An overnight update resulted in Microsoft’s SmartScreen Filter labeling every uk.com site as malicious and blocking them. Anyone trying to access the site was greeted with a bright red screen informing them that the site had been reported as dangerous.

ISPs in the UK were flooded with calls from alarmed and angry customers, creating a huge hassle. The Smartscreen Filter is built into IE 7 and 8. While many of the sites have been unblocked, many more still remain blocked with the false message that they’ve been reported as malicious.

          “The most likely explanation is that a genuinely unsafe website under one of our suffixes was reported to Microsoft, but they incorrectly added all the domains under that suffix to their list of unsafe websites.

“If you are a domain registrant whose website is affected, you can click on the ‘More information’ link, then the ‘Report that this site does not contain threats’ link, and report that your website is safe to Microsoft” said a statement from CentralNic, registrar for uk.com domain names.

This isn’t the first time a false alarm has been so widespread. Last month a blundered AVG update resulted in iTunes files being flagged as viruses and the program blocked, and earlier this year a glitch attributed to “human error” resulted in Google flagging every single website on the web as malicious.

If you were or still are affected by this issue, please leave a comment and let us know!

A Washington lawyer had an idea. He wanted to sue spammers but since the CAN-SPAM law allows only ISPs to do so, he decided to become an ISP. He set up a domain and gave email accounts to his friends and family. When emailed, the accounts sent an auto-response that claimed the sender would either agree to stop spamming or pay $500 per spam message. The lawyer, James Gordon, then sued email marketing firm Virtumundo for $10 million dollars claiming damages under the CAN-SPAM Act.

Continue reading Lawyer’s Spam Fighting Idea Backfires»

When Latvian ISP Real Host was shut down earlier this month, many believed it would have a similar effect as the shut down of McColo last November. That shutdown cut worldwide spam levels by 90% when several botnets hosted by the ISP were knocked offline. Unfortunately spam levels have since bounced back ferociously.

When Real Host was shut down, experts believed the Cutwail botnet it hosted would go down with it, at least for awhile. Instead it was back to business as usual in less than 48 hours later. Cutwail is responsible for roughly 20% of of all spam sent. It’s also responsible for numerous phishing attacks, malicious websites, and rogue anti-virus software. Cutwail is responsible, along with Mega-D and Donbot, for sending 21 billion spam messages a day.

Security experts say cybercriminals have learned from the McColo shutdown and have adjusted their botnets so they are no longer dependent on a single host for their control and command servers and have backups in place. They have even begun using other ways to control their botnets-just a few weeks ago a massive botnet was discovered to be using Twitter to communicate with its command servers. It appears simply shutting down a scammer-friendly ISP is no longer going to be effective.

I am currently involved in discussions with a client about the feasibility of moving their Exchange environment to a hosted email provider.  The client is considering it on the basis that it will reduce costs and improve the maintenance and health of their email platform by having it all looked after by an outsourced provider.

At face value these points may be valid (a detailed cost/benefit analysis is still ongoing) however one item that did come up in the technical analysis is the impact it would have on the choice of email security product being used.  Basically it would remove the choice entirely, as the providers being considered offer a single solution for email anti-virus and anti-spam protection.

Although most email security products have similar features, not all of them are created equal.  Features can be included or excluded from product to product, and even features that are common between products can have very different levels of quality and performance. Continue reading Do Hosted Email Providers Mean Lack of Choice?»

On Thursday Facebook shut down six rogue apps that were attempting to steal personal info from its users. Within hours after the apps, called “Streams”, “Posts”, “Your Photos”,  “Birthday Invitations” , “Inbox (1)” and “Inbox (2)”, were shut down, five new ones appeared. Those apps, called “Friends”, “Friends Gifts”, “Matching”, “Pok” and “Your Photos”, where also shut down.

When the fake notifications generated by the apps were clicked, users were asked to log in with their FB username and password. This information was transmitted to a remote server. At the same time, the app spammed everyone on the user’s friends list with the same fake notification they clicked on.

Rogue apps have been a constant issue on Facebook. Since the site doesn’t require anything more than an email address in order to be given the developer tools needed to create apps, and doesn’t have an app approval process in place, it’s very easy for scammers to get access to the hundreds of millions who use Facebook.

It’s not yet known if the same person/group is responsible for all 11 apps.

A bizarre new kind of spam is making the rounds. Instead of selling shady products or services, phishing, or outright delivering malware, it invites the recipent to use their computer to conduct a DDoS attack on President Obama’s website! The messages direct to a website where they are asked to install the DDoS software and are offered payment in return – and to refer their friends to the site. It even tells them to come back and check for updates! It’s not known if the software in question actually does what it says it does or if it’s just a regular old trojan. The site does mention that they may need to reinstall because their anti-virus software could flag it as malware. Hmm… really?

I have to give the spammers a point or two for creativity. They are obviously taking advantage of the growing movement in this country toward disruptive behaviors at town halls and the rising vitrol being hurled at the President by the far right in response to the health care reform bill. They appear to be hoping that those same people that demonstrate outside locations the President is at and shout down speakers at town meetings will be interested in helping to attack his website. Regardless of what your political leanings are, it would be crazy to install a piece of software on your computer just because a spam message asked you to.

The Sydney Morning Herald reports that security researchers investigating the recent Twitter spam and denial of service attacks found at least one account that was using Twitter to control a botnet.

          “Jose Nazario with Arbor Networks said he found a Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious websites, where they download programs that steal banking passwords.”

Social networking services such as Twitter have recently become associated with spam and phishing attacks due to the lack of inbuilt protection from malicious users.  This new development of using Twitter messages to control botnets takes the issue another step forward. Continue reading Botnets Now On Twitter»

A new malicious spam attack is exploiting the popular site Craigslist. The messages arrive with the subject line “Re: Car For Sale on Craigslist” and with a message that look like a reply to an inquiry about a car for sale on the site. A link within it claims to direct the recipient to photos of the vehicle on Picasa. The link instead leads to a malicious site that downloads a Trojan on to the visitor’s computer.

It’s not yet known who’s responsible for this latest wave of malicious spam, but experts are warning people to be very cautious. Only 13 out of 41 virus scanners caught the virus, meaning that having an up to date virus program may not be enough to protect you. Obviously if you or your company hasn’t inquired about a car for sale on Craigslist you should immediately delete any such messages.

Continue reading New Malicious Spam Exploits Craigslist»

The idea of a per email charge isn’t anything new. Goodmail did it years ago – or tried to. Not surprisingly it was a dismal failure. Still, some experts insist it’s an effective way to deter spammers. After all they aren’t about to shell out money to send their messages. The problem with virtual postage is that legit users have to pay too, and that’s just not something most people are willing to do. They figure their monthly payment to their ISP is enough, and who can blame them?

Continue reading Yahoo! Revives Pay Per Email Model to Fight Spam»

In my last blog post Why Is It Really So Hard to Tackle Spam I mentioned that a lot of spam originates from compromised home computers, not email servers, and that many of these computers end up on blocklists such as Spamhaus as a result.  In a comment on that post our reader Donovan Hill also mentions Spamhaus.

“I found the most effective thing to preventing spam was to start by using a list like Spamhaus…”

So what exactly is Spamhaus, and how do these blocklists work?  To answer this question we must first understand the problem that blocklists were created to solve.

Why Do Blocklists Exist?

Blocklists came about due to the desire by email administrators to easily block spam emails from likely spam sources.  If a particular sending host is known to be a spam source, or is very likely to be a spam source, it is more cost effective to make that determination based on the IP address of the sending host rather than on the content of the email message.

Continue reading Understanding Blocklist Providers»