A San Francisco law firm has found itself the target of a disturbed spammer. A woman named Leslie Brodie has been spamming a “petition” to law firms and law students across the country. The petition claims to be part of a campaign to “End racism/sexism in U.S. law firms” and slams the small firm of Kerr & Wagstaffe and partner James Wagstaffe, who also teaches at UC Hastings Law. Brodie’s spam claims the firm favors white males for lawyers and partners and attractive white females for associates.

When a Berkley law student received the spam and demanded to be removed, citing the CAN-SPAM rant, Brodie sent off a rant to the school’s dean claiming free speech and that she was being harassed, and also that the CAN-SPAM Act did not apply to her because she was not selling anything. She also threw in some racist slurs for good measure.

          Also, the CAN-SPAM Act of 2003 (the “ACT”) applies only to emails which are commercial in nature. It is obvious that the email which was sent was not intended to sell any goods or services, but rather was political in nature. As such, Ms. PERFECTLY-REASONABLE-BOALTIE also misrepresented the content of the ACT in order to trick and deceive me as to the state of the law in order for the unsolicited email to stop . This attempt to mislead and trick an opponent as to the content of the law is a very serious misconduct which also reflects negatively on her moral character.

Please instruct your students/faculty/staff at Boalt Hall to refrain from making any more threats concerning unsolicited emails which they receive via the U.C. email system. That system does not belong to them, but to the People of the State of California.

She then turned around and spammed her rant to even more firms, law schools and legal blogs. What makes the whole campaign even more bizarre is Brodie’s reasons for launching the spam attack: She received a bad grade in James Wagstaffe’s CivPro class. That’s right. It’s all because of a bad grade! Unbelievable. Not only that but her identity is shrouded in mystery. UC Hastings has no record of law student by that name, nor the does the California State Bar.

This case is a good reminder that it isn’t just hackers and scammers that spam. Sometimes disgruntled employees, customers, or vendors will launch a vindictive spam campaign like Brodie did. Has this ever happened to your company? Let us know!

NoScript is a free Mozilla extension that can counter drive-by infections.

One of most frightening threats facing Web surfers is the drive-by infection. The thought that their computer could be infected just by entering a Web site is a sobering one to many websters. Peace of mind, though, may be on the way, as researchers are preparing a free tool that will shield netizens from drive-by menaces.

The tool is called BLADE–Block All Drive-By Download Exploits–and is designed to protect cybernauts from the roughly 5.5 million Web pages containing drive-by malware.

“Unlike push-based approaches adopted by Internet scanning worms and viruses, contemporary malware publishers rely on drive-by exploits for silent dissemination of spyware, trojans and bots,” the researchers from SRI International and Georgia Tech’s School of Computer Science wrote in “BLADE: Slashing the Invisible Channel of Drive-by Download Malware.”

“Drive-by downloads, which result in the unauthorized installation of code through the browser and into the victim host,” they added, “have become one of the dominant means through which mass infections now occur.”

Drive-by traps typically ambush Net goers who have been tardy in keeping their computers’ operating systems and applications current with the latest security patches. Browser vulnerabilities and plug-ins like Adobe Reader and Flash are favorite targets of malicious software writers. They even have “exploit packs” that will probe a Web site visitor’s computer and intelligently determine if any number of vulnerabilities remain unpatched.

According to the researchers, BLADE is a kernel-based monitor designed to block any malware attempted to be delivered through a browser. The tool is based on a simple principle. All browser downloads fall into two categories. There are supported files–files that make Web pages, for instance, HTML, images and such–and unsupported files, EXE, ZIP and so forth. Typically, browsers fetch supported files silently and they’re supposed to alert a user if an unsupported file type is being downloaded. Nefarious Web sites subvert the unsupported file notification function so they can plant their dirty wares on a target computer. What BLADE does is introduce capabilities on the operating system level that prevents execution of all downloaded unsupported content that has not been directly consented to by user-to-browser interaction. Continue reading Boffins releasing tool to foil drive-by attacks»

The Messaging Anti-Abuse Working Group (MAAWG) has released new figures that put the average volume of email spam on the internet at 90%, peaking as high as 94.2% in recent years.

Jerry Upton, MAAWG Executive Director said “We’ve been sitting at a stalemate for probably two to three years.  Taking out the highs and lows, we’re sitting at about 90%”.

Figures that regularly appear from various security vendors have been telling the same story for several years now.  With latest figures confirming the continuing trend one might be forgiven for wondering who is really winning the war against spam.

Spam fighting is a multi-billion dollar industry and businesses are spending thousands or even millions of dollars each year to try and protect their networks from spam threats.

Network providers have had some successes by disconnecting major spam networks from the internet but in most cases the spammers have resurfaced or simply distributed their infrastructure across international jurisdictions.

Consumer ISPs are generally against implementing measures to prevent their customers from adding to the problem.  This despite MAAWG’s findings that “tens of millions of Web users in North America and Western Europe have clicked on spam at least once – and many of them did it on purpose”. Continue reading The Spam Statemate»

It comes as no surprise that scammers have been quick to exploit the 2010 Winter Olympic Games for their own benefit. Spam claiming to have exclusive videos of events like the tragic death of Georgian Luger Nodar Kumaritashvili have been spreading. The links lead to malicious sites pushing fake anti-virus software or dropping Trojans.

In addition scammers have set up a fake Twitter account that sends out tweets disguised to look like Olympic updates. The URL has a subtle typo but at first glance looks like the official Olympics site, Vancouver2010.com  When users visit the site they are prompted to download a codec or Flash update. The fake update is actually a Trojan.

“Given the popularity of the Winter Olympics, it is not surprising that attackers are taking advantage of the event to spread malware,” said Michael Sutton, vice president of research at Zscaler. “Given the authentic nature of the attack site, lack of anti-virus signatures, use of Twitter to advertise the campaign and timing of the attack, it is reasonable to assume that it will succeed.”

Other Olympic themed spam campaigns include messages offering travel tips for those going to Vancouver or offering bus tickets and transit passes. Scammers have also used Black Hat SEO techniques to poison search results for top Olympic athletes like Bodie Miller, Sasha Cohen, and Jennifer Rodriquez.

A notorious hacker who ran an underground site that was a popular hangout spot for hackers, carders, scammers, spammers, and other cybercriminals was slammed with a 13 year prison sentence for his part in a series of credit card scams that cost the US $86 million.

Max Ray Vision was also ordered to pay over $27 million in restitution. He ran CardersMarket, a forum where cybercriminals bought and sold malware and stolen card numbers, swapped war stories and socialized. His crimes, which included harvesting stolen banking and credit card information, came to a halt after the Secret Service infiltrated the site. When arrested he had near 2 million stolen credit card numbers in his possession.

Vision was facing a life sentence but it was reduced due to his cooperation with authorities. It won’t be his first time-in 2001 he spent 18 months in jail for participating in a scripting attack against the Pentagon.

A new botnet called Spy Eye has an interesting twist. Once installed it searches for traces of the Zeus Trojan, and if found, deletes it. Called “Kill Zeus”, the feature is meant to give Spy Eye exclusive control over the infected computer. It’s also capable of stealing data as it is transferred to Zeus’ command and control servers, drops a keylogger on to the system, steals and deletes cookies in IE and Firefox, and can update itself via email. Spy Eye works much like Zeus, targeting financial information and bank accounts. The FBI says Zeus is responsible for over $100 million in losses and damages.

Like Zeus, Spy Eye comes as a toolkit that allows anyone with $500 to set up their very own botnet. It may be the new kid on the block but it’s far from alone. Three other botnets, Filon, Clod, and Bugat, have also been recently discovered.

Privacy holes in Google Buzz could attract spammers.

Google is scrambling to patch the privacy holes in its Buzz application launched last week, hopefully before spammers turn the social network into a gold mine for their repugnant activities.

When introduced last Tuesday, the yawning flaws in Buzz could be seen in its privacy agreement.

“When you first enter Google Buzz,” it stated, “to make the startup experience easier, we may automatically select people for you to follow based on the people you email and chat with most.”

Assuming a user wants to “follow” someone just because they trade emails may have seemed convenient to Buzz designers, but in fact it’s a needless usurpation of a user’s ability to choose with whom he or she associates. Sure, automating who a user follows is a quick way to build a following list, but it actually adds hassle to the process as a user must manually scrutinize who he or she is following and weed out the deadwood.

But the boners get better. “Similarly,” the Buzz privacy statement continued, “we may also suggest to others that they automatically follow you.” Automatically putting the touch on people to follow a user based on the user’s Gmail address book is an expedient way to rapidly build a socnet without the fuss of inviting people to join individually. What the Buzz designers failed to fathom is that just because a user communicates frequently with someone in his or her address book doesn’t mean that user wants to share his or her every thought with that contact. What someone might divulge through a tweet or Facebook comment isn’t always something he or she may not want divulged to a frequent email correspondent like a client or boss. Facebook understood that from the start so it’s surprising that the savvy crew at Google could make such a blunder.

Granted, a user can block any of his or her followers but why should the onus be placed on the user to comb out unwanted followers from a list created by Google?

Those inconveniences to users, though, aren’t what will be percolating the interest of spammers in the new social network. It’s the availability of a new source of public information about millions of potential marks.

Continue reading Google Buzz: socnet or spam magnet?»

The security of social networks was thrust into the spotlight yet again this week with the successful hack of the Twitter Grader application run by Hubspot, a maker of social media and internet marketing tools.

The Twitter Grader application uses an algorithm to calculate, or grade, a Twitter user’s ranking among their peers.  This type of tool has been very popular with Twitter users who willingly grant access to their Twitter accounts for websites that offer this type of ego-feeding information.

The compromise resulted in thousands of unauthorized messages being sent from Grader users’ Twitter accounts containing a link to a web page that hosted an embedded video.  The content turned out to not be malicious and it has been speculated that this was an attempt to increase the search engine rankings of the website.

The hack was quickly acknowledged by Hubspot who proceeded to take down the Grader application while they investigated the issue.  Grader users are advised to revoke access for Grader to their Twitter accounts and also to consider changing their account password. Continue reading Twitter Grader Hack Highlights Social Network Spam Risks»

The Conficker worm shut down the Manchester UK police station for 3 days earlier this month. It forced police officers to rely on other jurisdictions to access the country’s criminal data base as the Manchester station was disconnected from the UK Police National Computer Network. Investigators blame an infected USB stick for the incident. Endpoint security is fast becoming one of the most important and sought after security measures in organizations to prevent the spreading of viruses via USB ports.

          “Virus scanning has to extend beyond the PC to all types of removable storage”, Jason Holloway, Northern European sales manager with SanDisk said .”Better still, employees should only be able to use authorised flash drives that include on-board antivirus scanning. This ensures that users cant turn off, disable or work around the protection, and would stop these infections from spreading.”

Conficker has spread like wildfire across the net and has infected over 7 million computers. It was first spotted in 2008. Experts still aren’t sure what its purpose is since its botnet is seldom used.

A year ago Manchester council’s computers were attacked by Conficker, forcing the town to write off parking tickets and spend over $1 million pounds to fix the infection. It’s not yet known if the Manchester police will have to overlook any violations or void any arrests because of their infection.

An add-on program that allegedly infected the computers of 4000 users of the Firefox Web browser was clean and malware free, according to the maker of the application.

According to Sothink Software, the add-on, Web Video Downloader 4.0, was misidentified as a malware carrier due to a compression utility called Armadillo embedded in Sothink’s offering. The utility is often used by crackers to compress and hide malicious code in malware, the company explained. “That’s the reason why the [virus] scans are hitting on the file as suspicious,” it said, “[T]here isn’t any virus in Web Video downloader or in Armadillo….”

The company added that it hasn’t used Armadillo in the software for quite some time and that the latest release of the add-in, version 5.7, has been certified clean and safe by Virustotal, an independent virus detection service.

The Video Downloader add-on is a free program that allows a user to capture from Firefox Adobe Flash video from Web sites such as YouTube, Google and MSN and save it in a number of formats, including FLV, WMV, ASF, AVI, MOV, RM AND RMVB.

Last week, the Mozilla Foundation, makers of Firefox, removed Video Downloader 4.0, as well as another program called Master Filer, from its add-ons, or AMO, Web site claiming the software was infected with a bad app.

Continue reading Firefox add-on was clean, maker says»