Ninety-five percent of email never reaches an inbox.

Email service providers trash 95 percent of the traffic headed to their customers’ inboxes, according to a survey from a European security group.

“[S]pam’s impact on the business has been greatly reduced through effective anti-spam measures,” the European Network and Information Security Agency reported recently in its third annual 2009 Anti-Spam Measures Survey.

“Anti-spam measures are doing their job, reducing the threat of spam to a manageable security process,” it added. “This process still requires focus, expertise and resources, but it is arguably predictable.”

“These measures currently filter out over 95 percent of email traffic, using a variety of methods, greatly reducing the volume of spam that customers receive, without causing significant problems with false positives,” it continued.

The researchers found “alarming” the current state of blacklist management.

Blacklists are one of the most common ways service providers block spam from leaving their servers, followed by outbound virus scanning and port 25 monitoring. Yet some 66 percent of the survey participants said their servers had been added or retained on blacklists incorrectly. What’s more, the same percentage told the surveyors that they believe that major blacklists sometimes incorrectly include servers that do not or no longer send spam.

After encountering a blacklisting problem, the respondents split evenly on the difficulty of rectifying it, with 50 percent saying it was easy and 50 percent saying it was hard, according to the survey of 92 anti-spam and email service providers responsible for some 80 million email boxes in 30 countries.

“This high level of responses citing problems with blacklists incorrectly including non-spamming servers is alarming,” the report declared. “This problem may inevitably happen occasionally, but email providers clearly want to be sure that when a spam problem is fixed, that the server can be removed from the blacklist.”

The researchers also noted that spending to fight spam is wide ranging, with one of the major determinants being company size. “Even most small providers have anti-spam budgets over EUR 10,000 annually [about US$14,000], while the largest providers can have budgets in the millions of Euros,” they wrote.

They added that spam imposes a burden on company help desks. “Some respondents noted that a significant share of help desk calls concern spam, though most reported that less than 10 percent of help desk calls concern spam.”

“These results,” they continued, “suggest that most providers are currently managing to prevent spam from greatly harming the customer experience, though spam continues to impose costs on help desks.”

According to the survey, respondents emphasized the need for a coordinated approach against spam, and a key part of that is for providers to shut down spammers among their own customers before sending the spam on to other service providers.

“Generally,” it noted, “collaborative approaches are developing and proving successful, but there is much more that can be done to collaboratively address the problem of spam.”

The report also identified some of the most popular techniques deployed by spam fighters to skunk email junk.

The most common way of detecting spam is through complaints, folowed by monitoring peak traffic, traffic anomalies and signature detection. Seventy five percent of the respondents said they analyze a spam source when customers complain about it, the report noted, but “Far fewer analyze the source of spam based on automated tools, specifically when monitored spam levels reach a threshold.”

For blocking spam, the most popular methods are blacklisting, content filtering, and sender authentication. “The usage of most network-based measures has stayed constant since the 2007 survey, though use of sender authentication and URI blacklisting have increased markedly, while reputation systems and slowing the sender’s connection have become less common,” the report observed.

“The average number of network-based measures applied has also remained consistent at 4.7 per provider,” it added.

When authenticating the senders of email, the report found that SMTP AUTH remains the most popular, with SMTP TLS and SPF finishing a distant two and three. “The usage of the various sender authentication mechanisms has remained mostly constant since 2007, except for DKIM, which has increased significantly,” the report explained.

As effective as their efforts have been, the report revealed that spam fighters don’t intend to sit on their laurels. “Close to half of providers stated that they plan to implement new anti-spam measures within six months,” the researchers reported. “Reputation databases were mentioned most frequently with new blacklists most common, followed by greylists.”

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam traps nab 95% of all email

The irony is that the site’s co-founder, Greg Tseng, was himself fined $900,000 back in 2006 when his company, Jumpstart Technologies, was found in violation of the CAN-SPAM Act. What’s more, this past November, Tagged reached a $750,000 settlement with the Attorney Generals of New York and Tennessee over its own invitation practices.

The site has had a bad reputation for some time, and some anti-fraud advocates consider it a phishing site.

Whether the suit and the site’s recent revamp of its invitation process means the site is turning over a new leaf remains to be seen, but the irony is hard to ignore!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Tagged.com Wins Suit Against Spammer

Security experts are predicting such activities to keep rising as the iPad’s March release date draws closer. They advise users to keep their anti-virus software up to date and to get their Apple news from trusted, familiar sites. Companies should review their site security and keep a close eye on their code as many of the poisoned search results point toward legit sites that have been compromised by SQL injection attacks.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

iPad Launch Causes Spike in Apple Spam

Over half of the 500 companies received spam via a social network, and more than one third experienced a malware infection from one of these sites.

The perception is growing among businesses that social networks are a risk of more than just employees wasting time.  Most companies either take a blanket allow or deny approach to social networks but apply no other measures to address the larger risks that these websites expose them to.

Spam and phishing are rampant on the most popular networks such as Twitter and Facebook.  For all the attention paid to email security for businesses, often very little is given to the messaging capabilities of social network sites.  Clicking on a malicious link in a Twitter message is no different to the same link delivered via email.  From the spammer’s perspective the deliverability rate of their messages is much higher on social networks than it is for email.

These attacks continually come to light in the media.  Twitter has notified some users that they may have been subjected to a phishing attack and has forced them to update their passwords to ensure their accounts are not misused.  This reactionary step is the closest thing to protection that can be achieved on an unmoderated medium like Twitter that has no entry requirement other than a working email address, and exposes a rich API that is perfect for spam automation systems.Facebook has partnered with a security vendor to offer free 6 month trials of internet security products to prevent user computers from being compromised.  This places the responsibility for Facebook security on the user and is an opt-in offering only, which will mean minimal uptake.

Other vendors are offering their own products that claim to protect from social networking risks.  As a point solution these might be effective, although they currently support only one or two popular services.  For businesses the cost and administrative overhead does not scale well.

Deploying a special product to a fleet of desktops to combat a subset of the risks of being online will not be an attractive option for large environments.  These organizations look for unified threat management systems that can be more easily deployed and centrally administered, and can operate at key network locations such as web proxy servers rather than at individual computers.

Security against spam, phishing and malware is just one important part of social networks.  Another significant issue is that of privacy of personal information.  Facebook recently changed its privacy policy to expose all personal information as public, a reversal of its previous “private by default” stance.  Employees are not often careful with what information they share on social networks, that can be valuable to an attacker for use in social engineering.

Professional social networks such as LinkedIn encourage the exposure of employee names and position titles as people build their network of contacts.  Security experts have proposed that social networks may have played a part in the recent Google hack, as the attackers compromised the accounts of low level employees in order to gain access to those who had the higher levels of access they needed to make a successful intrusion.

Email spam, though it constantly evolves, is a relatively well understood and manageable threat.  Social networks are a relatively new threat that most businesses are only just becoming aware of.  Protection strategies need to be expanded beyond just the email server and firewalls in order to deal with these new threats.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Social Network Spam Continues to Rise, Businesses Feeling Impact

          “System Defender – Kernel Error 0xC00000005

This problem is unambigously cause by malicious contents in IP packers in transport layer from website: www.offroad-lm.szm.sk. To bee patient, Windows Defender scan your hard drive(s) for bugs caused by system incompatible code. To recovery of system press OK button. Wait to successfull end of scanning. Inform about this administrator on www.szm.sk and incriminated web site.”

Once that appears, the system is doomed. The next time the user restarts the computer they will be greeted with the heart stopping error “FATAL: No bootable medium found.” This is because the virus overwrites the Master Boot Record, which permanently damages the drive. What makes this virus even more dangerous is that until the message pops up it’s nearly impossible to know the system is infected.

Win32.Worm.Zimuse A and B distribute themselves in very different ways. The first variant embeds itself on legit sites, possibly by poisoning an ad network, and pretends to be an IQ test. The second spreads via exchangeable media like USB flash drives. Experts think it was a malicious prank intended only for fans of a Slovakian motorcycle gang but it has gone far beyond that, destroying data wherever it lands. This could be especially devastating if it hit a critical government or business network.

It is extremely important to make sure your data is backed up safely and to be more cautious than ever about sharing storage media and clicking on links. All IQ tests should be avoided, and web surfing should be confined to familiar sites. If you aren’t sure if your system’s anti-virus programs are up to date, contact your IT department.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Vicious, Data Destroying Virus Discovered

CAN-SPAM says commercial emailers must provide a clear and easy way for recipients to opt out of receiving further messages and they must promptly honor those requests. What some sleazy marketers have found however, is that they can get around having to do so by changing their name. They send a blast of spam as XYZCompany at XYZ.com. They get a flurry of opt out requests and instead of honoring them, they change their name to XYZCompany1 at XYZ1.com.  More spam sent, more requests received, and they change their name again, this time to XYZCompany2 and XYZ2.com.

What can be done? It’s up to the U.S. to change the law to say that direct marketers and commercial emailers must get permission from consumers BEFORE sending any of their spam. In doing so the U.S. will fall into line with spam laws in most other countries.

Will this happen? That’s anyone’s guess. The Supreme Court’s decision to allow businesses to spend as much as they want on political campaigns may have a less than pleasant effect on the law. In the meantime, if your company is using this practice, stop. It’s not legal and it’s not good business.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

U.S. Based Spammers Using Loophole to Get Around CAN-SPAM

          “ACMA expects that Australian businesses take note of this outcome,” ACMA chairman Chris Chapman said. “Under the Spam Act, every person has the right to unsubscribe from receiving commercial electronic messages and to have that request acted on effectively and quickly. The failure to act on a request can result in significant penalties if a business is found to have breached the Act.”

CommSec sent over 6 million advertising emails in 2009. The company says it has agreed to have an independent consultant to review its compliance systems and to also provide additional training to its staff.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Australian Financial Firm Fined 55K For Spamming

The researchers used a captured spam bot to analyze a sample of the spam emails that it produced and then used this information to reverse engineer the template that the spam emails were based upon.  Once this template was known 100% of further spam emails from that bot were successfully blocked while avoiding any false positives on one million genuine email messages in the test.

Leading anti-spam products in the market today claim up to 99% accuracy for spam detection and use sophisticated analysis techniques such as Bayesian filtering to reduce false positives.  However a large part of the fight against spam remains reactive.

Adding this new technique into the protection mix may tilt the playing field in the good guys’ favour for a little while but the constantly evolving threat landscape online will find a way to get around it soon enough.  Fighting spam comes down to a numbers game – if there are more people who want to send spam than there are researchers and professionals fighting it then the war will go on for a very long time.

The spam and malware industry has already become well known as a sort of underground marketplace where anyone can buy the software and email lists they need to begin a spam campaign.  The business model behind these ventures has become so well established that ongoing maintenance plans are even available for the spam tools and malware available.  For a fee a malicious coder will develop a new variant of a tool for you that circumvent any detection that has been implemented by security vendors.

It is easy to expect this same type of service offered to botnet operators who will need a constant supply of new email templates to avoid detection by any vendor who uses this new spam analysis technique.  In fact it is also easy to expect that bot software will no longer contain all of the template information in its code and will instead regularly download new variations from other sources to hamper attempts reverse engineer it.  Most bots are already self-updating and constantly evolving into new variants anyway.

The full details of this new research will be unveiled in March and it will be very interested to see just how practical it will be to integrate this new technique into current anti-spam products.  The turnaround time required to discover and capture a new bot, analyse it, create detection signatures, and then deploy those to a global customer base may be more than enough for spammers to successfully send out their campaigns.   By the time protection is achieved the next bot variant already exists.

As far as the overall impact on spam this technique may have little to no impact at all.  Although it may prevent some spam that is sent directly from the computers compromised by bots it will not have any effect on bots that serve other purposes such as taking over webmail or social networking accounts for use by spammers.

As an anti-spam development this research is interesting but I have some doubts about its practicality and effectiveness.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Researchers Analyze Bots to Beat Spam, But Will it Work?

Compromised computers spew spam.

In judo, an attacker’s assets are turned into liabilities by a defender. The attacker’s attributes like weight and size are leveraged against the aggressor and used to neutralize him or her with a flip. A similiar tactic to fight spam propogated by botnets has been developed by an octet of researchers.

The team from the International Computer Science Institute in Berkeley, Calif. and University of California in San Diego–Andreas Pitsillidis, Kirill Levchenko, Christian Kreibich, Chris Kanich, Geoffrey M. Voelker, Vern Paxson, Nicholas Weaver, and Stefan Savage–have developed a way to flip the software running a botnet so it assists spam fighters in blocking the cyber junk spewed by the malware.

The researchers, who will be presenting their findings next month at the 17th Annual Network and Distributed System Security Symposium in San Diego in a paper titled “Botnet Judo: Fighting Spam with Itself,” turn a technique deployed by botware to disguise its nefarious activity from spam assassins into a tool for blocking junk email.

Here’s how the technique works. To fool spam filters analyzing the text of a spam message, a botware program will periodically make changes in its output. To do that, it uses a template. The template not only specifies the content of a message, but it also determines how to vary that content in future iterations. If those templates could be cracked, the team reasoned, then they could be used to block the bot’s output.

After analyzing 1000 spam messages from one compromised machine–about 10 minutes output for a bot engine–the boffins were able to construct the template. With that knowledge, they could appropriately modify spam filters to block 100 percent of the spam generated from the infected machine. Better yet, they could do it without producing a single false positive.

“This is an interesting approach which really differs by using the bots themselves as the oracles for producing the filters,” Michael O’Reirdan, chairman of the Messaging Anti-Abuse Working Group told the New Scientist in an interview.

However, it does take some time to crack the template. In the spam world, even a short delay can be enough time to unleash a raft of junk. Botnets have grown so large, Reirdan added, that even a one minute delay in cracking the template would be “long enough for a very substantial spam campaign.”

While the spam battlers’ research garnered kudos from many quarters, one security expert was less than impressed by their efforts. “All you have to do is download the malware, capture the spam traffic, and then use the traffic to build an anti-spam corpus of rules,” wrote Terry Zink, a program manager for Microsoft’s Forefront Online Security unit, in his Anti-malware blog. “In other words, it’s the next step in doing what anti-spam vendors have been doing since 2002.”

He questioned how effective the template technique would be in practice. In order for it to have a significant impact on spam, he reasoned, bad apps from many botnets would need to be captured not just one. That could be a daunting task.

What’s more, botware isn’t a static target, he points out. Malware on the zombie nets often updates itself automatically. A template that works today might not work tomorrow. Any anti-spam software would have to keep pace with those changes to make sure it’s correctly identifying how the malware is sending out its nasty payloads.

In addition, he continued, all botware doesn’t directly send out spam. Some of them are designed to compromise  email services like Hotmail, Gmail and Yahoo mail. Once they’ve done that, they set up accounts there and use those accounts to distribute their junk. Intercepting the traffic from those kinds of bots would have a limited impact on their ability to generate spam.

He also noted that because of the competitiveness of the botware universe, malware writers often design their programs to zap any other black apps on a targeted computer. So a template could be created for a piece of botware that subsequently gets wiped by a competitor. In that case, the compromised computer will restart pumping out its noisome payloads unabated.

Nevertheless, Zink doesn’t totally write off the researchers efforts. “Still, this technique is a viable anti-spam measure if you can capture malware and install it; however, one would need to understand that it is but one tool in the antispam arsenal,” he writes. “It would have to be supplemented with other techniques like IP reputation and sender reputation.”

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Botnet judo fights spam with a flip

Webwail is a sophisticated engine that has library updates, a scripting engine and the ability to crack CAPTCHAs in 30 seconds or less. The engine also reports errors back to its command server so changes can be made quickly. Currently it’s being directed to create Hotmail accounts.

Captcha cracking is a hot business thanks to engines like Webwail. Botnet hearders and spammers advertise for people willing to crack them for .60 to .80  per 1000 CAPTCHA solved. Spammers want the free webmail accounts they can get by solving them so they can spam from an address not likely to be blocked by a spam filter.

Bredolab spent the holidays delivering the Zbot banking Trojan. Considered simplistic in the botnet world, Bredolab is little more than a “loader” that connects to a remote server, collects files, and executes them. Some experts think such loaders could be our next big threat.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Bredolab Pushing New Spam Engine

          “There were some really unfortunate but practical reasons why The Beaver couldn’t be the universal brand,” said publisher Deborah Morrison. “That’s the factor why it was a deterrent — particularly amongst women and people under the age of 45. Unfortunately, sometimes words take on an identity that wasn’t intended in 1920, when it was all about the fur trade. People were literally writing us and saying, ‘We can’t get your e-newsletter because it’s being spam-filtered out, can you change the title of the heading?’ “

The magazine, which was launched in 1920, at first covered only the booming fur trade in the country, but over the past decade or so has expanded to cover all aspects of Canadian history. Its first issue under the new name-Canada’s History-will go on sale in April.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Second Oldest Magazine in Canada Forced to Change Name Due to Spam Filters

          “In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google,” Google said in a statement issued last week. “However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.”

“As part of our investigation we have discovered that at least 20 other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted,” Google added.

The attack illustrates that even the Google elite can be duped by a social engineering ploy wrapped in an email message. According to security experts, the email messages used by the attackers were targeted at specific Google employees likely to have access to valuable proprietary information on their company’s servers. The messages were carefully disguised to look as if they originated with sources the employees would trust.

Since the messages appeared to come from a trusted source, the Googlites didn’t hesitate in clicking links in the electronic epistles. Once that was done, the story took a familar turn. The links resulted in malware being downloaded to the employees’ computers. The malware exploited an unknown vulnerability in Internet Explorer and opened a back door on the compromised machines. The back door let the crackers snoop around the wounded computers and gain control over their operation, using them to identify meaty targets  and bleed valuable data from them.

In a security advisory posted to the Web following reports of the attack, Microsoft characterized the vulnerability as “an invalid pointer reference within Internet Explorer.”

“It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted,” it explained. “In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”

In order to exploit the flaw in the browser, though, a cybernaut must be lured to an infected Web site. “In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability,” the advisory stated.

“In addition,” it continued, “compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.”

“In all cases, however, an attacker would have no way to force users to visit these Web sites,” it maintained. “Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s Web site.”

If users want to reduce the risk of being victimized by the zero-day vulnerability, Microsoft noted in a subsequent posting, they should avoid using version six of Internet Explorer and upgrade to another version. It also recomended that users of Windows XP upgrade to a newer version of Windows. Maybe Windows 7, which was just released by the company?

Meanwhile, as part of the fallout at Google over the attack, the company decided to get tough with China.

          “These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the Web–have led us to conclude that we should review the feasibility of our business operations in China,” Google stated. “We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all.”

“We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China,” it added.

Google’s threat to leave China has been hailed as a bold move to bolster human rights, and there is no reason to doubt that the concern has its heart in the right place. However, there’s a subtext in the message, whether intentional or not, that Google is serious about security. That message isn’t for the Chinese. It’s for Google’s current and future corporate clients who are or will be buying from the company “cloud” services, which in the long run may even eclipse advertising as a revenue stream for the corporation.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Browser flaw tied to attack on Google

Rand’s suggestion is the blocking of TCP port 25 (the port used for SMTP, or email, communications between servers on the internet), making contact with customers who they suspect may be the source of spam outbreaks, as well as stronger government legislation.

The legislation idea has merit, after all the lack of cooperation between government agencies is how many international spam operations manage to go unpunished.  The blocking of SMTP on the other hand is impractical and costly to implement, both from a technical and a service perspective.

The basis of the idea is this.  Customers send mail using SMTP, therefore by blocking SMTP and requiring that customers send mail via the ISP’s mail servers allows close monitoring of email traffic and detection of spam.

The solution is problematic though because many ISP customers, both home users as well as businesses, have perfectly good reasons to not send their email via their ISPs mail servers.  These customers would need to be unblocked from using SMTP, and hence cannot be closely monitored.

The monitoring itself also presents two problems – firstly customers object to having their email correspondence inspected by other parties including their ISP.  Secondly, any false positives could have disastrous consequences if important emails were blocked.  ISPs do not want the exposure to liability if they block an email that results in monetary loss for the sender or recipient.A serious issue is also that of costs.  A higher email load combined with more thorough monitoring means more costs to the ISP for servers and software to do those jobs.  The human resource costs also increase, both in the management of the systems as well as the teams who need to contact and support customers who are suspected of sending spam.

Although email is currently the largest source of spam on the internet there are other forms of spam that are quickly becoming very common that would not be addressed by this solution.  Social networks such as Facebook and Twitter have become rich hunting grounds for spammers and phishers who are able to target victims with highly personalized attacks thanks to the open nature of these networks.

In a world where ISPs block spam email from customers the focus of botnets would simply shift to exploiting social networks and identity theft for the same outcomes.  Because these networks run simply as interactive websites they become impossible to block at the protocol level, and blocking them on a site by site basis would immediately outrage customers.

The British ISP heads who commented are correct in their view that businesses and email administrators need to take the responsibility of blocking spam that is sent to them, rather than expect ISPs to do all the work for them.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

ISPs Don’t Want to be Spam Cops

In addition at least 64 new websites have popped up since the earthquake, all with the word Haiti in them and with variations of words like quake, relief, and disaster. Experts say the amount of Haiti related spam and scams is expected to rise. It’s an old technique. Spammers and scammers use the hot topics of the day to both poison search results and get people’s attention with their spam. Last year everything from the H1N1 crisis to Michael Jackson’s death was exploited.

To protect yourself and your company, don’t give to any charity that you aren’t familiar with, asks you to send your donation via Western Union, or sends fundraising pleas via spam. When searching for news and information on the disaster, stick to familiar websites. If your company would like to do more to help, contact charities such as the Red Cross, Doctors Without Borders, and Unicef  directly and ask what they need.

If you want to help, you can text the word HAITI to 90999 to donate $10 to the Red Cross. All 4 major US cell providers have agreed to wave any messaging fees, and the donation will appear on your next phone bill.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spammers Exploiting Haiti Disaster

Two people have the chance of winning either the first prize which is a 50 user license pack or the runner up prize – a 25 user license pack.

For details on how to enter the competition check out Paul’s blog post. The deadline for the contest is 31 January 2010, Australian EST.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Win a copy of GFI MailEssentials for your business

Tonita admitted to using email harvesting software and sending spam designed to lure people to the fake sites. Authorities say he sent a file of almost 10,000 addresses to one of the other men.

All three men have been convicted. One of them, Ovidiu-Ionut Nicola-Roman, was the first foreign national ever convicted of phishing in the U.S. He was sentenced to 4 years in prison. Tonita will be formally sentenced in April.

Phishing has become a multi-million dollar industry for cybercriminals and experts say there attacks are becoming more and more targeted and sophisticated.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Romanian Man Facing Prison Time For Phishing

WhenU covers Continental with its own Google ads -- charging ad fees for traffic Continental would otherwise receive for free.

Google has been called on the carpet by a prominent spyware fighter for contributing to the bottom line of Internet snoopsters.

          “By paying spyware vendors to show advertisements, Google both enlarges and prolongs the spyware problem,” Harvard Business school Assistant Professor Ben Edelman recently wrote on his Web site.

“In particular,” he continued, “Google’s funding supports software that users struggle to remove from their computers. Google’s payments make it more profitable for vendors to sneak such software onto users’ computers in the first place.”

Edelman’s criticism of Google is largely based on the search king’s relationship with two firms: InfoSpace and WhenU. InfoSpace, among other things, distributes Google pay-per-click advertising. It uses subcontractors, like WhenU, to assist in circulating those ads.

According to Edelman, WhenU, through its spyware, collects cash from Google through some questionable ad practices. Here’s the problem.

When an advertiser buys a pay-to-click ad, it pays when a consumer clicks on the ad and goes to the advertiser’s site. If the consumer makes a purchase, the value of that ad increases and that added value is taken into account when the ad is renewed.

What spyware makers will do through software planted on a user’s computer is pop-up a window containing Google ads after a consumer arrives at a site through a pay-per-click ad. Moreover, among the Google ads in the Window is one for the site behind the pop-up. The advertiser ends up paying for both ads, although only one–the original click-to-pay ad–delivered a customer to the site.

The problem is compounded when the pop-up appears over a page where a click has been converted into a purchase. “[W]hen advertisers evaluate the PPC [Pay Per Click] traffic they bought, they overvalue this ‘conversion inflation’ traffic–leading advertisers to overbid and overpay,” Edelman explained.

He cited an example of a WhenU pop-up at the Web site for Continental Airlines. When he landed on the  site, a pop-up appeared that contained a prominently placed Google ad for the air carrier. Not only that, but the ad in the pop-up suggested that clicking on it would lead to lower fares at the “official” Continental site. “In fact both suggestions are inaccurate, but a reasonable user would naturally reach these conclusions based on the wording of the advertisement and the context of its appearance,” he maintained.

What’s more, he contended that the WhenU pop-up violates Federal Trade Commission rules that sponsored search results be clearly labeled as such. He confessed, however, that the sponsorship message might appear on a computer with a larger display. (His display was 800-by-600 pixels.) Nevertheless, the FTC rules make no exceptions based on screen size, he added.

Edelman, who has been following the activities of InfoSpace and its subaltern WhenU for almost a year, called on Google to clean up its act. It could start that process by cutting loose from InfoSpace, he proposed. Not only does InfoSpace have a track record of improper placement of Google ads, he complained, but “Google does not need a distributor whose business model entails farming out ad placements to subdistributors.”

          “If InfoSpace’s subdistributors seek to distribute Google ads, and to be paid for doing so, let them apply directly to Google and undergo Google’s ordinary quality control and oversight,” he recommended. “Inserting InfoSpace as an additional intermediary serves only to lessen accountability.”

He had another suggestion that would cause a howl of protest in the boardrooms of most companies.

          “Google also needs to pay restitution to affected advertisers,” he said. “Every time Google charges an advertiser for a click that comes from InfoSpace, Google relies on InfoSpace’s promise that the click was legitimate, genuine, and lawfully obtained,” he reasoned. “But there is ample reason to doubt these promises.”

“Google,” he continued, “should refund advertisers for corresponding charges–for all InfoSpace traffic if Google cannot reliably determine which InfoSpace traffic is legitimate. These refunds should apply immediately and across-the-board–not just to advertisers who know how to complain or who manage to assemble exceptional documentation of the infraction.”

As extreme as Edelman’s recommendations may seem to some, their underlying premise remains sound. As long as malicious software makers can profit from their malevolent activity, they will continue to conduct it. The fact that some of these players can operate under a thin veneer of legitimacy only emboldens their more nefarious brethren.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spyware linked to Google ads

Coupled with this rise is a new ecosystem of mobile application development, made mainstream by Apple’s App Store for the iPhone which boasts over 30,000 applications available for download.

This trend has reached a new, troubling milestone with the discovery of several fraudulent banking applications on the Google Android online store.  The programs were disguised as genuine mobile banking applications and were designed to steal online banking credentials from anyone using them.

Although the applications have now been removed it highlights the constant evolution of the security threat landscape.  As technology becomes more ubiquitous it extends the threats in what are frankly quite predictable directions, at least for the security-minded among us.The Google Android store’s main vulnerability to this threat is its openness, which to developers and customers is seen as one of its strengths.  Apple has long been criticized for its closed approach to the iPhone App Store, requiring all applications to be manually checked and approved before they are made available.

The Apple approach is unpopular with developers who struggle to coordinate the marketing of their application launch, provide timely updates to customers, and a raft of other e-commerce related issues such as refunds, discount promotions or giveaways.  It has also been criticized as anti-competitive due to some controversial denials of applications that competed with iPhone features.

The human element of Apple’s process is also fallible.  Malicious applications may slip through the scrutiny of the people responsible for approvals.

Google’s approach has no such approval restrictions but has a similar human weakness.  A malicious application can more easily make it onto their store and has to be noticed by someone and notified to Google before it can be removed.

Consumer trends noticed in the iPhone App Store can become major security risks for Android phone owners – the irresistible lure of free stuff.  Some of the most popular iPhone apps are free ones, ranging from simple games to funny photo manipulation software to ordering pizza online.

When presented with a free application that lets you put silly hats on the heads of people in your photos who can resist giving it a try.  But what if that application is secretly uploading those pictures to a website, or trawling your contacts list for email addresses to spam.

Just as banks were targeted with fake applications so too could any online shopping application be hiding malicious code behind a familiar brand name.  A pizza ordering application, or one that lets you browse the Amazon book store, that asks you for credit card details then “fails” with an innocuous “try again later” error (or worse succeeds thanks to open APIs for some e-commerce sites) now has a copy of your credit card information.

It comes as little surprise then that a recent security survey showed that more than 54% of businesses plan to deploy mobile anti-malware protection to their fleet of smart phones by the end of 2010.

Across the mobile computing industry though there will remain a weakness at the consumer level if only businesses are turning their attention to smart phone malware protection.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Phishing and Malware in the Smart Phone Era

The messages look like an alert from the recipient’s IT department notifying them that a security upgrade is available and asking them to log into their accounts to  retrieve the new settings. The link in the messages leads to a fake Outlook Web Access page which asks them to download a file containing the new security settings. The file is actually an .exe containing the Zbot banking Trojan.

What sets this spear phishing attack apart from past ones is the sheer volume of messages being sent out and the fact that the messages are highly personalized to each domain they are sent to.

In a related attack, search engine results for “office.microsoft.com” have been poisoned with pages leading to fake anti-virus software sites. 2010 has kicked off with a bang for malware distributors, hackers, and spammers. They are growing more and more sophisticated everyday, meaning 2010 could be a record year for attacks.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Fake Outlook Notifications Spreading Malware

          Versions of the FH_DATE_PAST_20XX rule released with versions of Apache SpamAssassin 3.2.0 thru 3.2.5 will trigger on most mail with a Date header that includes the year 2010 or later.  The rule will add a score of up to 3.6 towards the spam classification of all email.  You should take corrective action immediately; there are two easy ways to correct the problem:

If your system is configured to use sa-update run sa-update now.  An update is available that will correct the rule.  No further action is necessary (other than restarting spamd or any service that uses SpamAssassin directly).

Add “score FH_DATE_PAST_20XX 0″ without the quotes to the end of your local.cf file to disable the rule.

If you require help updating your rules to correct this issue you are encouraged to ask for assistance on the Apache SpamAssassin Users’ list.  Users’ mailing list info is here.

On behalf of the Apache SpamAssassin project I apologize for this error and the grief it may have caused you.

Experts say the incident is further proof that the practice of deleting flagged messages should be stopped and instead all messages marked as spam should be sent to a folder for review by the recipient.

Apache fixed the issue when it became aware of it and urged all their customers to update their filters regularly.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

SpamAssassin Bug Blocks Untold Numbers of Legit Emails