Monthly Archives: April 2011

A new open source toolkit is designed to provide a way for companies to educate their
employees on how to spot phishing scams, but it may give scammers a lot of help as well. The open source Simple Phishing Toolkit includes a scraper that will quickly clone any website and create a phishing lure. It also comes with tools that allow administrators to track how many employees click on the lure, what links they followed, when they did so, and even their IP addresses, browser info and operating systems.

Naturally, such tools would be very useful for IT departments and system administrators to educate employees on how to spot phishing scams. Employees falling for such scams are a leading cause of corporate data breaches, and such breaches can cost a company millions.

“The whole concept with this project started out with the discussion of, ‘Hey, wouldn’t it be great if we could phish ourselves in a safe manner?’” said Will, one of the Toolkit’s co-developers. “It seems like in every organisation there is always a short list of people we know are phishable, who keep falling for the same thing every six to eight weeks, and some of this stuff is pretty lame.”

While it appears the developers had honest intentions when they created the toolkit, the fact remains it could be pretty attractive to the bad guys and they have no way of controlling that. Right now it doesn’t record any data typed into the fake phishing sites it generates, but they said future versions of the kit will have that functionality. That may make it irresistible to scammers looking for a way to create phishing campaigns that’s fast and won’t eat into any profits.

What do you think? Are these toolkits helpful or just asking for trouble?

Last September we reported on Microsoft’s actions in taking down the Kelihos Botnet, and the civil actions pending against alleged perpetrators including Czech citizen Dominique Alexander Piatti and the dotFREE Group SRO. We then followed up with a story on the settlement reached and the dismissal of charges againt Piatti. Today Microsoft announced new actions in the legal followup to the botnet takedown. Continue reading Kelihos Actions Continue: New Defendant Named»

Most adults are well aware of spam. Having encountered email spam since the early days, it is safe to say that many people over the age of 20 have at one time or another been educated, trained or have experience with regard to identifying spam and how to deal with it.

Spammers, always trying to stay one step ahead of the game, realize this. They know full well that businesses conduct trainings for their employees, IT departments spend thousands of dollars on spam filtering technologies and many of their intended victims have just grown wise to their methods over the course of time.

So, like any good criminal would, spammers have adapted.

Over the years they have ventured out into other avenues in which to launch their attacks using social media, text messaging services and even the content used by websites has become a method for spammers to advertise their products.

However now spammers have not only changed how they attack their victims, but they have changed the victims themselves. Continue reading Spammers Targeting Kids Through Gaming Sites»

This week, a phishing attack landed in the inboxes of several US government agencies, spoofing the US government’s cyber security watchdog and response agency. Complete with attachments, the e-mail’s payload was a nasty little virus that has already been tracked back to Mother Russia. To make matters a little embarrassing, perhaps, it’s not enough that the agency which was spoofed in the attack has reported a disruption of its own systems, but it’s also the government body responsible for identifying and mitigating just this type of thing. Continue reading US-CERT Hooked by US-CERT Phishing Attack»

You know that Exchange 2010 has its own anti-spam functionality, and you also know that users can set up their own safe and blocked sender and domain lists in Outlook 2007 and 2010, but did you know the two work together? Just like you can get chocolate in my peanut butter/I can get peanut butter in your chocolate, Exchange 2010 use these two great things, to provide more effective anti-spam measures at your edge. Safelist Aggregation uses data from users’ Safe Recipients Lists, Safe Senders Lists, Blocked Senders Lists, and contacts, to create a kind of metadirectory of good and bad addresses which makes the Edge Transport Server’s anti-spam functionality more effective, and also helps reduce the incidence of false positives. Continue reading Exchange 2010 Safelist Aggregation ‘Crowdsources’ Anti-spam Efforts»

If you’ve got a WordPress blog, you’ve probably come across spam. Spam in your comments, spam from your contact page, spam spam spam eggs and spam. (But I don’t like spam!) Fortunately, the world’s most popular blogging platform has one of the most diverse plug-in ecosystems, and there’s no shortage of plug-ins to help combat spam targeting your blog. If you simply search the plug-in gallery in your WordPress admin console, you’ll find (at the time of this writing) over one hundred and forty different plug-ins.

To help you out, I’ve compiled a list of five great ones; based on ratings, downloads, user comments, and my own experience with them. Take a look, and then consider adding these to your own WordPress blog if you are the victim of spam.

1. Spammer Blocker

With 4.5 out of 5 stars according to users, and >14K downloads, Spammer Blocker is more like a three strike law for spammers than anything else, save that it only gives spammers one swing. Whether another plug-in flags a comment as spam, or you manually do so, the source ip.addr of the offending comment is banned. It’s like the death penalty for spammers, in that there won’t be any repeat offence! Continue reading 5 Great Anti-spam Plugins for WordPress»

Six Nigerian men have been arrested in connection with an international phishing ring that used a variation of the infamous 419 or Nigerian scam to dupe unsuspecting victims.

They would send their victims text messages informing them they had won a lottery or that they had been named in a will and had inherited a large sum of money:

 ”In the lottery scam, the victim receives a message stating that he has been randomly picked up in a lottery system of a multi-national corporate company, in which, he won one million pounds and then victim’s email ID is sought.

When the victim replies, he would be sent an e-mail, stating that he should appoint a UK-based lawyer to represent him to complete the process. The accused provide lawyers’ names and takes Rs 50,000 to Rs 75,000,” the IPS officer said adding that a fake Coca Cola company’s letter-head, mentioning the prize money, was recovered from them.

For tax payments in the UK, they further seek Rs 1.5 lakh. Once the payments are made, they say the cash has arrived in India and the victim should pay to RBI and Customs Department for clearance of the money. In this way, the victim shells out at least four to five lakh (rupees) over a period of time.”

The men are being held in Mumbai. The 419 scam has been around forever and while you would think most Internet users would have heard of it by now and wouldn’t be fooled, many countries in which Internet access was a luxury reserved for the very rich are now seeing it opened up to the masses as it becomes more and more affordable. This means millions of new users, and that’s what scammers are counting on and what is likely to be the reason this ring focused on users in India. It will probably be a very long time before the 419 scam wears out its welcome.

Microsoft’s acquisition of Skype has not only brought new attention to one of the most popular messaging platforms on the Internet, it has also brought about a resurgence of spam directed at users of the service. Skype spam, or skam as I like to call it, can include unwanted instant messages, voice calls, and video calls. Each of these tends to bear fraudulent warnings urging the targets to do something intended to deliver malware.

Skammers (see what I did there?) have once again started contacting Skype users using contact names that seem designed to convince users to answer the call. Culprits include NOTIFICATION™ URGENT ACTION REQUIRED, URGENT SYSTEM NOTIFICATION, URGENT NOTICE, and others. Each of these is an attempt to use social engineering to convince the victim that the call is legitimate. I particularly like the one that bears the trademark logo for the word NOTIFICATION. Continue reading Should We Call It Skam?»

Here are some commandments to follow to help keep 2012 a spam free year!  Many are simply common sense, but all of them will help reduce the amount of spam that hits your inbox and social media accounts.

1. Thou shall not click without thinking.
This is especially important for your social media accounts. Spammers count on the trust between friends established on these sites. For example, right now a new spam campaign is hitting Facebook. Your newsfeed will show that a friend of yours liked a link that appears to lead to a funny commercial. If you click on it, you’ll be taken to a site that says it won’t let you view the video unless you take a survey. The spammers are counting on people to give in and do so because they get paid for each survey taken. To keep the spam going, as soon as you click on the link, it posts itself on your newsfeed in hopes that you friends will do the same thing.

2. Thou shall use a throwaway email address.
This type of address, which can be obtained from a service specializing in such, or you can just create one with Hotmail or Yahoo. Use this address when shopping online or registering with websites. That way, any spam that gets generated stays out of your main inbox and the account can simply be abandoned if the spam gets too large.

3. Thou shall not respond to spam in any way.
Responding to spam, whether to tell the spammer off or because you think clicking the unsubscribe link actually works, is almost always a waste of time. At best, you’ll simply be ignored or your rant will either bounce back because the address used was fake, or be sent to an innocent person whose address was spoofed or hijacked to send the spam. At worst, you’ll be letting the spammer know that your address is active and responsive to spam.

4. Thou shall keep thy anti-virus software up to date.
Most good ones include email scanning, which block and clean any malicious attachments that may wind up in your inbox.

5. Thou shall make use of thy ISP’s abuse address and/or “mark as spam” button.
It’s important to report the spam you do get to your ISP. This helps them fine tune their spam filter and blacklists and make them more effective.

2011 is coming to a close and that means it’s time to make resolutions for 2012. Here’s a look at what types of resolutions spammers might be making for the new year. Although overall spam volumes dropped this year, there’s really no telling what 2012 will bring, and you can count on scammers and spammers being as busy as ever!

1. Create new botnets and find new ways to increase and strengthen existing ones.
2011 saw the takedown of several major botnets as Microsoft teamed up with the FBI and went on the warpath, determined to crack down on spam.

2. Find new ways to exploit social media for gain and profit.
With Facebook still refusing to vet apps before letting them be released on the site, the possibilities for rogue apps are endless.

3. Work on new Black Hat SEO techniques.
Thanks to Google’s new Panda algorithm, which has put many so-called “content mills” out of business and made traditional search engine spam techniques such as blog scraping and splogs useless, spammers will need to come up with new ways to exploit Google’s search engine results.

4. Continue to refine spear phishing techniques.
Spammers have found that targeted attacks are more effective than the traditional phishing techniques that used a large and random group of addresses. They’ve also been finding new ways to make their fake phishing sites look more and more legit.

5. Continue to look for more loopholes and security vulnerabilities to exploit. This includes finding new ways to crack anti-spam tools like CAPTCHA and ways to hijack social media accounts and websites.