Every day, millions of people receive dozens of unsolicited commercial emails, known popularly as “spam.” Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch email addresses. This leads many email users to submit helpdesk requests to email administrators with the question “How did these people get my email address?”.

The Center for Democracy & Technology (CDT) embarked on a project to attempt to determine the source of spam. They set up hundreds of different email addresses.  Then the CDT waited six months to see what kind of mail those addresses were receiving. It should come as no surprise to most email users that many of the addresses the CDT created for this study attracted spam.  What is very interesting is the different ways the email addresses attracted spam. There were also the different volumes, depending on where the email addresses were used.

Read the rest of this entry »

French president Nicolas Sarkozy is a victim of a phishing scam. French officials confirmed yesterday that he had money stolen from his bank account after inadvertently giving scammers his username and password through what was later found to be a phishing email.

           “[This] proves the system of Internet checking is not infallible,” French secretary of state for consumer affairs Luc Chatel said. “These cases are sufficiently rare that we haven’t had to really organize ourselves, but [are] sufficiently serious for us to reflect on how to improve the system.”

President Sarkozy filed a complaint with police and an investigation is ongoing. The specifics of the attack haven’t been released and officials say the president’s bank could face sanctions if it’s found their security procedures, or lack thereof, contributed to the hacker’s attack. 

While criminals thought it was based in Eastern Europe, the Internet’s top English-speaking cybercrime forum was secretly run by the FBI from this building on the banks of the Monongahela River in Pittsburgh.  Photo: John Monroe Butler/ Wired.com

Kevin Poulsen reports that DarkMarket.ws, an online community center for thousands of identity thieves, hackers and credit card swindlers, has been secretly run by an FBI cybercrime agent for the last two years, until its voluntary shutdown earlier this month, according to documents unearthed by a German radio network.

Reports from the German national police obtained by a Southwest German public radio station, blew the lid off the long running sting by revealing its role in nabbing a German credit card forger active on DarkMarket. The FBI agent is identified in the documents as J. Keith Mularski, a senior cyber crime agent based at the National Cyber Forensics Training Alliance (NCFTA) in Pittsburgh, who ran the site under the hacker handle Master Splynter.

Read the rest of this entry »

Botnet researchers believe that the Storm botnet may be dead. It’s been a month since it last sent any spam, which is very unusual for a botnet. The only activity researchers have detected is that of some Storm-infected machines contacting one another and the host machines appear to be turning away any that try to connect to them. Since every minute of non-activity costs them money, it’s likely the massive botnet has been abandoned by its creators-possibly for another, more powerful one. Storm is made up of about 47,000 infected PCs.

Read the rest of this entry »

Most web browsers are supposed to protect people by implementing security zones. These safe zones use different security settings of a web browser, which can vary based on the location of the web page being viewed. Phishing emails can lure users to a malicious code web site.  These sites attempt to install spyware, malware or both onto the unknowing person’s computer. These web sites rely on weaknesses in web browsers, which will allow installation and execution of harmful programs on a computer.  These web browser vulnerabilities allow overriding settings, even when these sites are located in a security zone that is not trusted and normally would not allow those actions.

Read the rest of this entry »

Rustock and Srizbi, two of the world’s biggest spam botnets, may be connected. Researchers have discovered that the two botnets share the same malware delivery method, a Trojan called Trojan.Exchange, which is activated when unsuspecting users click on malicious links in spam messages. Most of the spam the botnets send is of the fake headline variety (such as the recent Obama and Nuclear Disaster spams) and the fake video variety (this type usually tells the recipient they were caught on video in an embarrassing situation and invites them to click on a link to see for themselves).

Rustock is currently the biggest spammer on the net, with Srizbi a close second. It’s not yet known if the two botnets are being run by the same gang or simply have some sort of agreement in which they work together, but there is some speculation that they are both run by the infamous Russian Business Network, a known haven for spammers, hackers, and other cybercriminals. Read the rest of this entry »

The latest wave of fake headline spam appears to be capitalizing on people’s fears of a disaster. Security experts have discovered a new wave of malicious spam that claims a nuclear plant has exploded. So far there are at least three versions. One claims the plant is near London, one claims it is in Ontario, Canada, and one claims it is in Sydney Australia. (There is no nuclear plant in London or Ontario and the one in Australia is not near Sydney.) The spam messages ask the recipient to click on a link claiming to be a news video of the catastrophe-but it’s actually a Trojan that if downloaded will allow a hacker to take control of the PC. Experts believe the gang responsible for this latest wave of malicious spam is located in Russia. Not coincidently, the spam wave began on September 11th.

A massive new spam attack has security vendors warning IT admins to ramp up their spam filters. The spam is of the fake but lurid headline variety, but this time the fake headline targets presidential candidate Barack Obama. The email claims to be a breaking news story about an Obama sex scandal and includes a link to a video claiming to show the senator in a sexual tryst with several Ukranians during his visit to that country last year.

Anyone who clicks on the link is treated to a 14 second pornographic video, which masks the fact malware is being downloaded to their computer. The malware includes a Trojan that allows a hacker to take full control of the PC and a keylogger that sends every keystroke to a remote server controlled by the hacker. This type of malware could be particularly disastrous should an employee unwittingly download it onto a company PC and give a hacker access to sensitive corporate info, so beware and make sure those spam filters are working!

Federal authorities in New Orleans have indicted a Brazilian man on charges he was planning to sell a botnet he created to a Dutch spammer. Prosecutors say 35 year old Leni de Abreu Neto created a botnet of over 100,000 compromised computers and was in negotiations to sell it to Nordin Nasari of The Netherlands, a spammer who wrote the virus Neto used to take control of the computers in his botnet. Nasari agreed to purchase the entire operation for $36,800. While Nasari s being prosecuted by Dutch authorities, Neto faces charges here in the U.S. and is facing up to 5 years in prison and a fine of up to a half million dollars. Read the rest of this entry »

As every experienced network administrator knows, standardization lowers the total cost of ownership. Creating standards lowers helpdesk support calls and facilitates easier maintenance. Companies establish standards for everyone using the same software and hardware. Server hardware configurations are standard for every new application implementation. Each server uses the same hard drive configuration, same memory chips and all software service packs are all the same version. So issues encountered with any server around the world can be easily resolved. Read the rest of this entry »