Featured Article

Second Oldest Magazine in Canada Forced to Change Name Due to Spam Filters

Canada’s distinguished history magazine-an institution for almost 100 years, was forced to change its name due to the issues it caused with spam filters. The magazine’s former name, The Beaver, refers to Canada’s beloved national symbol, but it’s also a …

Second Oldest Magazine in Canada Forced to Change Name Due to Spam Filters
   

Browser flaw tied to attack on Google

A zero-day bug in Microsoft Internet Explorer was a key element in an attack on Google and other companies last week. The attack, designed to ransack the Gmail of some Chinese human-rights activists managed to clip some of the Search King’s intellectual property in the process.

          “In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google,” Google said in a statement issued last week. “However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.”

“As part of our investigation we have discovered that at least 20 other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted,” Google added.

The attack illustrates that even the Google elite can be duped by a social engineering ploy wrapped in an email message. According to security experts, the email messages used by the attackers were targeted at specific Google employees likely to have access to valuable proprietary information on their company’s servers. The messages were carefully disguised to look as if they originated with sources the employees would trust.

Since the messages appeared to come from a trusted source, the Googlites didn’t hesitate in clicking links in the electronic epistles. Once that was done, the story took a familar turn. The links resulted in malware being downloaded to the employees’ computers. The malware exploited an unknown vulnerability in Internet Explorer and opened a back door on the compromised machines. The back door let the crackers snoop around the wounded computers and gain control over their operation, using them to identify meaty targets  and bleed valuable data from them.

Browser flaw tied to attack on Google
   

ISPs Don’t Want to be Spam Cops

British ISPs have reacted strongly to the suggestion of Trend Micro CTO David Rand that the ISPs should actively combat the problem of spam on the internet.

Rand’s suggestion is the blocking of TCP port 25 (the port used for SMTP, or email, communications between servers on the internet), making contact with customers who they suspect may be the source of spam outbreaks, as well as stronger government legislation.

The legislation idea has merit, after all the lack of cooperation between government agencies is how many international spam operations manage to go unpunished.  The blocking of SMTP on the other hand is impractical and costly to implement, both from a technical and a service perspective.

The basis of the idea is this.  Customers send mail using SMTP, therefore by blocking SMTP and requiring that customers send mail via the ISP’s mail servers allows close monitoring of email traffic and detection of spam.

The solution is problematic though because many ISP customers, both home users as well as businesses, have perfectly good reasons to not send their email via their ISPs mail servers.  These customers would need to be unblocked from using SMTP, and hence cannot be closely monitored.

The monitoring itself also presents two problems – firstly customers object to having their email correspondence inspected by other parties including their ISP.  Secondly, any false positives could have disastrous consequences if important emails were blocked.  ISPs do not want the exposure to liability if they block an email that results in monetary loss for the sender or recipient.

ISPs Don’t Want to be Spam Cops
   

Spammers Exploiting Haiti Disaster

In a sickening but unfortunately not surprising move, spammers and scammers have quickly moved to exploit the tragic earthquake in Haiti. Security experts say spam messages claiming to be fundraising pleas have begun hitting the web. Some of the spams …

Spammers Exploiting Haiti Disaster
   

Win a copy of GFI MailEssentials for your business

Get rid of spam once and for all this year with ExchangeServerPro.com and GFI Software. Head over to ExchangeServerPro.com where Paul Cunningham is holding a Spam Free 2010 contest in collaboration with GFI Software and giving away two license packs …

Win a copy of GFI MailEssentials for your business
   

Romanian Man Facing Prison Time For Phishing

A 28-year-old Romanian man is facing 5 years in prison after pleading guilty to a charge of conspiracy to commit fraud related to spam. Cornel Ionut Tonita was involved in a phishing ring with two other men. The men set …

Romanian Man Facing Prison Time For Phishing
   

Spyware linked to Google ads

WhenU covers Continental with its own Google ads -- charging ad fees for traffic Continental would otherwise receive for free.

Google has been called on the carpet by a prominent spyware fighter for contributing to the bottom line of Internet snoopsters.

          “By paying spyware vendors to show advertisements, Google both enlarges and prolongs the spyware problem,” Harvard Business school Assistant Professor Ben Edelman recently wrote on his Web site.

“In particular,” he continued, “Google’s funding supports software that users struggle to remove from their computers. Google’s payments make it more profitable for vendors to sneak such software onto users’ computers in the first place.”

Edelman’s criticism of Google is largely based on the search king’s relationship with two firms: InfoSpace and WhenU. InfoSpace, among other things, distributes Google pay-per-click advertising. It uses subcontractors, like WhenU, to assist in circulating those ads.

According to Edelman, WhenU, through its spyware, collects cash from Google through some questionable ad practices. Here’s the problem.

When an advertiser buys a pay-to-click ad, it pays when a consumer clicks on the ad and goes to the advertiser’s site. If the consumer makes a purchase, the value of that ad increases and that added value is taken into account when the ad is renewed.

Spyware linked to Google ads
   

Phishing and Malware in the Smart Phone Era

The last few years have seen a sharp rise in the power and features of smart phones such as the Blackberry, Apple iPhone, and most recently Google Android-based phones.

Coupled with this rise is a new ecosystem of mobile application development, made mainstream by Apple’s App Store for the iPhone which boasts over 30,000 applications available for download.

This trend has reached a new, troubling milestone with the discovery of several fraudulent banking applications on the Google Android online store.  The programs were disguised as genuine mobile banking applications and were designed to steal online banking credentials from anyone using them.

Although the applications have now been removed it highlights the constant evolution of the security threat landscape.  As technology becomes more ubiquitous it extends the threats in what are frankly quite predictable directions, at least for the security-minded among us.

Phishing and Malware in the Smart Phone Era
   

Fake Outlook Notifications Spreading Malware

Security experts have detected a new phishing campaign that uses fake Microsoft Outlook notifications to spread malware. Over a million of the spam messages have been intercepted by spam and phishing filters since Thursday. The messages look like an alert …

Fake Outlook Notifications Spreading Malware
   

SpamAssassin Bug Blocks Untold Numbers of Legit Emails

A bug in the popular SpamAssassin anti-spam engine caused legit emails sent in the first few days of 2010 to be marked as spam. It’s not known exactly how many emails were affected but the bug affected ISPs across the …

SpamAssassin Bug Blocks Untold Numbers of Legit Emails
   

Last Comments

  • Imran on Fanbox Spam Turns Into Costly Scam August 24, 2014

    Fanbox i worked there it’s a real scam they owe me 4500 dollar but they did not give me my money as i was everyday claiming my money to them they were oblige to cancel my account. then asked me to create another account so that i work again with them what i have refused, i said them that you just show me how fanbox is a scam im not crazy again to waste my time creating post to make you rich. i invite every new users who just start with them please dont waste your time they wont never give you a penny of dollar that only a virtual money be aware to avoid johny cash and his ganster here is the message they sent to me two month before they cancel my account:

  • Aussie on India Tops List of World’s Biggest Spammers August 16, 2014

    ALL my SEO spam comes from Indians. They are a big pain in the arse.

  • Andrew on Spammers Get Sleazier with Attachment within Attachment Technique August 14, 2014

    This is more relevant to the home user, who typically operates with a low level of protection against such threats. Businesses will employ sophisticated techniques at the border (eg: removal of or cloaking of ZIP files to render inert). Home users have no such luxury available to them at a reasonable cost. Until ISPs actually start offering business grade mail protection/filtering to their customers, then the consumer is on his/her own and must remain diligent. If you didn't initiate a request with the sender, then don't open the damned attachment. If you get an email claiming to be from your bank which contains an attachment, don't open it - your bank would never send you a ZIP'd archive to open anyway. Check links contained in email body before you go ahead an click on them - for instance, hovering over a link in an email will ususally display a tooltip with the actual web address encoded, rather than the false link displayed in the email content. Simple checks that anyone can perform before committing a single or double-left click on something that could cost dearly.... Diligence people! If you are, then you already made the spammers hit-rate that much lower, by simply not sleep-walking into an infection. Relying on anti-virus/malware protection apps is allowing people to abrogate themselves of a basic responsibility to know what you're doing and how it can affect your machine - adversely or otherwise. We insist that people reach a basic level of proficiency to drive a car. We need something similar for the consumer directed web....

  • Santine on Does Legitimacy Make LinkedIn and Zoosk Spam All Right? July 31, 2014

    Before we go any further--let's skip Papa John's--let's go back to the main issue: these huge companies that are allowed to spam simply because they are, well, and sending mails is just a way of marketing their products and services more. That's definitely a bull, don't you think? The title is even misleading since there's nothing legitimate with spamming.