The effects of the McColo shut down appear to be all but over. Security experts say spam has risen by 159% since November 2008. When McColo was knocked off the net after the discovery that it hosted a wide variety of child porn and malware sites, spam volumes plummeted by 75%, largely due to the fact that several of the world’s largest botnets had their command centers there. However the group that controls the botnets wasted no time in finding a new home for them, relocating their operations to hosts in Estonia and Romania. At the same time a new botnet, Waledec, has risen to take the place of botnet giant Storm.

Experts say that spam levels will continue to rise for awhile before plateauing later this year. Viruses and blended attacks will continue to be popular and attackers will continue to produce malware that can mutate to avoid filters and signature detection. 2009 looks to be an interesting and busy year for IT departments and security experts as spammers and hackers continue to challenge and defy attempts to stop their nefarious activities.

Many organisations that implement an email anti-spam solution will apply a multi-layered approach.  They will implement a system that includes content filtering, IP block lists, quarantine of suspected spam items, Bayesian detection, and other important features.

Unfortunately all too often they will forget the last and most important line of defense against spam – the end user.

Spammers want to fool computers first

Spammers will use many tricks which evolve over time to try and bypass the sophisticated anti-spam systems protecting email servers around the world.  The spammer will misspell keywords, stuff email messages with harmless looking text around the malicious content, hide text within images, forge sender email addresses, relay through insecure email servers, and blast spam messages out to millions of recipients as quickly as possible to try and get past the filters before they are updated for new spam techniques and signatures.

Only the most aggressive anti-spam system configuration can prevent 100% of spam content from reaching end users.  This level of protection is usually impractical for businesses because of the resulting number of false positives (genuine email treated as spam) which may disrupt important business communications and cost thousands or even millions of dollars as a result.

This risk means that most businesses will tune an anti-spam system to prevent false positives, the end result of which is usually a small number of false negatives (spam treated as legitimate email).

Continue reading The last line of defense against spam»

The world economic crisis has set the stage for hackers, spammers and phishers to have a field day.   They can just about steal city hall, if people don’t pay attention.  According to security experts, this crisis alone will increase attacks in 2009. Expect to see an increase in emails lulling people with false promises for “easy to get mortgages” or fast income with “work at home opportunities”.  With emotions running high to find sources of income, easy targets are people who have lost their job or who can’t pay a  mortgage with foreclosure hiding around the corner.  Desperation provides spammers with the perfect target each time.

Aurelija with PC1 News provides some keen predictions for 2009 to be on guard about.  Social networking sites will continue to be phished but in a much more professional way with a goal of collecting as much personal information and information surrounding a person’s inner circle of friends and associates as possible. Certain types of spam will target proper names and be segmented according to demographics or certain types of markets. Be on the look out for shorter spam messages that will trip up spam filters with shorter messages. Other spam may resemble legitimate newsletters and other special offers. Once a person falls prey, the spam may spread with a viral marketing effect through their personal network.

Consider providers having to respond more often to CAPTCHA breaking techniques in 2009 by enhancing the CAPTCHA process, while deploying alternative CAPTCHA approaches. Any web site requiring a personal account to be created online will continue to be targeted and the CAPTCHA failure rate will continue to increase accordingly.

The advance fee fraud (419 scam) should be considered a continuing spam threat and worth giving vigilant attention. It is expected that these types of messages will become harder to recognize at first glance.  Messages will contain only a couple of sentences, rather than a long story. Cyber criminals will try to trick potential victims and involve them in their schemes slowly, inviting them to find out more about the offered “business opportunity”. Besides, scammers will also make greater use of email attachments to convey their messages with more detail. This facilitates  the scammers to bypass traditional anti-spam filters.

Continue reading Belated 2009 Spam Predictions»

A new study from security firm Sophos reveals that spam is getting more malicious than ever. In the 4th quarter they reported the following stats:

October – 1 in every 256 emails sent included a malcious attachment.

November – 1 in every 384 emails sent included a malicious attachment.

December – 1 in every 2000 emails sent included an attachment. (Experts say the drop off is most likely related to the McColo shut down)

The study says spammers are getting more and more creative in their attempts to find victims and are making more use of such social networking sites as Facebook and Twitter. Such sites allow spammers to personalize their messages, making it more likely that the links in them will be clicked on. Spammers are also abandoning simple sales in favor of spam meant to lure recipients into visiting malicious websites or download malcious attachments meant to steal personal information. Here’s an excerpt from the report:

          “Spammers really took to using sites like Facebook and Twitter as a vehicle for their spam antics during the last three months of 2008,” he said. “Cybercriminals have cottoned onto the fact that social networking users can be more easily fooled into clicking on a link that appears to have come from a trusted Facebook friend, than if it arrived as an unsolicited email in their inbox. The notorious Nigerian 419 scammers have even evolved, masquerading as Facebook friends in order to trick unwary users into parting with valuable sensitive and financial information. Ultimately, while users are still falling for these scams, the fraudsters will continue. And while the authorities are making great progress, everyone must take steps to ensure they don’t fall victim.”

These days spammers make more money selling personal info than they do selling fake pharmaceuticals, male enhancement products, or fake watches, and that makes protecting your personal data more critical than ever.

With most email systems such as Microsoft Live mail and Google Gmail able to filter most spam, spammers are moving aggressively to target wireless mobile cell phones.

Mobile communications expert, Andy Adams says “mobile phones are seen as easy targets since text messages are the perfect medium for sending junk mail out to the world. The extent of this issue is most prevalent in China. In China there are an estimated 555 Million mobile phone users, two hundred million phone users who were surveyed reported to have been victims of mobile spam. Considering that most users reported that they received on average 8 spammy messages per week this makes for a huge problem.”

Tips to Get Your Wireless Mobile Carrier to Stymie Spam

Continue reading Mobile Phone Spam Prevention Tips»

Australian Communications and Media Authority (ACMA) is responsible for enforcing the Spam Act and actively works to fight spam in Australia. Under the Australian Spam Act 2003 it is illegal to send, or cause to be sent, unsolicited commercial electronic messages. The Act covers email, instant messaging, SMS and MMS (text and image-based mobile phone messaging) of a commercial nature. The Spam Act 2003 does not cover faxes, internet pop-ups or voice telemarketing. Commercial messages must be sent with the recipient’s consent, contain clear and accurate information about the sender, and must contain an ability to unsubscribe from messages sent.

ACMA also plays an important role in e-security in Australia, gathering evidence and assisting in protecting Australians from computer fraud and identity theft.  As Australia’s anti-spam watchdog it  has lauded the effectiveness of the Spam Act 2003.   According to Iain Ferguson of ZDNet Australia, ACMA also warned international efforts and moves to combat the “fusion of spam, fraud and cyber crime” must be stepped up.

Continue reading Australia Watchdog Checks Text Messages»

Not surprisingly, spammers have begun a new attack exploiting the upcoming Valentine’s Day holiday.  New spam messages with subject lines such as “Falling in love with you”, “I belong to you”, and “I love being in love with you” have begun hitting inboxes. Security experts say the attack started on January 22nd. The body of the messages contain romantic sounding one liners like “Me and You”, “In Your Arms”, and “With all my love”, and a link. The link directs the recipent to a web page displaying 12 heart images and inviting them to click on one. Doing so downloads a malicious program called “love.exe” or “you.exe” which turns the infected computer into a zombie and adds it to the Waledec botnet, which is believed to be run by the same folks responsible for the Storm botnet. So far the botnet is sending an average of 11,000 messages per hour.

This is the same group responsible for the Obama spam sent earlier this month. That spam attempted to lure people to a fake Obama/Biden site with a link to a fake news story claiming Obama had abruptly declined to accept the presidency of the United States. This new botnet is growing so quickly it’s being called the new Storm botnet. It appears that the group behind it isn’t in a hurry to learn any new tricks because the old ones are still working just fine.

The article “In-session phishing holds new potential for attack” by Dan Blacharski is worth another read. If you have not done so, I highly recommend reading this article.  Dan provides important information on the most dangerous of all phishing expeditions to date.

Getting past the symptoms that achieve the in-session phishing results, let’s examine the root cause.  I learned a long time ago that the solution to any problem lies within the problem itself.  This has proven true over the years in overcoming problems life has presented.

This adage holds true with in-line phishing.  The solution to preventing or minimizing in-phishing or other phishing scams lies in eliminating the complexity of domain names. Beyond the ignorance of people having identities or money stolen, the root cause lies in the way universal resource links (URL) are created. As technocrats, we get hung up on creating complicated internet web address URLs. The thought is the more complicated the URL, this increases the chances of thwarting the phishing thieves. This complicated URL approach does not consider the every day person who won’t know the difference.  So this actually makes it easier for the phishers to reel in their victims.

In “Security Best Practice: Host Naming & URL Conventions“,  author Gunter Ollmann provides solid methods for addressing the root cause of phishing attacks. Gunter points out that companies need to spend time rethinking the naming conventions for Internet web address URLs.  Organization names used for Internet visible hosts or references to web application URLs can often be abused to make for a more successful attack. Due to a lack of insight or understanding of current attack variables, many organizations are failing to follow best security practices in their host naming and linking conventions. The result is companies unwittingly aiding the attackers.

Continue reading Root Cause of Phishing Attacks»

Spam comes in all shapes and sizes. Besides the traditional email spam, spammers target forums, blogs, and now, for the first time I’ve seen them targeting Web 2.0 B2B sites with a variation of the old Nigerian 419 scam, this one involving advanced fee fraud. Small businesses and one-man shops should take note and beware of this activity.

The miracle of the Internet has made it possible for me to work at home exclusively, running my small one-man shop from my home office whilst wearing a bathrobe and slippers. And the wonderful thing about it is that there are many more people like myself out there, who do the same thing. One of the marvelous Web 2.0 inventions that enables me to continue putting my name out there is B2B networking sites, which connect businesses looking for contractors for projects, and the contractors who provide them. As a writer, consultant and analyst, I make good use of these B2B sites and have often gotten great projects from them. But scammers too are seeing these Web 2.0 sites as a new target to find their victims.

Continue reading SOHO businesses beware of 419 scam»

Security experts have issued warnings about a new type of spam hitting inboxes across the globe. Called “piggyback spam”, it looks like the typical spam message hawking things like shady pharmacies, fake watches, loans, etc, but rather than links to websites where the products can be ordered, these spams are full of links to malicious files having nothing to do with what the message is about. If a recipient clicks on any of them, a file download dialog box opens. If the recipient foolishly continues with their download, a variety of malware including a keylogger and a Trojan that takes over the machine and adds it to a botnet, is installed on their PC.

Experts believe this new type of spam is being used by cybercriminals as a way to increase their botnets.

Continue reading New “Piggyback” Spam Circulating Worldwide»