Category Archives: anti spam

Spam doesn’t stop itself.

In fact, keeping your users’ inboxes free of spam requires some pretty sophisticated technologies. However for those who use modern day anti-spam filters, many of these technologies operate in the background without the administrator even knowing what is going on.

That’s the way it should be. Fighting spam should be effective and easy – especially for smaller IT departments where there are few people who have the time to specialize in one aspect of technology.

But even if your anti-spam solution requires very little background knowledge, it never hurts to know how these things work.

The following technologies are ones that are, or have been, used to fight spam using automated solutions. You may have seen one or two of these before, but if not, this is a great opportunity to expand your knowledge base. Continue reading Spam Fighting Technologies»

Welcome back to the next in our series on talking to regular people about spam. In today’s post we are going to talk about how to identify suspicious links. Links are intended to open your web browser to view a specific page, and yes, doing something as simple as that can harm your computer. These web pages can contain malware, code designed to do anything from steal personal information to infect your computer with a virus. This malware can do its damage if you view the page in your browser, so if you think “what’s the harm in looking?” believe me, the harm can be significant. This is one time where the phrase “better safe than sorry” really counts, so if you think there is even a remote chance a link could be bogus, don’t click it! But since spammers will often make their emails appear to come from a legitimate source, and disguise their links to look like something you’d feel safe clicking, we need to take a closer look at how to identify suspicious links. Continue reading Let’s Talk About Spam – Identifying Suspicious Links»

In March, Microsoft made more headlines when it took down yet another botnet. This time it was a highly publicized takedown of a ZeuS and SpyEye banking Trojan botnets, brought about by pulling the plug on two command and control servers, one in Scranton, Pennsylvania, the other in Lombard, Illinois. Dubbed Operation b71 and accompanied by some informative and entertaining video, it was yet another example of Microsoft’s commitment to leading the war on spam, bots and malware, one for which they’ve taken some positive press over the past couple of years – and well-deserved press, some would say.  For those of us who eat, breathe and dream security, we all nodded in approval and returned to our daily routines of fighting the spam war on different fronts, assured in the knowledge that the Redmond Mega Corporation has our backs, as it were. Continue reading Can’t We All Just Get Along?»

Those of you who follow this type of thing know that email spam levels have declined in the recent past due to a number of factors:

• First, several take downs of high volume botnets have bitten a large chunk out the automation of email spam.
• Then there’s the simple fact that we’ve been reporting for a while now – that users have gotten more savvy to the dangers of spam, and so have the spammers. Spam in its basest form just isn’t that successful anymore because, let’s face it, there are only so many Nigerian princes needing to get their money out of the country.
• Spammers have gotten more targeted and more personal in their attacks. Most of the data we’ve seen over the past year or so suggests that spammers are having much more success when they learn something about their targets and take the personal approach. It makes sense, doesn’t it? If you’re going to try to bilk someone out of their hard-earned Benjamins, then you should at least know their name and where they live.
• Spammers have found a new place to drop their drawers, as it were. Social media sites are resplendent with users who have less than no clue about the inherent dangers of a single mouse click. Twitter, Facebook, Tumblr and others are breeding grounds for spam artists who know, just like you and I do, that users will share things about themselves online that they probably wouldn’t share with a stranger if they met him on the street. Ironic, isn’t it?
• Then there’s mobile spam. Texting, whether successful or not, seems to be the new fad among spammers, perhaps because their fingers are so tired from counting all their money that all they have left to type with is their thumbs. As it turns out, it can be lucrative, too. Continue reading Just Like Old Times: Spam, Malware Levels Spike in April»

A new study  has revealed that 60% of U.S. and Canadian businesses are
completely unaware of the new Canadian anti-spam legislation soon to go into effect, and that could cost them dearly.

The law, known as Bill C-28, was passed in December 2010, but there has been a lot of foot dragging since then by the legislature and a fair amount of outcry from businesses. It’s likely to finally go into affect as early as this fall. Companies all over the world need to be aware of the law and what they need to do to be in compliance, because it applies to any company that sends commercial email to Canada, even if they are located elsewhere. The penalties for violations are stiff-fines of up to $10 million per offense, and the right for individuals to seek damages. The law allows individuals the right to demand $200 per spam message, and for class action suits to be filed.

‘“Commercial electronic messages” encompass communications that have any commercial goal—including discount offers, promotions, and newsletters. In other words, says Fasken Martineau associate CharlesLupien, a “simple, run-of-the-mill e-mail” that a company wouldn’t think of as malicious spam will be viewed as illegal under this law, sans prior consent.

Some examples of what would be covered under Bill C-28: A law firm that sends out a mass mailing about a free conference it’s hosting. Or a beverage company’s e-news about its latest juice, sent to a recipient list it obtained from an industry association. Or a company that contacts a client list that dates back five years, announcing, ‘We’re new and improved and we want you back as a customer.’’

Companies are advised to go through their mailing lists and do some housekeeping. The law mandates that companies prove they had prior consent from everyone on their mailing lists (and the law prohibits companies from sending an email asking for consent). The exception is if they can prove they had a business relationship with the individual within the two years prior to sending the messages. If they can, they don’t need to prove they had prior consent.

The law also applies to text messages and Facebook messages as well. As you can see, this law is a complex and far reaching one, so if your company hasn’t made itself familiar and/or compliant yet, you need to do so ASAP.

Like anything else related to technology, spam has evolved over the years.

The change comes from spammers reacting to many things:

• How spam filters identify their messages
• How recipients react to their messages
• What types of spam campaigns yield a profit
• The evolution of the botnet
• The ability to take advantage of malicious web pages
• The large amount of zero day threats
• More knowledgeable recipients. Continue reading How the Cycle of Spam Works»

Welcome back to another in our series of articles on talking about spam. I have to apologize for this one, since in the title I broke one of the cardinal rules I set for this series; I used a technical term. I used a term that most in IT are familiar with, and almost no one outside of IT is, but it is a term, or rather an acronym, that distinctly and succinctly sums up one of the most insidious weapons spammers and phishers use against their targets. Knowing what the term means might not win you Final Jeopardy, but it will help you to understand and recognize attacks for what they are. FUD is pronounced exactly as it looks, and stands for the big three emotions that make most people believe things they should not; Fear, Uncertainty and Doubt. Continue reading Let’s Talk About Spam – FUD»

In today’s post, we’re going to take a look at some actual spam messages to help you get a feel for what spam looks like. We’ll point out some of the obvious characteristics, as well as some of the more subtle traits that tend to be common amongst spam, to help you get more familiar with identifying it yourself. Once you know what to look for, spotting spam becomes less like “Where’s Waldo” and more like spotting the wolf amongst the sheep. Once you know what to look for, it’s hard to believe you ever missed it. Continue reading Let’s Talk About Spam – The Worst Offenders»

Just recently, India overtook the United States as the country who is responsible for sending out the most spam. According to Spamfighter.com, one out of every ten emails originating from India is spam.

Most people wouldn’t find this surprising at all because of the assumption that India is a base for cyber criminals intent on ripping off the hard working public.

But if this were the case, why did India unseat the United States for this honor? Continue reading India is the New Spam King – What Can We Do About It?»

Welcome to the fourth post in our Let’s Talk About Spam series. Today, let’s go over how to identify spam. Technical folks can smell it from a mile away, and can usually spot a spam message by its subject line, but how do they do that? Identifying spam is not too difficult, once you know what to look for. Spam, phishing messages, and malware all have some common attributes that you can easily spot when you know what to look for. Continue reading Let’s Talk About Spam – How to Identify Spam»

In an effort to fight spam, the Internet Service Providers’ Association of South Africa
(ISPA) has been maintaining a Spam Hall of Fame.

Started in 2008, the list is regularly updated, and last month 64 spammers and 34 email address resellers were awarded the dubious honor. The organization says getting on the list has actually prompted some spammers to change their ways and agree to adhere to the ISPA’s guidelines. In return, they are removed from the HOS. Here are some of the  latest list spammers to be inducted: Continue reading South African ISPs Release Spammer Hall of Shame»

One of the problems many people have when dealing with spam, phishing, and malware, is that they don’t really understand why they should care. Spam seems like a problem for companies to deal with, and not something an individual should even care about. Our goal with today’s post is to help you individuals to understand just why you should care about spam, phishing, and malware. Continue reading Let’s Talk About Spam – Why Should I Care?»

There are some laws on the books that make absolutely no sense. For example, a law in Salt Lake County, Utah makes it illegal to carry a violin in a paper bag while you are walking down the street.

But what about a law like the one in Danville, Pennsylvania that mandates all fire hydrants be checked one hour before all fires? The intent of the law is well-meaning; they want to make sure that the fire hydrants will work so firefighters can quickly extinguish the blaze. But good intentions aside, the law is still useless.

Continue reading Are More Anti-Spam Laws Needed?»