm Worm’s latest campaign wants you to believe. Its newest spam messages spread malware using the following text:

           Just now US Army’s Delta Force and U.S. Air Force have invaded Iran. Approximately 20000 soldiers crossed the border into Iran and broke down the Iran’s Army resistance. The video made by US soldier was received today morning. Click on the video to see first minutes of the beginning of the World War III. God save us.

The video is actually iran_occupation.exe, which downloads a Trojan which adds the infected computer to it’s massive botnet. Your IT department should have your anti-spam solution block the following domains:

Statenewsworld.com
morenewsonline.com
dailydotnews.com
dotdailynews.com
newsworldnow.com

This attack comes on the heels of one aimed at the Independence Day holiday in the U.S. That one invited the recipient to view a video of a fireworks display:

           Colorful Independence Day events have already started throughout the country. The largest firework happens on the last weekday before the Fourth of July. Unprecedented sum of money was spent on this fabulous show. If you want to see the best Independence Day firework just click on the video and run it.

One would think the poor grammar would be a red flag, but judging from the ever increasing size of the worm’s botnet, this isn’t the case at all. Look for even more attacks in the future, all exploiting current events in one way or the other.

Spammers have begun targeting the upcoming Olympic Games. A new series of spam messages claim to be from the Beijing Olympic Committee and claim that the recipient has won a lottery designed to promote the event and include attachments that are supposed to contain instructions on claiming their prize. The messages are actually phishing attempts designed to steal personal information. For the record, the real name of the organization that oversees the Olympics is Beijing Organizing Committee for the Games of the XXIX Olympiad. Quite a mouthful!

Experts expect even more Olympic themed spams and scams as the opening of the Olympic Games nears. Exploiting current events, celebrity scandals and natural disasters is a favorite trick of of spammers. The Storm Worm got its name from its very first spams, which exploited the severe weather hammering Europe at the time. Other spams have mentioned the cyclone that hit Myanmar, the earthquake in China, and such made up news stories as the U.S. invading Iran and the Statue of Liberty burning down. Spammers are a crafty bunch and there is nothing they won’t do to try and get their messages opened and links clicked!

We’ve all gotten at least one in our inbox-an email from a foreign aristocrat of some sort, begging for your help in getting their multi million dollar fortune out of the country. In return for letting them use your bank account, they will give you a hefty cut. Known as Nigerian (because that’s where this type of spam originated and where most of it still comes from) or “419” spam (in reference to the section of Nigeria’s Criminal Code that deals with this type of fraud). One of the most popular ways these scammers get email addresses to spam is by scraping the guestbooks found on many sites. If you use one, make sure your visitor’s email addresses are hidden.

A recent report has found that scammers have put a new twist on this old scam. Now they are hacking into web based email accounts and sending their 419 spams to everyone in the account’s address book. They even use the account holder’s signature to make it look authentic. This disturbing new twist only illustrates further how very very important it is to never give out your personal information(such as passwords and usernames) to a third party!

Companies can protect themselves by having a strong spam filter in place and by blocking or discouraging the use of web based email applications. (A clearly defined internet usage policy is helps a lot in this regard) If the company website has a guestbook, make sure the email addresses of anyone who signs it are hidden, and use your .htaccess file to block the IPs of any suspicious looking entries. 419 spam is a very big, very real problem, but using a few common sense rules can go a long way in protecting yourself from it!