While criminals thought it was based in Eastern Europe, the Internet’s top English-speaking cybercrime forum was secretly run by the FBI from this building on the banks of the Monongahela River in Pittsburgh.  Photo: John Monroe Butler/ Wired.com

Kevin Poulsen reports that DarkMarket.ws, an online community center for thousands of identity thieves, hackers and credit card swindlers, has been secretly run by an FBI cybercrime agent for the last two years, until its voluntary shutdown earlier this month, according to documents unearthed by a German radio network.

Reports from the German national police obtained by a Southwest German public radio station, blew the lid off the long running sting by revealing its role in nabbing a German credit card forger active on DarkMarket. The FBI agent is identified in the documents as J. Keith Mularski, a senior cyber crime agent based at the National Cyber Forensics Training Alliance (NCFTA) in Pittsburgh, who ran the site under the hacker handle Master Splynter.

Read the rest of this entry »

The Internet Engineering Task Force provides RFC2821, which is an excellent reference for understanding the details of email transport protocols.  In order for email administrators to know what they are up against, in thwarting spammers, RFC2821 should “the” primer to ingest.  I’m sure spammers have this document memorized, before embarking on their spamming offensives.  To know the enemy, we must read what they read.

RFC2821 provides a rudimentary diagram, which powerfully explains the SMTP Model.  A simple explanation sets the stage for a basic SMTP understanding.  Once an Administrator grasps the basic concepts, then more of the details become easier to follow. Read the rest of this entry »

The latest wave of fake headline spam appears to be capitalizing on people’s fears of a disaster. Security experts have discovered a new wave of malicious spam that claims a nuclear plant has exploded. So far there are at least three versions. One claims the plant is near London, one claims it is in Ontario, Canada, and one claims it is in Sydney Australia. (There is no nuclear plant in London or Ontario and the one in Australia is not near Sydney.) The spam messages ask the recipient to click on a link claiming to be a news video of the catastrophe-but it’s actually a Trojan that if downloaded will allow a hacker to take control of the PC. Experts believe the gang responsible for this latest wave of malicious spam is located in Russia. Not coincidently, the spam wave began on September 11th.

A massive new spam attack has security vendors warning IT admins to ramp up their spam filters. The spam is of the fake but lurid headline variety, but this time the fake headline targets presidential candidate Barack Obama. The email claims to be a breaking news story about an Obama sex scandal and includes a link to a video claiming to show the senator in a sexual tryst with several Ukranians during his visit to that country last year.

Anyone who clicks on the link is treated to a 14 second pornographic video, which masks the fact malware is being downloaded to their computer. The malware includes a Trojan that allows a hacker to take full control of the PC and a keylogger that sends every keystroke to a remote server controlled by the hacker. This type of malware could be particularly disastrous should an employee unwittingly download it onto a company PC and give a hacker access to sensitive corporate info, so beware and make sure those spam filters are working!

Federal authorities in New Orleans have indicted a Brazilian man on charges he was planning to sell a botnet he created to a Dutch spammer. Prosecutors say 35 year old Leni de Abreu Neto created a botnet of over 100,000 compromised computers and was in negotiations to sell it to Nordin Nasari of The Netherlands, a spammer who wrote the virus Neto used to take control of the computers in his botnet. Nasari agreed to purchase the entire operation for $36,800. While Nasari s being prosecuted by Dutch authorities, Neto faces charges here in the U.S. and is facing up to 5 years in prison and a fine of up to a half million dollars. Read the rest of this entry »

The other day I receive a frantic call from a client.  I’ve received this call hundreds of times.  All staff is being bombarded with spam from each other.  The client goes on to explain “staff is not sending these spam emails to each other”.  Now he wants to know how all this spam is getting through the spam filter.  While he was talking to me, I surf over to the company web site.  On the “Contact Us” web page 50 to 60 staff names are listed with their email address.  Now I explain to the client that spammers added to their mailing list by peeling off all email addresses listed on the web site.  Additionally, the spammers added valid staff email addresses to the “From” field of each spam email.  So the spam filter allowed the emails to go through. Read the rest of this entry »

Spammers have long been using lurid headlines based on current events to trick people into opening their messages and clicking on the links they contain. Their latest trick exploits the alert features of both CNN and MSNBC. Users are receiving mail that looks like a breaking news alert from one of the popular news sites. The headlines range from shocking (“Elizabeth Taylor Found Murdered” to amusing “Europeans Dislike Americans’ Attitudes”). While most are fake, some are real,(“NFL Greats Inducted Into the Hall of Fame”) which makes the emails seem legit. Read the rest of this entry »

GFI MailEssentials does an excellent job of leveraging third party blacklists such as ORDB, SpamHaus, Spamcop. This tool protects your email users from receiving spam. What do you do, if your company email server gets blacklisted? “No way” you say. This scenario can and does happen to companies that run a legitimate and ethical business.

Being blacklisted can temporarily put a chokehold on company communications. It’s like being an innocent person on a spammer wanted flyer in the post office. This situation can have a direct impact on company profits.

Not locking down your server to prevent relaying is not the only reason an email server can be blacklisted. Although there are many reasons, at this moment it’s not important why this happened. What’s important is to quickly coordinate getting your SMTP server off the blacklists. Read the rest of this entry »

After weeks of dragging its heels, Apple has finally patched a dangerous DNS flaw that could have allowed scammers to execute a domain poisoning attack-essentially hijacking a legit domain and redirecting its traffic to a malicious look alike site. (Most other vendors, including Cisco and Microsoft, took immediate action when the flaw was announced.) A user could type in the legit site’s URL and be redirected to the malicious one with no warning signs. As most security vendors and IT departments recommend directly typing a site’s URL into the browser rather than clicking on an emailed link as a way to prevent a phishing attack, the flaw, discovered on July 8 could have had a potentially devastating effect on the net and it’s users. Read the rest of this entry »

The FTC has updated the CAN-SPAM law. Here’s what you need to know to remain compliant:

The first change is in the unsubscribe requirements. You can’t require a fee for unsubbing, make them visit a website to unsub, send any kind of reply to an unsub request (not even a confirmation), or ask for any information other than an email address. Any company requiring a recipient to log in to its site to unsub from a mailing list will have to change that fast.

The next change involves the sender. CAN SPAM now defines the sender as the entity whose products are being advertised in the email. That person is the one responsible for CAN SPAM compliance. If a commercial email contains multiple ads, the address in the from line becomes the designated sender.

Yet another change involves physical addresses. It is now okay to use a post office box as your physical address, although an actual street address is still the best way to go.

The second to last change is legalese. As far as the FTC is concerned a “person” now includes groups, organizations, businesses and non profits. This means that now all promotional emails, even those sent by charitable organizations, must comply with CAN-SPAM

The final chance has to do with forwarding. Any promotional emails that encourage the recipient to forward it to their friends must now comply with CAN-SPAM.

It’s important to review these changes and the entire law with your marketing department. You may also want to check with your legal department just to be sure you’re doing everything you can to stay compliant!