To show how serious they are about their attempts to eradicate spam, fifteen companies have joined forces to help fight one of the most dangerous spam tactics of all – phishing.

This collective, known as the Domain-based Message Authentication, Reporting and Conformance (DMARC), has come together to develop standards that they promise will help combat the practice of spammers sending emails that appear to come from a legitimate organization.

According to DMARC, its work:

“draws upon a history of private industry collaboration with 18 months of dedicated work, to outline an enhanced vision for email authentication that can scale up to today’s Internet needs.”

Who Is DMARC?

The group of fifteen who have dedicated resources to this fight consists of:

• Agari
• American Greetings
• AOL
• Bank of America
• Cloudmark
• Comcast
• Facebook
• Fidelity Investments
• Google
• LinkedIn
• Microsoft
• PayPal
• Return Path
• The Trusted Domain Project
• Yahoo!

And just what exactly they are trying to do is create a specification that allows senders and receivers of email messages to share information with each other about their authentication infrastructure to make sure that emails come from the organization they claim to be.

According to their website, DMARC attempts to address this by providing coordinated, tested methods for:

Domain owners to:

• Signal that they are using email authentication (SPF, DKIM),
• Provide an email address to gather feedback about messages using their domain – legitimate or not,
• A policy to apply to messages that fail authentication (report, quarantine, reject).

Email receivers to:

• Be certain a given sending domain is using email authentication,
• Consistently evaluate SPF (Sender Policy Framework) and DKIM(DomainKeys Identified Mail) along with what the end user sees in their inbox,
• Determine the domain owner’s preference (report, quarantine or reject) for messages that do not pass authentication checks,
• Provide the domain owner with feedback about messages using their domain.

So What Makes DMARC Different?

Most companies already employ some type of analysis on incoming email messages to include SPF and DKIM so this specification isn’t turning to something new. In fact, they recommend a continued approach employing other techniques such as high quality spam filters and rate limiters to form a well rounded solution to fighting spam.

What DMARC is trying to do is to standardize and streamline the process of analyzing messages because participating companies can rely on the coordination of the group to establish trust when it comes to determining whether or not a sender is legitimate.

In plain English, DMARC looks to form a conglomerate of cooperation between email senders and receivers (the organizations like Google, Microsoft, Yahoo!, etc. not the individual users themselves) who share information about the emails they send to each other. Turning to the information made available to the group, it can be easier to see whether or not an email is spoofed spam or a legitimate message worthy of delivery.

Not only is it the hope that less spam will make it through, but that resources will be streamlined as a result of these efforts as well. Large datacenters could see a positive result if all goes as planned.

The Flipside

Of course not everyone is completely sold that DMARC’s work is a panacea when it comes to ending spoofing and spam.

John Levine, one of authors of the DKIM related Author Domain Signing Practices (ADSP) standard, had this to say in an interview with Information Week:

“It’s a good thing as far as it goes, but it does have some of the chronic Internet tendency to put a steel door on a cardboard box.” Like many security standards that are not mandatory, if it’s not implemented then it won’t fail. Neither DKIM nor SPF are at the point where a recipient can say that they will only accept messages that use them. Therefore you still need to keep your eyes open.”

Using Bank of America as an example, it was pointed out in the same article that to fight phishing and spoofing in the past domains suggestive of the name Bank of America, as well as typos, were purchased en masse. Because the pool is so large, Bank of America was not able to purchase every domain available. For example, wwwbankofamerica.com is not owned by them.

So if an email arrives from support@wwwbankofamerica.com it won’t fail any of the checks from SPF or DKIM because it is not a spoofed email address. By all accounts, the sender is legitimate.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Will DMARC Have Much Impact on Spam?

Spammers don’t fill our inboxes with junk because they have nothing better to do; they send out tens of thousands of messages every day because somewhere someone is going to click a link, or buy some junk proffered in that message. It’s a numbers game, and when it costs the spammer nothing more than a little time, some CPU cycles, and a cheap Internet connection to spew out garbage, spew it they will. Even if only one message in ten thousand gets all the way through from sender to unwitting recipient, who then clicks that link because they really believe they can solve any problems with their own physicality, or that they really might get a cut of some dead millionaires foreign fortune, or they really need that timeshare on a beach for pennies a day, the spammer wins.

The spammer fights an ongoing underground campaign because he can. We let him. Our mission this week is to stop doing the very things that the enemy exploits. He turns our own resources against us because we let him. It’s an insurgency campaign we’re up against, but today is the day we can start to turn the tide. Here are some of the tricks spammers use to get their messages into your users’ inbox.

Reconnaissance

Information can be a very effective weapon, and nobody knows this better than the spammer. The enemy will use bots to scrape your company’s websites for email addresses, will run directory harvesting attacks against your MTAs trying to discover valid users, and will buy and sell mailing lists whenever and wherever they can. Too often we make it easy for them, by CC-ing dozens of unrelated users with marketing emails of our own, sharing out all those email addresses with who knows who. Unless you like revealing sensitive information to the enemy, it’s time to 86 that and now.

Configure your MTAs to reject VRFY queries and to ban source addresses that attempt multiple VRFY commands or attempt to send more than a small number of messages to invalid recipients. Set maximum recipient limits on all outgoing messages to stop your users from sending out messages that could carry too many valid addresses outside the company, and train your users on the benefits of BCC. Set any distribution lists you have that can be mailed to from the outside or that contain external recipients to moderated, and reject any messages that contain too many internal email accounts. Finally, keep your head down by not posting email addresses on the websites. Either use a contact form, or encode email addresses so that real humans can use them, but so bots cannot automatically harvest them.

Probing your perimeter

The enemy is probing our lines for weakness, so too must we. Port scans for systems listening on TCP port 25 can quickly identify any system capable of receiving emails. Too often those are not a part of the corporate email system, but can relay email in to internal users. They also will look at your MX records and try to send email to systems with higher weights, on the too frequently correct premise that those are valid, and not as up to date as your primary systems. Probe your own lines by setting up regular port scans on all IP address space, whether a part of your primary datacenter, your DR site, or your remote offices. Verify that each and every host that accepts a connection on TCP port 25 is a valid mail server, and is properly configured with the appropriate anti-spam measures at your disposal. Make sure that every host with an MX record in your DNS is appropriately configured as well.

Camouflage

Spammers will also try to get past your defenses, and your users’ own suspicions, by obfuscating links using a variety of methods including encoding, URL shorteners, and  redirects. Your message filtering system should already be filtering that sort of thing out, but make sure you set low thresholds for the numbers of links that are in an email. Educate users on the dangers attachments present, and quarantine any encrypted attachments until you can confirm they are legitimate business communications.

Covert operations

Spammers will frequently spoof the sender address in email to get past filters. They may even use a recipient’s address or another in the same domain as the sender address so it looks more legitimate. To defend against such attacks, use the technologies available to you. Ensure your own SPF records are up-to-date, and set to hard fail (-) to protect others from spammers who try to masquerade as you, and reject any email you receive that fails an SPF check. Use DNS black lists to refuse mail from known spammers and address ranges that belong to residential and mobile services. You can always whitelist a partner but your default posture should be to reject any mail that fails to pass the sniff test.

Ultimately, if the spammer finds even a fraction of a percent of his efforts are successful, he will remain motivated to attempt more attacks. We have to take the financial incentive out of the equation, and that means spreading the word to our user base, our friends, our families, and the social groups we interact with. If no one responded to a spam message, or clicked a link in a piece of UCE, there’d be no financial motivation for a spammer to continue his campaigns against us. Will we get the word out to every single email user in the world? Of course not. But if we can educate our users to stop the activities that make all the user@ourdomain.com addresses pop up in the cross hairs of the spammer, and we take appropriate cautions and set proper configurations on our systems, in the long term we should see a marked downtick in the volume of spam heading our way.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam Fighting Boot Camp Week 1: Know Your Enemy

What we need is an Internet standard that allows this level of protection to work at scale – without any discussion, without any partner agreements,” said Brett McDowell, a security manager at PayPal who serves as chairman of the group. “That is what DMARC does.”

Setting industry standards is an important step, but still more important is getting the corporate world to adopt them. There will probably be some protesting and the inevitable excuses such as “I don’t have the time to implement them/train my IT department” and the most popular excuse “cost too much in time/productivity/money”. It may take some time to get most businesses aboard, but I think once they are, it will make a dramatic difference in the amount of spam and phishing attacks sent from corporate addresses or exploting popular brands.

What do you think? Will your company adopted the new standards? If not, why?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Banks and Top Websites Develop New Spam Fighting Techniques

Malware developers seem to appreciate a little humor when it comes to naming their schemes. One of the latest email scams to invade inboxes everywhere is no exception, it seems, and the FBI has been quick to let businesses know that if they don’t keep their eyes open for a phishing scam originating in an email from FDIC, NACHA and the Federal Reserve, opening the mail’s attachment could be one of the most devastating choices in a young 2012. Worse yet, this new scheme appears to be linked to the Lord of the Greek gods – or its eponymous malware, anyway.

‘Game over’ is never a good thing, whether it means that your last ship has been destroyed and your quarter spent, whether it’s a lame and overused witticism that yet again has found its way into the mouth of Hollywood’s action hero du jour, and yes, even when cyber criminals are searching for just the right name for their latest piece of malware. While we’re not averse to debating the first two, our interest here is firmly with the latter. It seems the U.S. Federal Bureau of Investigation shares that interest, as evidenced by a security bulletin earlier this month that identifies a new email scam, one which cyber criminals have decided to call – what else? – Gameover.

Gameover is a phishing attack that appears in the form of spam emails spoofing the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve Bank, or the National Automated Clearing House Association (NACHA). Like a multitude of others, the scheme preys on users’ fears and/or lack of vigilance, informing them that there has been a problem with their bank account or an ACH transaction (ACH stands for Automated Clearing House, a network for financial institutions in the U.S.). Sufficiently frightened, recipients are encouraged to click the included link, which instead of resolving the issue, takes the user to a malicious site where the Gameover malware is executed.

The malware has been identified as a variant of ZeuS, a notorious piece of malware which has been responsible for stealing financial information through the practice of keylogging for a number of years. Once activated, the cyber crooks can steal banking information such as account numbers and passwords.

As if that wasn’t enough…

More than just a keylogger, however, ZeuS (and coincidentally, Gameover) has an added payload. According to the FBI:

“After the perpetrators access your account, they conduct what’s called a distributed denial of service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site — probably in an attempt to deflect attention from what the bad guys are doing.”

But wait – there’s more!

In what sounds like a novel involving international intrigue, FBI investigations have been able to trace the attacks as far as to jewelers, as the stolen funds are used to purchase “precious stones and expensive watches from high-end jewelry stores”. The crooks contact the jeweler, tell them what they’d like to purchase and inform them that they will wire the money the following day. The following day, a “money mule” – a person involved in the money laundering part of the crime – shows up at the jewelry store to pick up the merchandise. The jeweler confirms that the money (the stolen money from the spam scheme) is in their account and upon doing so, turns the merchandise over to the mule, who in turn delivers the merchandise to the crooks or converts it into cash that upon being transferred, is effectively laundered.

Wow – It really is the stuff of imagination, but even more interesting is that the FBI has suggested that the mules could be unsuspecting victims of those omnipresent ‘work at home’ schemes that we see everywhere. While the federal agency has confirmed that many of the mules are willing participants, it has also noted that an increasing number are likely people who have succumbed to these schemes and have been unwittingly recruited into laundering money stolen from victims of the spam scheme.

Be on the lookout for this one and advise your staff ASAP. At very most, it could be a story worthy of a novel. At very least, it could save you and your users plenty of headaches and lost funds.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

FBI Declares ‘Gameover’, Link to ZeuS

Along with a new year, January brought with it a new wave of spam campaigns, most ofthem malicious in nature. Here’s a look at some of the top headlines for the month:

Nokia Fined For Spamming Their Customers:

http://arstechnica.com/gadgets/news/2012/01/nokia-fined-in-australia-for-spam-texting-its-own-customers.ars

Top 9 Domains Used to Send Spam:

http://betanews.com/2012/01/25/what-are-the-top-domains-used-for-spam/

New Wave of Spam Infects Just By Opening Email:

http://www.darkreading.com/security/attacks-breaches/232500660/new-drive-by-spam-infects-those-who-open-email-no-attachment-needed.html

Global Spam Levels Drop, Malware Rises:

http://www.zdnet.com/blog/btl/global-spam-declines-as-malware-encounters-pick-up-report/67858

Man Accused of Running the Kelihos Botnet Says He’s Innocent:

http://www.computerworld.com/s/article/9223820/Accused_Kelihos_botmaster_proclaims_innocence

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

January Spam Roundup

Please read the following post with the voice of a drill sergeant in your mind. Imagine something between R. Lee Ermey and Samuel L. Jackson if you can, or maybe Stephen Lang. Alright people, listen up! Welcome to Spam Fighting Boot Camp, or what some mamby-pamby college puke might call Spamfighting 101!  Over the next nine weeks I’m going to take you through a series of briefings designed to turn you into a lean, mean, spam fighting machine. We will teach you to know your enemy, train you to anticipate, out think, outmaneuver, and out fight your opponent, and leave you with the skills necessary to defend your email systems to the last message. Our users must be protected from the enemy, and that enemy is spam!

The best defence is a strong offence, but as much fun as a search and destroy mission behind enemy lines might be, our field of battle must remain within our users’ inboxes. Our goal is zero casualties people, and no mailbox gets left behind. Here’s what you can look forward to over the next several weeks:

Week 1: Know your enemy

We’re going to look at how spammers think, how they act, what their motivations are, and the cunning tricks that they play in their unending attempts to compromise our users’ inboxes. We’ll look at our own infrastructures’ fortifications through the eyes of a spammer, so that we can see the weaknesses that our enemy will attempt to exploit.

Week 2: Beware of friendly fire

While our mission is to oppose the enemy wherever we may find him, we don’t want to become the victim of friendly fire, and we don’t want anyone else mistaking us for a spammer. We’ll look at the proactive measures and policies that will prevent these sorts of accidents from happening.

Week 3: Improvise, adapt, overcome

Budgets are tight, and sometimes you must make do with what is at hand at the moment. We’ll look at the anti-spam technologies that are available to you in some of the most popular email systems.

Week 4: A well-regulated militia

Try as we might, sometimes the enemy slips behind the line, and arming our users’ workstations adds a layer of security to halt those spams that might get past our sentries.

Week 5: The last line of defence

Spammers continue their campaign against us because, at the end of the day, there’s always someone who will buy whatever line they’re selling. Here we’ll look at winning the hearts and minds of our users, educating them against the threats spam presents.

Week 6: Gearing up 

To shore up our defenses, we have many options available. During this training mission, we’re going to look at the options available for shoring up our defences with bolt-on software solutions.

Week 7: Allied Forces 

Some campaigns may require us to interact with allied forces. Understanding them completely can make the difference between a quick victory and a protracted campaign, and we’ll look at strategies for combining our strengths into an effective spam smashing force.

Week 8: Forward operations

The closer we can bring the fight to the enemy, the further away they are from our users, and cloud-based solutions move the fight from our datacenter to the Internet. We’ll examine strategies for success.

Week 9: Good to go

Training complete, you’re  ready to engage the enemy. We’ll go over some last minute tactics and strategies to make you the complete spam killing machine.

Well alright then. Gear up, strap in, and get ready for some action! Spamfighting bootcamp is about to begin!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam Fighting Boot Camp: The Mission

People just weren’t spending as much money in the malls and department stores.

However every single study of consumer spending did show that companies with a strong online presence had a significant boost in sales this past year, including the holiday shopping season. In fact during December alone, non-store sales rose 10.6 percent from the same time one year ago. Even automobile sales online boasted a 9.5 percent increase.

To make sure they can stay competitive in the online retail sector, businesses must strive to build, and at the same time maintain, a solid reputation on the Internet.

Of course it was only a matter of time before spammers realized this as an opportunity to take advantage of this trend to dupe business owners into downloading dangerous malware.

How the Scam Works

Businesses are sent an email branded with the Better Business Bureau logo that reads:

“Thank you for supporting your Better Business Bureau (BBB). Your BBB receives more than 6,500 requests for information every day and provides reliability reports to consumers 365 days a year, 24 hours a day, and 7 days a week.

As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.

We encourage you to use our ONLINE FORM to provide us with this updated information. The URL below will take you directly to this form on our website:

CLICK HERE to login to your BBB account

You may also complete the form on the reverse side of this letter and mail to PO Box 1000; DuPont, WA; 98327; or fax to (206)436-5496.

Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily. In addition, many consumers may search our database using your e-mail and/or Web address, so please be sure to include this information as well. As a BBB accredited business, you receive a free hyperlink from your online reliability report to your company Web site if provided to us.

Thank you again for your support, and we look forward to receiving this updated information.

Sincerely,

Accreditation Services”

Eager to keep their information and good standing current, business owners and managers who click the link are not taken to a legitimate site hosted by the BBB. Instead their computer downloads malware and their account credentials are compromised by the phisher.

Another version of the phishing scam informs the recipient of the email that a negative review of their company has been posted to the BBB site. To refute the claim, the recipient must click on the supplied URL and address the problem. Failure to do so would result in the complaint resulting in a bad report being filed.

The URL here also directs the victim to a malicious site and has the potential for account credentials being stolen.

Fighting Back

This newest scam is the third of its kind in the last three months targeted at business owners.

Businesses have been instructed, by the BBB, to contact them directly if they receive emails claiming that they have received a negative complaint or that their information is incorrect or incomplete.

The Better Business Bureau is also taking steps to fight the problem, enlisting the help of the FBI.

“Our national organization in Arlington, Va. has been working for three months with the FBI, and I can tell you that they’ve closed down over 50 sites”, Katie Carrol, Director of Media Relations and Communications with the BBB, said.

They have also asked for business owners to help them fight this growing problem by contacting them at phishing@council.bbb.org if they received these emails, or any others like them.

IT departments should also be aware of this scam and take necessary precautions.

In house steps that can help prevent problems related to this latest attack, as well as others, include:

• Keeping anti-malware software up-to-date.
• Make sure anti-spam solutions are configured correctly and up-to-date.
• Make sure that employees are aware of this scam.
• Put procedures in place for employees who receive this email, or other spam messages, to report it.
• Teach employees how to better recognize spam and phishing attempts.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Phishing Scam Targets Victims Using Better Business Bureau

The year’s off to a rousing start, with all sorts of interesting security news this week: Wikipedia led a temporarily successful foray against SOPA and PIPA by joining numerous websites that went dark for a day; the founder of Megaupload had his hands slapped when law enforcement officials told him resoundingly, “no, you can’t pirate copyrighted material” – insult was heaped upon injury when dozens of expensive cars were towed away to show him they were right; and Koobface – the Facebook botnet that has been harassing Zuckerberg for years – was taken down by its own creators after the Facebook gang teamed up with The New York Times to uncover and publish the identities of the worm’s owners. To round off the week, QR codes (like the one in the image here) may just be the latest form of spam, and news out of the Twitterverse suggests that Darwin’s cardinal rule is not only true, it’s actually a dire prophecy of our impending extinction.

The year’s less than a month old and it may already be shaping up as ‘the year of anything goes’. Topping the headlines was a mass protest against seemingly inevitable anti-piracy legislation SOPA (Stop Online Piracy Act) and PIPA (Protect I.P. Act), as innumerable websites intentionally went dark on January 18. Led by students’ greatest friend and perpetual source of dubious information Wikipedia, the activist movement irritated web surfers across the globe and scored one for the little guy as the bureaucrats in Washington, DC backed off the proposed legislation and shelved the bills, albeit temporarily. It’s practically inevitable that some wily spammer will take advantage of this controversy, so keep your eyes open and watch your back.

In a related story and in the spirit of fishy timing (i.e., the same week as the aforementioned protests), Megaupload founder, Kim Dotcom, was carted off along with several other geniuses who figured they would get away with providing a conduit for copyrighted material, all the while skimming millions of dollars off the illegal activity and thumbing their noses at the FBI. German national Mr. Dotcom, lamented as his lavish New Zealand mansion was raided and dozens of vintage cars were hauled away as the spoils of war. Again, there’s more here than meets the eye, especially now that Anonymous has its back up.

In an LMAO moment, individuals responsible for Koobface – a nasty piece of malware that has been frustrating Facebook and Twitter users for years – have taken down their own command and control server after Facebook teamed up with The New York Times to uncover and embarrass five of the founders – Russian nationals living in St. Petersburg, Florida. The named individuals have scrambled to scrub their online profiles, but it’s highly doubtful that erasing their cyber identities will have much of an effect in the real world, where police carry real guns and real handcuffs.

Are QR codes the newest spam threat? Some people think so. QR – or Quick Response – codes were developed in the automotive industry and have been used for a while. Slowly entering the mainstream  over the past couple of years, they are in wide use in Japan, the UK and the US, amongst other countries. Popular because of their fast readability and relatively high storage capacity (compared to bar codes), the increased use of smartphones with cameras and QR reading apps have made the codes a prime target for manufacturers and retailers; heck, even Google’s looking at getting into the game by using QR codes as a secure login method.  The problem is that QR codes can contain virtually any information, meaning that they are already being exploited by scammers and spear phishers. Keep an eye on this one, folks – and think twice before you take a picture of that code staring you in the face.

Finally, from the Twitterverse, here’s one that, no matter how much you shake your head, won’t rid that sickening feeling that the human race is on a collision course with extinction. Perhaps a case of ‘you can’t spell Twitter without ‘twit’, this recent article shows just how careless – or ignorant, or both – web users really are. Get this: over a twenty-four hour period, more than 11,000 Twitter users shared their email addies with the rest of the world. A safe practice if we were living in Thomas More’s Utopia, but it’s not the case if you reside anywhere on Earth, which is rife with people who would just love to use that information against you. This is just a guess, but it looks like spear phishing season is open and Twitter is the local watering hole.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Week in Review: You Can’t Spell Twitter Without ‘Twit’

This week, a phishing attack landed in the inboxes of several US government agencies, spoofing the US government’s cyber security watchdog and response agency. Complete with attachments, the e-mail’s payload was a nasty little virus that has already been tracked back to Mother Russia. To make matters a little embarrassing, perhaps, it’s not enough that the agency which was spoofed in the attack has reported a disruption of its own systems, but it’s also the government body responsible for identifying and mitigating just this type of thing.

On January 11, news erupted of a rather malicious little spoof email that circulated through the mail servers of several national, state and local government agencies and even private sector employees. The scam in question was an email pretending to be the product of US-CERT, the United States Computer Emergency Readiness Team, a division of the Department of Homeland Security.

Sent with fake source addresses that included soc@us-cert.gov and the subject line Phishing incident report call number: PH000000XXXXXXX and an attachment named US-CERT Operation Center Report XXXXXXX.zip, a nasty little file which was anything but a report. In fact, after some quick investigation, the attachment – which executes a file named US-CERT Operation CENTER Reports.eml.exe – was discovered to be a variant of the infamous Zeus virus known as ‘Ice-IX’, a keylogger that steals banking and other personal information. As if that isn’t enough, the worm also bypasses firewalls and other protection schemes.

Oh, the Irony!

US-CERT responding by doing what it’s supposed to do: it posted a bulletin and notified agencies. And while not admitting that anyone at US-CERT actually opened the little bugger, an operator at the agency has stated

“difficulty receiving emails due to the phishing campaign”

according to SC Magazine. A little embarrassing, considering that this is just the type of thing US-CERT has been mandated to protect against, it’s a forgivable fumble considering that the scam artists continue to get wilier and more creative in their attacks.

In an ‘it never hurts to state the obvious’ moment, US-CERT included the following advisories in its security bulletin:

US-CERT encourages users to do the following to reduce the risks associated with this and other phishing campaigns:

• Do not open the attachments in email messages from unknown sources.
• Install anti-virus software and keep virus signatures files up-to-date.
• Refer to Recognizing and Avoiding Email Scams (pdf) documents for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for information on social engineering attacks.
• Refer to Recovering from Viruses, Worms, and Trojan Horses document for additional information on how to recover from malware.

From Russia with Malice

The story gets a little more interesting from here, when Nextgov.com reported on Wednesday that

“Researchers outside of US-CERT traced the malicious software to a botnet – a remotely-controlled network of infected computers – that is taking commands from computers located in Russia.”

It’s not clear why researchers outside of US-CERT traced the location – it would seem natural that US-CERT was capable of doing that sort of thing. Isn’t it logical to assume that’s what the “response” part of their name is for?

Regarding the attack and its location, there’s clearly no love here, only malice. So why was an e-mail from Russia so specifically targeted at and around US-CERT and US government agencies? It’s extremely unlikely that this was state sponsored – the method used and speed at which it was detected suggest something far too ham-handed to be anything that nefarious. So taking that into consideration, the incident still poses something of an oddity. If a group, say organized crime – which is alive and well in Mother Russia – was responsible for the attack, what could they possibly hope to gain by phishing government agencies in the US? And if it was some cyberdude named Boris, who figured he’d take time from his daily routine of scamming innocents to pry into US-CERT’s activities, he certainly isn’t the brightest cyberdude in cyberspace.

It’s very mysterious, this one, and it will be interesting to see what, if anything, comes from the follow-up investigations.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

US-CERT Hooked by US-CERT Phishing Attack

When a user flags an email address as either safe or blocked, it adds a hash value to the appropriate attribute in their Active Directory account under one of these three attributes:

• msExchBlockedSendersHash
• msExchSafeRecipientsHash
• msExchSafeSendersHash

Each can contain up to 1024 entries per user account by default. One way hashing is used both to conserve space and to prevent malicious users from viewing or extracting usable data out of the lists should they gain access to the Edge Transport Server or data from the Active Directory.

Exchange 2010 uses Safelist Aggregation by default. The Junk E-mail Options mailbox assistant runs in the background, scraping user accounts for updates to the attributes that store hashes, aggregating the lists, and storing the data in the application partition of Active Directory. Edge Transport servers obtain this information through the EdgeSync process, and use it to compare the source address of incoming email to the list by comparing hashes.

Updates to users’ information will automatically propagate to Active Directory, but you can force that process using the PowerShell cmdlet Update-SafeList. If a user adds an address that you want to rapidly update through to help protect all users, you could update Active Directory, and then trigger an EdgeSync. An example of the processes to do this includes

Update-Safelist –Identity user@example.com –type SafeSenders [enter]

Then run Start-EdgeSynchronization.

If a user has the need for more than the 1024 entries, you can use the Exchange Management Shell to set different values. Use the Set-Mailbox command with the switches –MaxBlockSenders and –MaxSafeSenders to set values appropriate to your situation.

With Safelist Aggregation, Exchange 2010 uses the power of crowdsourcing to “learn” which senders are good, and which are bad, by using the decisions of your users to update its own Edge Transport Server lists. This is just another behind the scenes technology that makes Exchange 2010 such a powerful enterprise email solution.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Exchange 2010 Safelist Aggregation ‘Crowdsources’ Anti-spam Efforts

Optimists often look for the most positive events over the year to attach to the label, The Year of…, realists however, take a different approach. And while 2012 is still young and holds a lot of promise, this year could very well be known as the year of social spam.

Social spam is nothing new. In fact, spam first infiltrated Internet bulletin boards in 1994 to mark the first major commercial spam campaign when Laurence Carter and Martha Siegel, a husband and wife team of lawyers, posted bulk messages to Usenet groups advertising their immigration law services in what became known as Green Card spam.

Social interaction on today’s Internet is far more sophisticated than the simple posting of messages and hyperlinks however. Nowadays, spammers turn to social networks and guise their spam as links, content, video, audio and executable files.

The nature of social spam has also changed as the platforms that deliver these messages have also developed over time.

No longer is spam only used to deliver advertising and marketing messages alone. With a more sophisticated field on which to play, spammers have used social sites to not only deliver their advertising, but also malware that: steals credit card numbers, captures user names and passwords and turns computers into zombies.

But if social spam has been a problem for so long, why would 2012 be any different? Take a look and see…

The Facebook Example

On January 4, 2012 the Wall Street Journal reported that social spam is on the rise and to combat this, social networks are hiring more staff to help fight this problem. Facebook was named specifically because according to reports, the volume of spam on Facebook is growing faster than its user base.

On Facebook, spam usually spreads when users are tricked into liking, and then sharing, content that is spam. This practice, known as like-jacking, usually works when a user’s computer is infected with malware that allows the spammer to take control of the user’s Facebook account.

The spammer then posts a message on your friend’s profile that would be interesting to others. Commonly, free dinner coupons are used as the bait as are offers for free iPads or other give aways.

When the user’s friends click on the free offer, they are instructed to download the coupons. These coupons actually contain malware that infects the computers of the user’s friends thus continuing the cycle.

Of course the malware does more than just spread itself via Facebook. It can be used to deliver Trojan horses, keystroke loggers, or any other type of malware.

And just how prevalent are these messages? By Facebook’s own admission, they block over 200 million malicious actions every day. In 2008 the company employed four engineers working to fight malicious use of their site. The same department today, named site integrity, now has 31 team members. Additionally, there are 46 people working on security 300 focused on user issues and over 1,000 others (engineers, lawyers, risk analysts, etc.) who help to fight spam on the site in other ways.

Others Not Immune

Of course other social networks and content sharing sites are hardly immune to the problem of social spam. Twitter has long been a hot bed for spammy posts created by malicious users.

Twitter, by nature, set itself up for spam from the very beginning. As a great way to share content to other like-minded users, Twitter allowed people to share short messages that were less than 140 characters long; short, sweet and to the point.

Since URLs were often lengthy, companies – including Twitter – developed URL shorteners. Now, http://www.allspammedup.com could become http://bit.ly/3KmvyZ to save precious character space.

The problem is, no one really knows if http://bit.ly/3KmvyZ will take you to All Spammed Up or a malicious web site.

Google also out how quickly spam could infiltrate even a carefully planned social network.

Originally opened through an invite only process, Google+ users found the site a welcome break from other social sites that had turned into spam havens. Since early adopters were tech savvy, spam was quickly reported and accounts spewing spam were shut down.

Then came the public release and the ability to create business pages and spammy comments and shares began to fold the network causing one well known legitimate marketing professional to comment:

Wow, Google+ must be taking off. Spotted not one but two pieces of comment spam today.

As users find it easier than ever to share content with their friends and family, spammers will find it easier to manipulate this process. Because we have become so trusting of the content our “friends” share with us, we never consider the fact that what may be the coolest thing on someone’s wall may just wind up infecting our computer.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Is 2012 the Year of Social Spam?

In Part 2 of our look at what you can expect in the coming year, faint rumblings out of Japan suggest that one prediction from Part 1 of this article has already come true. If the very real prospect of becoming an innocent casualty of war isn’t enough to make you run backward toward the year that just passed, these bold predictions reveal how hackers will develop an even stronger sense of camaraderie, and how mobility is sure to become a four-letter word. And if you thought spamming and Internet scams made it personal in 2011, you ain’t seen nuthin’ yet.

How about that? 2012 wasn’t even seven days old when news out of Japan this week revealed some eerie premonitions of the things to come and earmarks of a bold prediction made one week ago.  Engadget, ZD Net and other media outlets are reporting that the Japanese government has been working in concert with Fujitsu since 2008 to develop a powerful ‘cyber weapon’ – a piece of software that, upon the detection of a cyber attack (such as DDoS, for example) tracks the attack back to the source.

Sounds pretty straightforward, right? Sure, until you consider that the software also attacks and disables every machine it finds along the trail. The goal, Engadget reports:

“is to stop the spread of a malicious piece of code by finding and shutting down, not just the source, but all middleman PCs that are also now potential hosts. In some admittedly extreme scenarios this weapon could potentially spiral out of control, taking out far more computers than intended.”

Hmm… Botnets are nothing more than large numbers of unsuspecting computers carrying out their attacks at the behest of the infector and ignorance of the computer’s owner. Japan’s little toy, while it sounds like it might be fun to take for a spin, could have the unpleasant and unprecedented effect of being the cause of some serious collateral damage. Casualties of war? Here’s a tip for everyone: while you still have a chance, give that fave desktop or laptop of yours a great big hug before it’s too late.

1. Hackers of the World, Unite

Robin Hood met Mafia Boy last year as hacktivism took center stage. Indeed, 2011 was an entertaining year for anyone who followed the exploits of Anonymous and LulzSec. The drama unfolded like a kabuki play born in the mind of Ken Kesey and brought to life by a troupe of mimes with Tourette Syndrome, and there were even a few arrests along the way to make this reality show really…ahem… arresting.

Prediction: We will see some new hacking activity from these groups, with some high profile web takedowns in the process. While that’s not a stretch, this is: hacker groups like Anonymous and LulzSec will grow in size substantially, resembling an ‘occupy’ type movement that will take the war online. The civil and social unrest of 2011 will turn to face the financial behemoth that is the Internet.

2. Mobility Means Vulnerability

If we learned anything about spam in 2011, it’s that spam is like that proverbial bum of a brother-in-law who’s been living in your basement for the past two years. It’s not going away, good luck making it work for you, and you will be out-of-pocket at some point. Spammers continued to use every means at their disposal in 2011, with SMS spam becoming a real pain in the neck. Security flaws in the two most popular smartphone platforms – iOS and Android – just accented what we already suspected: that spammers and purveyors of malware had taken their show on the road.

Prediction: 2012 will see a massive increase in mobile spam, and mobile devices will become the swords upon which we will live or die unless we get mobile security under control.

3. It’s Nothing Personal…Well, Actually, It Is

A significant development in spam and phishing in 2011 was the way in which the scam artists were getting smarter; you know, smarter in much the same way that a chunk of igneous rock living at the bottom of a fetid riverbed is smarter than a rotting patch of lichen hanging for dear life to the side of an oak tree. Like it or not, the scambags are wilier, finding new and innovative ways to pick your pocket without actually residing in the same time zone.

Prediction: The scambags will become even cleverer in their assaults, finding new methods to lull people into a false sense of security. How this will occur remains to be seen, but our bold prediction is that it will most likely involve highly targeted, multilevel campaigns where the scammer will use detailed knowledge of the targets, and multiple contact methods like email, phone, SMS and even snail mail to enact their evil schemes.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Bold Predictions for 2012 (Part 2)

To help you out, I’ve compiled a list of five great ones; based on ratings, downloads, user comments, and my own experience with them. Take a look, and then consider adding these to your own WordPress blog if you are the victim of spam.

1. Spammer Blocker

With 4.5 out of 5 stars according to users, and >14K downloads, Spammer Blocker is more like a three strike law for spammers than anything else, save that it only gives spammers one swing. Whether another plug-in flags a comment as spam, or you manually do so, the source ip.addr of the offending comment is banned. It’s like the death penalty for spammers, in that there won’t be any repeat offence!

2. Better WordPress reCAPTCHA

With 4.5 out of 5 stars according to users, the almost 7K users of Better WordPress reCAPTCH are fans. This plug-in uses reCAPTCHA to identify humans from spamming bots, but with the ability to customise the look and the behaviour of the plug-in. You can use CSS to create your own look that better integrates with your blog theme, set your own messages for failed attempts, hide the reCAPTCH from logged on users, and more.

3. Fast Secure Contact Form

With 4.25 out of 5, but this one has over 2 million downloads. Fast Secure Contact Form replaces your  WordPress blog’s contact form with one that can be customised and uses both CAPTCHA technology and the powerful Akismet plug-in (more on that below) to spam proof your contact form. You can set it up in seconds, or customise it to your heart’s content with custom CSS, e-mail validation, auto-responders, post submit actions, and more.

4. Spam Free WordPress

The 65K users think very well of this plug-in, which is rated 4.75 out of 5. It asserts near perfection, blocking 100% of spam with no false positives. It also forgoes CAPTCHAs, cookies, or JavaScript, placing less load on the WP database and on your users’ downloads.

5. Akismet

Akismet may rate a little lower, with only 4 out of 5 starts, but with over 7 million users (including me) it has fans galore. Brought to you by the same people who brought you WordPress, Akismet uses the power of the central servers that identify, learn, and track spammers and the comments, giving you much of the same power as many anti-spam solutions do for email. It learns as it goes, making it a very effective tool, and can be leveraged by other anti-spam plug-ins, like Fast Secure Contact Form (above).

With the combined power of these plug-ins at your disposal, you can easily run a WordPress blog that is virtually free of spam. And the best part of all of these? They’re all free. Free as in beer, free as in speech. Enjoy!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 Great Anti-spam Plugins for WordPress

In a turn of events appropriate for the most tumultuous year in cybercrime, 2011’s body is barely cold and we’re already smelling something suspicious from its decomposing carcass. Rumors of two worms, one well-known and the other relatively new on the scene, have some of us wondering what will happen next in 2012, and the year has only just begun. In an attempt to put the preceding year into perspective, we take a look at what might be in store for the new year and beyond with some bold and not so far-fetched predictions for 2012.

PREDICTION: A Shiny New Worm with Every Census Report, Tax Return and Piece of Monetary Currency

First up for 2012 is a prediction that all bets will be off when it comes to understanding the nature – and source – of some of the most insidious malware in the known universe. In fact, the threat and very nature of the state-sponsored malware will only get more confusing, and most likely more disturbing, as we discover where and how it’s being used.

Discovered in 2010, Stuxnet was in the news again in 2011. A worm designed to target and damage industrial control systems (like the kind found in nuclear plants), it has been a source of great debate over who created it and what its ultimate purpose represented; but few could argue that with more than forty percent of Stuxnet’s infections landing in Iran, the nation was most likely the target from the get-go. Russia and others wasted no time pointing the finger squarely at the United States and Israel as the benefactors of the worm, which surely must be state-sponsored.

It seemed inconceivable that anything could top the news that broke late in the year about Stuxnet’s connection to Conficker, suggesting that the latter, a notorious botnet, was used to deliver the payload for Stuxnet. If rumors are true that Stuxnet is state-sponsored, the implication that spam might have been part of the delivery method can and must only leave a bad taste in people’s mouths.

As 2011 wheezed out its last few painful breaths however, a new development occurred in this bizarre tale, as it was revealed that ongoing research by Kaspersky Labs on Stuxnet uncovered a direct link between Stuxnet and Duqu – a worm, discovered only in September, which shares many of the attributes of Stuxnet. In fact, media outlets are reporting that the worms are suggestive of an ‘arsenal’ of malware that has been in development as early as 2007. The code kernel has been dubbed ‘Tilded’, in recognition of the author’s habit of using filenames that begin with ‘~d’.

The Prediction: Keep your eyes open for Tilded. We will continue to see new pieces of the puzzle unveil, and they will point at the government of a country – or perhaps multiple countries working in concert – all but providing conclusive proof of the party (or parties) responsible for this new and nefarious form of warfare. What will make this story even more notorious, however, is when it becomes clear that an unsuspecting public has been a major delivery mechanism for this 21^st century warfare, through the use of spam, malware, and botnets. And if that is true, it could very well be the case that some of those spammers you curse on a daily basis are actually nation states using spam to mask their cyber intelligence activities.

PREDICTION: The Cloud Will Get Stormy

While the Cloud was one of those recurring themes that flew, for the most part, under the radar in 2011, companies like Apple and Microsoft continued to push it like it is a silver bullet and a cure-all for everything that ails small companies to major corporations.

The Prediction: 2012 will see at least three Cloud-based security events, most likely linked in some way to spam, malware, hack attacks or compromised mobile devices. Furthermore, they will be high profile events, targeting Fortune 1000 or Global 1000 companies, or less likely a government agency. Anonymous will take credit for at least one of the breaches, and there will be a link with one of the breaches to North Korea and/or China.

Next week, in Part 2 of this story, we’ll take a look at some other bold and controversial predictions for 2012, and how we can learn something from 2011 – but only if we’re ready and willing to listen to it.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Looking Back At 2011 And Bold Predictions for 2012 (Part 1)

To many people, the easiest way to determine if an email message can be trusted enough to warrant opening and reading it is to look at the sender. Unfortunately, the inboxes of our family and friends can be compromised rather easily and used to send spam.

But surely the email of a large, respectable news organization would be immune to the trickery and masquerades of spammers, right?

Apparently not.

On December 28, 2011 subscribers to the New York Times received an email from the news company. The email informed these recipients that although their recent request to cancel their home delivery subscription for the newspaper had been received, the Times was appealing to them to reconsider their decision and remain on as a customer:

Our records indicate that you recently requested to cancel your home delivery subscription. Please keep in mind when your delivery service ends, you will no longer have unlimited access to NYTimes.com and our NYTimes apps.

We do hope you’ll reconsider.

As a valued Times reader we invite you to continue your current subscription at an exclusive rate of 50% off for 16 weeks. This is a limited-time offer and will no longer be valid once your current subscription ends.*

Continue your subscription and you’ll keep your free, unlimited digital access, a benefit available only for our home delivery subscribers. You’ll receive unlimited access to NYTimes.com on any device, full access to our smartphone and iPad^® apps, plus you can now share your unlimited access with a family member.^†

To continue your subscription call 1-877-698-0025 and mention code 38H9H (Monday–Friday, 8:30 a.m. to 8:30 p.m.; Saturday, 9 a.m. to 3 p.m. E.D.T.).

In a day and age where a majority of people get their news from electronic sources instead of traditional newsprint, this doesn’t sound like anything out of the ordinary.

However shortly after these emails went out, a tweet from the Times’ account went out stating:

If you received an email today about canceling your NYT subscription, ignore it. It’s not from us.

Instead of a few people being asked to reconsider their choice to cancel newspaper delivery services, the email went out 8 million people. All of them subscribers to services of the New York Times, but some of them only subscribed to the digital edition of the newspaper. They weren’t even customers of the home delivery service.

Spreading the News Over Twitter

As soon as the tweet was released, the speculation started. Although the New York Times claimed that they were, “working to coordinate a response,” many on Twitter pointed the finger at Epsilon, the email firm that was compromised last spring.

When asked by BetaBeat if this was a result of the recent breach, Epsilon spokesperson Jessica Simon stated:

“This is the first I’ve heard of it. Let me talk with our email group and get back to you.”

Jumping the Gun

Once the smoke had cleared and the fingers had been pointed and redirected, it turned out that the email actually was sent from the New York Times’ email servers. They immediately released the following statement:

An email was sent earlier today from The New York Times in error. This email should have been sent to a very small number of subscribers, but instead was sent to a vast distribution list made up of people who had previously provided their email address to The New York Times. We regret this error and we regret our earlier communication noting that this email was SPAM.

It is nice that they regret their error, however they shouldn’t regret calling their errant mass mailing spam, because that is exactly what it is.

According to WikiPedia, Spam is unsolicited bulk, or unsolicited commercial, email. It is the practice of sending unwanted email messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients.

Companies, especially larger ones, need to understand that when someone trusts them with their email address they are assuming that this information is safe. Safe from cyber-criminals looking to harvest these addresses and safe from trusted employees accidentally sending out indiscriminate emails causing panic.

Had this incident in fact been caused by a security breach, the result would have been similar. Customers would have been hassled by illegitimate messages, people would have been less productive as they were forced to deal with this fake warning and resources were spent dealing with the mess.

Just because it was an email that was sent by mistake doesn’t mean the effects are any less irritating or costly.

If it walks like a duck, and sounds like a duck… well, you get the point.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Coffee, the New York Times and Spam

Skammers (see what I did there?) have once again started contacting Skype users using contact names that seem designed to convince users to answer the call. Culprits include NOTIFICATION™ URGENT ACTION REQUIRED, URGENT SYSTEM NOTIFICATION, URGENT NOTICE, and others. Each of these is an attempt to use social engineering to convince the victim that the call is legitimate. I particularly like the one that bears the trademark logo for the word NOTIFICATION.

If a user answers the call, they will typically hear a prerecorded message warning them that their system has been infected or is at risk, and then they read a URL which tells them that they should immediately visit this site for further assistance. Typically these sites are phishing sites, and they may have downloads purporting to be antivirus software or security fixes, but of course they all contain malware. Some of these sites are set up to attempt to exploit your browser using a variety of attacks, hoping you are running an unpatched browser, Flash player, etc. And in at least one instance, the target reported that the site had a chat applet which connected them to an apparent human who tried to get personal information from them to set up an account for assistance.

Skype users can easily block calls from people not on their contact list, if they wish. Note that the Windows client, by default, will allow calls from anyone. If you are using Skype for business, and want to enable potential customers to call you without first requesting permission to add you to their contact list, you’re going to have to deal with potential spam calls. The rest of us can be a little more restrictive, changing the Allow calls from… to “people in my Contact list only”.

While logged on to Skype, click Skype on the menu bar, and then click “Privacy…”

In the Privacy settings tab, change the default “Allow calls from…” from “anyone” to “people in my Contact list only”.

Click “Save” and you are done.

Users of the smartphone clients will need to make these settings using a full PC client; not all settings are available in the mini versions, and this is one of those that are not, but the settings apply to the account, and not to the specific instance of the software.

Skype has recently updated the visual appearance of both calls and contact list requests to make it more obvious to users when another user tries to either call them, or add them to a contact list. If you do receive a fraudulent call, Skype encourages you to right click the contact and report them for abuse. To do this, right click the contact and select “Block This Person…” and then tick the box to “Report abuse”. Click the “Block” button and not only will the user be blocked from contacting you, but their account will be investigated for abuse, and if they are violating Skype’s terms of service, their account will be cancelled.

Skype is a great communications tool, but just like IM and email, users will have to deal with skam, err, spam. Fortunately Skype and Microsoft take this very seriously, provide the settings to help reduce this, and take reports of violations very seriously.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Should We Call It Skam?

1. Thou shall not click without thinking.
This is especially important for your social media accounts. Spammers count on the trust between friends established on these sites. For example, right now a new spam campaign is hitting Facebook. Your newsfeed will show that a friend of yours liked a link that appears to lead to a funny commercial. If you click on it, you’ll be taken to a site that says it won’t let you view the video unless you take a survey. The spammers are counting on people to give in and do so because they get paid for each survey taken. To keep the spam going, as soon as you click on the link, it posts itself on your newsfeed in hopes that you friends will do the same thing.

2. Thou shall use a throwaway email address.
This type of address, which can be obtained from a service specializing in such, or you can just create one with Hotmail or Yahoo. Use this address when shopping online or registering with websites. That way, any spam that gets generated stays out of your main inbox and the account can simply be abandoned if the spam gets too large.

3. Thou shall not respond to spam in any way.
Responding to spam, whether to tell the spammer off or because you think clicking the unsubscribe link actually works, is almost always a waste of time. At best, you’ll simply be ignored or your rant will either bounce back because the address used was fake, or be sent to an innocent person whose address was spoofed or hijacked to send the spam. At worst, you’ll be letting the spammer know that your address is active and responsive to spam.

4. Thou shall keep thy anti-virus software up to date.
Most good ones include email scanning, which block and clean any malicious attachments that may wind up in your inbox.

5. Thou shall make use of thy ISP’s abuse address and/or “mark as spam” button.
It’s important to report the spam you do get to your ISP. This helps them fine tune their spam filter and blacklists and make them more effective.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Top 5 Anti-Spam Commandments

Sung to the music of “The Twelve Days of Christmas”

On the first day of Christmas my admin gave to me,
a mailbox that’s completely spam free.

On the second day of Christmas my admin gave to me,
two herbal viagra ads,
and a mailbox that’s completely spam free.

On the third day of Christmas my admin gave to me,
three DNS blacklists
two herbal viagra ads,
and a mailbox that’s mostly spam free.

On the fourth day of Christmas my admin gave to me,
four fake friend requests
three DNS blacklists
two herbal viagra ads,
and a mailbox that’s mostly spam free.

On the fifth day of Christmas my admin gave to me,
five Bayesian filters…
four fake friend requests
three DNS blacklists
two herbal viagra ads,
and a mailbox that’s mostly spam free.

On the sixth day of Christmas my admin gave to me,
six Nigerian money scams
five Bayesian filters…
four fake friend requests
three DNS blacklists
two herbal viagra ads,
and a mailbox that’s mostly spam free.

On the seventh day of Christmas my admin gave to me,
seven phishing site databases
six Nigerian money scams
five Bayesian filters…
four fake friend requests
three DNS blacklists
two herbal viagra ads,
and a mailbox that’s completely message free. (oops)

On the eighth day of Christmas my admin gave to me,
eight requests to update my account
seven phishing site databases
six Nigerian money scams
five Bayesian filters…
four fake friend requests
three DNS blacklists
two herbal viagra ads,
and a mailbox with lots of spam to see.

On the ninth day of Christmas my admin gave to me,
nine content filters
eight requests to update my account
seven phishing site databases
six Nigerian money scams
five Bayesian filters…
four fake friend requests
three DNS blacklists
two herbal viagra ads,
and a mailbox that’s mostly spam free.

On the tenth day of Christmas my admin gave to me,
ten loan offers
nine content filters
eight requests to update my account
seven phishing site databases
six Nigerian money scams
five Bayesian filters…
four fake friend requests
three DNS blacklists
two herbal viagra ads,
and a mailbox that’s mostly spam free.

On the eleventh day of Christmas my admin gave to me,
eleven blacklist entries
ten loan offers
nine content filters
eight requests to update my account
seven phishing site databases
six Nigerian money scams
five Bayesian filters…
four fake friend requests
three DNS blacklists
two herbal viagra ads,
and a mailbox that’s mostly spam free.

On the twelfth day of Christmas my admin gave to me,
twelve quarantined messages…
eleven blacklist entries
ten loan offers
nine content filters
eight requests to update my account
seven phishing site databases
six Nigerian money scams
five Bayesian filters…
four fake friend requests
three DNS blacklists
two herbal viagra ads,
and a mailbox that’s completely spam free.

On behalf of all of us at AllSpammedUp.com, we wish you a very happy holiday season, and healthy and prosperous New Year. I don’t know what new spams 2012 will bring us, but I expect to see some of them predicting the end of the world and offering to share the secrets of the Mayans. Until then, keep laughing!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

The Twelve Spams of Christmas

It’s the most wonderful time of the year, and what better way to take a look back at the year in spam than poke a little fun at the moronic state of the crap that invades our inboxes? In a year that saw major security breaches, several high profile botnet takedowns, and an unprecedented surge in personalized scams and mobile spam, we stop to reflect upon it all and submit a simple postulate: what if Dr. Seuss had been a spammer?

As the year winds down to a close, it’s only basic human nature to look back at the year that just passed and reflect upon it. In the world of spamming and Internet scams, that’s bound to be a painfully long look, since this has been a year fraught with new scams, major cybercrime busts, and unprecedented levels of security threats. With mobile devices providing the newest threat opportunities, and SMS spam picking up a head of steam as scammers get creative, we must be even more vigilant when fighting spam-related threats.

What’s in store for 2012? One must shudder when imagining the possibilities. If anything like 2011, next year will represent an even more dangerous landscape, cluttered with mines and booby traps the likes of which we’ve never seen.

Dire prophecies and doomsday mentality aside, it doesn’t hurt to poke fun at spam once in a while, and during the holidays, no one is more fun than the venerable Theodor Seuss Geisel, known to adoring children and former children alike as Dr. Seuss. Like many households, it’s a holiday tradition around here to watch How the Grinch Stole Christmas!, an annual ritual which inspired this writer to wonder: what if Dr. Seuss was still with us, and what if, ahem, wait for it…Dr. Seuss was a spammer?

The thought itself is sure to bring a smile to the face of anyone who has endured the miserable drivel that infests inboxes like brown marmorated stink bugs. Poorly written and replete with ludicrous stories that must have been contrived during bad acid trips, these emails often frustrate us, and occasionally make us smile by virtue of their sheer stupidity. What they do not do, however, is give us any confidence that the human race is poised to survive much longer, if this epidemic of oafishness is representative of the current state of the gene pool.

So without further ado, here’s a humble attempt at imagining what spam might be like, if written by Dr. Seuss:

The Spammer Who Stole Christmas?

Dear stranger, forgive me for this intrusion

I hope my letter will ease your confusion.

I will not, cannot state it enough

This is rough stuff, even a little tough.

There’s a Libyan prince who lost his good fortune

And my offer to you is a share of the portion.

I cannot get the funds out of my land

And I hope you will aid me by lending a hand.

You see, there are sums in excess of millions

If you give me your name, I’ll give you gazillions.

It’s okay to give me personal information

They don’t extradite criminals in my tiny nation.

Your bank account and credit cards are essential

They’re only for scamming and merely referential.

This is for good cause, I must admit

Send money now and show you commit.

I do not wish to enter a heated debate

Send it fast, send it now, it cannot wait.

The funds are for my stately Kenyan mansion

It’s in great need of a major expansion.

Happy Holidays to all!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

If Dr. Seuss Was a Spammer

Not a fun thing to deal with but it did get me thinking a bit more about how often individual accounts are compromised to send out spam.

Of the larger messaging services, Yahoo! Mail appeared to be the most susceptible according to an end-user survey by Commtouch with 27% of Yahoo’s users claiming to have had their account compromised. Facebook came in second with 23%, Gmail followed with 19% and Windows Live rounded out the list with 15% of people admitting that their accounts had been targeted at one time or another.

The most frightening statistic from this survey was that 62% of these people had no idea how their email account was compromised. This does not reflect carelessness on the victim’s part but instead, shows how the threat landscape has increased in sophistication.

It used to be you downloaded a malicious program that infected your email client and sent out messages to everyone in your inbox however with the malicious links appearing in social network feeds, legitimate web sites hosting malware, drive by downloads and cyber criminals snooping in on public Wi-Fi narrowing down where your credentials were stolen is akin to finding a needle in a haystack.

Why Your Personal Account is a Target

You would think that large corporate email accounts would provide a much more lucrative target for spammers. After all, if they can compromise a good number of addresses they will have much more to work with.

However, cyber criminals have long abandoned the mass spam tactics of the past. This is evidenced by the fact that the amount of email spam has reduced over the years, and trends show that this will likely continue.

People have learned not to respond, or act, when they are sent an arbitrary email message from an unknown account. Over the years, they have been warned and trained that if you don’t know the sender don’t trust the message.

Personal email accounts, for this very reason, have become much more attractive to spammers and cyber criminals. Instead of blanketing mailboxes with spam that generates extremely small returns, their email campaigns have become much more targeted.

Harvesting smaller amounts of personal accounts to send their junk may not be able to hit the sheer numbers they used to use, but the odds of someone opening the email and taking action are greater because of the trust factor.

What To Do When Your Account is Compromised

First and foremost, don’t say your account was hacked. Security experts and people who understand the definition of hacking don’t appreciate that term. Explain that your account was compromised.

Next, don’t be like the 23% of people who admitted in the Commtouch survey that they did nothing when finding out that their account was being used for nefarious purposes.

When you finally realize that something fishy is going on with your account take the following steps:

Update your anti-malware software.

You are going to scan your computer but if your signature files, or definitions, are out of date your security software very well could miss files that have infected your computer.

Boot your computer into safe mode and run scan your computer.

Many people automatically assume that you should change the password to your account first. However, if whoever compromised your email account did so by means of a keystroke logger that is still running on your computer then they will be informed of your new password. Clean your computer of any malware in safe mode before you do anything else.

Change your password.

Once your computer is malware-free you need to log into your email account and change the password. However make sure that you avoid using passwords you use to log into web sites or other types of accounts. This could very well be the place your password was stolen from since criminals know that people frequently use the same passwords over and over. Add to that the fact that many accounts use your email address as the username and you have a perfect mix for disaster.

Of course, you are going to want to also make sure you use a strong password consisting of a combination of upper and lower case letters, numbers and symbols.

Taking precautions will never completely eliminate the possibility that your email account will be taken over, but being smart and aware will certainly minimize the risk.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

When Spam Comes From a Friend