Michael Hampton at the Homeland Stupidity blog has discovered a new spammer-the government! He reports receiving spam from the Overseas Security Council, a branch of the State Department. The spam came from an employee address and hawked a get rich quick scheme which involved sending him $44.95 to get a website and the ability to send millions of spam messages a day. Sure it’s very possible the computer that sent it was infected by a Trojan or virus, but this is the Federal Government! They of all people should have air tight computer security. Michael says he emailed the OSC but got no response. Pretty interesting. Either there is a spammer working for the government, or they have a serious security breach somewhere!

John J. Moser, Of The Morning Call, reports a Pennsylvania federal judge dismissed a woman’s lawsuit. The suit claims East Penn Township, PA police used excessive force. The judge’s dismissla of the law suit said her attorney ignored a dismissal motion and the judge’s order to respond to it.

But attorney John P. Karoly Jr. of South Whitehall Township, who represents Susan R. Shuey and her husband, John, has asked Judge A. Richard Caputo to reconsider, blaming the lapse on the judge’s e-mail errantly going to his office computer’s “spam” folder.

The Shueys sued the township, township Supervisor William Schwab and police officers Brian P. Horos and Alan W. Beishline on June 28 for more than $300,000 plus attorneys’ fees. The suit stemmed from a June 23, 2006, incident in which Susan Shuey, 47, was charged with obstructing administration of law, simple assault, persistent disorderly conduct and resisting arrest. The suit says she was twice shocked with a stun gun during her arrest.

The suit says the Shueys approached Horos as he wrote a traffic ticket to a motorist to talk about a ticket issued earlier that day to their son Josh. The suit says East Penn had a policy, ”conceived and directed” by Schwab, to cite as many motorists as possible to ”create a revenue stream” from fines. Read the rest of this entry »

The best defense against spam is continuously educating the email user community.  As administrators we may sometimes get a little too hung up on the technocratic methods of preventing spam. Although the technical details are important, our email users must be constantly reminded of their role to prevent spam.  It’s an extremely important role.

Many spammers are people in each person’s inner circle who send notices, warnings and heads up emails.  When a person sends a friend a chain letter email, surely they do not think they are proliferating spam.  The forwarding of community announcement notices is surely sent with all the best of intentions.  This does not take away from the fact that this type of email clogs up the email highway.

Our friendly spamming friends then want us to send this email to 10 of our friends in the next 5 minutes.  This “not deliberate spam” sent to 10 people will bring the sender an unexpected positive outcome in their life.  The mere hope of something nice happening, by forwarding friendly spam to people in our trusted network, usually makes people do it faster. Read the rest of this entry »

Security experts are predicting that the next wave of phishing spam will attempt to exploit the recent financial woes on Wall Street. They say scammers are likely to start soon, using people’s fears of bank failures like that of Washington Mutual by sending official looking spam messages asking for their banking info in order for them to be assured of FDIC protection.

          E-mail scammers like to use global crises and high profile news headlines when baiting consumers,” said Peter Horan, chief executive officer of Goldman, in a press release issued this week to warn consumers of such attacks. “Phishers know how to make use of people’s vulnerabilities during times of stress.”

According to a recent survey, $3.2 billion was lost to phishing scams in 2007, and that figure is expected to keep rising. Banks spend between $100,000 and $500,000 a year to protect their customers from such scams.

The New York Times is reporting that the current economic crisis has led to a spoof of the classic 419 (aka Nigeria) spam scam. Everyone who has an email address has received at least one 419 spam. Named after the number given to the section of the Nigerian criminal code dealing with fraud, these emails claim to come from a desperate foreign national or lawyer who needs your bank account info-and promises millions in return. People who fall for it find their bank accounts emptied. The spoof reads in part:

           Dear American:

I need to ask you to support an urgent secret business relationship with a transfer of funds of great magnitude.

I am Ministry of the Treasury of the Republic of America. My country has had crisis that has caused the need for large transfer of funds of 800 billion dollars US. If you would assist me in this transfer, it would be most profitable to you.

I am working with Mr. Phil Gram, lobbyist for UBS, who will be my replacement as Ministry of the Treasury in January. As a Senator, you may know him as the leader of the American banking deregulation movement in the 1990s. This transactin is 100% safe.

This is a matter of great urgency. We need a blank check. We need the funds as quickly as possible. We cannot directly transfer these funds in the names of our close friends because we are constantly under surveillance. My family lawyer advised me that I should look for a reliable and trustworthy person who will act as a next of kin so the funds can be transferred.

It then goes on to request the recipient’s bank and IRA account numbers as well as those of their children and grandchildren. The sender is listed as Henry Paulson and the email address is “wallstreetbailout@treasury.gov. Most people will realize that it’s meant to be a spoof but you just know there’ll be at least one person who thinks it’s serious! Thankfully the email is fake so any personal info sent would just bounce back.

ISP Intercage, dubbed a “major hub of cybercrime”, with 78% of its domains and mail servers used for malicious purposes, has been cut off by its upstream provider,Pacific Internet Exchange. Intercage president Emil Kacperski has ignored complaints about that activity for the past 5 years, and when Spamhaus blacklisted PIE earlier this month, it was apaprently the last straw.

          His network was used for very clearly hostile criminal activity. I’m not aware of any legitimate customers,” said Matt Jonkman, an independent researcher who contributed to a white paper on Intercage.

Spamhaus has reported more than 350 cybercrime hosting incidents on Intercage in just the past 3 years. Cybercrime includes spamming, hacking, malware, internet fraud, phishing, and more.

Kacperski said he is looking for a new provider and doesn’t know how long it will take. Let’s hope there are no providers out there willing to help him put his cybercrime haven back online!

A precedent has now been set in South Africa.  Repeat spam offenders are now on notice.  Spammers now have a price on their heads and their names on a Wall of Shame.  It would be nice, if this was a sign of things to come for other countries to place bounties on spammers.

Jani Meyer of the Sunday Tribune reports that a South African Spammer Bounty Hunter Programme offers multiple rewards.  There are 3 ways anyone can receive a reward for providing Information that leads to successful prosecution:

• 7,500 Rands ($958.00) is paid if a spammer admits guilt.

• 15,000 Rands ($1,916.00) if a spammer is convicted in the magistrate’s court.

• 30,000 Rands ($3,831.00) bounty is paid for a conviction in the high court.

Alan Levin, Internet Society of South Africa (ISOC) spokesman, said spam made up more than 70% of monitored e-mail traffic.

He said one of the weaknesses in the current system was that it depended on the recipients to act on the spam they received. Read the rest of this entry »

“Do not repeat the tactics which have gained you one victory, but let your methods be regulated by the infinite variety of circumstances.” -Sun Tzu

Have you or your email users recently received spam emails that just make no sense? Absolute gibberish may be in the subject, but certainly the email body contains what appears to be an undecipherable message. It seems disjointed, at best. The other curious part is there is no web link or sales pitch that accompanies it. It appears to have no use for you or the spammer who sent it. So why send this spam message at all?

There is more to it than meets the eye to brain correlation. Take a breath and let’s step back to see what is really being accomplished. Similar to magicians, spammers continue to succeed through misdirection. While you look at one action, another motion is happening in tandem.

Why are millions of gibberish messages being sent out, but appear to mean nothing? The answer to that question is “what is the front line defense to spam”? Good for you, if you answered “our spam filters”.  Contrary to popular belief, these software tools are not intelligent. Anti spam blocking filters are programmed to make adjustments, but it is not based on so called “learning”.  It’s based on programmed algorithms, based on human developers that have experience understanding the nature of spammers’ habits in sending email spam. Read the rest of this entry »

Security experts have intercepted an email based malware attacked aimed at U.S schools and government organization. Over 1000 malware laden emails were sent from 15 IP addresses, most of them originating in Russia. The attack lasted two days and attempted to deliver a Trojan called Spy.Win32.Zbot.ele disguised as a Windows Update. A similar attack was aimed at U.S. businesses. It’s believed the Spy.Win32.Zbot.ele Trojan is the same one that delivers the infamous and nasty AntiVirus XP 2008 virus. The typical social engineering techniques commonly used by spammers these days were used, with an attempt to personalize them for the educational audience they were aimed at.

Experts speculate that the attack may have come from a brand new botnet located somewhere in Russia that is looking to establish itself. All of the IPs used in the attack were consumer based and presumably hijacked to hide the true origin of the attackers.

Rustock and Srizbi, two of the world’s biggest spam botnets, may be connected. Researchers have discovered that the two botnets share the same malware delivery method, a Trojan called Trojan.Exchange, which is activated when unsuspecting users click on malicious links in spam messages. Most of the spam the botnets send is of the fake headline variety (such as the recent Obama and Nuclear Disaster spams) and the fake video variety (this type usually tells the recipient they were caught on video in an embarrassing situation and invites them to click on a link to see for themselves).

Rustock is currently the biggest spammer on the net, with Srizbi a close second. It’s not yet known if the two botnets are being run by the same gang or simply have some sort of agreement in which they work together, but there is some speculation that they are both run by the infamous Russian Business Network, a known haven for spammers, hackers, and other cybercriminals. Read the rest of this entry »