Spam With Humorous Subjects Is No Joke

The latest wave of spam appears to come from spammers with a sense of humor. Recent subject lines include “Mike Tyson to Fight Michael Jackson” “Afghanistan to Become 51st State” and “Obama Admits to Exercise Addiction”, but they aren’t very funny at all. The links they contain, which usually lead to fake videos, download malware onto the victims computer, adding it to a botnet that spams and conducts DDoS attacks. It also downloads other malware that searches for any personal info and sends it to a compromised server.

Most of these fake videos are hosted on hacked servers. Once these servers are found to be hosting malware, they end up on blacklists such as Spamhaus’s SBL, even though they are actually legit operations. According to Spamhaus, the attackers are gaining access to these servers by cracking unencrypted FTP passwords using packet sniffers.

The best way to protect your servers from being compromised is to encrypt your FTP passwords using SFTP or FTPS. All unsecure FTP passwords are at risk, even those thought of as strong. Since FTP transmits passwords clearly, packet sniffers can easily find them. Your IT department can recommend several good secure FTP clients. These days the only good FTP is a secure one!