The FBI has issued a warning about an email scam that attempts to extort money from unwitting recipients. The emails say the recipient is the subject of a criminal investigation and that charges will be pressed soon. The messages go …
Canada’s distinguished history magazine-an institution for almost 100 years, was forced to change its name due to the issues it caused with spam filters. The magazine’s former name, The Beaver, refers to Canada’s beloved national symbol, but it’s also a …
A zero-day bug in Microsoft Internet Explorer was a key element in an attack on Google and other companies last week. The attack, designed to ransack the Gmail of some Chinese human-rights activists managed to clip some of the Search King’s intellectual property in the process.
“In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google,” Google said in a statement issued last week. “However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.”
“As part of our investigation we have discovered that at least 20 other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted,” Google added.
The attack illustrates that even the Google elite can be duped by a social engineering ploy wrapped in an email message. According to security experts, the email messages used by the attackers were targeted at specific Google employees likely to have access to valuable proprietary information on their company’s servers. The messages were carefully disguised to look as if they originated with sources the employees would trust.
Since the messages appeared to come from a trusted source, the Googlites didn’t hesitate in clicking links in the electronic epistles. Once that was done, the story took a familar turn. The links resulted in malware being downloaded to the employees’ computers. The malware exploited an unknown vulnerability in Internet Explorer and opened a back door on the compromised machines. The back door let the crackers snoop around the wounded computers and gain control over their operation, using them to identify meaty targets and bleed valuable data from them.
British ISPs have reacted strongly to the suggestion of Trend Micro CTO David Rand that the ISPs should actively combat the problem of spam on the internet.
Rand’s suggestion is the blocking of TCP port 25 (the port used for SMTP, or email, communications between servers on the internet), making contact with customers who they suspect may be the source of spam outbreaks, as well as stronger government legislation.
The legislation idea has merit, after all the lack of cooperation between government agencies is how many international spam operations manage to go unpunished. The blocking of SMTP on the other hand is impractical and costly to implement, both from a technical and a service perspective.
The basis of the idea is this. Customers send mail using SMTP, therefore by blocking SMTP and requiring that customers send mail via the ISP’s mail servers allows close monitoring of email traffic and detection of spam.
The solution is problematic though because many ISP customers, both home users as well as businesses, have perfectly good reasons to not send their email via their ISPs mail servers. These customers would need to be unblocked from using SMTP, and hence cannot be closely monitored.
The monitoring itself also presents two problems – firstly customers object to having their email correspondence inspected by other parties including their ISP. Secondly, any false positives could have disastrous consequences if important emails were blocked. ISPs do not want the exposure to liability if they block an email that results in monetary loss for the sender or recipient.
In a sickening but unfortunately not surprising move, spammers and scammers have quickly moved to exploit the tragic earthquake in Haiti. Security experts say spam messages claiming to be fundraising pleas have begun hitting the web. Some of the spams …
Get rid of spam once and for all this year with ExchangeServerPro.com and GFI Software. Head over to ExchangeServerPro.com where Paul Cunningham is holding a Spam Free 2010 contest in collaboration with GFI Software and giving away two license packs …
A 28-year-old Romanian man is facing 5 years in prison after pleading guilty to a charge of conspiracy to commit fraud related to spam. Cornel Ionut Tonita was involved in a phishing ring with two other men. The men set …
Google has been called on the carpet by a prominent spyware fighter for contributing to the bottom line of Internet snoopsters.
“By paying spyware vendors to show advertisements, Google both enlarges and prolongs the spyware problem,” Harvard Business school Assistant Professor Ben Edelman recently wrote on his Web site.
“In particular,” he continued, “Google’s funding supports software that users struggle to remove from their computers. Google’s payments make it more profitable for vendors to sneak such software onto users’ computers in the first place.”
Edelman’s criticism of Google is largely based on the search king’s relationship with two firms: InfoSpace and WhenU. InfoSpace, among other things, distributes Google pay-per-click advertising. It uses subcontractors, like WhenU, to assist in circulating those ads.
According to Edelman, WhenU, through its spyware, collects cash from Google through some questionable ad practices. Here’s the problem.
When an advertiser buys a pay-to-click ad, it pays when a consumer clicks on the ad and goes to the advertiser’s site. If the consumer makes a purchase, the value of that ad increases and that added value is taken into account when the ad is renewed.
The last few years have seen a sharp rise in the power and features of smart phones such as the Blackberry, Apple iPhone, and most recently Google Android-based phones.
Coupled with this rise is a new ecosystem of mobile application development, made mainstream by Apple’s App Store for the iPhone which boasts over 30,000 applications available for download.
This trend has reached a new, troubling milestone with the discovery of several fraudulent banking applications on the Google Android online store. The programs were disguised as genuine mobile banking applications and were designed to steal online banking credentials from anyone using them.
Although the applications have now been removed it highlights the constant evolution of the security threat landscape. As technology becomes more ubiquitous it extends the threats in what are frankly quite predictable directions, at least for the security-minded among us.
Security experts have detected a new phishing campaign that uses fake Microsoft Outlook notifications to spread malware. Over a million of the spam messages have been intercepted by spam and phishing filters since Thursday. The messages look like an alert …
A bug in the popular SpamAssassin anti-spam engine caused legit emails sent in the first few days of 2010 to be marked as spam. It’s not known exactly how many emails were affected but the bug affected ISPs across the …
- 4SysOps.com – For Windows administrators
- About.com – Business Security
- Al Iverson
- Email management, storage and security
- Ephemeral Law
- Glen’s Exchange Dev Blog
- Ideas, Life & Technology
- Messaging blogs
- Security Tools and Tips
- Spam Notes
- Talk Tech To Me
- Terry Zink