Featured Article

Tagged.com Wins Suit Against Spammer

In an ironic twist, Tagged.com has won a lawsuit against a spammer. A California judge has found Erik Vogeler guilty of spamming over 6,000 of the site’s members with messages that directed them to adult websites. The judge ordered him …

Tagged.com Wins Suit Against Spammer
   

iPad Launch Causes Spike in Apple Spam

Wednesday’s launch of the highly anticipated Apple iPad has resulted in a spike of Apple related spam. Security researchers say a 30% spike in phishing spam was detected following the announcement as spammers rushed to take advantage of the huge …

iPad Launch Causes Spike in Apple Spam
   

Social Network Spam Continues to Rise, Businesses Feeling Impact

A survey conducted recently found that businesses are experiencing a 70% increase in spam and malware attacks from social networks in the last year.

Over half of the 500 companies received spam via a social network, and more than one third experienced a malware infection from one of these sites.

The perception is growing among businesses that social networks are a risk of more than just employees wasting time.  Most companies either take a blanket allow or deny approach to social networks but apply no other measures to address the larger risks that these websites expose them to.

Spam and phishing are rampant on the most popular networks such as Twitter and Facebook.  For all the attention paid to email security for businesses, often very little is given to the messaging capabilities of social network sites.  Clicking on a malicious link in a Twitter message is no different to the same link delivered via email.  From the spammer’s perspective the deliverability rate of their messages is much higher on social networks than it is for email.

These attacks continually come to light in the media.  Twitter has notified some users that they may have been subjected to a phishing attack and has forced them to update their passwords to ensure their accounts are not misused.  This reactionary step is the closest thing to protection that can be achieved on an unmoderated medium like Twitter that has no entry requirement other than a working email address, and exposes a rich API that is perfect for spam automation systems.

Social Network Spam Continues to Rise, Businesses Feeling Impact
   

Vicious, Data Destroying Virus Discovered

Security researchers have discovered a vicious new virus. Dubbed Win32.Worm.Zimuse.A, it appears to have originated in Slovakia but has been quickly making its way around the world with the highest rate of infection now in the United States, followed by …

Vicious, Data Destroying Virus Discovered
   

The CAN-SPAM Act is supposed to protect us from unwanted commercial email but some U.S. based spammers, who usually call themselves direct marketers, have found a loophole to get around the requirements placed on them by the law. CAN-SPAM says …

U.S. Based Spammers Using Loophole to Get Around CAN-SPAM
   

Over 25 Million New Strains of Malware Identified in 2009

A new report out by security experts says that over 25 million new strains of malware were discovered in 2009, and that number is expected to rise in 2010. Trojans are the most popular type distributed, making up 66% of …

Over 25 Million New Strains of Malware Identified in 2009
   

Australian Financial Firm Fined 55K For Spamming

Australian financial services firm CommSec was fined $55,000 (roughly $48K US) for violating that country’s Spam Act. The Australian Communications and Media Authority (ACMA) levied the fine after it launched an investigation into the company’s mail campaigns and found they …

Australian Financial Firm Fined 55K For Spamming
   

Researchers Analyze Bots to Beat Spam, But Will it Work?

A research team from two Californian universities has developed what it believes will be a game changing approach to defeating spam.

The researchers used a captured spam bot to analyze a sample of the spam emails that it produced and then used this information to reverse engineer the template that the spam emails were based upon.  Once this template was known 100% of further spam emails from that bot were successfully blocked while avoiding any false positives on one million genuine email messages in the test.

Leading anti-spam products in the market today claim up to 99% accuracy for spam detection and use sophisticated analysis techniques such as Bayesian filtering to reduce false positives.  However a large part of the fight against spam remains reactive.

Researchers Analyze Bots to Beat Spam, But Will it Work?
   

Botnet judo fights spam with a flip

Compromised computers spew spam.

In judo, an attacker’s assets are turned into liabilities by a defender. The attacker’s attributes like weight and size are leveraged against the aggressor and used to neutralize him or her with a flip. A similiar tactic to fight spam propogated by botnets has been developed by an octet of researchers.

The team from the International Computer Science Institute in Berkeley, Calif. and University of California in San Diego–Andreas Pitsillidis, Kirill Levchenko, Christian Kreibich, Chris Kanich, Geoffrey M. Voelker, Vern Paxson, Nicholas Weaver, and Stefan Savage–have developed a way to flip the software running a botnet so it assists spam fighters in blocking the cyber junk spewed by the malware.

Botnet judo fights spam with a flip
   

Bredolab Pushing New Spam Engine

Experts say the Bredolab botnet is now linked to a spam engine called Webwail that has led to a huge spike in its activity. The spam it’s pumping out is nothing new-fake notifications from UPS claiming a package could not …

Bredolab Pushing New Spam Engine
   

Last Comments

  • Imran on Fanbox Spam Turns Into Costly Scam August 24, 2014

    Fanbox i worked there it’s a real scam they owe me 4500 dollar but they did not give me my money as i was everyday claiming my money to them they were oblige to cancel my account. then asked me to create another account so that i work again with them what i have refused, i said them that you just show me how fanbox is a scam im not crazy again to waste my time creating post to make you rich. i invite every new users who just start with them please dont waste your time they wont never give you a penny of dollar that only a virtual money be aware to avoid johny cash and his ganster here is the message they sent to me two month before they cancel my account:

  • Aussie on India Tops List of World’s Biggest Spammers August 16, 2014

    ALL my SEO spam comes from Indians. They are a big pain in the arse.

  • Andrew on Spammers Get Sleazier with Attachment within Attachment Technique August 14, 2014

    This is more relevant to the home user, who typically operates with a low level of protection against such threats. Businesses will employ sophisticated techniques at the border (eg: removal of or cloaking of ZIP files to render inert). Home users have no such luxury available to them at a reasonable cost. Until ISPs actually start offering business grade mail protection/filtering to their customers, then the consumer is on his/her own and must remain diligent. If you didn't initiate a request with the sender, then don't open the damned attachment. If you get an email claiming to be from your bank which contains an attachment, don't open it - your bank would never send you a ZIP'd archive to open anyway. Check links contained in email body before you go ahead an click on them - for instance, hovering over a link in an email will ususally display a tooltip with the actual web address encoded, rather than the false link displayed in the email content. Simple checks that anyone can perform before committing a single or double-left click on something that could cost dearly.... Diligence people! If you are, then you already made the spammers hit-rate that much lower, by simply not sleep-walking into an infection. Relying on anti-virus/malware protection apps is allowing people to abrogate themselves of a basic responsibility to know what you're doing and how it can affect your machine - adversely or otherwise. We insist that people reach a basic level of proficiency to drive a car. We need something similar for the consumer directed web....

  • Santine on Does Legitimacy Make LinkedIn and Zoosk Spam All Right? July 31, 2014

    Before we go any further--let's skip Papa John's--let's go back to the main issue: these huge companies that are allowed to spam simply because they are, well, and sending mails is just a way of marketing their products and services more. That's definitely a bull, don't you think? The title is even misleading since there's nothing legitimate with spamming.