A 23 year old Romanian immigrant from Michigan has been sentenced to 8 and a half years in prison for his role in a phishing scam that left over 7,000 victims and raked in over $700,000. Starting in June 2000, when he was 14 years old and lasting through February 2007, Sergiu Popa used two email accounts to send out phishing emails made to look like legit messages from such companies as Citibank and Paypal. Unwitting victims who clicked on the links were sent to the fake websites he set up and had their personal info stolen. He pleaded guilty to the charges in hopes of getting a lenient sentence, but the plan backfired

 

“Because there were so many victims who were hurt badly, the court believes the sentence is appropriate in order to protect the public,” said Judge John Tunheim. “There needs to be a deterrent to others who are trying similar crimes over the Internet.”

One file found in his Yahoo email account contained credit card information for over 5,000 people. Upon searching his home, the FBI found blank plastic cards being used to make fake credit cards and driver’s licenses, a machine used to print graphics on such cards, and foil ribbons used to stamp the holographs used on legit cards. Continue reading Phisher Sentenced to Eight Years in Prison»

This one’s no Kmart special. A fake Kmart survey being delivered via email is actually a phishing attack. The email arrives with the caption, “you have been selected,” and then goes on to say that the recipient has been selected to participate in a special Kmart survey, and receive a $150 gift certificate. A similar phishing attack was recently making the rounds pretending to be WalMart.

Now whenever I get something like this I’m always suspicious. There are legitimate surveys, and sometimes there is a freebie involved, although it’s not usually that generous. And then here’s the red flag: There’s a link in the email, which takes the victim to a site that doesn’t even look like a Kmart site; then the email also asks for personal information (including account number information).

The attackers aren’t too clever, and it’s a thinly-disguised ruse, particularly since the form itself isn’t on a spoofed Kmart page, and the URL the email tries to send you to isn’t from Kmart, but rather, is one that includes the obviously bogus word “epiqteen” in the address. But they do at least make some attempts by creating a legitimate-looking survey, and sending the victim to the real Kmart web site after completing the survey.

There are two tips to remember to combat these sorts of phishing attacks: First, beware of emails offering to give you free money. Second, always look at the URL the email is trying to send you to. In most cases, simply passing your cursor over the link will reveal the true URL.

Heartland Payment Systems has announced that the major data breach it revealed to the public in January has so far cost it over $12 million. It blamed the expense for its 1^st quarter losses. A large percentage of the cost is due to a hefty fine levied against it by MasterCard. CEO Robert Carr said the company plans to appeal the fine:

          Carr added that Heartland plans to appeal the fine. MasterCard claimed that the processor had failed to respond appropriately after it was notified of a potential breach. But Heartland believes that it did respond properly and that “upon discovering the intrusion, it took immediate and extraordinary action to address the intrusion,” Carr said. In a statement to Computerworld, MasterCard said that it “believes the fines it imposed were warranted and consistent with its rules.”

On January 20th, the company, which is the largest payment processor in the country with over a quarter million customers, announced that unknown intruders had broken into its computer systems and that, as a result, data on as many as 100 million credit and debit cards was compromised. The actual breach allegedly occurred last May but was not discovered until January despite warnings by credit card companies of suspicious activity related to the transactions it processed.

My bank was one of Heartland’s customers and as a result my debit card was replaced. It was a huge hassle having to change the payment information I had on file with sites like Amazon and companies I have accounts with such as my cell phone provider. I can only imagine the hassle caused by having to cancel and reissue hundreds of thousands of debit and credit cards. I believe the fine was well deserved because the company was warned of suspicious activity by the credit card companies and apparently ignored them until the breach was discovered in January. Its security policies obvious left much to be desired!

When a business has made the important decision to implement an anti-spam system for their email servers the next step is to undertake an evaluation of available solutions in the market.  In this post I will describe a high level approach to performing an anti-spam evaluation within your organisation.

Discover Available Products

If your organisation has no awareness of which anti-spam solutions exist in the market then the first step is to find out what is available.  This is as simple as performing some Google searches for terms such as “business antispam” or “Exchange antispam” (if you are using Microsoft Exchange Server for example).  You can also check out which products are mentioned in articles or advertised in banners on popular technology websites, particularly sites focusing on a business audience.

Another simple approach is to go and ask your contacts at other companies who you know to find out what they use and whether they have any quick comments to make as to their happiness with the solution they have implemented.

Once you have a list of products you can then learn a little more about them by searching for online reviews that have been written.

Contact Vendors

After you have learned about some of the products available you can get in touch with the vendors to find out more about the product, the availability of evaluation licenses, and any local pre-sales support that they offer either directly or via a partner.  Often times a vendor is more than happy to send a representative to your office to discuss their product and even perform a demonstration of it.

Pre-sales support is also very valuable during the testing and evaluation phase, so that any problems you encounter through inexperience with the new product can be resolved with assistance from experts.

Testing Phase

Before any evaluation is performed within your production environment you should first perform some testing in an isolated testing environment.  This testing will help familiarise you with the installation and configuration of the product, and gives you a chance to discover any problems or complexities that you need to resolve such as an incompatibility with other software you run on your servers.

Evaluation Phase

After you are satisfied from your testing phase that the product will not adversely impact your environment you can install it in the production environment and begin a more thorough evaluation process. Continue reading How to Evaluate Anti-Spam Products for Your Business»

Researchers at Google have begun testing a new image based captcha they say can help sites fight back against spammers and fraudsters. The new captchas present the user with an upside down image. All they have to do is flip it so its right side up. Simple, right? Not for machines! It rejects any image that a computer may have learned to recognize, such as human faces.

          The new puzzles could be built around a site’s theme — for instance, cartoons at a Disney site, or objects for sale at eBay, said Rich Gossweiler, a senior research scientist at Google who led the team that developed the system. It can be put in place rapidly, he said, and has an almost limitless supply of images. “Our technique expands the vocabulary of captchas” beyond obfuscated characters, he said. “And it might make the process less of a chore. It’s fun to solve a puzzle.”

Since the traditional text based captchas have long since been cracked by scammers, this new image based type might be just what the doctor ordered. Text based captchas are easily solved by machines and in some cases, the scammers simply pay real people a few cents for every captcha they solve. This leads to thousands of fake email accounts being set up and used for spamming or phishing.

A new kind of audio captcha, used for people who are unable to handle the text or image varieties due to disabilities, is also being tested. This one uses phrases from old radio shows instead of random words. Researchers say this makes it much harder for machines to understand and solve.

Will these new captchas save the day and make the technology valuable again? Only time will tell.

I recently had a client who needed to send me a huge 50MB file. Emailing such a large file can cause problems for anyone, since it will take a long time to download, and most people actually have file size limits imposed on their email that would prohibit a file that large from coming through. There was a handy solution however. I just got an email with a link to a URL which pointed to a file sending service, which allowed me to download the file from my web browser at my convenience. I later discovered that this particular service allows files of up to 2GB to be downloaded. Great idea!

But let’s consider the security and spam potential of such services. First of all, these types of services are extremely useful, for sending large files back and forth between members of a workgroup. In cases where you’re working on a project, and you know that this is how you are going to be working, it’s invaluable. File size on some large projects can quickly grow to tens or hundreds of megabytes, and emailing them back and forth just isn’t practical. But, like anything, it has the potential for abuse.

Terry Zink’s blog carried an entry recently about a piece of spam  that came from one of the big Web email providers, which had a payload from one of these cloud-based file service providers. The scenario is that a spammer sends out random emails, which claim that the recipient needs to download a file. The file however, contains malware of some sort. It could even be used in a directed phishing scheme, where a spammer obtains email addresses from a victim, then sends out emails to all of the victim’s friends and business associates, pretending to be that individual.

So when using these cloud-based file services, there are a few things to consider: First, be sure that you have anti-malware technology in place. Second, if you’re not expecting a file link to come through, then check first to make sure the alleged sender really did send it.

A new spam campaign appears to be coming from hijacked Yahoo, Hotmail, and GMail accounts. The messages all advertise Chinese electronics and apparel retailers (and it’s a sure bet that the products they sell are counterfeits!) and look something like this:

          How are u doing these days?Yesterday I found a web of a large trading company from china,which is an agent of all the well-known digital product factories,and facing to both wholesalers,retailsalers,and personal customer all over the world. They export all kinds of digital products and offer most competitive and reasonable price and high quality goods for our clients,so i think we you make a big profit if we do business with them.And they promise they will provide the best after-sales-service.In my opinion we can make a trial order to test that.

A Washington Post columnist reported a family member’s Yahoo account had indeed been hijacked by the scammers and used to send spam like the one above to everyone in his address book. The scammers also deleted the last 30 days of messages in his sent folder and tacked their spam on to his signature file. A virus scan turned up no infections, indicating perhaps the hijack had been the result of the user falling for a previous phishing attack, or perhaps even a hacked server on each of the webmail providers affected.

Continue reading Asian Spam Coming From Hijacked Webmail Accounts»

A new wave of malicious spam hitting inboxes uses Western Union’s Money Transfer Service in its attempt to trick recipients into downloading its payload. The spam messages carry the subject line “Western Union Transfer MTCN:” and a random number.

The message says a large sum of money transferred on March 10 was never collected and directs them to open the attached zip file and print out the invoice in it, then take it to their local WU office to get the money. The attachment is actually a Trojan. In an effort to make the message seem legit, the scammers even added language at the end of it that claims it was scanned by the recipient’s ISP and found to be “safe”.

The Trojan,Troj/Agent-JUC, appears to be a rootkit that disables firewalls and steals banking information. It also installs other malware including a keylogger program, takes screenshots, and provides backdoor access to the systems it infects.

Despite how nasty the payload sounds and how legit the scammers behind it may have tried to make the spam delivering it sound, common sense should prevail here. If you haven’t sent any money via WU, ignore this message, and if you have, they’ll generally call you, not send an email, and as always, be very wary of any attachments you receive via email from people you don’t know.

It’s believed the scammers behind this latest attack are trying to take advantage of the shaky economic times, figuring there are enough people desperate enough to let their greed over potential free money override their common sense. Don’t fall for it!

Spring is quickly turning into summer and spammers are taking full advantage of it. The Cutwail botnet, which was last seen pumping millions of Valentine’s Day themed spams hawking male enhancement products, has now turned its attention to weight loss.

Security researchers are reporting that the botnet has now begun sending out a flood of spam hawking weight loss products containing acai. Acai is a berry found in South America that allegedly fights cancer and aids weight loss. Acai pills, drinks, liquor and even ice cream are being sold via spam. It’s important to note that the FDA has not studied the Acai berry and its health benefits are completely unproven.

According to researchers, the spams all link to the same Russian website:

          All roads lead to Rome, but a great many IP addresses lead to Russia. In the case of Cutwail-originating-acai-spam, one line of text is followed by many leading to the same Russian website. Following any one of them leads the gullible to the site and enables javascript, which runs a five-minute timer. After five minutes, the acai-entranced finds himself/herself in a chat session sales pitch.

It’s safe to say anyone handing over their credit card details to the site should not expect a positive outcome.

Acai spam now accounts for 10% of all spam being sent. The rise is attributed to the coming summer months. Spammers are hoping with the swimsuit season fast approaching that people will be looking for quick and easy ways to lose weight and be willing to shell out money for their shady products.

After an organisation has made the decision to invest in an anti-spam solution, often the next consideration is where within their network infrastructure should the anti-spam system be located.  When making these decisions it is helpful to understand common anti-spam techniques and how they will integrate with other elements of your network.

Small to Medium Businesses

For small- to medium-sized businesses the decision is simplified to a certain degree, especially for organisations that operate from single premises.  Many of these organisations will operate a single email server such as Microsoft Exchange Server.  When an Exchange-integrated solution is chosen then the anti-spam software is installed on the same server as Microsoft Exchange.

Although this basically eliminates any need to consider the location of the anti-spam system, there is still some consideration that needs to be given to configuration and tuning of the various anti-spam features.  For example, connection filtering should be enabled and assessed first before the more resource-intensive content filtering.  Even though most small businesses do not deal with the volume of email that makes performance difficult to manage, this sort of attention to detail will ensure that an integrated anti-spam system does not adversely impact the performance of the organisation’s email server.

Large Businesses and Enterprises

Large businesses and enterprises typically operate a complex network infrastructure due to two main factors – they operate out of many separate premises across a city, country, or even the world; and they have very large numbers of staff using the email system.  This presents many additional factors when considering the location of the anti-spam system, such as:

• Multiple email entry points for the network;
• Heavily loaded email servers with critical performance/uptime requirements;
• Strict security policies for incoming connections from the internet, including for SMTP;
• Strong focus on lower total cost of ownership (TCO) for systems such as email security.

When these factors are considered in light of the technical features of an anti-spam system the decision can be a complicated one. Continue reading Where to Locate Anti-Spam Servers in Your Network»