A new spam campaign is brand jacking popular social networking site LinkedIn to spreadlinks leading to shady domains. The emails, which look like notifications from the site telling the recipient they have a message waiting, contain links that allegedly lead to the messages. Instead they take the recipient to a pharmaceutical site offering fake prescription drugs and male enhancement products.

Spam involving these sites is nothing new. Even though the infamous Canadian Pharmacy ring was severely incapacitated when first Spamit and then Rustock went down in 2010, it hasn’t stopped spammers from trying to cash in on these fake pharmacies. While some actually sell drugs, they are almost always fakes made in India. Since these copycat drugs are made with absolutely no regulations or oversights, the FDA issued a warning to consumers to avoid ordering from these types of sites. There are also variants of these sites that are little more than fronts for phishing operations (people place their orders but never get anything and their CC info is stolen) or attempt to deliver malware.

While like most phishing emails, hovering your cursor over the URL will reveal that the link is fake, there are still people who see the LinkedIn branding and click, thinking it’s legit. What’s more unbelievable is that some of those people will actually stay on the site and buy something.  As long as these tactics work, spammers and phishers will keep using them.

Have you ever fallen for a phishing email? Even if you only clicked on the link, it counts. Share your story with us!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Fake LinkedIn Emails Delivering Spam

Facebook was hit with another spam attack recently. This one took place over the Thanksgiving weekend and affected the site’s community forums, where users go to get tech help from other users. The attack, which flooded the forum with links for supposedly free live streaming sports events, was so huge that it prevented those users from getting help. Spam was appearing on the forum at the rate of roughly one per minute. While some experts believe the timing was meant to take advantage of holiday and the reduced staff coverage that resulted, anyone who is a regular user of Facebook knows that the site refuses to offer any tech support or customer service aside from a not-very-useful “Help Center”. Reaching a live person is simply not possible, and requests for help posted on their “Known Facebook Issues” page are ignored. Therefore I’m not convinced the attack’s timing was meant to take advantage of scant staff coverage. I suspect it was more likely meant to take advantage of the holiday itself and the increased traffic it brought to the site thanks to people being off work and school.

The Facebook accounts that posted the spam may have been created specifically for that purpose or hijacked in one of the previous spam attacks that have hit the site this year. It appears many of the affected users had rogue apps with innocent sounding names like Notes and Discussions installed on their accounts, so hijacked accounts are a very likely scenario.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Facebook Support Forum Hit With Massive Spam Attack

Facebook was hit with a massive and disturbing spam attack this week. What made it disturbing was its payload. The attack wasn’t meant to sell anything, steal anything or defraud anything. Its sole goal was to disrupt the service and anger and upset its users; and it did just that, by filling newsfeeds with pornographic and gory images. The pornographic images included photoshopped photos of Justin Bieber in sexual situations and the gory ones included everything, from gruesome accident scenes to depictions of animal abuse. The images sparked outrage among Facebook users, most of who lashed out angrily and blamed the site for the problem when they should have been blaming themselves.

That’s right. Facebook’s users are to blame. The site announced in a statement that they had discovered that the attack occurred thanks to users who had copied and pasted code directly into their browser’s address bars. The code then executed and took over the user’s account, tagging them in a variety of disturbing and pornographic images and posting them under that user’s name. According to Facebook they were tricked into doing so with promises of free or deeply discounted laptops. They also announced they had located the people responsible for launching the attack but have not released any further details. One thing we do know is that hacker group Anonymous, which had been previously rumored to be planning an attack on the popular social networking site, was not involved in this one.

I was fortunate in that my newsfeed was only hit with one image from the attack – a shocking photo of a dog whose face had been literally blown off after his owner had shoved lit fireworks into its mouth. It was gruesome and heartbreaking.  If your newsfeed got flooded with disturbing or pornographic images, don’t be angry at Facebook. Instead, make sure you and your friends know to never ever copy and paste code directly into your browser. No legit site will ever ask a user to do so.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Anonymous Not Linked to Facebook Spam Attack

Facebook has lifted the lid on the security systems they use to protect their enormous userbase from spam. Facebook Immune System, as it has been called, uses artificial intelligence to detect spam, and monitors literally everything posted on the site – every photo, link, status update, video and more. This adds up to about 650,000 actions per second. That is a huge amount of data to sift through. The system uses user complaints as well as keywords and has proved effective enough that only 4% of content posted on Facebook is spam. When a spam attack broke out last April, luring people into inputting computer code directly into their browser with the hopes of getting a free iPad, the site was able to create a signature and tackle the issue almost immediately.

Social media spam exploits the trust that users have in their friends. That trust gets people to fall for scams they wouldn’t give a second look to had they been sent via email because most people now know to never click links in email from strangers. Spammers are likely to be working on new and better ways to use that trust to their advantage, and the social networking equivalent of a botnet may be one of them.

Researchers at the University of British Columbia have created what they call socialbots. These bots open Facebook accounts and pretend to be real people. They then send friend requests out to random people. Users that accept the request have the personal info (email and postal addresses, birthdates, etc) harvested and the bot also sends friend requests to everyone on their friends lists (because most people are more willing to accept friend requests from people who share mutual friends with them) and the cycle continues. The harvested info would make a targeted phishing attack and even identity theft a possibility. While socialbots don’t appear to exist outside of the ones the researchers created to test Facebook’s security system, the fact that they are possible and that they were able evade detection by FIS is worrisome to say the least.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

A Look At How Facebook Fights Spam

That popularity has also made it a haven for spammers. Here’s how to make the most out of your social media presence and keep spam away.

1. Search for yourself.  Once you’ve set up a Facebook and or Twitter account for your company or brand, do a search for it and include popular misspellings. Chances are your search will be fruitful. Both services are full of fake accounts, many pretending to be legitimate businesses and brands. If you find another account claiming to be your company, report it. These fake accounts are almost always either spam nests or phishing scams. Both services have tools for reporting abuse. Twitter is much more responsive than Facebook, but Facebook does eventually deal with abusive accounts. Be patient and persistent!

2. Think twice about apps. If your company has decided it wants its own Facebook app, design wisely. If it doesn’t really need access to users’ friends lists or other activities, then don’t let it do so, and think really hard about letting it post about every activity within the app to user’s walls. App spam isn’t appreciated by anyone, so be sure to keep it to a minimum.

3. Post quality content. While it’s fine to post deals for your users (and a good idea too!), make sure you don’t find yourself posting nothing but advertising for your company. Not only is this a turn off for users, but it encourages spammers to join your page and join in.

4. Follow with care. On Twitter, people you follow can see and follow your followers. If you follow a spammer, they may end up following all of your followers too, leading to a deluge of spam tweets, so be careful. It’s not necessary to automatically follow everyone that follows you. Take the time to check out the profiles of people who follow you before clicking the follow button.

5. Don’t be afraid to moderate.  If a spammer joins your page, delete the spam posts and ban them. Do the same if spam ends up in your discussion area, and make sure your page is set to alert you when someone posts on your wall so you will be able to take care of any problems quickly.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 Ways To Fight Social Media Spam

A new study has discovered that almost four billion malicious tweets a day, laden with spam and malicious links, pound Twitter each day. Users of the popular social networking site receive an average of 17 each per day. The tweets are often designed to look like legit breaking news alerts, special offers, and other things designed to catch people’s attention. A favorite spammer tactic is to closely monitor trending topics and use those hashtags in their spam tweets. Many spammers try to sound legit so users will follow them, which opens up the opportunity for them to fill their Direct Messages box with spam.

“According to our statistics, one per cent of these are malicious, containing spam, or links to sites containing viruses or other malicious software. That means that 3.5billion nasty Tweets are sent every day. For an average user, that can mean up to 17 dangerous Tweets per day. Most are simply spam – many spammers monitor keywords that are trending on Twitter, then send out spam containing those words. Others do contain malicious software.”  said Catalin Cosoi, whose company conducted the study.

A current Twitter spam campaign is targeted at the unemployed. The tweets include links that claim to lead to well paying work at home opportunities, but when users get to the site they are told they must join the site and pay a fee. A similar campaign appears to have affiliate fraud as its goal. The links lead to job ads but when the person responds to one, they get a reply telling them they are interested in hiring them but they must undergo a credit check first. It costs money of course, and the spammers get paid every time someone signs up at the credit reporting site they direct the hopeful job seekers to.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Twitter Pounded by Almost 4 Billion Spam Distributing Tweets

Shopping site Dealzon, which searches the net for the best gadget related deals, freebies and coupons from around the net and shares them on their web page, is furious with Facebook after another company stole their identity and posted fake spam ads on the popular social networking site. The company, Grabswag, posted fake ads under Dealzon’s name offering iPads for $11. Those that clicked on the ad were directed to Grabswag’s site, which is a shady auction site where users must pay for each bid they make on the item. This means even though someone may actually “win” an iPad for $11, chances are they probably paid well over the retail price in bids.

Grabswag has not commented on the issue, nor on the fact that just a few days ago the Better Business Bureau issued a warning about the company’s shady and misleading tactics which include lying about being accredited by the agency.

As a result of the spam ads, Dealzon has been inundated with hate mail from angry customers who clicked on the ad and has had to devote extra resources to answering all of the emails and trying to repair the damage to their brand. Adding to their anger and frustration is the fact that Facebook has been ignoring their pleas for help. This has forced them to invest in their own tools for fighting back including posting warnings to visitors redirected from Facebook and setting up Google analytics alerts.

“GrabSwag is banking on Facebook not catching its ads, or not caring about them, because every time someone clicks on its ads, Facebook is still making money. Facebook really doesn’t have an incentive to shut this down–we’re not such a huge company that it would cause such a huge outcry that people would actually know about it. We’re not ginormous–we only have such a big voice. GrabSwag is paying for the clicks, and Facebook is collecting money each time so they can just ignore it and hope no one notices.”  Dealzon cofounder Ian Ybarra said.

It’s time for Facebook to step up and put a stop to scams like GrabSwag’s before their own brand suffers like Dealzon’s.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Brandjacking Spam Attack Hits Facebook

As social networking’s popularity continues to skyrocket, so does the volume of spam found on them. Spammers have been moving from their traditional favorite – email, to this new territory. Here are the five top reasons why:

1. Large audience

Hundreds of millions of people use sites like Facebook and Twitter. These huge audiences can mean big profits for spammers, even if only a small percent take the bait.

2. It’s easy to set up a campaign

Facebook, for reasons unknown, refuses to set up a system to review apps before they are offered on the site. The result is the huge amount of rogue ones designed to get users to either give up personal info or trick them into helping a spammer commit affiliate or Adsense abuse. On Twitter, setting up a fake account and attaching a bot to it is also very easy and the spambot can send out thousands of spam tweets before Twitter gets enough user complaints and shuts the account down.

3. Distribution is lightning fast

Spammers don’t have to rely on anything more than user trust and curiosity to get their campaigns spread. The nature of social networking sites is to trust anything you see posted by one of your friends. That’s why you may see your newsfeed filled with posts promising shocking videos or apps that will let you see who visits your profile. On Twitter spammers often exploit popular hashtags to lure users to their spam sites.

4. Low Cost

Unlike traditional spamming which requires investing in hosting, code, perhaps renting part of a botnet or or buying a DIY kit, spammers who use social networking often need little more than a Facebook or Twitter account and a free blog from Blogger.com.

5. The variety

Facebook offers a wide variety of ways to spam people. Spammers can make rogue apps, add users to groups designed to do little more then spam them, or create fan pages. This makes social networking very attractive to them.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Top 5 Reasons Why Spammers Love Social Networking

It appears a group of spammers used a bot to flood the service with the tweets in order to get as many hits on their blogs as possible, most likely to rack up ad impressions and commit Adsense fraud. Twitter did remove the spam tweets and banned the offending accounts but the spammers are still there. They’ve simply moved on to other popular hashtags. Unfortunately it was too little too late for those who were looking for info on the tragedy and got led to the spam blogs instead.

This is nothing particularly new but it is disturbing to see such a tragedy exploited for personal gain. In the past everything from the death of Michael Jackson to the Japan earthquake disaster was exploited in similar ways. It used to be that these types of spam campaigns were conducted via email only but as audiences have moved to social networks as their primary method of communicating, so have spammers.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Twitter Spam Campaign Exploits Terror Bombings

Today, I want to highlight some recent news reports, as well as recent trends to illustrate why administrators need to continue the good fight against spam.

Spam is lucrative business

One of the foremost reasons why spam will not go away soon has to do with the fact that it is a lucrative business.  For example, an investigative report conducted by The Telegraph highlighted a growing industry that was estimated to be worth £175 million revolving in part around the sending of spam text messages.  According to the article, these so called “claims farmers” are spearheaded by communications companies based in India or Easter Europe.  Sent from untraceable pay-as-you-go mobile numbers, they thrive on the referral fees of up to £500 should their spam text messages generate a viable lead for compensation claims for accidents or financial mis-selling.  Ironically, the reported noted that even a negative reply of “stop” to a spam text message spam results in the numbers being sold to lead generators for about £5.  You may have read of how some $15m from the Swiss investment account of an alleged peddler of fake antivirus software.  While not directly related to spam, this does provide a glimpse into the financial incentives of cyber trickery, of which the sending of spam email is a part of.

Rise of phishing attacks

There has been an increase in the number of spear-phishing attacks, as evidenced by reports in recent weeks of security breaches that originated from email messages sent under false pretenses.  What this trend highlights is how phishing emails stand a higher chance of invoking the responses desired by spammers compared to traditional “nondirectional” spam.  Intimately aware of the higher effective rates that phishing attacks generate, more spammers are now resorting to phishing techniques.  Given the additional time required for recipients to read through and identify these messages as fakes, it can be argued that one phishing message can be equated to multiple spam messages of the standard variety.

Weak regulation

Another factor to consider would be how the implementation of anti-spam legislation in some geographical locations may have left inadvertently loopholes.  For example, where I live in Singapore, some detractors argue that an anti-spam law implemented in 2007 effectively “legalized” the sending of unwanted marketing messages.  In a nutshell, businesses are simply required to preface their email or text message advertisements with an “ADV,” and insert the ability to unsubscribe so that recipients can “opt out” of future advertisements.  As you can imagine, this literally gave less scrupulous businesses an open invitation to spam.  Other countries such as Europe and Australia have gone for “opt in” system instead, though as evidenced by the current plague of text messages, is lacking in enforcement.

Email more widely used than ever

Sure, people are starting to favor other forms of communications such as Instant Messaging, and communicating via social media networks.  There is no doubt however, that emails are used more widely in the conducting of business around the world than ever before.  Indeed, everyone from the highest paid executive to the receptionist and clerical staff, has an email account these days.  This means that the email inbox remains an extremely attractive platform for spammers.

Spam migrating to other platforms

Finally, spammers are not sitting still in a world enamored with the use of various analogue and digital communications mediums.  At the moment, spammers have been active in exploiting alternate “marketing” avenues such as fax spam, text messaging spam, comment spam on blogs and online forums, even social networking spam.  Conversely, what is troubling is how spam filters are lagging behind to address the disparate platforms that spammers are already harnessing.  For example, the ability to filter text messaging spam is non-existent at the moment, while controls for reporting social media spam is still relatively weak.

Do you have any comments about the spam epidemic that we are currently experiencing?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Why spam is here to stay

Trends are a great thing. SEO marketers use Google Trends to get a bead on what people are looking for on the web at any given moment, the fashion industry looks to current and past trends to develop the clothes we wear and even economists rely on trends to help predict the financial future. Every industry relies on trends to help predict what is going to happen next.

Even spam has trends. By following what is currently developing in the world of illicit email we are able to predict what users can expect to find in their inboxes in the near future. But better still, we can develop strategies in which to stop as much of it as possible.

From looking over some of the data that surrounds spam, we can predict a few things:

1. More spam is carrying malware

Just like chocolate and peanut butter go perfectly together, unsolicited bulk emailing and the spread of malicious software seems to be a pretty good marriage. In the month of April malicious files were found in 3.65 percent of all email messages sent worldwide showing an increase of .43 percent. In the US, 14 percent of all spam messages contained malware, an increase of 1.93 percent from March making US based inboxes the number one target. Russia came in second with just over 10 percent of all spam carrying a malicious file.

2. Social networks are becoming the new email inbox

When a good fisherman stops caching anything at his favorite fishing hole, he packs up and moves to a new spot. Spammers are no different. Many have picked up and moved to the various social networks. Not only because email users have become wiser, but because this is where a majority of communication is taking place nowadays.

3. Extra! Extra!

Spammers also study trends. They are well aware of breaking news and they make sure to exploit it. The World Cup, Oil Spills, the earthquakes in Japan, the death of Bin Laden, all of these events have been goldmines for spammers because they use these headlines to increase their open rates among their victims. Unfortunately, many of these spammers are taking advantage of the kindness humanity shows towards others in the face of tragedy and profiting from this while stealing from those who need the help.

4. The daily volume of spam is falling

Don’t get too excited. While some people are seeing less traditional spam messages, emails containing malware and phishing attacks are still increasing. It also means that the spammers are just doing a better job of targeting their victims.

5. Spammers care about your health

Why else would pharmaceutical spam account for up to 87 percent of all spam related emails? One of the reasons this trend exists is due to Canadian pharmaceuticals costing much less than similar drugs in the US so spammers are looking to capitalize on the lower prices.

Pharma spam did slow down a bit when Spamit, the largest rogue pharmacy affiliate, was shut down but its success shows just how profitable this market can be so the numbers will soon be trending upwards again.

Looking at these trends, the anti-spam vendors will be planning new and improved ways to halt these messages from reaching your inbox. However organizations can’t simply sit back and wait for their anti-spam solution to do all the work. It is up to them to practice a bit of vigilance on their own to compliment whatever solution they have put in place.

By making users aware of the different trends when it comes to spam, organizations can help reduce the effect spam has on their users and even their network. But don’t put simply throw together a memo or a boring training video to introduce people to these threats. Make any information sharing worthwhile. Take the time to not only teach them how to recognize the various methods spammers use, but also how they should go about handling them. You would be surprised at how many times a user “removes” themselves from a mailing list in an attempt to reduce spam.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Trending Now – 5 Recent Trends Regarding Spam

In the most recent spam scam to assault Facebook, users are being greeted with a message advising them to ‘verify’ their account, seemingly a noble act of spam prevention and surely not spam itself, right? Not so fast. Those rascally little hackers have swapped out the ‘Like – Comment – Share’ links with a ‘== VERIFY MY ACCOUNT ==’ link, making clicking eminently attractive and practically unavoidable for the uninformed user. Clicking the link, of course, has exactly the opposite effect advertised by the malware, not only posting the message on the user’s wall, but in fact spreading JavaScript that, according to The Register, is “highly obfuscated.” (If interested, you can check out an interesting analysis of the script here.)

“Facebook has become a veritable cesspool of spam, with fake links promising to show users things like how many people have visited your profile or the never-released photos of Osama bin Laden’s body,” reports the Detroit Free Press.

In fact, it seems that these clickjacking schemes have become the norm and Facebook, by its own admission, has only been able to react to the scams as they appear.

“We’ve been shutting down the scammy pages that are the source of this spam as soon as we detect them or they’re reported to us,” Facebook’s Fred Wolens told the Free Press.

So let’s return to the kingdom of the blind. No disrespect to any Facebook user intended, but knowing how to recognize a genuine security threat often requires three things: experience, specialized understanding in what goes on under the hood, and the requisite savvy that comes with being an IT professional. The first one is easy. Think about the first time you learned that touching an open flame wasn’t such a good idea. Anyone who’s been nailed at least once by a malicious link will testify that they think twice before clicking again. The second and third, however, require specialized information that, simply speaking, aren’t part of the average computer user’s frame of reference. And to be fair to Facebook users everywhere, they shouldn’t need to have that specialized knowledge. It would be counterintuitive to the concept that Facebook is easy to join. Easy to use.

To give Facebook credit, last week the website announced several new features implemented to combat clickjacking:

• Web of Trust (WOT) – Web of Trust is a free service that grades sites based on user experience. Basically a community that relies upon reported links, WOT intercepts links in Facebook, warning the user that the link could be dangerous, if it has been frequently reported by the community.
• Clickjacking Prevention – Since clickjacking is based on tricking the user into thinking they’re clicking on one thing when in fact they’re clicking on another, Facebook has implemented extra security measures to detect whether links are trying to pretend they’re something else. In essence, users will be required to confirm their choices when they click “Like.”
• Cross-Site Scripting (XSS) Protection – Malware often tricks users into pasting malicious code into the browser address bar. Facebook has added an extra layer of protection, providing a popup window advising the user that he or she is trying to address a bad link.
• Login Approvals – Facebook has added an optional – but highly recommended – layer of security by offering two-factor authentication, meaning that whenever a user tries to log on to Facebook from a new device, he or she will also have to enter a code sent via SMS to the user’s mobile device.

If you’re reading this and you have responsibility for office workers who have access to Facebook, you’re probably already copying and pasting into an enterprise-wide email. That would be a wise choice.

Let’s face the facts. Social networking does a great job of bringing people together in cyberspace. The problem: it also makes it way too easy to put hackers, spammers and cyberpunks together with innocent users who are not trained – or even interested in being trained – in how to recognize malicious code and spam when and where it appears. As memberships continue to grow in unprecedented proportions, hackers will continue to figure out how to exploit the system.

You had better hang on. The one-eyed men aren’t going away anytime soon. In fact, they’re fitting themselves for crowns.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Facebook Spam Prevention Scam Propagates, Hackers Rejoice

And so it begins. Social media spam isn’t new. In fact, it’s a little like that summer blockbuster movie that everyone anticipates. The spammers are the movie execs, asking “how can we leverage this idea?” The collective social media sites of Web 2.0 are the movie theatres, the delivery mechanism that expect – nay, count on – a slew of traffic.

IT professionals are the marketing guys who have been hyping it for some time (who among us hasn’t warned an IS Manager or CTO that social media was going to result in a truckload of headaches?). And the general public is, well, the general public. The moviegoers. The (computer) users.

Just like that summer blockbuster, when the release date finally hits, scores of people see it and just like spam, most of us walk away asking ourselves: why did we pay ten bucks to see that? (to make my analogy clear, people ask: why did I click that?) In the past few years, social media spam has become an epidemic of…well, epidemic proportions. For the social media giant Facebook, its users, and the IT folks who lose sleep while debating whether to block it from the company WAN, nothing I’ve said here is news; but now, it appears, spam is coming to a Twitter account near you.

Last week, Christopher Boyd of GFI Labs wrote a revealing blog post entitled “The cake is a lie,” recounting a recent surge in Twitter spam (T-Spam? Twam? Spitter? Thoughts, please. Let’s coin a term!) over last week’s release of Valve Software’s new game, Portal 2. Christopher stated that, “a lot of these spambots were directing users to a “Portal 2 Loader” (hat tip to MrTom), which has been downloaded roughly 4,000+ times and appears to be a Portal 2 crack.” Christopher also notes that searches on “Portal 2 Still Alive” are yielding some dubious results, but that at least the search engines are flagging the results as potentially dangerous links. YouTube isn’t any better, with videos offering cracks for the low, low price of completing a survey. Clearly, these are malware-infected sites that should be avoided at all costs, but like Douglas Adams pointed out in The Hitchhiker’s Guide to the Galaxy, a big red button can be awfully tempting, even if it’s just sitting there waiting to be pushed.

Big red buttons come in many different forms (and colors). The Register reports that last Tuesday a rogue app began spreading like wildfire, with a survey scam that might be too tempting not to click. In this one, a ‘tweep’ (I use the sneer quotes intentionally; read on) named ‘Follow Finder 332’ is pushing an app which promises to let users know just who has “unfollowed” them.

“In reality,” The Register reports, clicking the link “does nothing but offer up a worthless survey that falsely promises lavish prizes for completing a questionnaire, earning the originators of the scam money in the process from unscrupulous marketing firms.”

The source tweet preys on our most basic weakness: to know who doesn’t like us (who unfollowed us) and why. Here’s why pushing that ‘big red button’ is so dangerous: like many websites today, clicking the link will pop up a dialog box asking for permission to access the Twitter account. I’m sure we’ve all done it at some point. Every so often, I’ll retweet an article that I think my followers will find interesting, but those retweets come from relatively safe sites like Yahoo! News, Reuters, or The Register. Unfortunately, we humans are creatures of habit, and this popup looks like every other popup asking for access to the Twitter account. A big red button that’s just too easy to push. The source tweet propagates by using trending hash tags on Twitter.

Do you see the problem? ‘Traditional’ spam – email spam – spreads because someone somewhere opted in to a distribution list, whether the list was innocent or not. That’s the ‘push approach,’ because the spammer is pushing the information out to the distribution list. The Twitter scam uses the ‘pull approach,’ because the potential target (the Twitter user) is requesting the information (the trending topic) and therefore ‘pulling’ or asking in a sense, for the spam.

In a previous paragraph I refer to the Twitter spammer as a ‘tweep,’ which is in fact what he or she becomes. Following a trending topic means you ‘follow’ everyone commenting on that topic. With the increasing number of Twitter users, spam like this will not only increase, it potentially has the ability to spread like a rampant virus. The implications are catastrophic.

Twitter schemes aren’t new, relatively speaking, but this one carries with it the potential to increase in epidemic proportions. As Christopher Boyd pointed out in his blog, most of the content seen on the Portal 2 spam is nonsensical, but since it draws on Portal 2 relevant content, a Twitter user may not realize what they’re doing when they click the link. True, you can’t really feel sorry for anyone searching for a crack to a program, but if the rise in spam – and the numerous Facebook scams – are any indication of what’s to come, Twitter may be a good choice for a behind the firewall block for those enterprises concerned about the increasing danger of Web 2.0 spam scams.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Twitter Spam Scams Increasing in Frequency, Complexity

In the email, the phisher indicates that they came across the user’s information in association with the product or site, and wants to ask a few questions about their experiences with or impressions of the product. As you can see, there is an aspect of social engineering here, as they reference something online that involves the user; enough to rouse anyone’s curiosity. Here are a couple of examples of these emails:

subject: I have a question about website or product
Hello,
 i was searching online to find more info about productX
and I came across your information.
can you tell me, are you still involved with productX?
if you are, how are things going for you?
please let me know.
sincerely,
Some Person

-or-

subject: I have a question about your business
Hello,
I was doing some searching online about Web-based business and I came across your information.
Can you tell me, are you still involved with Web-based business?  If you are, how’s things going for you?
Please let me know.

Sincerely,
Some Person
(708)555-1212

The most common element seems to be the phrase “I have a question about” or some variant of the same words. Unfortunately, this phrase is close enough to a real email subject line that it is enough to get people to open it. I tried to do some research on several of these emails that have hit my systems, and here are some of the common trends.

• The telephone numbers included seem to be in blocks of cell numbers.
• The names are common enough to return thousands of hits when searched.
• Outlook Express seems to be the most common X-Mailer.
• The originating IP addresses are all over the map, though most also all seem to be associated withlarger hosting providers in several different countries. 
• The sending address is usually a bounce address, with a reply to email address that matches the purported sender.
• Since these messages lack any link or other URL, it appears that the emails are attempting to engage the target in a dialogue.

I have personally seen these emails referencing popular websites like Twitter and Zango, so-called business ventures like the Global Information Network, and health and weight-loss related products like Tahitian Noni, Acai berry juice, and others.

Systems admins should consider filtering on subjects containing “I have a question about“ or placing an additional weight on that phrase in Bayesian filters used in their automated spam analysis systems. Admins should also inform their users about this, raising awareness about this potential phishing attack to make sure that no users reply to these messages with well-intended responses informing the senders of their mistakes.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

New ‘I have a question’ spam may be a phishing expedition

Rand’s suggestion is the blocking of TCP port 25 (the port used for SMTP, or email, communications between servers on the internet), making contact with customers who they suspect may be the source of spam outbreaks, as well as stronger government legislation.

The legislation idea has merit, after all the lack of cooperation between government agencies is how many international spam operations manage to go unpunished.  The blocking of SMTP on the other hand is impractical and costly to implement, both from a technical and a service perspective.

The basis of the idea is this.  Customers send mail using SMTP, therefore by blocking SMTP and requiring that customers send mail via the ISP’s mail servers allows close monitoring of email traffic and detection of spam.

The solution is problematic though because many ISP customers, both home users as well as businesses, have perfectly good reasons to not send their email via their ISPs mail servers.  These customers would need to be unblocked from using SMTP, and hence cannot be closely monitored.

The monitoring itself also presents two problems – firstly customers object to having their email correspondence inspected by other parties including their ISP.  Secondly, any false positives could have disastrous consequences if important emails were blocked.  ISPs do not want the exposure to liability if they block an email that results in monetary loss for the sender or recipient.A serious issue is also that of costs.  A higher email load combined with more thorough monitoring means more costs to the ISP for servers and software to do those jobs.  The human resource costs also increase, both in the management of the systems as well as the teams who need to contact and support customers who are suspected of sending spam.

Although email is currently the largest source of spam on the internet there are other forms of spam that are quickly becoming very common that would not be addressed by this solution.  Social networks such as Facebook and Twitter have become rich hunting grounds for spammers and phishers who are able to target victims with highly personalized attacks thanks to the open nature of these networks.

In a world where ISPs block spam email from customers the focus of botnets would simply shift to exploiting social networks and identity theft for the same outcomes.  Because these networks run simply as interactive websites they become impossible to block at the protocol level, and blocking them on a site by site basis would immediately outrage customers.

The British ISP heads who commented are correct in their view that businesses and email administrators need to take the responsibility of blocking spam that is sent to them, rather than expect ISPs to do all the work for them.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

ISPs Don’t Want to be Spam Cops

A look at the year’s major spam event shows some consistent trends.

• Season spam such as Valentine’s Day and Christmas remains predictable
• Spammers quickly move to exploit any major global news events such as celebrity deaths and wars
• Spam networks are becoming more distributed and resistant to shutdown attempts
• Social networking spam is on the rise as spammers attempt to exploit the perceived trust between people and their online “friends”
• Human error continues to be a big part of the spam landscape, both through inadvertent data exposure and through people falling victim to social engineering

Here is a look at some of these major events throughout the year.

January

Scams promising free money from US government grants attempts to exploit the news of corporate bailouts and the increase in unemployment.

Fake CCN news alerts take advantage of a clash between Israel and Hamas.

Global spam volume begin returning to normal levels after the McColo shutdown of November 2008.

The inauguration of US President Barack Obama leads to a wave of spam spreading rumours that his inauguration is invalid or that he resigned and attempts to trick users in downloading malware.

Spammers also get a head start on Valentine’s Day with malware-carrying love letters.

February

Human error at Google marked the entire internet unsafe (is it really that far from the truth?).

The poor economy continues to cause unemployment to increase, leading to a new wave of fake job spam.

Microsoft offeres a $250,000 reward for information leading to the arrest and conviction of the Conficker worm creators.

March

Citibank falls for a Nigerian 419 scam to the tune of $27 million, but is saved when the transfers fail due to invalid account numbers provided by the scammers.

The BBC gets itself into hot water when it buys a botnet to research a story and then uses it to send messages to potential victims.

April

Security vendor PGP exposes hundreds of customer email addresses by not using the BCC field for a broadcast email.

Global spam volume makes a complete return to the level it was at prior to the McColo shutdown.

Researchers discover the first ever SMS virus in the wild, capable of spreading between mobile phones via text messages.

Twitter suffers its first major malware outbreak due to a cross-site scripting attack by a bored teenager.

May

The Swine Flu outbreak gives spammers a new hot topic to exploit in their latest scams, with fake drugs and “survival guides” offers flooding mailboxes.

The Cutwail botnet, previously seen during the Valentine’s Day spam season, makes a fresh start pushing fake weight loss products, and Acai Berry scams appear all over the internet.

June

Air France flight 446 crashed in the Atlantic ocean, giving spammer a new tragedy to exploit.

A UK furniture company makes a major PR blunder by using Twitter hashtags for the Iranian conflict to promote their products.

Michael Jackson dies, nearly causing an internet meltdown as search engines, social networks and news websites struggled to copy with the unprecedented burst in traffic.  Spammers quickly jumped on the public thirst for details about Jackson’s death with new spam messages.

July

The ZBot Trojan appears in a new attack that uses a fake Microsoft update notice to trick users.

A botnet launches a major DDoS attack against US government websites to coincide with the July 4^th holiday.

Spammers begin using free URL shortening services to bypass spam filters.

August

Another Twitter phishing/spam combo attack appears causing disruption for users.

Twitter, Facebook and other sites were all knocked offline for several hours due to a targeted DDoS attack against a pro-Georgian blogger.  The event was so prominent in the news that spammers began exploiting it with email and search engine keyword spam to cause further denial of service and compromise more computers.

Another spammer ISP is shutdown but this time the effect is nowhere near as successful as when McColo was taken offline, suggesting spammers are building more resilience into their networks.

September

A South Australian woman shares her experience of being the victim of identity theft when her Facebook account is hacked and used to scam money from her friends.

Popular blogging software WordPress becomes the target of a new worm that attempts to insert spam links in thousands of blogs.

A new Koobface worm variant appears targeting Facebook users.

October

A court order leads to an innocent Gmail user losing their email account when Google is forced to close it down.  The court order was granted after a bank employee accidentally emails customer information to the Gmail account.

A list of over 50,000 email addresses and passwords for major online web and email services appears on the internet.

A thriving marketplace of open source malware is uncovered by security researchers.

Geocities shuts down, taking with it thousands of spammer’s websites.

Facebook wins a massive $711 million judgement again one of the world’s biggest spammers.

November

The first Christmas season spam starts to appear to exploit the rising trend in online shopping.

Researchers successfully kill the Mega-D botnet.

Twitter job spam starts appearing promoting “get rich quick” schemes to exploit high unemployment rates.

An Australian amateur programmer writes an iPhone virus that causes relatively harmless infection on jailbroken iPhones.  His code is quickly repurposed by people with more malicious intent, and a security vendor is criticized by the wider community for rewarding him by offering him a job.

December

A New Zealand man is fined $15 million by the US FTC for operating a worldwide spam gang.  The same man faces charges in Australia soon after.

The Koobface worm adds a Christmas theme to its Facebook phishing attempts.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

2009, The Year in Spam

Now several weeks later and with thousands of members joining the forum I realize the biggest benefit of the membership price – there is no spam.

For the average internet user everything they do online is free.  After they have paid for a computer and an internet connection from an ISP most people will not pay another cent for any of the intangible experiences that the internet has to offer.

Thousands of popular websites offer streaming videos, games, instant messaging and social networking without charging a cent for access.  Email is the ultimate free communication medium, costing nothing to acquire and use.  These services all attract spammers.

Free online services face a difficult challenge in preventing spam.  Their users want free access, but also resist overt monetization efforts by the website owner.  And yet without a revenue stream the websites can’t afford to invest heavily in security and support.  Without the money to fund a developer focus on proactive spam prevention, and a support team to handle reactive spam prevention, the spammers have a large window of opportunity to exploit these free services for their own gains.

The fallback monetization strategy for most of these websites is simple advertising.  MySpace added advertising early on.  YouTube is slowly introducing advertising models to support their massive infrastructure costs.

Facebook’s advertising system has an ironic twist – spammers can indirectly exploit the system by using free Facebook apps and games to gain access to users’ profile information, then use that information to personalize advertisements and target them more closely to certain demographics.  These advertisements are often unethical – for example targeting 15 year old girls to sign up their mobile phone (paid for by their parents) to a ringtone subscription service in order to earn more points to use within a popular Facebook game.

The irony is that so much money is made by the advertiser, who in turn pays fees to Facebook, that the spammers are largely responsible for generating the revenue streams that make it more feasible for Facebook to invest more in security and spam prevention.  Would this problem exist if services such as Facebook were not free?

This idea meets with a predictably mixed response.  A decade ago people my age spent money every month in phone calls and postage stamps communicating with our friends and family.  These days we do it for free online, but the concept of paying for this service is not out of the question for most.

Younger generations are more used to the idea of instant, global communication at zero cost.  Paying for such access seems ludicrous, despite the obvious irony that many of them spend hundreds or thousands each year on computers, internet access and mobile phones to make use of the free services.

A monthly or yearly fee would no doubt lower the signup rate for these websites.  Would Facebook have 350 million users today if each had to pay $30/year?  Not likely, especially if free alternatives (even lower quality ones) existed.  Would they prefer to have 1/100^th of the users if it meant a consistent revenue stream and more secure experience?  Probably not.  Success online is measured in eyeballs not dollars.

Would charging for Facebook or Twitter accounts solve the spam problem on the internet?  Not completely.  For the spammer the target audience is perhaps much smaller, but the ultimate free spam vector – email – still remains available to them.  Only now the attacks are easier.

Consider the success of bank phishing scams.  The emails are effective because they play to the fears of the victims – that their hard earned money may be in jeopardy if they do not take the action the spammer asks them to (e.g. verify their account password because of a recent suspicious transaction).

When you attach a value to something it makes phishing that much easier.  Losing your free Facebook account is a minor inconvenience.  Losing your paid Facebook account is a blow to the hip pocket.  Just like the bank phishing email for a specific bank, although the Facebook phishing scam would reach fewer actual Facebook users but each would be more likely to fall for it because of the higher value of the account.

As long as email is free spam will exist.  A spammer doesn’t need access to Facebook, free or paid, to exploit the popularity of the service in order to trick victims into giving up their account passwords or installing malware on their computer.  All they need is the ability to send email, which comes at a cost so close to zero that almost any level of success can lead to a positive ROI.

This ultimately means that the responsibility for preventing spam rests with businesses and end users.  You must take ownership of the risks and protect yourself instead of waiting for free online services to deliver protection for you.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Would Spam Exist if the Internet Wasn’t Free?

The victim became aware of the hijack only after a friend phoned her from Singapore to verify the story.  This was unfortunately too late for one other friend who had already wired $1000 to the scammers.

This type of phishing scam occurs all too often on free social networking services due to several combined factors.Firstly weak passwords are an easy attack vector for hackers.  Most social networks do not require strong, complex passwords, and the perceived risk to most regular people is very low.  Where a person might consider their online banking password to be important and worthy of complexity, the password they choose for a fun social networking service just needs to be easy to remember.

Compounding this problem is weak password recovery systems.  These are often based on questions such as “What is your pet’s name?“, information that many people readily reveal about themselves online.

The hackers were also able to change the account’s password and email address, preventing the victim from recovering the password herself.  Stronger authentication systems will require the account holder to click a link in a verification email before allowing such important changes, which would have notified the victim of the hacking attempt as well as thwarting the email address change by the hackers.

Along with the weaknesses in social network backend security the nature of the networks themselves makes them ripe for these types of phishing scams.  Messages from friends come with a higher perception of trust than messages from strangers, lowering our usual threat awareness level.

The hackers can also target their messages more effectively by analyzing the personal information that people reveal to their online friends.  Spam messages can be crafted around people’s listed interests and recent conversations.  For example, if I were to ask my online friends for recommendations for my wife’s birthday a spammer who has hijacked one of my friends’ accounts could send me links to counterfeit perfume websites.  Again this message would carry a much higher perception of trust being from a friend, but also would tap into an interest or desire that is on my mind at the time.

The last and possibly most frustrating element of this particular incident was the support that the victim received from Facebook.  Customer service for free online services is, unsurprisingly, not very prompt.  With no phone numbers to call and only an email address to send abuse reports to (which no doubt is a very long queue of both valid and frivolous complaints) the victim was unable to rapidly recover her account to prevent further scam attempts on her friends.

This is basic social engineering at play, building trust and using targeted scams to improve success rates.  Social networks are yet another vector for hackers to perform these types of attacks, and an effective one too.  And unlike a bank who will absorb customer losses from fraud, social networks leave the victims completely exposed to these risks.

Be on the alert for unusual requests from your online friends that might be scams in disguise, and always attempt to verify them using other means such as by telephone.  And always protect your own accounts with strong passwords and secret password recovery answers.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Facebook Friends Lead to Big Money Scams

Not surprisingly, South Korea was hardest hit, reporting a 45% increase in botnet activity over last quarter. Most of that comes from the massive DDoS attack that hit the country earlier this month. The same attack also affected most government websites here in the U.S. as well as the New York Stock Exchange and many major business sites.

The report also found that spam volumes grow by over 117 billion e-mails a day, and that malware isn’t far behind. Malware writers are now offering their products to botnet operators as a way to increase their reach.
Malware that takes advantage of Windows’ Auto-Run feature is also on the rise. The malware lets hackers take over the feature even if the victim hasn’t clicked on anything. Such attacks have far outpaced more well known malware such as the Conficker virus.

Spam and attacks on social networks also rose. Facebook, Twitter, and MySpace are all heavily exploited by cybercriminals to spread spam, malware and conduct phishing attacks. In May alone, spam on social networks led to nearly 4500 files containing the Koobface virus.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam Volumes Shoot Up 141%

Botnets and Zombies

Bots or zombies are typically home computers that have been infected with some type of virus or malware, which puts the computer under remote control by a malicious person.  A group of these computers is referred to as a botnet, and is used by a spammer to send out millions of emails containing spam, phishing scams, and computer viruses.

Examples of botnets include the Cutwail and Rustock botnets that are responsible for massive spam attacks around the world.

Because botnets are made up of computers located within ISP customer IP subnets they can often be blocked by using connection filtering to block any SMTP connections from those IP address ranges.  When this fails you have to rely on content filtering to detect the spam content within the messages.

Open Relays

An open relay is a poorly configured email server that allows anyone to relay messages through it to any other destination email address.  Modern email server software is not configured to permit open relay by default, it usually takes human error to cause a server to be configured this way, and there are few genuine reasons to run an open relay especially not one that is open to the internet where it can be abused by spammers.Servers that are found to be open relays are often added to block lists.  This will prevent that server from sending legitimate email as well, so having an open relay in your own network can be detrimental to your own business.

Backscatter

Backscatter spam is caused by a combination of email address spoofing and poorly configured spam defenses on email servers.  When an email server detects spam it may generate a “Non Delivery Report” (NDR) to what it thinks is the originating email address.  Because most spam is from spoofed (or forged) email addresses this means that the person whose email address was spoofed receives the NDR, often containing the original spam content as well.

Backscatter or NDR spam can be difficult to detect and block and not all antispam systems do it very effectively.

Unsecured Wireless Networks and Business Premises

An often forgotten source of spam is poorly secured business networks.  People may assume that business computers would need to be part of a botnet, or that the email server has to be an open relay for spam to originate from business networks.

However some networks are compromised simply because attackers are able to gain physical access to data ports in unsecured sections of the office.  These risks highlight the importance of businesses filtering outgoing email from their networks.

Wireless networks are also a vulnerability for both businesses and homes.  In Australia one state’s police force is considering patrolling neighborhoods for unsecured wireless networks so that they can assist people in securing them and cutting off the opportunity for criminals to use them.

Email Marketers

Not all email marketers are spammers but there are definitely those out there that consider themselves to be genuine marketers as they engage in spam tactics.  This is a problem not only for the incoming spam it causes people to have to deal with, but also means that businesses must be careful when engaging in email marketing not to be labeled as spammers themselves.

There is also the perception that any unwanted commercial email must be spam, but often a person will forget they signed up for a mailing list or simply do not want to receive them anymore and will start treating it as spam instead of simply unsubscribing.

Instant Messaging

Instant messaging is a very useful and productive tool but like any internet communication is also subject to spam.  Malicious users will simply add as many contacts as they can and start sending out links to spam and phishing sites before the messaging service notices them and blocks them.

Instant messaging spam attacks are often successful because it is perceived as a more trusted platform by the end user and also commonly used by people to communicate with other people they have never met, causing them to be less suspicious of messages from unknown contacts.

Social networks

Social networking is one of the most popular online activities today and like instant messaging is used to connect with people all around the world, some of whom a person has never met or even knows very well.   This makes social networks a lucrative hunting ground for spammers who use the personal information people reveal about themselves on social networks to tailor their spam messages.

The personalized content in the spam and phishing messages causes unsuspecting victims to lower their guard and be more trusting, which leads to them falling for the scam that the attacker is using.

Most social network spam and phishing attacks cannot be effectively prevented in any other way than by increasing user awareness of the risks.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

7 Major Sources of Spam on the Internet