A new report analyzing spam trends for the first half of 2010 has found that Canadian Pharmacy spam accounted for a whopping 66% of the total global spam volume for that time period. Spam hawking fake designer goods came in a distant 2^nd with 7% of total global spam volume.

Canadian Pharmacy, which dubs itself the #1 internet pharmacy, isn’t Canadian or even a pharmacy at all. It’s run by a Russian cybercrime group that hides behind a rogue affiliate program called GlavMed. The site sells fake versions of well known prescription drugs such as Viagra, Cialis, Vicodin, and Oxycontin, a practice so dangerous the FDA issued a warning about it, as well as fake vitamins and male enhancement products. There’s no actual pharmacist overseeing things and they take and fulfill orders without asking for a prescription. The fake drugs are made in, and shipped from, India and China.

The GlavMed group uses botnets to pump out its spam and has been known to control up to 8 of them. They avoid being shut down by using so-called bulletproof hosts that ignore all take down requests and complaints.

The so-called “Replica Products” spam campaign may comprise only 7% of global spam volume but look for that to rise as the holidays approach. Those spammers will be out in full force hawking fake Rolex watches, Louis Vuitton and Coach handbags, Rayban sunglasses, and more as they try to appeal to cash strapped shoppers looking for bargains. With the economy still on shaky ground you can be sure they’ll do what they can to take advantage.

It’s hard to believe but a new study reveals that nearly 50% of people who looked at spam did so intentionally, either out of curiosity, a misguided attempt to unsubscribe themselves, or unbelievably, because they were actually interested in buying the product or service being offered. Despite this, a whopping 65% blame their ISPs for the spread of malware and viruses and 54% blame anti-virus companies, and a majority of survey respondents said they never report spam.

Even more disturbing, the study found that people are actually buying the shady pharmaceuticals offered in many spam messages. In 26 days 28 sales resulted, generating nearly $2800. Assuming that rate could be kept up for a year, a profit of over $3 million dollars would be raked in.  It’s hard to understand why anyone would respond to spam or buy anything advertised it in but it’s happening and IT departments need to take notice. Spam can cost your company big time in dollars, productivity, and security.

The survey results are a good reminder that you should always be educating your users on how to identify and handle spam. Make sure your spam reporting tools are quick and hassle free. If they won’t report spam they should at least be deleting it and never ever responding to it or clicking any links contained within it. Your users should also be taught how to spot phishing scams. Educated users make your job easier and can save the company thousands of dollars worth of banking headaches and productivity, so take the time to do it and do it right!

Security experts have issued a warning about a new spam campaign that targets the unemployed and financially troubled and exploits Twitter to do it. The spam, being sent by the Donbot botnet, hawks “get rich quick” and work at home scams designed to get people to pay a fee for a useless program that claims to help them make money on the internet.

The spam messages use a variety of methods to get past spam filters. First, the message itself is an image rather than text so it can’t be analyzed by filters, and that image contains a link to a Twitter account. The spammers did this because they know Twitter would never be blocked due to its size and reputation. The image is of a fake newspaper article which gushes about how great the get rich program is.

These types of scams are rising as spammers take advantage of the 10.2% unemployment rate in the U.S. and of people desperate to make money in order to get out of financial problems. The timing of the new campaign also coincides with the holidays, which is a time when many people are looking for a quick way to make some extra cash.

Experts say the campaign is increasing. Within 24 hours of its beginning it accounted for 4% of the world’s total spam volume.

Russian spammers are in the process of cashing in on the swine flu pandemic. Shady pharmacies are advertising Tamiflu for rock bottom prices using massive spam campaigns and search engine manipulation. Hundreds of fake “Canadian pharmacy” sites exist, many run by cybercrime gang Glavmed, whose “affiliates” rake in tens of thousands a day from the sales. The Tamiflu being offered is usually fake or out of date. Sometimes plain old sugar pills are provided, and in some cases, they are made of disturbing and downright dangerous ingredients like rat poison. Glavemed also runs SpamIt, a group of email spam affilates that is thought to be behind the Conficker, Waldec and Storm botnets.

The spammers are exploiting the news that global production of flu fighting drugs like Tamiflu is unable to keep up with demand. They are trying to appeal to those who may be likely to order out of panic, and they are finding success. The top countries ordering the fake flu medication are the US, Canada, France, the UK and Germany.

The gang, known as “THE PARTNERKA” has found such success because they are using a mix of methods to deliver their message. In addition to floods of email spam, they are using Black Hat SEO, social networking, and malware, and there are all kinds of software to help them, such as “John22” which generates HTML content for websites at an alarmingly fast rate, links them together, uploads them, and notifies Google. The pages are so good it’s near impossible to tell they were computer generated. Then there’s ZennoPoster, which generates webmail accounts on services like Gmail and Yahoo, and accounts on social networking, free web hosting and blog sites. It also sends text, email and forum/blog spam. This recipe ensures that spam filters and anti-virus programs won’t have much impact on their bottom line.

Security and Health experts alike are advising everyone to stay away from any pharmacy advertised in spam messages or affiliate marketing. If you need medication, get it from your licensed and educated doctor.

When Latvian ISP Real Host was shut down earlier this month, many believed it would have a similar effect as the shut down of McColo last November. That shutdown cut worldwide spam levels by 90% when several botnets hosted by the ISP were knocked offline. Unfortunately spam levels have since bounced back ferociously.

When Real Host was shut down, experts believed the Cutwail botnet it hosted would go down with it, at least for awhile. Instead it was back to business as usual in less than 48 hours later. Cutwail is responsible for roughly 20% of of all spam sent. It’s also responsible for numerous phishing attacks, malicious websites, and rogue anti-virus software. Cutwail is responsible, along with Mega-D and Donbot, for sending 21 billion spam messages a day.

Security experts say cybercriminals have learned from the McColo shutdown and have adjusted their botnets so they are no longer dependent on a single host for their control and command servers and have backups in place. They have even begun using other ways to control their botnets-just a few weeks ago a massive botnet was discovered to be using Twitter to communicate with its command servers. It appears simply shutting down a scammer-friendly ISP is no longer going to be effective.

A massive new spam attack is hitting free web services such as YahooGroups, LiveJournal and GoogleGroups. Over 1 million spams an hour are being sent through these services using fake Hotmail accounts. Security experts say the Hotmail accounts were most likely created via an automated process that included cracking the webmail provider’s CAPTCHA. Spammers like to use services such as Hotmail, GMail and Yahoo! Mail to send their messages because the domains have a good reputation and are less likely to be blacklisted or caught in spam filters.

Continue reading Major Spam Attack Hitting Free Web Services»

Just hours after Michael Jackson died yesterday, spam with subject lines claiming to have “exclusive information” on his death began flooding the net. The emails don’t contain any malicious links or attachments but seem to be an attempt to collect emails for a future attack. Researchers say anyone that replies to the spam will likely have their address harvested and that it wouldn’t be surprising to see future spams containing links to malicious payloads masquerading as exclusive video of Jackson’s last moments or autopsy photos.

News of the pop icon’s tragic death from what appears to be a sudden cardiac arrest caused an overwhelming spike in traffic that crashed Google, Wikipedia, AIM and Twitter for short periods and caused Facebook to slow to a crawl. Spammers and scammers are jumping at the chance to take advantage of all that traffic. Exploiting headlines and holidays is one of their favorite tricks. The last big headline they used was the Swine Flu outbreak, and before that President Obama’s inauguration.

Security experts are advising people to get their news only from reputable sources, and it goes without saying that you should never ever reply to a spam message. At best it will just bounce back due to a faked header, at worst it’ll just get you put on a list of people that respond to spam, meaning you’ll become a prime target for spammers.

A new wave of malicious spam hitting inboxes uses Western Union’s Money Transfer Service in its attempt to trick recipients into downloading its payload. The spam messages carry the subject line “Western Union Transfer MTCN:” and a random number.

The message says a large sum of money transferred on March 10 was never collected and directs them to open the attached zip file and print out the invoice in it, then take it to their local WU office to get the money. The attachment is actually a Trojan. In an effort to make the message seem legit, the scammers even added language at the end of it that claims it was scanned by the recipient’s ISP and found to be “safe”.

The Trojan,Troj/Agent-JUC, appears to be a rootkit that disables firewalls and steals banking information. It also installs other malware including a keylogger program, takes screenshots, and provides backdoor access to the systems it infects.

Despite how nasty the payload sounds and how legit the scammers behind it may have tried to make the spam delivering it sound, common sense should prevail here. If you haven’t sent any money via WU, ignore this message, and if you have, they’ll generally call you, not send an email, and as always, be very wary of any attachments you receive via email from people you don’t know.

It’s believed the scammers behind this latest attack are trying to take advantage of the shaky economic times, figuring there are enough people desperate enough to let their greed over potential free money override their common sense. Don’t fall for it!

Disgraced former FL District Attorney Jack Thompson is facing spam charges for flooding a Utah State Senator with complaints about the CAN-SPAM Act. Oh the irony!  Thompson was disabarred last September for making false statements to tribunals, disparaging litigants and other lawyers, and improperly practicing  law outside the state of Florida.

The possible spam charges come as a result of another barrage of emails he sent in an attempt to pursuade Utah lawmakers to override a veto of a law that would have made the sale of video games labled Mature illegal. Thompson is a rabid anti-video game activist.

          “In the grip of such legislative ignorance, Mr. Waddoups has today threatened Mr. Thompson with criminal prosecution by Utah’s Attorney General for writing him, the ultimate purpose of which is to encourage Utah legislature to override Gov. Huntsman bizarre veto,” reads Thompson’s press release. “Thompson also informed Sen. Waddoups that the same Attorney General he wants to have prosecute Thompson has received thousands of dollars from the video game industry whom Mr. Shurtleff now helps protect. Gov. Huntsman has received their money as well. What a surprise. This is pay to play in Utah. Maybe the whistle blowing as to this is what concerns Mr. Waddoups the most.”

The email in question included an image of two barely clad women about to give a Grand Theft Auto IV character a lap dance. When State Senate President Waddoups asked to be removed from Thompson’s email list, he refused, leading Waddoup to seek charges under the CAN-SPAM Act, which carries fines of up to $11,000. Thompson pledges to fight any charges and keep his vendetta against video games going strong.

A new report by Microsoft reveals what many of us already know. More than 75% of all emails sent are spam, and more often than not these days, contain malicious links or attachments. Malware is becoming more and more widespread. The report says that there are nearly 9 infected PCs for every 1,000 clean ones. Still, ads for shady pharmaceuticals make up most spam, with adult oriented spam a close second.

Fear not however as most spam never makes it to people’s inboxes:

          Cliff Evans, head of security and privacy for Microsoft in the UK, told BBC News: “The good news is that the majority of that never hits your inbox although some will get through.”
Ed Gibson, chief cyber security advisor at Microsoft, said the rise in spam was due to traditional organised crime figures moving away from exploiting software vulnerabilities and “targeting the weak link that is you and me”.
“With higher capacity broadband and better OS (operating systems), and higher power computers it is easier now to send out billions of spams. Three or four years ago the capacity wasn’t there.”

Continue reading Spam Continues to Overwhelm»