I’ve just recently discovered the joys of Twitter, and have found it to be an excellent way to keep people up to date on my latest postings, feature stories, blog entries and industry observations. To my dismay though, I’ve noticed that some people use it for mundane updates: “I’m going to bed now.” “Eating soup, yummm.” “On my way out to party.” On the latter types of entries, I don’t really understand the point, but then again, I’m old. Does anybody really care what I’m having for dinner? Maybe if Emeril Lagasse twitters, people would have an interest in his meals, but for most Twitterers, I suspect nobody really cares. If you really must know, yesterday my wife made tom kha gai. She hasn’t learned to cook American yet, and nobody’s told her about TV dinners. I don’t intend to clue her in. If you want to follow me on Twitter, it’s http://www.twitter.com/Dan_Blacharski.

But beyond the mundane entries, some are now starting to get annoying. Twitter’s remarkable growth and popularity has made it an inevitable spam target. Spam has already penetrated several social networking sites, and Twitter is no exception. According to an entry in Twitter’s blog, the social networking site is starting to fill up with spammy accounts and junk entries promoting the usual array of marginally useful goods and services. Twitter has responded to this trend with a new admin tool that lets their staff find, and subsequently suspend, spam accounts. They’ve also hired a full time “spam marshal” whose only job is to remove spam.

Read the rest of this entry »

I’ve received dozens of emails like this one, and file them along with the notices that I’ve won a million dollars, and that somebody I don’t know needs my help to distribute their wealth. That is, emails that offer a “work-at-home” scheme processing payments for somebody. I never knew exactly what the scam was, I only knew there was a scam involved. The content of the message lays out a work-at-home scheme where you are asked to open a bank account, and then you take payments on behalf of the company, and then forward the money to them.

Read the rest of this entry »

A blog entry on EWeek by Larry Seltzer highlights how spammers are sidestepping SMTP to continue their malicious activity. According to some reports, an increasing percentage of spam emanates from public Webmail accounts, such as Gmail, Hotmail, and Yahoo, which makes the spam more difficult to detect. The older technique was to spoof legitimate private email addresses to send spam.

The attraction to spammers here is that using the public webmail systems, once they break the CAPTCHA system (which is easier than you might think), they gain the positive reputation of these systems. Reputation-based anti-spam security analyzes the reputation of the email sender’s domain. In the case of these large webmail systems, the reputation is considered good, and so spammers using them can piggyback on that positive reputation.

Read the rest of this entry »

In our zeal to rid the world of spam, let us not forget that there are legitimate marketers out there as well. There are two types of email advertisements. The first comprises the bulk of spam, and is generated to a large degree by untouchable and untraceable spammers, most often in another country. This type of spam is often sent out through redirectors, so the email address cannot be traced. Sometimes the spammer hijacks innocent email addresses and uses them. Often the products, services, or get-rich-quick schemes promoted in these emails are not what they are presented to be. These are the people that get us mad, the ones that make us want to pass laws and send law enforcement agents out to hunt them down. This is of course, a legitimate reaction, and these people should be shut down.

Read the rest of this entry »

Around the holiday, I always see more chain emails coming through from well-intended friends and relatives, and so it’s time for an annual warning. Some of these chain emails just have interesting pictures, some make outrageous claims. A large majority of the latter are hoaxes.

A chain email is just like an old-fashioned chain letter. A message is sent to thousands of people, encouraging them all to “pass it on”, often because of either extreme cuteness, or because some bogus message is being trotted out as so incredibly important that recipients will see it as their duty to send it on to as many people as possible. It’s surprising too, how many intelligent and well-educated people actually take the bait, and send it on to everyone in their address book. Here’s a tip: Don’t do it! You’re not going to win a prize from Microsoft. You’re not going to help a sick little girl, and you’re not going to help your favorite cause. In most cases, all you will do is help spread misinformation. But even if on rare occasions the claim does turn out to be true, spreading it through chain emails is still not a good idea–first, because it does very little for whatever cause you may be trying to promote, and second, because there is a security risk involved.

Read the rest of this entry »

An IDG News Service article asks a highly relevant question about the recent high-profile anti-spam activity: “Where are the Feds?” The article notes the shutdown of a spam network known as HerbalKing, in which the Feds did indeed have a hand. The FTC, FBI, and New Zealand police (in a nice show of international anti-spam cooperation), together shut down the spam network, which had been linked to a huge amount of spam email. However, according to researchers, the action was sort of like taking a cup of water out of the ocean, and within a week, spam was back to its normal levels.

The big action took place a couple of weeks later, when McColo, a San Jose-based ISP and notorious host for spammers and other cybercriminals, was shut down. But unlike the HerbalKing operation, the McColo shutdown did not involve any Federal agencies. Who was responsible for shutting it down? Researchers and reporters, mostly, who publicly humiliataed carriers Global Crossing and Hurricane Electric, who provided service to McColo. After being taken to task, the carriers dropped McColo as a client.

Read the rest of this entry »

Facebook won its case against a spammer, Adam Guerbuez and his company, Atlantis Blue Capital, for violations of the CAN-SPAM Act. The courts awarded Facebook an incredible $873 million in damages, the largest award under the Act to date. According to reports, his business involved phishing Facebook user logins, and then using other peoples’ accounts to send spam to other Facebook users, selling various pharmaceuticals and male enhancement drugs. Guerbuez never showed up for his hearing.

It is of course, a symbolic gesture. Facebook is not likely to get a dime from Mr. Guerbuez. Although I’m sure he’s made some money from his spam business, I doubt it’s anywhere near $873 million. And by now, if he’s smart, both he and his money are far outside of United States jurisdiction. Besides the monetary judgment, he also received an injunction preventing him from using Facebook in the future. This too, is a symbolic gesture, and one that would be impossible to enforce.

Read the rest of this entry »

Ferris Research recently predicted that there would be 40 trillion spam messages sent this year. It would seem then, that we have a continuing problem on our hands, especially since spam has morphed from simple, but annoying, advertisements to Trojan horses and links to malware-infected web sites. The focus of spam has changed. Five years ago, spam was designed to sell us something; today, it is designed to steal something from us. Spam is no longer just a cheap tool used by a two-bit marketer to peddle get-rich-quick schemes; it is now used by organized criminals in pump-and-dump stock schemes, to sell illegal goods, or to steal passwords and account numbers.

Wasn’t there supposed to be legislation to help eliminate spam? Remember the CAN-SPAM Act? It didn’t seem to have done its job. Oh, yes, it did make spamming illegal, and there have been a few high-profile cases. Some heads have rolled. But the spamming continues unabated, and in fact, has increased tenfold over the past five years since the Act was first passed. This week, Network World ran a review of the CAN-SPAM Act and what went wrong, noting that when the bill was passed, 45 percent of emails were spam. This outrageous number triggered the passage of the CAN-SPAM Act. Yet today, 97 percent of emails are spam, and there were 164 billion spam messages sent during the month of August.

Read the rest of this entry »