Spam levels have risen by an astounding 141% since March, according to a new report just released. Botnets are largely responsible for the rise and the number of computers added to botnets has risen to 14 million, a 16% increase. Roughly 150,000 computers a day are infected by malware and added to botnets.

Not surprisingly, South Korea was hardest hit, reporting a 45% increase in botnet activity over last quarter. Most of that comes from the massive DDoS attack that hit the country earlier this month. The same attack also affected most government websites here in the U.S. as well as the New York Stock Exchange and many major business sites.

Continue reading Spam Volumes Shoot Up 141%»

Spam is an international problem that no single country is able to solve on its own.  Although different countries to Australia have their own strict laws against spam, there is really nothing to stop a person outside of that jurisdiction from spamming Australians every single day.

In my recent post on spam vs email marketing it was mentioned that a global law enforcement body may be what we ultimately need in order to fully address the problem of spam.

Some companies have tried to tackle the problem themselves, such as Microsoft offering a reward for information leading to the arrest of the person responsible for the Conficker worm.

One state in Australia has taken the problem seriously and is trialing a system that will permit victims of Nigerian phishing scams to report their case directly to authorities in the African nation.  Queensland police Detective Superintendent Brian Hay leads the Fraud and Corporate Crime Group which has also developed other initiatives to prevent internet fraud or make it easier to report and investigate.

          In the early stages, we’re having some wins. Some of those investment and inheritance scams are reducing but the big problem that we’ve got now is we’ve seen a 100 per cent increase in romance and relationship scams. It’s just gone through the roof.

How effective this will ultimately be is unknown, given that spammers have a track record of constantly adjusting their methods to get around new prevention techniques.  It is hoped that more open communication and effective reporting may make it easier for authorities in countries such as Nigeria to permanently strike at the root of the problem.

A Dutch software developer has been fined over $300,000 for sending more than 21 million spam messages. He will also be charged a little over $7,000 for each day he continues to spam. Reinier Schenkhuizen was first warned in 2004 that he was in violation of Dutch anti-spam laws but ignored it, resulting in 379 more spam complaints being lodged against him and a raid on his home.

Schenkhuizen continues to deny that he is a spammer and plans to appeal the ruling. He claims that the emails customers send with his email client do have an ad for his company in them but that it can not and should not be considered spam. However, Schenkhuizen’s business is described as an “internet promo” company which really does seem like a fancy way of saying spamming.

It is encouraging to see European countries getting tough on spam. Many spammers user servers and ISPs located overseas because it is easier to avoid detection and prosecution there. Hopefully if more and more countries develop tough anti-spam and anti-cybercrime laws the war against spammers and hackers will finally make some real headway.

A massive new spam attack is hitting free web services such as YahooGroups, LiveJournal and GoogleGroups. Over 1 million spams an hour are being sent through these services using fake Hotmail accounts. Security experts say the Hotmail accounts were most likely created via an automated process that included cracking the webmail provider’s CAPTCHA. Spammers like to use services such as Hotmail, GMail and Yahoo! Mail to send their messages because the domains have a good reputation and are less likely to be blacklisted or caught in spam filters.

Continue reading Major Spam Attack Hitting Free Web Services»

Most of us have got accustomed to using spam filters, so we never even see most of it. The spam that does get through, we tend to ignore. We just glance past it, delete it, and never bother reading it, because we’re used to the suspicious headings and the tip-offs that classifies it as an advertisement. Anything coming from a barrister in Nigeria, or a crooked banker in South America goes straight to the trash, as do all the ads for pharmaceuticals, get-rich-quick schemes, and secret tropical fruit juices that are used by people on some island in Southeast Asia where they all live to be 100 years old.

But it seems, one man’s trash is another man’s treasure, and there are a few people out there who actually want those fruit juices. If you’re one of those people, here’s a tip: I used to buy that same juice that the multi-level marketers sell for $40 a bottle, when I was living in Bangkok, from street vendors for about a half a dollar. Be that as it may, now and then there is an ad that catches my eye. Yes it’s true, sometimes those ads do peddle something useful, like printer ink cartridge refills, which I regularly purchase. But I suppose to lots of other people, those ads are spam, too.

Continue reading Who responds to spam?»

A new wave of Swine Flu themed spam is hitting the web, and it carries a nasty payload. The spam messages contain a Word document called H1N1 Flu Situation update that looks like it is from the Centers for Disease Control and Prevention and is said to contain a map showing the spread of the virus across the U.S.

Recipients who unwittingly download the document will open both a self extracting zip file and an executable called doc.exe. The executable installs several kinds of malware including a registry file that activates a Trojan every time the computer is booted.

The Trojan scans the system and steals any passwords and usernames it finds and also installs a keylogger that records every key stroke and mouse click. The stolen info is sent to a remote server for storage. The scammers presumably use the info to commit identity theft and make fraudulent financial transactions.

Attachments should always be scanned before they are downloaded or opened, and never open any .exe attachments received in an email. It’s also important to note that any emails you get from a legit government site will come from the .gov domain, and that no government agency sends any kind of unsolicited email.

Anyone who uses the internet whether for business or for leisure has had first hand experience with spam at some point in time.  Spam is a problem that plagues the internet and affects us all in some way.  Like most problems the spam problem is a very complex one.  There is no single source or cause of spam, which means there is no single solution to the problem.  In this post I’ll explain some of the sources and causes of the spam that we see every day.

Botnets and Zombies

Bots or zombies are typically home computers that have been infected with some type of virus or malware, which puts the computer under remote control by a malicious person.  A group of these computers is referred to as a botnet, and is used by a spammer to send out millions of emails containing spam, phishing scams, and computer viruses.

Examples of botnets include the Cutwail and Rustock botnets that are responsible for massive spam attacks around the world.

Because botnets are made up of computers located within ISP customer IP subnets they can often be blocked by using connection filtering to block any SMTP connections from those IP address ranges.  When this fails you have to rely on content filtering to detect the spam content within the messages.

Open Relays

An open relay is a poorly configured email server that allows anyone to relay messages through it to any other destination email address.  Modern email server software is not configured to permit open relay by default, it usually takes human error to cause a server to be configured this way, and there are few genuine reasons to run an open relay especially not one that is open to the internet where it can be abused by spammers. Continue reading 7 Major Sources of Spam on the Internet»

North Carolina State University was hit by a phishing attack last week. 800 people received an email with the subject line “Mandatory Security Update: July 2009”. The message directed them to click a link leading to the university’s email login page and enter their username and password. It claimed to be from the IT Help Desk. It was unique in that instead of asking for the users information to be sent via email it used a fake sign in page instead.

        Doug Pearson, technical director of the Research and Education Networking Information Sharing and Analysis Center, said he had heard of a handful of similar attacks. Mr. Pearson recommended sharing information about attacks with others, using spam filtering, blocking IP addresses used by phishers, and monitoring for high volumes of mail sent from one person, which the university had done. The only other suggestion he had was for user education. “Users need to recognize the tricks of the trade,” he said.

When an IT security officer noticed the attack he was able to change the link so that it redirected to a site informing them the page was fake. He was also able to change the images on the fake site to say “THIS IS A PHISHING SITE!” This was possible because the scammers simply linked to images on the school’s real website.

Because of his quick action only 5 people fell for the scam and all were able to change their passwords before the scammers could do any harm.

The personal information of at least 4 million Britons and a whopping 40 million others, most of whom are Americans, is being bought and sold online. This includes usernames and passwords, credit card details, bank account numbers and more. Most of the information was gathered from individuals who fell for phishing schemes. As a result over 250,000 bank and credit card accounts have been broken into by the cybercriminals behind the scams.

The information is bought and sold on forums and websites that cater to the booming underground economy of cybercrime. Along with consumer details, corporate FTP and email usernames and passwords are also offered for sale.

          “I’m concerned, but I’m not surprised in the least,” said Mikko Hyppönen, chief research officer at F-Secure, the computer security experts. “We’ve seen this going on for quite a while. There’s a mind-boggling amount of information that’s being sold on the underground forums.”

A British company has managed to intercept the data and has compiled it into one central database. The company’s owner, Colin Holder, says he plans to charge individuals for access to it to check whether their info has been stolen. The ethics of such a plan are being debated as is whether Holder’s database itself is legal.

Microsoft has announcedthat it’s suing a Hong Kong-based ringtone company, saying it phished and spammed its Microsoft Live Messenger users. The company, Funmobile is accused of sending thousands of spam messages via IM over the past 4 months. Microsoft wants an injunction against the company as well as monetary damages.

Microsoft said in the suit that Funmobile-doing business here as Mobilefundster, sent IM’s with links to a site called MeetYourIM. Those who clicked on it were brought to the site and asked to type in their MSN username and password. Upon doing so the company collected all the addresses in the users contact list and spammed them with the same message.

          “This kind of activity crosses the line from legitimate third party services to ‘parasiteware’ that harms our customers,” wrote Tim Cranton, a lawyer with Microsoft’s Internet Safety Enforcement group, in a blog posting.

Such spam is called “Spim” and can be particularly effective because it looks to the recipient like it came from a friend. The suit also claims that Funmobile used a fake MS support page as part of its phishing activities and directed users to porn sites.

Microsoft says they hope the suit will send a message to other companies thinking of using the same techniques. Funmobile has had no comment about the suit.