The first one is a new incarnation of an old scam. Emails that look like they’ve come from your friends arrive with an urgent message about them being on a trip to a far flung place such as Madagascar, London, or Berlin and needing help. You see, they were mugged/assaulted and all of their money and documents were stolen, and they really need to go home but there’s the matter of their hotel bill. The messages generally ask for about $1600 to be sent via Western Union. Of course it’s just a variation of a 419 scam. If you get one, no matter how convincing it sounds, try contacting your friend first. In 99.9% of cases you’ll find they are safe and sound at home.

Next is the Better Business Bureau, who has joined the ranks of the brandjacked as new spam messages claiming to be from them are making the rounds. The messages tell the recipient that a complaint has been filed against them and urges them to click the included link to read it and respond. Anyone who does so is taken to a malicious site that attempts to infect their computer with the infamous Zeus Trojan. Zeus, distributes by a botnet with the same name, installs a keylogger and several other nasty bits on to the infected system and steals banking info and other sensitive data.

Finally, popular companies such as Facebook, American Airlines, Paypal, and several major banks are also being brandjacked by scammers. In some cases the phishing messages are receipts for fake purchases or reservations and in others, fake message or fraud notifications. In almost all cases, the attachments and links in the messages deliver malware. It looks like the spammers are hard at work building up their botnets!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Several New Phishing Campaigns Going Strong

The year’s off to a rousing start, with all sorts of interesting security news this week: Wikipedia led a temporarily successful foray against SOPA and PIPA by joining numerous websites that went dark for a day; the founder of Megaupload had his hands slapped when law enforcement officials told him resoundingly, “no, you can’t pirate copyrighted material” – insult was heaped upon injury when dozens of expensive cars were towed away to show him they were right; and Koobface – the Facebook botnet that has been harassing Zuckerberg for years – was taken down by its own creators after the Facebook gang teamed up with The New York Times to uncover and publish the identities of the worm’s owners. To round off the week, QR codes (like the one in the image here) may just be the latest form of spam, and news out of the Twitterverse suggests that Darwin’s cardinal rule is not only true, it’s actually a dire prophecy of our impending extinction.

The year’s less than a month old and it may already be shaping up as ‘the year of anything goes’. Topping the headlines was a mass protest against seemingly inevitable anti-piracy legislation SOPA (Stop Online Piracy Act) and PIPA (Protect I.P. Act), as innumerable websites intentionally went dark on January 18. Led by students’ greatest friend and perpetual source of dubious information Wikipedia, the activist movement irritated web surfers across the globe and scored one for the little guy as the bureaucrats in Washington, DC backed off the proposed legislation and shelved the bills, albeit temporarily. It’s practically inevitable that some wily spammer will take advantage of this controversy, so keep your eyes open and watch your back.

In a related story and in the spirit of fishy timing (i.e., the same week as the aforementioned protests), Megaupload founder, Kim Dotcom, was carted off along with several other geniuses who figured they would get away with providing a conduit for copyrighted material, all the while skimming millions of dollars off the illegal activity and thumbing their noses at the FBI. German national Mr. Dotcom, lamented as his lavish New Zealand mansion was raided and dozens of vintage cars were hauled away as the spoils of war. Again, there’s more here than meets the eye, especially now that Anonymous has its back up.

In an LMAO moment, individuals responsible for Koobface – a nasty piece of malware that has been frustrating Facebook and Twitter users for years – have taken down their own command and control server after Facebook teamed up with The New York Times to uncover and embarrass five of the founders – Russian nationals living in St. Petersburg, Florida. The named individuals have scrambled to scrub their online profiles, but it’s highly doubtful that erasing their cyber identities will have much of an effect in the real world, where police carry real guns and real handcuffs.

Are QR codes the newest spam threat? Some people think so. QR – or Quick Response – codes were developed in the automotive industry and have been used for a while. Slowly entering the mainstream  over the past couple of years, they are in wide use in Japan, the UK and the US, amongst other countries. Popular because of their fast readability and relatively high storage capacity (compared to bar codes), the increased use of smartphones with cameras and QR reading apps have made the codes a prime target for manufacturers and retailers; heck, even Google’s looking at getting into the game by using QR codes as a secure login method.  The problem is that QR codes can contain virtually any information, meaning that they are already being exploited by scammers and spear phishers. Keep an eye on this one, folks – and think twice before you take a picture of that code staring you in the face.

Finally, from the Twitterverse, here’s one that, no matter how much you shake your head, won’t rid that sickening feeling that the human race is on a collision course with extinction. Perhaps a case of ‘you can’t spell Twitter without ‘twit’, this recent article shows just how careless – or ignorant, or both – web users really are. Get this: over a twenty-four hour period, more than 11,000 Twitter users shared their email addies with the rest of the world. A safe practice if we were living in Thomas More’s Utopia, but it’s not the case if you reside anywhere on Earth, which is rife with people who would just love to use that information against you. This is just a guess, but it looks like spear phishing season is open and Twitter is the local watering hole.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Week in Review: You Can’t Spell Twitter Without ‘Twit’

This week, a phishing attack landed in the inboxes of several US government agencies, spoofing the US government’s cyber security watchdog and response agency. Complete with attachments, the e-mail’s payload was a nasty little virus that has already been tracked back to Mother Russia. To make matters a little embarrassing, perhaps, it’s not enough that the agency which was spoofed in the attack has reported a disruption of its own systems, but it’s also the government body responsible for identifying and mitigating just this type of thing.

On January 11, news erupted of a rather malicious little spoof email that circulated through the mail servers of several national, state and local government agencies and even private sector employees. The scam in question was an email pretending to be the product of US-CERT, the United States Computer Emergency Readiness Team, a division of the Department of Homeland Security.

Sent with fake source addresses that included soc@us-cert.gov and the subject line Phishing incident report call number: PH000000XXXXXXX and an attachment named US-CERT Operation Center Report XXXXXXX.zip, a nasty little file which was anything but a report. In fact, after some quick investigation, the attachment – which executes a file named US-CERT Operation CENTER Reports.eml.exe – was discovered to be a variant of the infamous Zeus virus known as ‘Ice-IX’, a keylogger that steals banking and other personal information. As if that isn’t enough, the worm also bypasses firewalls and other protection schemes.

Oh, the Irony!

US-CERT responding by doing what it’s supposed to do: it posted a bulletin and notified agencies. And while not admitting that anyone at US-CERT actually opened the little bugger, an operator at the agency has stated

“difficulty receiving emails due to the phishing campaign”

according to SC Magazine. A little embarrassing, considering that this is just the type of thing US-CERT has been mandated to protect against, it’s a forgivable fumble considering that the scam artists continue to get wilier and more creative in their attacks.

In an ‘it never hurts to state the obvious’ moment, US-CERT included the following advisories in its security bulletin:

US-CERT encourages users to do the following to reduce the risks associated with this and other phishing campaigns:

• Do not open the attachments in email messages from unknown sources.
• Install anti-virus software and keep virus signatures files up-to-date.
• Refer to Recognizing and Avoiding Email Scams (pdf) documents for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for information on social engineering attacks.
• Refer to Recovering from Viruses, Worms, and Trojan Horses document for additional information on how to recover from malware.

From Russia with Malice

The story gets a little more interesting from here, when Nextgov.com reported on Wednesday that

“Researchers outside of US-CERT traced the malicious software to a botnet – a remotely-controlled network of infected computers – that is taking commands from computers located in Russia.”

It’s not clear why researchers outside of US-CERT traced the location – it would seem natural that US-CERT was capable of doing that sort of thing. Isn’t it logical to assume that’s what the “response” part of their name is for?

Regarding the attack and its location, there’s clearly no love here, only malice. So why was an e-mail from Russia so specifically targeted at and around US-CERT and US government agencies? It’s extremely unlikely that this was state sponsored – the method used and speed at which it was detected suggest something far too ham-handed to be anything that nefarious. So taking that into consideration, the incident still poses something of an oddity. If a group, say organized crime – which is alive and well in Mother Russia – was responsible for the attack, what could they possibly hope to gain by phishing government agencies in the US? And if it was some cyberdude named Boris, who figured he’d take time from his daily routine of scamming innocents to pry into US-CERT’s activities, he certainly isn’t the brightest cyberdude in cyberspace.

It’s very mysterious, this one, and it will be interesting to see what, if anything, comes from the follow-up investigations.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

US-CERT Hooked by US-CERT Phishing Attack

In Part 2 of our look at what you can expect in the coming year, faint rumblings out of Japan suggest that one prediction from Part 1 of this article has already come true. If the very real prospect of becoming an innocent casualty of war isn’t enough to make you run backward toward the year that just passed, these bold predictions reveal how hackers will develop an even stronger sense of camaraderie, and how mobility is sure to become a four-letter word. And if you thought spamming and Internet scams made it personal in 2011, you ain’t seen nuthin’ yet.

How about that? 2012 wasn’t even seven days old when news out of Japan this week revealed some eerie premonitions of the things to come and earmarks of a bold prediction made one week ago.  Engadget, ZD Net and other media outlets are reporting that the Japanese government has been working in concert with Fujitsu since 2008 to develop a powerful ‘cyber weapon’ – a piece of software that, upon the detection of a cyber attack (such as DDoS, for example) tracks the attack back to the source.

Sounds pretty straightforward, right? Sure, until you consider that the software also attacks and disables every machine it finds along the trail. The goal, Engadget reports:

“is to stop the spread of a malicious piece of code by finding and shutting down, not just the source, but all middleman PCs that are also now potential hosts. In some admittedly extreme scenarios this weapon could potentially spiral out of control, taking out far more computers than intended.”

Hmm… Botnets are nothing more than large numbers of unsuspecting computers carrying out their attacks at the behest of the infector and ignorance of the computer’s owner. Japan’s little toy, while it sounds like it might be fun to take for a spin, could have the unpleasant and unprecedented effect of being the cause of some serious collateral damage. Casualties of war? Here’s a tip for everyone: while you still have a chance, give that fave desktop or laptop of yours a great big hug before it’s too late.

1. Hackers of the World, Unite

Robin Hood met Mafia Boy last year as hacktivism took center stage. Indeed, 2011 was an entertaining year for anyone who followed the exploits of Anonymous and LulzSec. The drama unfolded like a kabuki play born in the mind of Ken Kesey and brought to life by a troupe of mimes with Tourette Syndrome, and there were even a few arrests along the way to make this reality show really…ahem… arresting.

Prediction: We will see some new hacking activity from these groups, with some high profile web takedowns in the process. While that’s not a stretch, this is: hacker groups like Anonymous and LulzSec will grow in size substantially, resembling an ‘occupy’ type movement that will take the war online. The civil and social unrest of 2011 will turn to face the financial behemoth that is the Internet.

2. Mobility Means Vulnerability

If we learned anything about spam in 2011, it’s that spam is like that proverbial bum of a brother-in-law who’s been living in your basement for the past two years. It’s not going away, good luck making it work for you, and you will be out-of-pocket at some point. Spammers continued to use every means at their disposal in 2011, with SMS spam becoming a real pain in the neck. Security flaws in the two most popular smartphone platforms – iOS and Android – just accented what we already suspected: that spammers and purveyors of malware had taken their show on the road.

Prediction: 2012 will see a massive increase in mobile spam, and mobile devices will become the swords upon which we will live or die unless we get mobile security under control.

3. It’s Nothing Personal…Well, Actually, It Is

A significant development in spam and phishing in 2011 was the way in which the scam artists were getting smarter; you know, smarter in much the same way that a chunk of igneous rock living at the bottom of a fetid riverbed is smarter than a rotting patch of lichen hanging for dear life to the side of an oak tree. Like it or not, the scambags are wilier, finding new and innovative ways to pick your pocket without actually residing in the same time zone.

Prediction: The scambags will become even cleverer in their assaults, finding new methods to lull people into a false sense of security. How this will occur remains to be seen, but our bold prediction is that it will most likely involve highly targeted, multilevel campaigns where the scammer will use detailed knowledge of the targets, and multiple contact methods like email, phone, SMS and even snail mail to enact their evil schemes.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Bold Predictions for 2012 (Part 2)

In a turn of events appropriate for the most tumultuous year in cybercrime, 2011’s body is barely cold and we’re already smelling something suspicious from its decomposing carcass. Rumors of two worms, one well-known and the other relatively new on the scene, have some of us wondering what will happen next in 2012, and the year has only just begun. In an attempt to put the preceding year into perspective, we take a look at what might be in store for the new year and beyond with some bold and not so far-fetched predictions for 2012.

PREDICTION: A Shiny New Worm with Every Census Report, Tax Return and Piece of Monetary Currency

First up for 2012 is a prediction that all bets will be off when it comes to understanding the nature – and source – of some of the most insidious malware in the known universe. In fact, the threat and very nature of the state-sponsored malware will only get more confusing, and most likely more disturbing, as we discover where and how it’s being used.

Discovered in 2010, Stuxnet was in the news again in 2011. A worm designed to target and damage industrial control systems (like the kind found in nuclear plants), it has been a source of great debate over who created it and what its ultimate purpose represented; but few could argue that with more than forty percent of Stuxnet’s infections landing in Iran, the nation was most likely the target from the get-go. Russia and others wasted no time pointing the finger squarely at the United States and Israel as the benefactors of the worm, which surely must be state-sponsored.

It seemed inconceivable that anything could top the news that broke late in the year about Stuxnet’s connection to Conficker, suggesting that the latter, a notorious botnet, was used to deliver the payload for Stuxnet. If rumors are true that Stuxnet is state-sponsored, the implication that spam might have been part of the delivery method can and must only leave a bad taste in people’s mouths.

As 2011 wheezed out its last few painful breaths however, a new development occurred in this bizarre tale, as it was revealed that ongoing research by Kaspersky Labs on Stuxnet uncovered a direct link between Stuxnet and Duqu – a worm, discovered only in September, which shares many of the attributes of Stuxnet. In fact, media outlets are reporting that the worms are suggestive of an ‘arsenal’ of malware that has been in development as early as 2007. The code kernel has been dubbed ‘Tilded’, in recognition of the author’s habit of using filenames that begin with ‘~d’.

The Prediction: Keep your eyes open for Tilded. We will continue to see new pieces of the puzzle unveil, and they will point at the government of a country – or perhaps multiple countries working in concert – all but providing conclusive proof of the party (or parties) responsible for this new and nefarious form of warfare. What will make this story even more notorious, however, is when it becomes clear that an unsuspecting public has been a major delivery mechanism for this 21^st century warfare, through the use of spam, malware, and botnets. And if that is true, it could very well be the case that some of those spammers you curse on a daily basis are actually nation states using spam to mask their cyber intelligence activities.

PREDICTION: The Cloud Will Get Stormy

While the Cloud was one of those recurring themes that flew, for the most part, under the radar in 2011, companies like Apple and Microsoft continued to push it like it is a silver bullet and a cure-all for everything that ails small companies to major corporations.

The Prediction: 2012 will see at least three Cloud-based security events, most likely linked in some way to spam, malware, hack attacks or compromised mobile devices. Furthermore, they will be high profile events, targeting Fortune 1000 or Global 1000 companies, or less likely a government agency. Anonymous will take credit for at least one of the breaches, and there will be a link with one of the breaches to North Korea and/or China.

Next week, in Part 2 of this story, we’ll take a look at some other bold and controversial predictions for 2012, and how we can learn something from 2011 – but only if we’re ready and willing to listen to it.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Looking Back At 2011 And Bold Predictions for 2012 (Part 1)

1. Create new botnets and find new ways to increase and strengthen existing ones.
2011 saw the takedown of several major botnets as Microsoft teamed up with the FBI and went on the warpath, determined to crack down on spam.

2. Find new ways to exploit social media for gain and profit.
With Facebook still refusing to vet apps before letting them be released on the site, the possibilities for rogue apps are endless.

3. Work on new Black Hat SEO techniques.
Thanks to Google’s new Panda algorithm, which has put many so-called “content mills” out of business and made traditional search engine spam techniques such as blog scraping and splogs useless, spammers will need to come up with new ways to exploit Google’s search engine results.

4. Continue to refine spear phishing techniques.
Spammers have found that targeted attacks are more effective than the traditional phishing techniques that used a large and random group of addresses. They’ve also been finding new ways to make their fake phishing sites look more and more legit.

5. Continue to look for more loopholes and security vulnerabilities to exploit. This includes finding new ways to crack anti-spam tools like CAPTCHA and ways to hijack social media accounts and websites.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 New Year’s Resolutions For Spammers

It’s the most wonderful time of the year, and what better way to take a look back at the year in spam than poke a little fun at the moronic state of the crap that invades our inboxes? In a year that saw major security breaches, several high profile botnet takedowns, and an unprecedented surge in personalized scams and mobile spam, we stop to reflect upon it all and submit a simple postulate: what if Dr. Seuss had been a spammer?

As the year winds down to a close, it’s only basic human nature to look back at the year that just passed and reflect upon it. In the world of spamming and Internet scams, that’s bound to be a painfully long look, since this has been a year fraught with new scams, major cybercrime busts, and unprecedented levels of security threats. With mobile devices providing the newest threat opportunities, and SMS spam picking up a head of steam as scammers get creative, we must be even more vigilant when fighting spam-related threats.

What’s in store for 2012? One must shudder when imagining the possibilities. If anything like 2011, next year will represent an even more dangerous landscape, cluttered with mines and booby traps the likes of which we’ve never seen.

Dire prophecies and doomsday mentality aside, it doesn’t hurt to poke fun at spam once in a while, and during the holidays, no one is more fun than the venerable Theodor Seuss Geisel, known to adoring children and former children alike as Dr. Seuss. Like many households, it’s a holiday tradition around here to watch How the Grinch Stole Christmas!, an annual ritual which inspired this writer to wonder: what if Dr. Seuss was still with us, and what if, ahem, wait for it…Dr. Seuss was a spammer?

The thought itself is sure to bring a smile to the face of anyone who has endured the miserable drivel that infests inboxes like brown marmorated stink bugs. Poorly written and replete with ludicrous stories that must have been contrived during bad acid trips, these emails often frustrate us, and occasionally make us smile by virtue of their sheer stupidity. What they do not do, however, is give us any confidence that the human race is poised to survive much longer, if this epidemic of oafishness is representative of the current state of the gene pool.

So without further ado, here’s a humble attempt at imagining what spam might be like, if written by Dr. Seuss:

The Spammer Who Stole Christmas?

Dear stranger, forgive me for this intrusion

I hope my letter will ease your confusion.

I will not, cannot state it enough

This is rough stuff, even a little tough.

There’s a Libyan prince who lost his good fortune

And my offer to you is a share of the portion.

I cannot get the funds out of my land

And I hope you will aid me by lending a hand.

You see, there are sums in excess of millions

If you give me your name, I’ll give you gazillions.

It’s okay to give me personal information

They don’t extradite criminals in my tiny nation.

Your bank account and credit cards are essential

They’re only for scamming and merely referential.

This is for good cause, I must admit

Send money now and show you commit.

I do not wish to enter a heated debate

Send it fast, send it now, it cannot wait.

The funds are for my stately Kenyan mansion

It’s in great need of a major expansion.

Happy Holidays to all!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

If Dr. Seuss Was a Spammer

In a fine example of international relations, Russia and the United States exchanged gifts early this year when they announced that the two countries are entering a new level of cooperation on cyber threat analysis and the global war on cyber crime. Reports have it that the event was a festive affair, with borscht and Philly cheese steaks for all. The Russian and American Santa Clauses only got into a tiff once, when Ded Moroz, the Russian version of the jolly old elf, made a comment about his counterpart’s excessive waistline and predilection for butting into the gumbo line for seconds and thirds. The gift exchange was equally revealing, with the American delegation reportedly bursting into tears when memories of a painful childhood were wiped away with carefully wrapped Easy Bake Ovens and Tickle Me Elmos. To make matters worse, since neither side could reach agreement on a real or artificial tree, Denny’s graciously provided a chocolate waterfall – a poor choice in hindsight, since the American delegation is still recovering from the sugar highs.

Who said it isn’t the season to be jolly? Not the U.S. and Russia, who announced this week that the two countries are entering an unprecedented level of cooperation in the war against cyber crime. Reuters is reporting that the countries are planning an exchange of information on “technical threats” coming from the two countries, an interesting development considering the increasing strain on relations between the two nations.

Reuters reports that Caitlin Hayden, spokeswoman for the White House National Security Council, explained that a series of mechanisms “aimed at confidence building and crisis prevention” are being developed to “cope with alarming events in cyberspace.” While not giving up the entire goose, she is quoted by Reuters as saying in an e-mail that new measures include:

“regular exchanges on technical threats that appear to emanate from one another’s territory [and] no-fail communications mechanisms to help prevent crisis escalation and build confidence.”

Whose confidence exactly is a bit of a mystery, but perhaps the two nations will unveil that little gem at their New Year’s Eve gala in Vegas.

Admittedly, such partnerships have been in place for a while, such as the Nuclear Risk Reduction Center, but Hayden said that new initiatives are:

“cyber-specific and [the U.S.] would begin working with Moscow for the first time.”

Reuters points out that this development is nothing new, as U.S. Vice President Biden has been discussing potential joint ventures for the last month or so, but in a sound bite that will surely resonate through the ages, Biden stated:

“It’s a great deal harder to assess another nation’s cyber-capabilities than to count their tanks.”

So, what does it all mean? Well, even ill-informed cyber junkies know that Russia has been a significant source of problems in cyberspace, spam included. Whether this particular initiative will target spamming and scamming initiatives themselves or just the fallout from them – worms, botnets, phishing, and a litany of other unpleasantries – remains to be seen. Some might argue that spamming is a ‘white collar’ crime affecting Joe User and not befitting superpower focus and information sharing, but others would argue that the fallout from spam and its brethren actually rain hellfire down upon national security and international relations. At very least, they keep law enforcement agencies extremely busy and sometimes even left holding the bag. Recent suggestions that Stuxnet was delivered on the back of Conficker certainly leaves a bad taste in many mouths, not the least of which is Russia itself, which in September called out the U.S. and Israel over the insinuations.

From the get-go, this seems problematic, and it doesn’t get any better when one considers the strained relationship between the two nations purported to be partnering in this new initiative. On the heels of Russia’s accusations over Stuxnet, a Stuxnet-like attack occurred for the first time on U.S. soil when a water treatment plant in Illinois was attacked in November, an attack that, curiously, originated in Russia. As Reuters points out, there’s no love lost between the two nations, and in October a U.S. Intelligence report to congress revealed that Russia’s Intelligence services are:

“conducting a range of activities to collect economic information and technology from U.S. targets.”

Ouch. Sounds like this is going to be one of those Christmases where the in-laws end up tearing down the tree, setting the family dog on fire, and where the neighbors end up calling-in a domestic dispute. Here’s hoping the U.S. included a gift receipt with those matryoshka dolls.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Russia and U.S. Celebrate an Early Festive Season

Recently researchers have detected a variety of new spam campaigns coming from Cutwail. Among them are phishing attacks disguised as fake Facebook friend requests (if the user clicks on the embedded link to accept the request, they are brought to a fake Facebook login page and their details stolen), and malware laden ACH transfer cancellations and order confirmations for airline ticket reservations. These attacks are meant to alarm recipients and/or peak their curiosity and click on the provided links, which lead to malicious websites that attempt to download Trojans that add the victim’s computer to the botnet.

Currently the sites the malicious spam messages point to are hosting SpyEye, a dangerous type of malware designed to steal login credentials and other personal information such as banking info and launch transactions with that info. Bobax is a Trojan that sends information about the computers it infects to its command and control servers, scans the computer’s data for email addresses to harvest, and uses the infected system to pump out spam.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Cutwail Botnet Still Going Strong

Stuxnet, arguably the most interesting and bone chilling discovery in the history of computer security threats, is back in the news this week. This time, however, it’s brought a friend – one familiar to security experts and IT personnel alike. If the report from one of the world’s foremost experts is accurate, then it’s going to be a merry Christmas indeed for conspiracy theorists and lovers of international intrigue – and potentially a headache for a couple of governments which are being pressed to fess up about the true origins of Stuxnet and Conficker.

When its presence became known in June 2010, the mere existence of the Stuxnet worm sent shudders through international cybersecurity circles. In case you were off-world at the time of the incident, here’s the skinny: Stuxnet is spread via Microsoft Windows and targets Siemens industrial software and equipment. Although it’s not the first time hackers have targeted industrial systems, it is the first malware to spy on and compromise industrial equipment, and the first to include a programmable logic controller (PLC) rootkit.

What made Stuxnet particularly interesting to conspiracy theorists was where, specifically, it landed. 60% of occurrences of Stuxnet infections were in Iran, and five variants of the worm were discovered at various Iranian facilities, with the apparent target being Iran’s nuclear programme. Stuxnet’s ability to control Supervisory Control And Data Acquisition (SCADA) systems – the kind found in industrial plants – has wreaked havoc on the Iranian nuke programme, particularly at the country’s uranium enrichment facility at Natanz, where, according to Haarretz, “the centrifuge operational capacity has dropped over the past year by 30 percent.”

News of the industrial worm quickly became the stuff of a Tom Clancy novel or Hollywood thriller. Stuxnet’s sheer sophistication and the level of resources required to enact such an attack made it clear that Stuxnet was most likely state-sponsored. Accusations flew about the originator of the worm, and in a fine example of inductive reasoning, fingers were squarely pointed at the U.S. and Israel.

Enter Conficker

Much ado has been made of Stuxnet, and as might have been expected, nothing’s been proven about the source of the worm; but in what is sure to be only the beginning of a heated new debate, this week several media outlets have reported that a

“a celebrated ‘uber-hacker’ with 18 years of service in Special Operations and intelligence,” has linked Stuxnet to Conficker. No, that wasn’t a typo.

John Bumgarner, a retired U.S. Army special-operations veteran, former intelligence officer, and current CTO of the not-for-profit U.S. Cyber Consequences Unit, says he discovered the link between Stuxnet and Conficker only after,

“spending more than a year researching the attack on Iran and dissecting hundreds of samples of malicious code,” according to Reuters.

In case you’ve been off-world AND living under a rock, Conficker is one of the most devastating and pervasive worms, discovered in 2008 and infecting millions of computers in over 200 countries. The worm is traditionally thought to be the work of an organized crime gang in Eastern Europe, because, much like Stuxnet, Conficker is very sophisticated, probably required immense resources to create, and is extremely difficult to detect and destroy.

“Conficker was a door-kicker,” Reuters quoted Bumgarner. “It built out an elaborate smoke screen around the whole world to mask the real operation, which was to deliver Stuxnet.”

Let’s be clear: Bumgarner thinks he knows who is behind the two programs, but he’s not saying who, because the matter is “too sensitive to discuss.”

According to Reuters, “The White House and the FBI declined to comment,” and, “Prime Minister Benjamin Netanyahu’s office, which oversees Israel’s intelligence agencies, also declined comment.”

Is it really possible that the botnet propagated by Conficker was all for the purpose of setting up a state-sponsored attack?

Huh?

Things get even stranger from here. In September, Techworld reported that for the first time the Russian government has officially blamed the U.S. and Israel for Stuxnet, calling it “the only proven case of actual cyber-warfare”. And wouldn’t you know it? In related story, a water plant in Illinois was hacked in mid-November, an attack that apparently originated from Russia, and like Stuxnet, targeted the plant’s SCADA system.  In the attack, the hackers gained control of the plant’s equipment and damaged it, the first such type of attack on U.S. soil.

Confused? You should be. If we’re to glean anything from these latest developments, let’s at least take away the following: that a) Conficker may have been the delivery mechanism for Stuxnet, and b) Jerry Bruckheimer’s probably finalizing scripts at this very moment.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Conficker Linked to Stuxnet, Conspiracy Theory Activity Up 530%

With the world about to end on Tuesday, you probably have more pressing matters on your agenda, like kissing your kids goodbye, donning your tinfoil hat, booking the first available space ark to Mars, and spending some last special moments with the one you love the most – the Internet – using that quality time to finish those Torrent downloads, grab some virtual games for the long trip, and search for a good recipe for soylent green. But just in case the Earth doesn’t get into a smackdown with an asteroid the size of an aircraft carrier and we’re not all converted into the cosmic equivalent of a badly shipped box of corn flakes, you may want to take note of the latest SSL Certificate security breach. And when you hear how long the purported malware has been infecting their servers, you may be tempted to dust off your old typewriter and dig your fax machine out of the rummage pile in the basement.

The encryption method that provides nearly every secure online transaction today is reliant upon third parties – the Certificate Authorities – to ensure that every connection is digitally signed as a reliable source; so what if those certificates are compromised? Well, for starters, we may be taking on some new computer overhead in the form of botnets or spyware. But that’s just speculation, right? CAs offer secure digital transactions and we can all sleep at night, right?

[Sigh]. The hits just keep on coming in a year that has seen massive security breaches and data breaches, the unprecedented rise of hacktivism, the hacking of SSL/TLS, deadly new botnets and smarter spammers. Amidst all these high-profile stories, it may be tempting to turn a blind eye from a number of security breaches at SSL Certificate Authorities in 2011, and in case you were wondering, there have been a few. In fact, more than a half dozen CAs have been breached this year, including four different Comodo resellers, DigiNotar, StartSSL, and the ubiquitous GlobalSign. Now, the fine people over at The Register are reporting that KPN Corporate Market, based in the Netherlands, has ceased issuing any new Secure Sockets Layer certificates after it discovered attack tools stored on its servers.

The tools in question were Distributed Denial of Service (DDoS) attack mechanisms and while that may seem like serious business to most of us, KPN wants to assure us that it probably isn’t anything to worry about.

“There is no evidence,” The Register states, “that the compromise affects KPN servers used to generate the certificates that Google, eBay, and millions of other services use to cryptographically prove their websites are authentic, rather than easily created imposters. But the possibility cannot be completely excluded” KPN officials said in a statement issued Friday (Google translation here).

Okay, it most likely isn’t anything. Well, it could be something, but how can anyone possibly know? I mean, it’s not like the malicious software has been sitting there on the certificate servers, for like, oh, I don’t know, four years or anything. Right?

KPN states that they were taking action while they continue to investigate the breach, “which may have taken place as long as four years ago.”

C’MON, MAN! Four years? Are you freaking kidding me? To put that into perspective, that’s one-fifth of the lifetime of the World Wide Web. CA’s are supposed to be the front line of defense against botnets, spyware, adware, and a host of other security risks. I don’t know if it’s even possible (I’m sure it is) to estimate just how many certificates have been assigned in four years, but when you consider the aforementioned breaches of other CAs – all this year – it makes one wonder if we’ve been treading water in the River Styx all these years. “The compromise underscores the fragility of an SSL system that’s only as trustworthy as its most insecure, or most corrupt, member,” notes The Register. Around since 1994, there is plenty of speculation today to suggest that SSL is truly broken.

The Register points out that there are more than 600 CAs trusted by today’s mainstream browsers and all that’s needed to forge a replica of a credential for [insert website here] is unauthorized access to one CA. From an anti-spam perspective, it’s bad enough that we have to worry about the websites that represent a clear and present danger. What happens when we can’t trust any sites?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Latest SSL Certificate Breach Sparks Renewed Interest in Phone Booths, Typewriters and Fax Machines

Just in time for Halloween, one of the world’s stealthiest, most pervasive, and just plain terrifying botnets has received a complete makeover. A disturbing development in an arena where adware, malware, botnets and Trojans are already making our worst nightmares come true, the new face of TDL4 suggests that our anti-spam efforts will become even more trying. Not to be outdone, M. Night Shyamalan is rumored to be taking the directing helm for an overtly artsy movie treatment of the situation. Mercifully, reports suggest that the movie will circumvent theaters and go straight to Blu-Ray.

In an attempt to reinforce the gravity of the situation – and in keeping with the time of the year – we could implement some irritatingly flashing lights, pithy onomatopoeias, and ghoulish sound effects to convey the gravity of the situation; but like some of the greatest horror movies in the history of Hollywood, this is one of those instances where special effects and overdramatics just aren’t needed. This one is standalone scary. The TDL4 botnet, also known as Alureon and TDSS, recently received a thorough makeover, and if it’s as bad as some of the researchers are reporting, we may be the ones picking up the tab for the rootkit’s sexy new look.

Considered by many as the most sophisticated threat out there, TDL4 already had a reputation for being a naughty little boy before this most recent development in its evolution. With the ability to evade detection – either signature or heuristic based – and its encryption-based communication between bots and the botnet command and control center, TDL4 also contains a rootkit component which forces payloads of keyloggers, adware and other malware onto infected systems.

A major aspect of TDL4’s new look is in the way it infects its prey. According to The Register, “The makeover includes changes to the way TDL4 attempts to remain undetected by antivirus programs and other defenses. Newer versions create a hidden partition at the end of the infected machine’s hard disk and set it to active. This ensures that malicious code stashed in it is executed before the Windows operating system is run.” Furthermore, the malware has a nasty way of protecting itself against removal. “The partition is equipped with an advanced file system that checks the integrity of TDL4 components. If any of the files are corrupted, they’re removed.”

A chilling aspect to this story is the premonition that the reason for TDL4’s overhaul is most likely due to some new opportunities to conduct some nefarious business. “The code overhaul,” writes The Register, “may mean that operators of TDL4, which is used to force keyloggers, adware, and other malicious programs onto compromised machines, may have started providing services to other crimeware groups.” It’s pervasive and fast-moving, too. In June, the rootkit overtook 4.5 million computers in just three months.

In 2010, Vyacheslav Rusakov examined the rootkit in great detail and noted that, “There is no doubt that TDL-4 is ‘armed to the teeth’ and poses a very serious threat to users.” He also notes an increase in infections of 64 bit systems, not surprising since TDL4 was, “among the first rootkits to infect 64-bit versions of Windows by bypassing the OS’s kernel mode code signing policy. With the continued and increased usage of 64 bit systems, it’s inevitable that more and more malware will target these systems, and there are inherent problems with this new breed of malware. Rusakov points out that, “most contemporary antivirus, and specifically anti-rootkit, technologies are no match for threats targeting 64-bit platforms, which makes the average malware writer’s life much easier.”

As usual, we’re either just keeping up, or more likely, falling behind in the battle against malware. “The latest changes suggest that the relentless innovation of those developing TDL4 shows no signs of slowing,” reports The Register, and there’s no arguing with the obvious.

As I write this article on the eve before Halloween, I stop to stare out my window at the first snowfall of the pending winter. The last remnants of the summer – the dead and dying leaves – are unceremoniously ripped from the trees by an unfriendly arctic blast. Perhaps it’s my overactive imagination combined with the starkness of Halloween, but the imagery seems fitting.  If this new demon that is TDL4 is half the monster that they’re saying it is, 2012 is going to be a scary year.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

BOO! TDL4 Botnet Makeover Scary as Hell

In a shocking development for anyone still living in 2009, this week the U.S. Government has decided to tackle botnets head-on. Some have speculated that a high-up mucky-muck over at DHS thought it would be ‘a pretty neat thing to do,’ considering the timing (Hugh Jackman’s Rocky reboot robot revival Real Steel also hit theatres this week). While government spokespeople deny rumors that Optimus Prime is involved in this radical move, most ISPs are groaning, rolling their eyes, and wondering where they put their contact information for Megatron.

Sigh. In a world of the mundane, the lamest is the King of nothing special. Once again this week, the U.S. Government proved that axiom and their incessant ability to underwhelm when it comes to the ever-heated battle of the botnets. Multiple reports have cited the Department of Homeland Security (DHS), National Institute for Standards and Technology (NIST), and others as generating a wormhole in space-time this week and stepping back into 2009, when and where they encouraged ISPs to adopt a code of conduct for preventing, detecting, and dealing with botnet activity.

Okay, the wormhole may be a stretch, but perhaps you now understand the tone of this article. This baffling move on the part of the government is strange, uncomfortable and highly inappropriate, for several reasons. First, it’s not and never should be the role of government to ‘gently suggest’ (i.e., threaten to legislate) best practices in a business and technology they know nothing about. Let’s face it: the U.S. Government has problems of its own without pointing out to someone else that their fly  is open. If you doubt me, look here, here, and here.

Second – and not to sound like a conspiracy theorist – but any time there’s a threat of the government sticking its fingers into people’s personal information, one cannot help but feel uncomfortable. In a request for information on the Federal Register on a voluntary ‘Code of Conduct,’ DHS said that one possible suggestion was to “encourage ISPs to send consumer support queries to a centralized consumer resource center that could be supported by a wide number of players. Such a resource center could reduce the burden on corporate customer support centers by pooling resources.” If you’re anything like me, reading that passage is probably giving you an irritating twitch in your right eye just now.

Finally, and most importantly, if one is to take a leadership role, one actually must…uhm, how can I put this delicately? Lead. There it is. The fact is, what the U.S. Government is trying to do seems like a severe act of self-deprecation, if the purpose of the meeting this week was to point out to the world that they weren’t aware that the ISPs have been doing just fine, thank you very much, in dealing with botnets over the past few years. Writes Kelly Jackson Higgins on Dark Reading: “ISPs such as Comcast, which two years ago was one of the first to employ a bot-notification service, notify customers whose machines they spot as bot-infected. Comcast’s free Constant Guard Security program directs the infected user to the antivirus center, where he follows directions to remove the bot malware.”

Fortunately, I’m not the only one who sees it that way. In fact, there’s a long line of private sector organizations who are ready to tell the government to keep their greasy paws off of something they know nothing about: “The Messaging Anti-Abuse Working Group (MAAWG), which is made up of ISPs, email providers, and security vendors including AT&T, Cisco, McAfee, Facebook, and Verizon, sees the federal effort as unnecessary and redundant, and is balking at the idea of the government legislating how ISPs handle bot-infected customers.”

Boo-yah! No kidding. No one can blame the ISPs for getting antsy when government suggests a central repository (it incites thoughts of a suppository. Just saying.) for information on their clients – us – and I can’t see this one going too far, based on early reactions from the non-government players.

So where does that leave us? Well, we can’t dismiss some of the information that came out of this event. According to press release from NIST, there are an estimated 4 million new botnet infections each month. The White House’s Cybersecurity coordinator pointed out in his keynote address that fighting these infections “requires a combination of efforts in which everyone has a role to play.”

Great, now get out of the way and let the ISPs do what they do best.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

U.S. Gov’t Time Travels to 2009 to Fight Botnets; No One Cheers

Operation b79 is the codename assigned to the investigation, the third major initiative of Project MARS, the Microsoft Active Response for Security program. The DCU worked closely with the Trustworthy Computing Team and Malware Protection Center to combat botnets, which benefits the entire Internet community; not just Microsoft’s customers. Kelihos may not have been as large as Waledac, but with an estimated 41,000 compromised hosts, it was capable of sending out over 3.8 billion spam messages a day. Kelihos was spreading, which means that this takedown probably prevented a larger problem from happening.

The DCU gathered enough evidence against the defendants to obtain an ex parte temporary restraining order, which was issued by the US District Court for the Eastern District of Virginia. Kyrus Tech, Inc., a declarant in this action, is based within that jurisdiction. The restraining order enabled the severing of connections between infected computers and the command and control servers hosted within the cz.cc domains.

Notices of civil court proceedings were served to Piatti the same day. While Kelihos was not as massive a botnet as Waledac, this represents the first time that a named defendant was served notice the same day as the botnet was taken offline. Work is ongoing to identify and serve the other twenty-two defendants.

Microsoft’s Digital Crimes Unit (DCU) analyzed the Kelihos code, and identified large segments of the code in common with Waledac. This indicates that both were developed by the same author(s), or that Kelihos is an updated version of Waledac. The DCU also determined through their investigation that Piatti and the dotFREE Group SRO, along with others, own the cz.cc and subdomains including lewgdooi.cz.cc, and were using them to control the Kelihos botnet. These and other subdomains are associated with other suspect activities, including the delivery of the MacDefender scareware that infected computers running Apple’s operating system. Google had also previously blocked domains under cz.cc from search results because the websites were hosting various types of malware.

Notices of civil court proceedings were served to Piatti the same day. While Kelihos was not as massive a botnet as Waledac, this represents the first time that a named defendant was served notice the same day as the botnet was taken offline.

You can read more about the DCU investigation, and the legal actions taken against the defendants at http://blogs.technet.com/b/microsoft_blog/archive/2011/09/27/microsoft-neutralizes-kelihos-botnet-names-defendant-in-case.aspx.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Microsoft Does it Again, Takes Down Kelihos Botnet

However, since spam is entirely reliant on electronic communications, it can easily be tracked and studied. By collecting data from anti-spam tools and filters those tasked with fighting the spam menace can put together information that not only helps them discover trends, but helps the end user gain the all important education that so many professionals feel is the best way to attack the problem of spam.

So, if you are one of those who wish to better educate yourself, or better educate others, read on.

Trends in the subject lines

One of the easiest ways that end users can identify spam is through the content of the message itself. Starting with the subject line.

Spammers understand the need to entice victims into opening the email by using an intriguing subject line. To do this they either try to scare the recipient with a warning message or instill curiosity by using a short, non-descriptive subject.

In early August spammers took a more retro approach using a subject line stating that a package from UPS, FedEx or DHL could not be delivered. More recently the following subject lines have become popular:

• One that simply reads “Changelog”
• One that states the email contains an end of the month statement requiring immediate attention
• One that claims to have come from a company’s internal accounts department
• A warning that the recipient is being notified of traffic charges
• Those promising adult content

Where is spam coming from?

It is no secret that most spam originates from developing countries. While the targets may be the inboxes of those living in the United States, Great Britain and Canada, they rarely come from these countries.

The top ten originators of spam messages are:

1. India – 15.6%
2. Indonesia – 11.7%
3. Brazil – 9.2%
4. Peru – 6%
5. Ukraine – 5.8%
6. Korea 3.6%
7. Colombia 3.6%
8. Taiwan – 3.2%
9. Italy – 3%
10. Thailand – 2.1%

Spam as a marketing tool

When people think of spam they often think of its use as an advertising medium. For years people have used different messaging systems to generate interest in their products. By category, the most commonly advertised products/services from the past month are:

1. Pharmaceuticals and medical services – 45.7%
2. Financial services – 20.6%
3. Adult content – 5.8%
4. Computers – 5.5%
5. Education – 4.3%
6. Travel – 1.7%
7. Gambling – 0.9%
8. Interior design – 0.7%
9. Surveys – 0.3%
10. Electronics and gadgets – 0.3%

Email attachments and spam

While marketing is commonly associated with spam, many spammers realize that the profit from their trade comes from other revenue streams.

Infecting computers with malware can yield much higher returns for spammers as these infected computers can be controlled as zombies or botnets, deliver scareware in the form of fake anti-virus software or simply send passwords and financial information back to a database.

Ever wonder what it is that infects so many computers? Take a look at the malware that was frequently sent via email during the month of August:

1. Trojan-Spy.HTML.Fraud.gen
2. Email.Worm.Win32.Mydomm.m
3. Trojan-Downloader.Win32.Deliver.II
4. Trojan.Win32.Yakes.bss
5. Trojan.Win32.Yakes.bwb
6. Trojan-Dropper.Win32.Injector.azq
7. Trojan-Downloader.Win32.FraudLoad.ibu
8. Trojan.Win32.Yakes.bqc
9. Trojan.Win32.Yakes.btp
10. Trojan-Dropper.Win32.Injector.bvw

Phishing

Phishing still remains a popular reason for people to send spam. The number of messages that can be considered phishing attempts has been increasing steadily.

The list of websites targeted by phishing scams covers a broad range of sites with online shopping, financial services, social networking, online gaming and even the US government represented:

1. PayPal – 35.91%
2. eBay – 10.17$
3. Habbo – 9.77%
4. Facebook – 8.67%
5. Orkut – 6.03%
6. Santalander – 3.19%
7. Google – 2.84%
8. RuneScape – 2.62%
9. Halifax – 2.37%
10. Internal Revenue Service – 1.94%

Even though the numbers in each of these lists represents only one month out of the year they show us two things: spam remains a serious threat that continuously needs to be addressed, and with the scope of the various threats changing from month to month education regarding spam is more important than ever.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

A Look Inside Spam’s Numbers

It may be the dog days of summer, but spam never takes a vacation. Here’s a look at the latest spam headlines and trends.

Maryland Rep’s Hurricane Spam Raises Ire and Questions

“Spam King” Indicted on New Facebook Spam Charges

Botnet Criminals Getting Desperate

Canadian Businesses Prepare for New Spam Law

Spam Volume Reaches Pre-Rustock Takedown Levels

Know of a story we missed or have something to say about one of the stories above? Leave a comment and talk to us!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

August Spam Roundup

1. telecomitalia.it- This ISP, based in Italy, has nearly 70 different open and unresolved spam issues including domains hosting spam, phishing scams, and SQL injection attacks, along the harboring of a known spam gang.

2. telefonica.com.ar- With domains hosting the command and control servers of several botnets, phishing sites, a known spam gang, a fake Internet pharmacy site, and many confirmed spam sources, this ISP has nearly 60 open and unresolved Spam issues.

3. hinet.net- Once a haven for the Canadian Pharmacy spam campaign, this ISP harbors many spammers, some phishing sites, a known spam gang, the Pharmacy Express spam campaign and has a reputation for being a bulletproof host. So far it has 55 open and unresolved spam issues.

4. unicom-cn- This ISP was found to be hosting at least some of the command and control servers for the Zeus botnet. It also hosts dozens of spam domains. It currently has 52 open and unresolved spam issues.

5. unicom-hl- With domains hosting botnet command and control servers, phishing sites, and malware, this ISP comes in at #5 with 44 open and unresolved spam issues.

6. shawcable.net- This ISP hosts several botnet command and control servers, a known spammer, several phishing sites, and more. So far it has nearly 40 open and unresolved spam issues.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Top 6 Spam Friendly ISPs

Microsoft has announced that they have reduced Hotmail spam by 90% and overall spam levels by 15%. The company says the reduction of Hotmail spam is due to the implementation of several tools including connection-time filtering, content filtering, blocklist and safelist preferences.

“Way back in 2006, Hotmail had a big spam problem, and we got a deservedly bad reputation for it,” group program manager for Hotmail, Dick Craddock wrote in a blog post. “Since then, we’ve made amazing advances, and over the last few years, we’ve wrestled the spammers to the ground. Between 2006 and 2009, we dropped true SITI (Spam In The Inbox)  from 35% to under 5% with a variety of investments including connection-time filtering, content filtering, blocklist and safelist preferences, and more,’ Craddock wrote. “Of course, the spammers continue to come and continue to get more and more clever. But we’ve not only held the spammers at bay, we’ve actually reduced SITI even more.”

Microsoft says the reduction in overall spam levels is thanks to the spam fighting techniques it uses, called SmartScreen. Its efforts to shutdown botnets, which have been very successful so far, have also contributed, but some experts are skeptical of the claims regarding SmartScreen.

By teaming up with the FBI, the company has managed to take down the Rustock and Coreflood botnets and is actively working to find those responsible, going so far as to offer a $250,000 bounty to anyone who provides information that leads to the apprehension of the person or persons responsible for running Rustock.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Microsoft Claims To Have Cut 90% of Spam

A recent study has revealed that computers running the ancient Windows XP operating system are responsible for the majority of infected PCs that make up botnets and spread spam and malware. 74% of all rootkit infections are found on XP systems. Rootkits are the malware of choice for scammers and botnet operators. They provide a backdoor into the infected system and allow them to have complete control over it.

The study suggests that the main reason for this is that XP is no longer supported and that most of the users who are infected are running copies of the OS that are pirated, SP2 or early, or unpatched altogether. It’s strongly suggested that legitimate XP users upgrade to SP3, or better yet, upgrade to Windows 7 64-bit. Win7 64-bit is much more secure and rootkit infections are rare. That said, there is a at least one rootkit variant that has been successfully installed on a Win7 system:

That malware, which goes by a number of names — Alureon, TDL, Tidserv and most recently, TDL-4 — is especially devious, as it installs the rootkit into the Master Boot Record (MBR). The MBR is the first sector — sector 0 — ofthe hard drive, where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks.

That shouldn’t deter any XP users from upgrading, and companies should upgrade to a more recent OS that is still supported with regular security patches releases, or to a generally more secure OS such as the Mac OS. The last thing you want is for your company PCs to be turned into spam machines!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

XP Users Are Zombies!

Taking down one of the world’s largest and most infamous botnets isn’t enough for Microsoft. Now they want the masterminds behind it and are willing to pay big bucks to get them. According to EWeek, the company is offering $250, 000 to anyone who provides information leading to the arrest and conviction of the individuals responsible for creating and running the Rustock botnet.

“This reward offer stems from Microsoft’s recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it,” Richard Boscovich, senior attorney for Microsoft’s Digital Crimes Unit, wrote in a July 18 email posted on The Official Microsoft Blog. “The legal action Microsoft has taken in civil court has already been successful, helping us take down the Rustock botnet and disrupt its operations.”

Rustock was taken offline by a joint effort of Microsoft and the FBI earlier this year. At its peak it was responsible for nearly half of the world’s spam volume, with nearly 2 million zombie computers at its beck and call. The botnet’s IP addresses were blocked after the FBI, armed with an injunction won by Microsoft, seized its command and control servers. The servers were located at 5 hosting providers around the country: Denver CO, Scranton, PA, Kansas City, MS,  Dallas, TX, Chicago, IL, Seattle, WA and Columbus, OH.

Microsoft has been taking a very hard line on botnets recently. It also took credit for taking down the Waledec and Coreflood botnets.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Want a Cool $250K? Nab a Spammer!