The FTC has shut down a known malware and spyware vendor. On Monday a U.S. District Court handed down temporary restraining order forcing CyberSpy Software to cease selling its RemoteSpy program, which is a keylogger. The company was also ordered to shut down its website.

The program records every keystroke on the infected computer, takes screenshots of the screen and records the addresses of every site visited. It also records all documents opened and logs conversations from a variety of IM programs including MSN Messenger, AIM, Skype, and Yahoo! Messenger. This information is transmitted to CyberSpy’s website where their customers log in to retrieve it. The program also comes with instructions on how to disguise the software and send it via email to their unsuspecting victims. Installation is as simple as clicking on a image. From the FTC’s complaint:

          The defendants violated the FTC Act by engaging in the unfair advertising and selling of software that could be: (1) deployed remotely by someone other than the owner or authorized user of a computer; (2) installed without the knowledge and consent of the owner or authorized user; and (3) used to surreptitiously collect and disclose personal information. The FTC complaint also alleges that the defendants unfairly collected and stored the personal information gathered by their spyware on their own servers and disclosed it to their clients. The complaint further alleges that the defendants provided their clients with the means and instrumentalities to unfairly deploy and install keylogger spyware and to deceive consumer victims into downloading the spyware.

Read the rest of this entry »

Posted in Fighting spam, Spam news No Comments Tags: malware, spyware

A web hosting company allegedly responsible for at least 75% of the daily spam volume worldwide has been forced offline, thanks to evidence gathered by security experts. McColo Corp, based in California, had its service terminated by its ISP, Hurricane Electric earlier today.

Experts say the company hosts a vast community of cyber criminals including spammers, phishers, malware distributors and even peddlers of child porn. It’s also believed that McColo servers hosted the massive Rustock and Srizbi botnets. But will the move really take a bite out of cybercrime? Probably not. The criminals will in all likelihood move their operations elsewhere, most likely to an overseas host. Another ISP notorious for hosting cyber crime, Intercage, was shut down twice last month, and while experts say that closure helped kill the Storm Worm, evidence shows some of Intercages clients have set up shop on a server hosted in the Ukraine. As long as there are webhosting firms willing to look the other way, these shutdowns will only be temporary obstacles rather than permanent solutions.

A California man has been sentenced to a year in federal prison for hacking into his former employer’s computer system and giving spammers access to the mail server.

Steven Barnes was also ordered to pay a fine of over $54,000. Prosecutors say Barnes hacked into Akimno Systems’ network, turned the mail server into a massive open relay which sent out so much spam that the company’s email service was restricted, deleted its Microsoft Exchange data base, and compromised core boot files. Barnes pleaded guilty to the charges.

Read the rest of this entry »

Over the past three years a powerful Trojan maintained by a cybercrime organization has been responsible for stealing the usernames and passwords of nearly half a million bank accounts and nearly as many credit card numbers. Researchers captured some of the Trojan’s (known as Sinowal, Mebroot or Torpig) code and used it to track down its drop server full of the stolen information. Further research showed it’s been active since early 2006.

The Trojan works by waiting for the user to enter the URL for a banking or credit card site. Once it senses one, it replaces it with a fake one that captures the user’s details. So far it’s known to have the ability to sense nearly 3,000 different URLs, and is not detected by most anti-virus programs. It does this by using a rootkit to infect a PC’s master boot record, making it practically invisible.

Read the rest of this entry »

ICANN, the organization charged with overseeing the address system of the internet, has revoked the right of notorious registrar EstDomains to sell domain names. EstDomains is known as a registrar that caters to phishers, spammers, and other cybercriminals. ICANN handed down its decision after the company’s president was convicted of fraud.

          “This termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction,” Stacy Burnette, ICANN’s director of contractual compliance, wrote. ICANN rules permit the group to terminate registrars who have officers or directors convicted of a crime related to financial activities, she said.

Read the rest of this entry »

Posted in Fighting spam, Spam news No Comments Tags: phishing, spam

The reports are in and the news is not good. Malicious spam rose sharply in the third quarter. From July to September 2008, one in every 416 emails was malicious spam - compared to one in every 3,333 emails in the second quarter of the year. The rise is blamed on several large attacks such as the “Penguin Panic” attack. What was made to look like an innocent game for the iPhone was actually a nasty Trojan. This attack was responsible for nearly 27% of malicious spam. A similar attack pretending to be a Microsoft security patch was second, accounting for 12% of malicious spam sent.

Read the rest of this entry »

Continental Airlines is the latest company to be exploited by scammers. A new wave of spam claiming to be from the airline attempts to trick the recipient into downloading malware. The messages come with an attachment that look like ticket invoices and boarding passes and thank the recipient for buying their tickets online. A username and password are provided as well as the confirmation of a $900 charge to their credit card. The attachment, called “e-ticket.doc.exe” is actually a worm that downloads additional malware to the user’s PC.

Read the rest of this entry »

The FTC won a legal victory against what it considers as one of the largest spam gangs on the Internet. A federal court in Chicago agreed to freeze the assets of the notorious spam gang known as HerbalKing and shut them down. HerbalKing has sent billions of spam messages to Internet users promoting everything from fake watches to fake prescription drugs. The injunction was granted after FTC officials argued that the group was in violation of the CAN-SPAM Act of 2003.   

          “This is pretty major. At one point these guys delivered up to one-third of all spam,” said Richard Cox, chief information officer at SpamHaus, a nonprofit antispam research group.

Read the rest of this entry »

A new wave of malicious spam is using fake Windows security alerts to deliver its payload. According to Microsoft, the emails claim the alerts are part of a new, experimental and private version of an update for all Microsoft Windows OS users.

The recipient is prompted to download an attached file containing the alleged update, which is really a Trojan called Win32/Haxdoor. It records passwords, credit card numbers and other personal information and sends them to the scammers. Fortunately this Trojan is detected by antivirus programs and the Windows Malicious Software Removal Tool.

Read the rest of this entry »

Ferris Research recently predicted that there would be 40 trillion spam messages sent this year. It would seem then, that we have a continuing problem on our hands, especially since spam has morphed from simple, but annoying, advertisements to Trojan horses and links to malware-infected web sites. The focus of spam has changed. Five years ago, spam was designed to sell us something; today, it is designed to steal something from us. Spam is no longer just a cheap tool used by a two-bit marketer to peddle get-rich-quick schemes; it is now used by organized criminals in pump-and-dump stock schemes, to sell illegal goods, or to steal passwords and account numbers.

Wasn’t there supposed to be legislation to help eliminate spam? Remember the CAN-SPAM Act? It didn’t seem to have done its job. Oh, yes, it did make spamming illegal, and there have been a few high-profile cases. Some heads have rolled. But the spamming continues unabated, and in fact, has increased tenfold over the past five years since the Act was first passed. This week, Network World ran a review of the CAN-SPAM Act and what went wrong, noting that when the bill was passed, 45 percent of emails were spam. This outrageous number triggered the passage of the CAN-SPAM Act. Yet today, 97 percent of emails are spam, and there were 164 billion spam messages sent during the month of August.

Read the rest of this entry »