The FBI has issued a warning about a new wave of holiday greeting card spam. Scammers are sending emails claiming the recipent has recieved a holiday greeting card from a friend or family member and asks them to click on a link to view it. The link leads to a malicious website made to look like the page of a popular electronic greeting card site like Hallmark. The site downloads malware on to the recipents computer. It also directs all network traffic between their browser and the fake page, allowing the scammers to steal their personal information. They offer the following tips to help protect yourself from this and other malicious spam attacks:
Polls
Loading ...
Posted December 4th, 2008 by Sue Walsh
Posted December 3rd, 2008 by Dan Blacharski
An IDG News Service article asks a highly relevant question about the recent high-profile anti-spam activity: “Where are the Feds?” The article notes the shutdown of a spam network known as HerbalKing, in which the Feds did indeed have a hand. The FTC, FBI, and New Zealand police (in a nice show of international anti-spam cooperation), together shut down the spam network, which had been linked to a huge amount of spam email. However, according to researchers, the action was sort of like taking a cup of water out of the ocean, and within a week, spam was back to its normal levels.
The big action took place a couple of weeks later, when McColo, a San Jose-based ISP and notorious host for spammers and other cybercriminals, was shut down. But unlike the HerbalKing operation, the McColo shutdown did not involve any Federal agencies. Who was responsible for shutting it down? Researchers and reporters, mostly, who publicly humiliataed carriers Global Crossing and Hurricane Electric, who provided service to McColo. After being taken to task, the carriers dropped McColo as a client.
Posted December 3rd, 2008 by Carl E. Reid
Click here or on the map to the right for real time Spamming IPs detected.
It is absolutely amazing that legitimate Internet and telecommunication related companies provide a huge global infrastructure that spammers leverage everyday. These companies are in business to facilitate legitimate business growth, but it’s hard to track legitimate businesses from those setup to deliberately send illegal spam.
“White Paper - Atrivo and their Associates” was recently published by Jart Armin. It provides the results of a study initiated to track and document scientifically the ongoing cyber criminal activity from within the IP space and servers controlled by the California-based Atrivo, and other associated entities. This white paper was published in association with James McQuaid and Matt Jonkman. The Technical Review of this white paper was performed by Bob Bruen and David Bizeul with the help and assistance of many “concerned netizens” within the Internet and Open Source Security community.
Posted December 2nd, 2008 by Sue Walsh
Today is Cyber Monday, the day when online retailers expect sales to peak for the year as shoppers are expected to spend over $800 million this year. As shoppers return to work after the long holiday weekend and log on to find bargains, experts say spammers and scammers will be along for the ride. Last year phishing attacks shot up an amazing 300% at Thanksgiving, and this year is expected to be no different. Spammers and scammers know the weak economy has shoppers wanting bargains more than ever and they will take advantage of it.
Posted December 1st, 2008 by Carl E. Reid
Spammers know that they can be tracked through the “Received:” lines in the headers. Therefore, they often attempt to obfuscate the headers to confuse matters. Although “Received:” headers can also be forged, it is somewhat more difficult than simply forging the return address.
Most of your incoming email (including junk email) will have a total of only two “Received:” lines in the headers: One generated by your ISP’s incoming mail machine (indicating the address of the spammer’s outgoing SMTP server), and one generated by the outgoing SMTP server indicating the originating IP. Although not unheard of, you should be suspicious of any additional “Received:” headers below the second one.
Posted November 27th, 2008 by Sue Walsh
When McColo, an ISP known for being a haven for spammers and scammers was knocked offline two weeks ago, the notorious Srizbi Botnet went down with it. This resulted in global spam volume plummeting by as much as 75%. Sadly, that’s about to change. FireEye, a threat research firm, has discovered that Srizbi is rising from the dead.
Researchers at the firm have discovered that Srizbi has begun updating all of its bots via its new command servers located in Estonia. New domains linked to the botnet have been found as well, with registrations located in Russia.
Posted November 26th, 2008 by Dan Blacharski
Facebook won its case against a spammer, Adam Guerbuez and his company, Atlantis Blue Capital, for violations of the CAN-SPAM Act. The courts awarded Facebook an incredible $873 million in damages, the largest award under the Act to date. According to reports, his business involved phishing Facebook user logins, and then using other peoples’ accounts to send spam to other Facebook users, selling various pharmaceuticals and male enhancement drugs. Guerbuez never showed up for his hearing.
It is of course, a symbolic gesture. Facebook is not likely to get a dime from Mr. Guerbuez. Although I’m sure he’s made some money from his spam business, I doubt it’s anywhere near $873 million. And by now, if he’s smart, both he and his money are far outside of United States jurisdiction. Besides the monetary judgment, he also received an injunction preventing him from using Facebook in the future. This too, is a symbolic gesture, and one that would be impossible to enforce.
Posted November 25th, 2008 by Carl E. Reid
Up to 80% of spam targeted at Internet users in North America and Europe is generated by a hard-core group of around 100 known professional spam gangs whose names, aliases and operations are documented in Spamhaus’ Register of Known Spam Operations (ROKSO) database.
ROKSO is a “3 Strikes” register. To be listed in ROKSO a spammer must first be terminated by a minimum of 3 consecutive ISPs for AUP violations. IP addresses under the control of ROKSO-listed spammers are automatically and preemptively listed in the Spamhaus Block List (SBL). For Law Enforcement Agencies there is a special version of this ROKSO database which gives access to records with information, logs and evidence too sensitive to publish here.
Posted November 24th, 2008 by Sue Walsh
Spamhaus has released its latest list of the top 10 spammer-friendly ISPs and there is one familiar name, Microsoft. That’s right. Microsoft sits in the number 5 spot on the list. Why do spammers like Microsoft? The same reason they love Gmail. They know those domains have a highly positive reputation and aren’t likely to be placed on any blacklists. This increases the chances of their spam actually reaching people’s inboxes.
The spam tracking group says spammers and scammers routinely use Microsoft’s Live.com and Livefilestore.com to send spam and redirect visitors to various sites that sell porn and fake drugs.
Posted November 21st, 2008 by Carl E. Reid
As an email administrator I’m constantly asked by email users “I don’t understand why people send spam. How do they make money selling watches or viagra , if they have no reply email address? I only see web site link”. Therein lies the answer, which we can continue to educate our email users. In his article “How Viagra spam works” Stuart Brown provides great insight with details on exactly how the underground market of spamming works. All it takes is a few emails for spammers to get paid from millions of spam emails sent out daily.
Stuart starts off by explaining that even with the best Bayesian filters, blacklists and other filtering techniques, most of us are still plagued with an endless stream of invitations for all sorts of weird and wonderful products and services. One of the most common forms of spam is advertising for pharmaceutical products - and perhaps the most notorious form is for the ‘men’s health’ variety- notably Sildenafil citrate, more commonly known as Viagra. But how do spammers make their money?
