Spammers don’t fill our inboxes with junk because they have nothing better to do; they send out tens of thousands of messages every day because somewhere someone is going to click a link, or buy some junk proffered in that message. It’s a numbers game, and when it costs the spammer nothing more than a little time, some CPU cycles, and a cheap Internet connection to spew out garbage, spew it they will. Even if only one message in ten thousand gets all the way through from sender to unwitting recipient, who then clicks that link because they really believe they can solve any problems with their own physicality, or that they really might get a cut of some dead millionaires foreign fortune, or they really need that timeshare on a beach for pennies a day, the spammer wins.

The spammer fights an ongoing underground campaign because he can. We let him. Our mission this week is to stop doing the very things that the enemy exploits. He turns our own resources against us because we let him. It’s an insurgency campaign we’re up against, but today is the day we can start to turn the tide. Here are some of the tricks spammers use to get their messages into your users’ inbox.

Reconnaissance

Information can be a very effective weapon, and nobody knows this better than the spammer. The enemy will use bots to scrape your company’s websites for email addresses, will run directory harvesting attacks against your MTAs trying to discover valid users, and will buy and sell mailing lists whenever and wherever they can. Too often we make it easy for them, by CC-ing dozens of unrelated users with marketing emails of our own, sharing out all those email addresses with who knows who. Unless you like revealing sensitive information to the enemy, it’s time to 86 that and now.

Configure your MTAs to reject VRFY queries and to ban source addresses that attempt multiple VRFY commands or attempt to send more than a small number of messages to invalid recipients. Set maximum recipient limits on all outgoing messages to stop your users from sending out messages that could carry too many valid addresses outside the company, and train your users on the benefits of BCC. Set any distribution lists you have that can be mailed to from the outside or that contain external recipients to moderated, and reject any messages that contain too many internal email accounts. Finally, keep your head down by not posting email addresses on the websites. Either use a contact form, or encode email addresses so that real humans can use them, but so bots cannot automatically harvest them.

Probing your perimeter

The enemy is probing our lines for weakness, so too must we. Port scans for systems listening on TCP port 25 can quickly identify any system capable of receiving emails. Too often those are not a part of the corporate email system, but can relay email in to internal users. They also will look at your MX records and try to send email to systems with higher weights, on the too frequently correct premise that those are valid, and not as up to date as your primary systems. Probe your own lines by setting up regular port scans on all IP address space, whether a part of your primary datacenter, your DR site, or your remote offices. Verify that each and every host that accepts a connection on TCP port 25 is a valid mail server, and is properly configured with the appropriate anti-spam measures at your disposal. Make sure that every host with an MX record in your DNS is appropriately configured as well.

Camouflage

Spammers will also try to get past your defenses, and your users’ own suspicions, by obfuscating links using a variety of methods including encoding, URL shorteners, and  redirects. Your message filtering system should already be filtering that sort of thing out, but make sure you set low thresholds for the numbers of links that are in an email. Educate users on the dangers attachments present, and quarantine any encrypted attachments until you can confirm they are legitimate business communications.

Covert operations

Spammers will frequently spoof the sender address in email to get past filters. They may even use a recipient’s address or another in the same domain as the sender address so it looks more legitimate. To defend against such attacks, use the technologies available to you. Ensure your own SPF records are up-to-date, and set to hard fail (-) to protect others from spammers who try to masquerade as you, and reject any email you receive that fails an SPF check. Use DNS black lists to refuse mail from known spammers and address ranges that belong to residential and mobile services. You can always whitelist a partner but your default posture should be to reject any mail that fails to pass the sniff test.

Ultimately, if the spammer finds even a fraction of a percent of his efforts are successful, he will remain motivated to attempt more attacks. We have to take the financial incentive out of the equation, and that means spreading the word to our user base, our friends, our families, and the social groups we interact with. If no one responded to a spam message, or clicked a link in a piece of UCE, there’d be no financial motivation for a spammer to continue his campaigns against us. Will we get the word out to every single email user in the world? Of course not. But if we can educate our users to stop the activities that make all the user@ourdomain.com addresses pop up in the cross hairs of the spammer, and we take appropriate cautions and set proper configurations on our systems, in the long term we should see a marked downtick in the volume of spam heading our way.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam Fighting Boot Camp Week 1: Know Your Enemy

What we need is an Internet standard that allows this level of protection to work at scale – without any discussion, without any partner agreements,” said Brett McDowell, a security manager at PayPal who serves as chairman of the group. “That is what DMARC does.”

Setting industry standards is an important step, but still more important is getting the corporate world to adopt them. There will probably be some protesting and the inevitable excuses such as “I don’t have the time to implement them/train my IT department” and the most popular excuse “cost too much in time/productivity/money”. It may take some time to get most businesses aboard, but I think once they are, it will make a dramatic difference in the amount of spam and phishing attacks sent from corporate addresses or exploting popular brands.

What do you think? Will your company adopted the new standards? If not, why?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Banks and Top Websites Develop New Spam Fighting Techniques

This has prompted a majority of IT departments to employ some sort of anti-spam, or spam filtering, solution to assist in keeping the inboxes of their users as spam free as possible.

But notice that the word assist is used in that previous sentence.

This is because no spam filter is going to completely eliminate spam. There are some out there that will do a great job of drastically reducing the amount of junk email that is successfully delivered, but despite the anti-spam solution’s best efforts there are users in every organization that will find a way to attract spam like ants to a picnic.

To help reduce the number of pharmaceutical advertisements and promises of great riches that fill the inboxes of your co-workers, try these hints to help involve them in the fight against spam:

1. There is no one giving you a iPad for free.

When you click on those advertisements that proclaim you the lucky winner of an iPad, XBox, smart phone, etc. understand that they are just collecting your email address and other personal information to sell off to spammers.

Instruct your users to avoid clicking on any advertisements when they using computer resources at work to avoid falling for scams that collect their email addresses and to stay away from sites that may install malware on their computer.

2. Social games harvest more than virtual crops.

When a game boasts over 70 million players, people take notice. Some of those people are spammers.

Social games are fun ways to pass the time, and most are free to play. And while the makers of these games will often charge for level-ups or other premium services they also make money other ways. When you register, you provide your email address, your age, your income and a host of other information that can help advertisers (and spammers) better target you for mass mailings.

Users should understand that they should only play games on sites that legitimately protect their personal information and that their work email should never be used to register on any site. Also, they can cut down on spam and advertisements by reading the fine print when signing up and opting not to receive product information from the company or its partners.

3. Unsubscribing tells spammers you are alive.

According to the CAN-SPAM Act, all email marketing must contain a way for recipients to remove their name from the mailing list. Spammers know this and use this for two things. First, it helps legitimatize them. People see this and think that it is merely an innocent advertisement. Secondly, it lets the spammer know that they have found an active email address instead of one that has long been abandoned.

Teach users how to block emails so that when they receive newsletters and advertisements that they don’t pay attention to, they can simply block them rather than opt-out.

Make it easy for users to help identify spammers. One organization I work with has an email address set up for users who receive spam or other suspicious mail. They simply forward the email message in question to that account and someone from the IT security team addresses the problem. Not only does this help feed the spam filter with more data to use, but it brings the users into the fight. They feel like they are helping to solve the problem.

Users can be one of the best weapons in fighting spam, if you make it easy enough for them to help. A simple email address where they can forward suspicious emails beats having them fill out a form or filing a formal report.

4. Never register for forums, websites, chats or newsletters using your work email address.

Many times, we sign up for things with our work address because it is something legitimately used for work. This can lead to users being comfortable with this process and eventually, they will post that address to a less than ethical site.

Make it a policy that company email addresses should not be used to register for anything other than with a trusted vendor, customer or partner.

5. Clean out your inbox regularly.

When forced to clear junk mail out of their inbox, most people will be more cognizant of how much spam is sent to them on a daily basis. When they find this process to be tedious, they will likely do a better job at managing their email address out in the wild.

Most companies have policies that address email inboxes, and just as many don’t really enforce these policies. Make sure that users know that this, or any other policy regarding email, will be enforced.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 Ways Your Users Can Help You Fight Spam

1. Bad Subject Lines
Most spam filters are programmed to look for words like “free”, “sale”, “deal” and “discount” in subject lines. Since spammers love to use such words in an attempt to lure people into reading their messages, more often than not, legit emails with those words in the subject line will end up flagged as spam. It’s also important to check and double check before you hit send. I’ve received marketing emails with blank subject lines or “Type Headline Here” as the subject, indicating the person in charge of sending the marketing blast was either careless or inexperienced. Not only does this make your company look very unprofessional, but it can get your messages flagged as spam.

2. Careless Use of the CC Feature
You should never send emails to a large group using CC. This not only exposes your customer’s email addresses, but if one of them decides to respond and chooses to hit the ‘reply all’, it will end up causing an unintentional spam loop and a lot of unhappy customers. Emails with huge CC lists are also a common feature of spam generated via dictionary attacks. Use BCC or a mailing list manager like Constant Contact.

3. Sending Attachments
There should never ever be a reason for you to send your customers attachments, but I’ve gotten a couple of marketing emails with them. It was almost always caused by a poorly formatted HTML message which included the graphics as attachments. A big no-no!

4. Bad IPs
It’s important to check your IP addresses regularly to make sure they haven’t been placed on blacklist. False positives aren’t uncommon and it’s also possible to have your server compromised without knowing it. Email sent from a blacklisted IP will never make it to any recipient whose IP subscribes to that blacklist.

5. Buried Unsubscribe Instructions
There will always be people who subscribed and then changed their minds, and many will become easily frustrated and simply report your newsletter as spam instead of doing the right thing. Don’t rely on a tiny link buried at the end of the email. Make sure your unsubscribe link is easy to find.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 Tips to Keep Your Emails Out Spam and Junk Folders

Malware developers seem to appreciate a little humor when it comes to naming their schemes. One of the latest email scams to invade inboxes everywhere is no exception, it seems, and the FBI has been quick to let businesses know that if they don’t keep their eyes open for a phishing scam originating in an email from FDIC, NACHA and the Federal Reserve, opening the mail’s attachment could be one of the most devastating choices in a young 2012. Worse yet, this new scheme appears to be linked to the Lord of the Greek gods – or its eponymous malware, anyway.

‘Game over’ is never a good thing, whether it means that your last ship has been destroyed and your quarter spent, whether it’s a lame and overused witticism that yet again has found its way into the mouth of Hollywood’s action hero du jour, and yes, even when cyber criminals are searching for just the right name for their latest piece of malware. While we’re not averse to debating the first two, our interest here is firmly with the latter. It seems the U.S. Federal Bureau of Investigation shares that interest, as evidenced by a security bulletin earlier this month that identifies a new email scam, one which cyber criminals have decided to call – what else? – Gameover.

Gameover is a phishing attack that appears in the form of spam emails spoofing the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve Bank, or the National Automated Clearing House Association (NACHA). Like a multitude of others, the scheme preys on users’ fears and/or lack of vigilance, informing them that there has been a problem with their bank account or an ACH transaction (ACH stands for Automated Clearing House, a network for financial institutions in the U.S.). Sufficiently frightened, recipients are encouraged to click the included link, which instead of resolving the issue, takes the user to a malicious site where the Gameover malware is executed.

The malware has been identified as a variant of ZeuS, a notorious piece of malware which has been responsible for stealing financial information through the practice of keylogging for a number of years. Once activated, the cyber crooks can steal banking information such as account numbers and passwords.

As if that wasn’t enough…

More than just a keylogger, however, ZeuS (and coincidentally, Gameover) has an added payload. According to the FBI:

“After the perpetrators access your account, they conduct what’s called a distributed denial of service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site — probably in an attempt to deflect attention from what the bad guys are doing.”

But wait – there’s more!

In what sounds like a novel involving international intrigue, FBI investigations have been able to trace the attacks as far as to jewelers, as the stolen funds are used to purchase “precious stones and expensive watches from high-end jewelry stores”. The crooks contact the jeweler, tell them what they’d like to purchase and inform them that they will wire the money the following day. The following day, a “money mule” – a person involved in the money laundering part of the crime – shows up at the jewelry store to pick up the merchandise. The jeweler confirms that the money (the stolen money from the spam scheme) is in their account and upon doing so, turns the merchandise over to the mule, who in turn delivers the merchandise to the crooks or converts it into cash that upon being transferred, is effectively laundered.

Wow – It really is the stuff of imagination, but even more interesting is that the FBI has suggested that the mules could be unsuspecting victims of those omnipresent ‘work at home’ schemes that we see everywhere. While the federal agency has confirmed that many of the mules are willing participants, it has also noted that an increasing number are likely people who have succumbed to these schemes and have been unwittingly recruited into laundering money stolen from victims of the spam scheme.

Be on the lookout for this one and advise your staff ASAP. At very most, it could be a story worthy of a novel. At very least, it could save you and your users plenty of headaches and lost funds.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

FBI Declares ‘Gameover’, Link to ZeuS

Please read the following post with the voice of a drill sergeant in your mind. Imagine something between R. Lee Ermey and Samuel L. Jackson if you can, or maybe Stephen Lang. Alright people, listen up! Welcome to Spam Fighting Boot Camp, or what some mamby-pamby college puke might call Spamfighting 101!  Over the next nine weeks I’m going to take you through a series of briefings designed to turn you into a lean, mean, spam fighting machine. We will teach you to know your enemy, train you to anticipate, out think, outmaneuver, and out fight your opponent, and leave you with the skills necessary to defend your email systems to the last message. Our users must be protected from the enemy, and that enemy is spam!

The best defence is a strong offence, but as much fun as a search and destroy mission behind enemy lines might be, our field of battle must remain within our users’ inboxes. Our goal is zero casualties people, and no mailbox gets left behind. Here’s what you can look forward to over the next several weeks:

Week 1: Know your enemy

We’re going to look at how spammers think, how they act, what their motivations are, and the cunning tricks that they play in their unending attempts to compromise our users’ inboxes. We’ll look at our own infrastructures’ fortifications through the eyes of a spammer, so that we can see the weaknesses that our enemy will attempt to exploit.

Week 2: Beware of friendly fire

While our mission is to oppose the enemy wherever we may find him, we don’t want to become the victim of friendly fire, and we don’t want anyone else mistaking us for a spammer. We’ll look at the proactive measures and policies that will prevent these sorts of accidents from happening.

Week 3: Improvise, adapt, overcome

Budgets are tight, and sometimes you must make do with what is at hand at the moment. We’ll look at the anti-spam technologies that are available to you in some of the most popular email systems.

Week 4: A well-regulated militia

Try as we might, sometimes the enemy slips behind the line, and arming our users’ workstations adds a layer of security to halt those spams that might get past our sentries.

Week 5: The last line of defence

Spammers continue their campaign against us because, at the end of the day, there’s always someone who will buy whatever line they’re selling. Here we’ll look at winning the hearts and minds of our users, educating them against the threats spam presents.

Week 6: Gearing up 

To shore up our defenses, we have many options available. During this training mission, we’re going to look at the options available for shoring up our defences with bolt-on software solutions.

Week 7: Allied Forces 

Some campaigns may require us to interact with allied forces. Understanding them completely can make the difference between a quick victory and a protracted campaign, and we’ll look at strategies for combining our strengths into an effective spam smashing force.

Week 8: Forward operations

The closer we can bring the fight to the enemy, the further away they are from our users, and cloud-based solutions move the fight from our datacenter to the Internet. We’ll examine strategies for success.

Week 9: Good to go

Training complete, you’re  ready to engage the enemy. We’ll go over some last minute tactics and strategies to make you the complete spam killing machine.

Well alright then. Gear up, strap in, and get ready for some action! Spamfighting bootcamp is about to begin!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam Fighting Boot Camp: The Mission

The Microsoft Digital Crimes unit has continued its investigation into the perpetrators behind Kelihos, and today filed an amended complaint in the U.S. District Court for the Eastern District of Virginian, naming Russian citizen Andrey N. Sabelnikov as the alleged perpetrator.

Microsoft indicated in a blog post today that former defendants Piatti and the dotFREE Group have been cooperating with Microsoft, and it is this cooperation combined with new evidence that has enabled Microsoft to amend their complaint and name Sabelnikov.

In the amended complaint, Microsoft presented evidence against Sabelnikov alleging that he wrote code for Kelihos and either created or participated in the creation of the malware. Evidence was also presented supporting the allegation that

Sabelnikov “used the malware to control, operate, maintain and grow the Kelihos botnet.”

The complaint goes on to allege that Sabelnikov registered over 3,700 domains in the cz.cc namespace with the dotFREE Group SRO, using these in the ongoing spread and control of Kelihos.

A statement on Microsoft’s official company blog by Senior Attorney for the Microsoft Digital Crimes Unit Richard Domingues Boscovich asserts Microsoft’s commitment to continuing the investigation and taking action against all the individuals who participated in Kelihos. Remember that the original complaint named twenty-two John Doe co-conspirators. One can only assume that Sabelnikov is the first, with another twenty-one to be named as more evidence is developed.

Microsoft has also made available more information on botnets and free tools to help clean users’ computers if they have been infected. You can view that information at: http://support.microsoft.com/botnets.

As more information develops on this case, we’ll be sure to keep you up-to-date with continued coverage. Those of you with an interest in the legal actions involving Sabelnikov can read the amended complaint here (PDF, new window).

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Kelihos Actions Continue: New Defendant Named

The year’s off to a rousing start, with all sorts of interesting security news this week: Wikipedia led a temporarily successful foray against SOPA and PIPA by joining numerous websites that went dark for a day; the founder of Megaupload had his hands slapped when law enforcement officials told him resoundingly, “no, you can’t pirate copyrighted material” – insult was heaped upon injury when dozens of expensive cars were towed away to show him they were right; and Koobface – the Facebook botnet that has been harassing Zuckerberg for years – was taken down by its own creators after the Facebook gang teamed up with The New York Times to uncover and publish the identities of the worm’s owners. To round off the week, QR codes (like the one in the image here) may just be the latest form of spam, and news out of the Twitterverse suggests that Darwin’s cardinal rule is not only true, it’s actually a dire prophecy of our impending extinction.

The year’s less than a month old and it may already be shaping up as ‘the year of anything goes’. Topping the headlines was a mass protest against seemingly inevitable anti-piracy legislation SOPA (Stop Online Piracy Act) and PIPA (Protect I.P. Act), as innumerable websites intentionally went dark on January 18. Led by students’ greatest friend and perpetual source of dubious information Wikipedia, the activist movement irritated web surfers across the globe and scored one for the little guy as the bureaucrats in Washington, DC backed off the proposed legislation and shelved the bills, albeit temporarily. It’s practically inevitable that some wily spammer will take advantage of this controversy, so keep your eyes open and watch your back.

In a related story and in the spirit of fishy timing (i.e., the same week as the aforementioned protests), Megaupload founder, Kim Dotcom, was carted off along with several other geniuses who figured they would get away with providing a conduit for copyrighted material, all the while skimming millions of dollars off the illegal activity and thumbing their noses at the FBI. German national Mr. Dotcom, lamented as his lavish New Zealand mansion was raided and dozens of vintage cars were hauled away as the spoils of war. Again, there’s more here than meets the eye, especially now that Anonymous has its back up.

In an LMAO moment, individuals responsible for Koobface – a nasty piece of malware that has been frustrating Facebook and Twitter users for years – have taken down their own command and control server after Facebook teamed up with The New York Times to uncover and embarrass five of the founders – Russian nationals living in St. Petersburg, Florida. The named individuals have scrambled to scrub their online profiles, but it’s highly doubtful that erasing their cyber identities will have much of an effect in the real world, where police carry real guns and real handcuffs.

Are QR codes the newest spam threat? Some people think so. QR – or Quick Response – codes were developed in the automotive industry and have been used for a while. Slowly entering the mainstream  over the past couple of years, they are in wide use in Japan, the UK and the US, amongst other countries. Popular because of their fast readability and relatively high storage capacity (compared to bar codes), the increased use of smartphones with cameras and QR reading apps have made the codes a prime target for manufacturers and retailers; heck, even Google’s looking at getting into the game by using QR codes as a secure login method.  The problem is that QR codes can contain virtually any information, meaning that they are already being exploited by scammers and spear phishers. Keep an eye on this one, folks – and think twice before you take a picture of that code staring you in the face.

Finally, from the Twitterverse, here’s one that, no matter how much you shake your head, won’t rid that sickening feeling that the human race is on a collision course with extinction. Perhaps a case of ‘you can’t spell Twitter without ‘twit’, this recent article shows just how careless – or ignorant, or both – web users really are. Get this: over a twenty-four hour period, more than 11,000 Twitter users shared their email addies with the rest of the world. A safe practice if we were living in Thomas More’s Utopia, but it’s not the case if you reside anywhere on Earth, which is rife with people who would just love to use that information against you. This is just a guess, but it looks like spear phishing season is open and Twitter is the local watering hole.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Week in Review: You Can’t Spell Twitter Without ‘Twit’

Spammers, always trying to stay one step ahead of the game, realize this. They know full well that businesses conduct trainings for their employees, IT departments spend thousands of dollars on spam filtering technologies and many of their intended victims have just grown wise to their methods over the course of time.

So, like any good criminal would, spammers have adapted.

Over the years they have ventured out into other avenues in which to launch their attacks using social media, text messaging services and even the content used by websites has become a method for spammers to advertise their products.

However now spammers have not only changed how they attack their victims, but they have changed the victims themselves.

More Spam Targeted At Children

Children have always been the indirect casualty of spam since the day they sign up for their first email account. Once that address is captured by a spammer’s list they will most assuredly start receiving ads for pharmaceuticals, financial help and even mail order brides.

But for quite some time their receipt of these messages was based on mere coincidence. Their email address was caught in the cross-fire.

Spammers didn’t target them directly because the messages sent to them were essentially worthless. Most 13 year olds weren’t looking to get out of debt or interested in meeting singles in their area (over the age of 18 that is).

But that has all started to change.

Spam itself has changed as well. Sure there are still enough email messages pleading for your assistance moving money out of a war torn nation, but for the most part this type of spam has slowed down. Taking its place are phishing scams and the delivery of malware. And both are much more dangerous than the Nigerian prince hoax.

Children Are Easier Targets

Children may be more adept at using technology than their parents, but they are still kids. And what is one thing that kids love to do on the computer? Play games.

Of course, this quickly became a breeding ground for spammers.

Spammers can easily target the email addresses of younger Internet surfers to advertise fun, arcade style web sites that specifically appeal to children. Clicking on the link provided in the spam email takes the eager-eyed kid directly to a site where they can choose from hundreds of online games to play.

By infecting the website with malware spammers have found that they can easily attract thousands of visitors who are far less skeptical and much more willing to click a link or download a file if it means that they can soon have access to a wealth of games to keep them occupied.

So bad is the problem that some security firms report that there are more than 60 arcade game sites that contain malicious software aimed at children. Some of these sites were designed specifically to serve malware and others are the unknowing victims of cybercriminals who have injected the malicious code into a perfectly legitimate web site.

Why Kids?

If kids don’t have the money to fork over to the spammers, then why have they become the targets of these attacks?

Because it gives the criminal easier access to their parents information and data.

Since most children share a computer with other family members, spammers have picked up on the fact that by tricking little Johnny or little Sally into downloading a keystroke logger through their site, they can have complete access to any information their parents may have there.

Taking it one step further, by requiring a credit card to access premium content or to purchase additional game features, scammers can easily capture thousands of freshly validated card numbers from parents who allow their children to make these purchases online.

Unfortunately, education doesn’t really work as well with kids as it does with adults. Adults quickly see the ramifications of spam and avoid it. Children, on the other hand, are much more impulsive thus, clicking on a link that promises fun outweighs the risks.

To fight this trend it is going to take vigilance on the part of parents to stay on top of their children’s Internet activities and the implementation of the right technologies to help keep kids off of sites that pose such a risk.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spammers Targeting Kids Through Gaming Sites

When a user flags an email address as either safe or blocked, it adds a hash value to the appropriate attribute in their Active Directory account under one of these three attributes:

• msExchBlockedSendersHash
• msExchSafeRecipientsHash
• msExchSafeSendersHash

Each can contain up to 1024 entries per user account by default. One way hashing is used both to conserve space and to prevent malicious users from viewing or extracting usable data out of the lists should they gain access to the Edge Transport Server or data from the Active Directory.

Exchange 2010 uses Safelist Aggregation by default. The Junk E-mail Options mailbox assistant runs in the background, scraping user accounts for updates to the attributes that store hashes, aggregating the lists, and storing the data in the application partition of Active Directory. Edge Transport servers obtain this information through the EdgeSync process, and use it to compare the source address of incoming email to the list by comparing hashes.

Updates to users’ information will automatically propagate to Active Directory, but you can force that process using the PowerShell cmdlet Update-SafeList. If a user adds an address that you want to rapidly update through to help protect all users, you could update Active Directory, and then trigger an EdgeSync. An example of the processes to do this includes

Update-Safelist –Identity user@example.com –type SafeSenders [enter]

Then run Start-EdgeSynchronization.

If a user has the need for more than the 1024 entries, you can use the Exchange Management Shell to set different values. Use the Set-Mailbox command with the switches –MaxBlockSenders and –MaxSafeSenders to set values appropriate to your situation.

With Safelist Aggregation, Exchange 2010 uses the power of crowdsourcing to “learn” which senders are good, and which are bad, by using the decisions of your users to update its own Edge Transport Server lists. This is just another behind the scenes technology that makes Exchange 2010 such a powerful enterprise email solution.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Exchange 2010 Safelist Aggregation ‘Crowdsources’ Anti-spam Efforts

In Part 2 of our look at what you can expect in the coming year, faint rumblings out of Japan suggest that one prediction from Part 1 of this article has already come true. If the very real prospect of becoming an innocent casualty of war isn’t enough to make you run backward toward the year that just passed, these bold predictions reveal how hackers will develop an even stronger sense of camaraderie, and how mobility is sure to become a four-letter word. And if you thought spamming and Internet scams made it personal in 2011, you ain’t seen nuthin’ yet.

How about that? 2012 wasn’t even seven days old when news out of Japan this week revealed some eerie premonitions of the things to come and earmarks of a bold prediction made one week ago.  Engadget, ZD Net and other media outlets are reporting that the Japanese government has been working in concert with Fujitsu since 2008 to develop a powerful ‘cyber weapon’ – a piece of software that, upon the detection of a cyber attack (such as DDoS, for example) tracks the attack back to the source.

Sounds pretty straightforward, right? Sure, until you consider that the software also attacks and disables every machine it finds along the trail. The goal, Engadget reports:

“is to stop the spread of a malicious piece of code by finding and shutting down, not just the source, but all middleman PCs that are also now potential hosts. In some admittedly extreme scenarios this weapon could potentially spiral out of control, taking out far more computers than intended.”

Hmm… Botnets are nothing more than large numbers of unsuspecting computers carrying out their attacks at the behest of the infector and ignorance of the computer’s owner. Japan’s little toy, while it sounds like it might be fun to take for a spin, could have the unpleasant and unprecedented effect of being the cause of some serious collateral damage. Casualties of war? Here’s a tip for everyone: while you still have a chance, give that fave desktop or laptop of yours a great big hug before it’s too late.

1. Hackers of the World, Unite

Robin Hood met Mafia Boy last year as hacktivism took center stage. Indeed, 2011 was an entertaining year for anyone who followed the exploits of Anonymous and LulzSec. The drama unfolded like a kabuki play born in the mind of Ken Kesey and brought to life by a troupe of mimes with Tourette Syndrome, and there were even a few arrests along the way to make this reality show really…ahem… arresting.

Prediction: We will see some new hacking activity from these groups, with some high profile web takedowns in the process. While that’s not a stretch, this is: hacker groups like Anonymous and LulzSec will grow in size substantially, resembling an ‘occupy’ type movement that will take the war online. The civil and social unrest of 2011 will turn to face the financial behemoth that is the Internet.

2. Mobility Means Vulnerability

If we learned anything about spam in 2011, it’s that spam is like that proverbial bum of a brother-in-law who’s been living in your basement for the past two years. It’s not going away, good luck making it work for you, and you will be out-of-pocket at some point. Spammers continued to use every means at their disposal in 2011, with SMS spam becoming a real pain in the neck. Security flaws in the two most popular smartphone platforms – iOS and Android – just accented what we already suspected: that spammers and purveyors of malware had taken their show on the road.

Prediction: 2012 will see a massive increase in mobile spam, and mobile devices will become the swords upon which we will live or die unless we get mobile security under control.

3. It’s Nothing Personal…Well, Actually, It Is

A significant development in spam and phishing in 2011 was the way in which the scam artists were getting smarter; you know, smarter in much the same way that a chunk of igneous rock living at the bottom of a fetid riverbed is smarter than a rotting patch of lichen hanging for dear life to the side of an oak tree. Like it or not, the scambags are wilier, finding new and innovative ways to pick your pocket without actually residing in the same time zone.

Prediction: The scambags will become even cleverer in their assaults, finding new methods to lull people into a false sense of security. How this will occur remains to be seen, but our bold prediction is that it will most likely involve highly targeted, multilevel campaigns where the scammer will use detailed knowledge of the targets, and multiple contact methods like email, phone, SMS and even snail mail to enact their evil schemes.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Bold Predictions for 2012 (Part 2)

In a turn of events appropriate for the most tumultuous year in cybercrime, 2011’s body is barely cold and we’re already smelling something suspicious from its decomposing carcass. Rumors of two worms, one well-known and the other relatively new on the scene, have some of us wondering what will happen next in 2012, and the year has only just begun. In an attempt to put the preceding year into perspective, we take a look at what might be in store for the new year and beyond with some bold and not so far-fetched predictions for 2012.

PREDICTION: A Shiny New Worm with Every Census Report, Tax Return and Piece of Monetary Currency

First up for 2012 is a prediction that all bets will be off when it comes to understanding the nature – and source – of some of the most insidious malware in the known universe. In fact, the threat and very nature of the state-sponsored malware will only get more confusing, and most likely more disturbing, as we discover where and how it’s being used.

Discovered in 2010, Stuxnet was in the news again in 2011. A worm designed to target and damage industrial control systems (like the kind found in nuclear plants), it has been a source of great debate over who created it and what its ultimate purpose represented; but few could argue that with more than forty percent of Stuxnet’s infections landing in Iran, the nation was most likely the target from the get-go. Russia and others wasted no time pointing the finger squarely at the United States and Israel as the benefactors of the worm, which surely must be state-sponsored.

It seemed inconceivable that anything could top the news that broke late in the year about Stuxnet’s connection to Conficker, suggesting that the latter, a notorious botnet, was used to deliver the payload for Stuxnet. If rumors are true that Stuxnet is state-sponsored, the implication that spam might have been part of the delivery method can and must only leave a bad taste in people’s mouths.

As 2011 wheezed out its last few painful breaths however, a new development occurred in this bizarre tale, as it was revealed that ongoing research by Kaspersky Labs on Stuxnet uncovered a direct link between Stuxnet and Duqu – a worm, discovered only in September, which shares many of the attributes of Stuxnet. In fact, media outlets are reporting that the worms are suggestive of an ‘arsenal’ of malware that has been in development as early as 2007. The code kernel has been dubbed ‘Tilded’, in recognition of the author’s habit of using filenames that begin with ‘~d’.

The Prediction: Keep your eyes open for Tilded. We will continue to see new pieces of the puzzle unveil, and they will point at the government of a country – or perhaps multiple countries working in concert – all but providing conclusive proof of the party (or parties) responsible for this new and nefarious form of warfare. What will make this story even more notorious, however, is when it becomes clear that an unsuspecting public has been a major delivery mechanism for this 21^st century warfare, through the use of spam, malware, and botnets. And if that is true, it could very well be the case that some of those spammers you curse on a daily basis are actually nation states using spam to mask their cyber intelligence activities.

PREDICTION: The Cloud Will Get Stormy

While the Cloud was one of those recurring themes that flew, for the most part, under the radar in 2011, companies like Apple and Microsoft continued to push it like it is a silver bullet and a cure-all for everything that ails small companies to major corporations.

The Prediction: 2012 will see at least three Cloud-based security events, most likely linked in some way to spam, malware, hack attacks or compromised mobile devices. Furthermore, they will be high profile events, targeting Fortune 1000 or Global 1000 companies, or less likely a government agency. Anonymous will take credit for at least one of the breaches, and there will be a link with one of the breaches to North Korea and/or China.

Next week, in Part 2 of this story, we’ll take a look at some other bold and controversial predictions for 2012, and how we can learn something from 2011 – but only if we’re ready and willing to listen to it.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Looking Back At 2011 And Bold Predictions for 2012 (Part 1)

New statistics on spam have revealed that India has shot ahead of the United States and South Korea to claim the title of biggest spam producer in the world. 12% of the spam in the world comes from India. This is largely because India is a popular home for botnets and the amount of botnets whose origins lead to India is increasing.

In a written reply in the Lok Sabha, the Minister of State for Communications and IT, Mr Sachin Pilot, said that Indian Computer Emergency Response Team in co-ordination with the industry and service providers is working towards disablement of ‘spam bots’ located in India to curb spam sources.

India is also home to a thriving economy based on human CAPTCHA solving. These companies cater to spammers, who are happy to pay them to solve CAPTCHAs by the thousands. This allows them to set up email accounts on services like Gmail and Yahoo to pump out spam from and blogs on services like Blogger for distributing email and conducting Adsense and affiliate fraud.

Computers and the internet are increasingly affordable in India, and the number of internet users there have skyrocketed to over 110 million.

In better news, the United States, once one of the top three spam producers in the world, has dropped out of the top 10 altogether. This is attributed to the efforts Microsoft and the FBI have made over the past year to crack down on spammers and take down several major botnets. This is also credited for bringing the global spam volume down to 75% of all email sent.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

India: King of Spam?

While it’s despicable for a spammer to take over anyone’s account, and I can understand why Paula Chase’s family is upset, the situation does raise some questions. Why didn’t they close her account when she died? Many of my friends have a list of their online accounts and passwords stored with their wills, and I think this is an excellent idea. Another question I have is why didn’t they simply block their mother’s email address? Rather than let the spammer “torment” them, blocking her address might have saved a lot of stress.

This story illustrates the importance of making sure your online accounts are taken care of if something happens to you.  For example, Facebook will turn your account in a memorial page -all your loved ones have to do is contact them and request it.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Family Tormented By Spam From Dead Relative’s Account

Microsoft, Google, AOL, and Yahoo are all providing metadata from messages sent to their users on a daily basis to Agari. Protecting users’ privacy is of paramount importance to all of the participants. The metadata includes aggregate information on things like source IP address, subject, and sender address, but not the body of the email. Participating providers may provide URLs contained within messages that are already failing other tests so that Agari can notify the company being spoofed in the message, but no other email content is shared.

As email metadata is analyzed by Agari, who is handling over 1.5 billion messages a day, characteristics of messages that are spam or phishing messages are identified. Data is then pushed back to the participants, who can update the policies on their borders to reject spam and block phishing attacks.

There are about fifty other participants in the Agari service, including financial and e-commerce corporations. Business site LinkedIn, and social media sites Facebook and YouSendIt are also participating, which is great news for the users of these services, who are often flooded by spam messages.

It may surprise you to learn that you have probably already been protected by Agari. The company began operations in 2009, running in stealth mode. Current estimates have Agari protecting half of US consumer email users, and over 1 billion individual mailboxes.

Agari, a spinoff of Cisco Systems, is a venture capital funded company based in Palo Alto, California and led by several of the people who were responsible for creating and running Cisco’s IronPort technology. Agari promotes their technology as a cloud based infrastructure, capable of pushing out updates in response to new attacks in a matter of seconds. With an infrastructure capable of processing billions of messages per day, they are positioned to handle the ever increasing volumes of email.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Strength in Numbers – Agari

But putting things into perspective, when you consider that on average 5,000 people die from HIV every day, spam email messages just don’t seem all that bad.

By now, you are probably wondering what the two have in common.

On the surface, not much. But behind the scenes, the war on spam has produced some promising advancements towards finding a vaccine for HIV.

Leading the Charge

David Heckerman, Micrsoft’s Senior Director of their eScience Research Group was the inventor of the spam filter that protects Hotmail. However for the past seven years, his focus has been on creating a vaccine for HIV. He draws parallels between fighting spam and fighting the human immunodeficiency virus that make a clear connection between the two without trivializing the disease.

Over the years those who have been tasked with fighting spam have seen it evolve and adapt each time progress is made to eliminate it. At first, rudimentary spam filters blocked keywords found in the message so spammers started using characters and numbers. As the filters grew more intelligent, spammers reacted to stay one step ahead.

HIV evolves in a similar way. Attempts to stop the disease have shown that when attacked, the virus will mutate to beat its adversary (the human immune system).

“We have an adversarial situation going on between spam filters trying to block the spam and the spammers changing and mutating”, Heckerman said in an interview with The Los Angeles Times, “and in the case of HIV, we have the immune system fighting the virus and HIV mutating to try to get through.”

Both, he claimed, can be successfully fought by finding their Achillies’ heel. And for both, that vulnerable point of attack is the part that absolutely cannot mutate.

“In the case of spammers, they want to extract money from you. That’s what they can’t avoid. So our spam filters, at least in part, focus on that,” he said.

So now he is working on finding the spot where HIV is as equally vulnerable.

“It (HIV) mutates a lot, but it can’t mutate to where it stops functioning,” he said. “If it does do that, we win”.

Partnering with Others

Currently, Microsoft Research is working with Bruce Walker from the Ragon Institute of Massachusetts General Hospital, MIT and Harvard, the Centre for the AIDS Programme of Research in South Africa and the KwaZulu Natal Research Institute for Tuberculosis and HIV to study the virus in Durban, South Africa.

Of course drawing a parallel to study how HIV reacts to a vaccine is only a part of the solution.

To develop a working vaccine based on the principles used to fight spam, researchers are cataloging fragments of HIV that are vulnerable to attack by the human immune system to find that piece that cannot mutate. This research generates enormous amounts of data for researchers to analyze. Enough that one computer dedicated to crunching the numbers could take years. However, relying on Microsoft’s data centers, what would take years only takes a few hours.

This is thanks in part to the use of a Microsoft Computational Biology Tool called PhyloD . This software enables efficient data mining which then leads to specific cell analysis that helps detail virus patterns for further analysis. PhyloD contains an algorithm, code and visualization tools to perform complex pattern recognition and analysis – enabling Heckerman and his colleagues to learn how different individual immune systems respond to the many mutations of the virus.

While the research definitely shows some promise, a cure for HIV does not appear to be on the immediate horizon, nor does the eradication of spam.

Yet the nature of this study shows an enormous amount of progress towards how the different disciplines of science and technology are so interrelated that methods used to fight something like malware or spam could wind up someday saving millions of lives worldwide.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

From Fighting Spam to Fighting HIV

A spammer’s worst enemy is an educated user. Here are five easy ways to make sure you’ll never be a spammer’s best friend:

1.  Don’t display your email address as plain text on your website. A contact form is best, since it protects your email address from harvesting bots, but if you must display your actual email address, display it as an image. The bots can’t “see” text in images so they won’t be able to grab your address.

2. Don’t sell your mailing list. It may seem tempting as a way to bring in some extra income, but think twice. Even though your customers may have opted in and consented to having their email addresses given to third parties, you can’t control what those third parties might do with it.

3. Don’t respond to spam. Resist the urge to tell them off and ignore any unsubscribe links. If your email doesn’t bounce, it will simply tell the spammers that your address is active and responsive to spam.

4. Invest in a throwaway email address. Sign up for a free account on Yahoo, Hotmail, Gmail or other free provider. Use it instead of your main account for registering on websites, shopping online, and so on; then ignore it. This keeps your main inbox free of spam.

5. Watch your ports and relays. If your company isn’t using it, block port 25 and make sure your network isn’t hosting any open relays. This will eliminate two popular spam tools and keep your domain from ending up on a blacklist.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 Ways To Make a Spammer Hate You

As retailers around the world ramp up for the holiday shopping season, you can be sure that holiday themed spam and phishing messages will be heading for inboxes everywhere. And while we can update our filters and pay close attention to what is hitting our borders, our users may not have as good a protection on their personal accounts as they do at work, so give your coworkers an early festive present by warning them of the common threats that hit this time of year.

Malware

Whether in form of festive greeting cards, holiday screensavers, or applications for your Facebook page, festive themed malware comes straight from the Grinch and tries to take advantage of people’s holiday spirit. Making sure that antivirus software is up-to-date is critical, and treating any software or app with a healthy bit of skepticism is a way to play it safe.

Scams

Whether the hot gift this year will be tablets, or smart phones, or coffee makers, one thing is for certain; supply will not meet demand. Scammers will exploit this by sending emails offering unbelievable deals, or stating that they have in stock what everyone else sold out. If it’s too good to be true, it probably isn’t. Remind users to only shop with reputable vendors, and to check out special offers by going to the website directly instead of clicking links in emails they weren’t expecting.

Online Coupon Offers

Phishing attacks may offer incredible savings in exchange for personal information. Before filling out any form to get a discount code, make sure you are dealing with a real vendor. Again, going to the vendor’s site by typing the URL in by hand is safer than clicking links in emails, or calling a brick and mortar to verify a coupon offer is legitimate can save time and disappointment.

Fake Transactions

Users should be very careful about email confirmations for purchases they did not make. Scammers can mock up an order confirmation for a high priced purchase easily; and they are counting on the victim clicking the link to cancel the order rather than confirming it is legitimate. Whether that delivers malware, or tries to harvest personal information and login credentials, it’s a way to exploit users’ fears of fraudulent transactions.

Pleas for Help

This is also the time of year when phishing expeditions pull out the really mean-spirited methods. These can be pleas for help from strangers with incredibly sympathetic stories, or from relatives allegedly stranded and needing money, who can email but strangely not call for help. Users should be aware of these scams, and be wary of any request for help that they cannot confirm as legitimate.

Take a moment or two today to warn your users of these scams. It’s a gift that keeps on giving, and helps make sure no spammer named Scrooge spoils their holiday.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

‘Tis the Season for Holiday Spam

Regardless, you can learn quite a bit from stats; and the ones below are listed for just that purpose. Each one will teach you a little something about spam to keep your inbox as safe as possible.

1. The Rustock botnet comprised of up to 1.7 million computers.

Sure, Microsoft engineered the takedown of this botnet but think about this, there were close to two million computers infected with the software that turned them into zombies.

This means that traditional anti-malware isn’t providing the protection that people thought it does. To keep a computer or network as clean as possible there needs to be a comprehensive anti-malware solution that protects the desktop, mobile devices, servers, email and web sites.

2. 90% of spam is in English.

On the surface this may seem insignificant. But a year ago, 96% of all spam was written in English.

What this means for you is that spammers are coming from many different countries so anti-spam laws in places like the United States and Canada won’t be as much of a deterrent to these people.

3. One in 445 emails is a phishing email.

Phishing leads to financial, confidential, and personal information being stolen to the tune of over 2 billion dollars every years. Since the average professional receives more than 100 emails each day odds are you are coming into contact with some type of phishing attempt at least once a week, and possibly more.

4. One in 284 emails contains malware.

When people stopped falling for the Nigerian scams and the pharmaceutical email advertisements spammers had to look for other avenues in which to make money. Delivering malware via email is one. Think of how many times people fall for fake anti-virus pop-ups or have been infected with various Trojans that turn their computers into zombies that can be rented out with various botnets and you can see why many spammers turn towards these money making opportunities.

5. 91% of all spam emails contain a link.

If the spam you receive doesn’t contain a malicious program that doesn’t mean you are out of the woods just yet. The link you clicked on could be sending you to a malicious website that infects your computer just as easily. What’s worse is that most spam filtering solutions don’t actively block emails that contain links like they do when it comes to executable file attachments.

Users need to be aware that links can be just as dangerous as downloads when it comes to malware. Part of any user education training should include a section about malicious websites and the fact that spammers often send links to them via email.

6. Two thirds of all spam is related to the pharmaceutical industry.

Spammers don’t waste their time sending out advertisements for things they don’t make money on. So when you see so much effort being placed on the Internet pharmacy industry you know that someone is buying from these guys.

The problem isn’t just that these email messages are tying up your inbox, but that people are actually buying medicines that are often unregulated or even counterfeit.

What people should take away from this is the fact that spammers tend to stick with what works for them. When the money dries up from Pharma spam, they will turn to something else.

The thing about statistics is that they can be tweaked to provide facts for whatever it is you are trying to prove. In fact, some statistics show that spam is actually at an all time low. What they don’t tell you is that email spam is at an all time low because spammers have simply taken different approaches to how they send junk emails to their victims.

No matter what the statistics say about spam, the problem still exists and it still costs businesses and individuals time and money.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

6 Spam Stats You Can Learn From

South Korea recently announced plans to fight the country’s growing spam problem by asking all ISPs to block all port 25 traffic - something that’s already done in Canada, many European countries, and by some ISPs here in the U.S. The reason blocking port 25 helps cut down on spam is because to use alternate ports like 587 or 465 requires authentication, something botnets simply can’t provide. Although it seems simple enough there are a few catches. For example, companies often use port 25 for authenticated access and requiring ISPs to block it completely would cause serious problems for workers who telecommute or must log into their company’s intranet from a remote location. It’s also likely that, like most other anti-spam solutions, it would wind up being only a temporary fix as spammers are sure to either find some way around it or find new ways to exploit webmail instead. Also, some critics say it punishes too many legit users.

I suppose the same could be said about CAPTCHA, which many users despise. Some visually impaired users find it impossible to get past and even those with perfect vision often find them frustrating -I know I have. Sometimes they are so distorted or close together that it’s nearly impossible to decipher!

My ISP – Road Runner – doesn’t block port 25, and at last count I had 150 spam messages in my junk folder. Coincidence? Maybe. How do you feel about blocking port 25? Do you think it’s a good idea? Would it interfere with your business in any way? Please leave a comment and share your thoughts!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Blocking Port 25 Really Does Thwart Spammers