The U.S. Department of Defense was hit with a severe malware attack this week. The attack, which originated in Russia, was targeted at the networks in the department’s Central Command, which oversees the U.S.’s involvement in Iraq and Afghanistan. DOD sources say at least one highly classified network was compromised. According to the Los Angeles Times, the malware has been around awhile:

          The invasive software, known as agent.btz, has circulated among non-governmental U.S. computers for months. But only recently has it affected the Pentagon’s networks. It is not clear whether the version responsible for the cyber-intrusion of classified networks is the same as the one affecting other computer systems.

The malware is able to spread to any flash drive plugged into an infected computer. The risk of spreading the malware to other networks prompted the military to ban the flash drives.

Read the rest of this entry »

Posted in Spam news No Comments Tags: hacking, malware

When McColo, an ISP known for being a haven for spammers and scammers was knocked offline two weeks ago, the notorious Srizbi Botnet went down with it. This resulted in global spam volume plummeting by as much as 75%. Sadly, that’s about to change. FireEye, a threat research firm, has discovered that Srizbi is rising from the dead.

Researchers at the firm have discovered that Srizbi has begun updating all of its bots via its new command servers located in Estonia. New domains linked to the botnet have been found as well, with registrations located in Russia.

Read the rest of this entry »

Facebook won its case against a spammer, Adam Guerbuez and his company, Atlantis Blue Capital, for violations of the CAN-SPAM Act. The courts awarded Facebook an incredible $873 million in damages, the largest award under the Act to date. According to reports, his business involved phishing Facebook user logins, and then using other peoples’ accounts to send spam to other Facebook users, selling various pharmaceuticals and male enhancement drugs. Guerbuez never showed up for his hearing.

It is of course, a symbolic gesture. Facebook is not likely to get a dime from Mr. Guerbuez. Although I’m sure he’s made some money from his spam business, I doubt it’s anywhere near $873 million. And by now, if he’s smart, both he and his money are far outside of United States jurisdiction. Besides the monetary judgment, he also received an injunction preventing him from using Facebook in the future. This too, is a symbolic gesture, and one that would be impossible to enforce.

Read the rest of this entry »

Up to 80% of spam targeted at Internet users in North America and Europe is generated by a hard-core group of around 100 known professional spam gangs whose names, aliases and operations are documented in Spamhaus’ Register of Known Spam Operations (ROKSO) database.

ROKSO is a “3 Strikes” register. To be listed in ROKSO a spammer must first be terminated by a minimum of 3 consecutive ISPs for AUP violations. IP addresses under the control of ROKSO-listed spammers are automatically and preemptively listed in the Spamhaus Block List (SBL).  For Law Enforcement Agencies there is a special version of this ROKSO database which gives access to records with information, logs and evidence too sensitive to publish here.

Read the rest of this entry »

Spamhaus has released its latest list of the top 10 spammer-friendly ISPs and there is one familiar name, Microsoft. That’s right. Microsoft sits in the number 5 spot on the list. Why do spammers like Microsoft? The same reason they love Gmail. They know those domains have a highly positive reputation and aren’t likely to be placed on any blacklists. This increases the chances of their spam actually reaching people’s inboxes.

The spam tracking group says spammers and scammers routinely use Microsoft’s Live.com and Livefilestore.com to send spam and redirect visitors to various sites that sell porn and fake drugs.

Read the rest of this entry »

As an email administrator I’m constantly asked by email users “I don’t understand why people send spam. How do they make money selling watches or viagra , if they have no reply email address? I only see web site link”.  Therein lies the answer, which we can continue to educate our email users.  In his article “How Viagra spam works” Stuart Brown provides great insight with details on exactly how the underground market of spamming works. All it takes is a few emails for spammers to get paid from millions of spam emails sent out daily.

Stuart starts off by explaining that even with the best Bayesian filters, blacklists and other filtering techniques, most of us are still plagued with an endless stream of invitations for all sorts of weird and wonderful products and services. One of the most common forms of spam is advertising for pharmaceutical products - and perhaps the most notorious form is for the ‘men’s health’ variety- notably Sildenafil citrate, more commonly known as Viagra. But how do spammers make their money?

Read the rest of this entry »

If you’ve ever wondered why Nigerian spammers never seem to give up, MaximumPC has the answer - their scam still works! In an article on their site, they report that over a period of 2 years, a woman gave them $400K! She refused to believe she was being scammed, convinced she was dealing with an inheritance from her long lost grandfather:

          The email promised $20 million to Spears, money which was supposedly left behind by her grandfather whom she and the rest of her family had lost contact with over the years. She states “So that’s what got me to believe it.”

Read the rest of this entry »

Posted in Spam news No Comments Tags: spam

The FTC has shut down a known malware and spyware vendor. On Monday a U.S. District Court handed down temporary restraining order forcing CyberSpy Software to cease selling its RemoteSpy program, which is a keylogger. The company was also ordered to shut down its website.

The program records every keystroke on the infected computer, takes screenshots of the screen and records the addresses of every site visited. It also records all documents opened and logs conversations from a variety of IM programs including MSN Messenger, AIM, Skype, and Yahoo! Messenger. This information is transmitted to CyberSpy’s website where their customers log in to retrieve it. The program also comes with instructions on how to disguise the software and send it via email to their unsuspecting victims. Installation is as simple as clicking on a image. From the FTC’s complaint:

          The defendants violated the FTC Act by engaging in the unfair advertising and selling of software that could be: (1) deployed remotely by someone other than the owner or authorized user of a computer; (2) installed without the knowledge and consent of the owner or authorized user; and (3) used to surreptitiously collect and disclose personal information. The FTC complaint also alleges that the defendants unfairly collected and stored the personal information gathered by their spyware on their own servers and disclosed it to their clients. The complaint further alleges that the defendants provided their clients with the means and instrumentalities to unfairly deploy and install keylogger spyware and to deceive consumer victims into downloading the spyware.

Read the rest of this entry »

Posted in Fighting spam, Spam news No Comments Tags: malware, spyware

There’s a chance to win some great prizes this festive season (that would be a few presents taken care of!) over at PST Panic! The first prize is a $250 Amazon gift voucher, whilst 2nd and 3rd places get a $150 and $100 Amazon gift voucher respectively. A $10 Amazon gift voucher will also go to the first 50 people who submit their photo. And that’s not all!! Five randomly selected administrators will also get their very own free copy of GFI MailArchiver.

In order to be eligible to win these prizes, you need to register to the site and then submit a photo showing the panic caused by PST files. This could be either a photo of your stressed admin, or one of yourself in the midst of your stressful and frustrating job; or possibly a screenshot of a horrible software crash. You could even get your creative skills going and produce an edited photo of all the very wrong things you want to do to your PC when you find out that your PST files are damaged and unrecoverable!

Read the rest of this entry »

Researchers at Microsoft have discovered that most phishing scams bring in little to no money. Their study blames this on the oversaturation factor. Just as overfishing has caused a deep decline in certain fish populations, the sheer number of phishing scammers seeking maximum returns has resulted in “overgrazing.” The other problem facing them is that the more phishing scams a person comes across, the wiser and less likely to fall for them they become.

          “Phishing appears to be a low-skill low-reward business. The enormous amount of phishing activity is evidence of its failure to deliver riches rather than its success. Repetition of easy money stories without scrutiny makes things worse by ensuring a steady supply of new entrants,” the researchers argue.

Read the rest of this entry »

Posted in phishing No Comments Tags: phishing