Google announced that it has fixed a bug that caused a small percentage of GMail accounts to send the same email messages over and over again. The unending barrage of messages caused some of the affected accounts to be blacklisted by services such as SORBS.net and Backscatterer.org and left users wondering if their computers had been infected with some kind of malware or hacked.

“The problem with Google Mail should be resolved,” Google’s tech support staff wrote. “We apologize for the inconvenience and thank you for your patience and continued support. Please rest assured that system reliability is a top priority at Google, and we are making continuous improvements to make our systems better.”

Some affected users who use GMail for business purposes were embarrassed and left having to explain to clients and colleagues who were no doubt annoyed by the flood of duplicate messages. Google has not provided any details about the bug or what might have caused it, and it’s not known if they provided assistance in getting blacklisted users off those lists.

It’s estimated that about 2.5% of GMail’s roughly 160 million users (as reported by the Wall Street Journal) were affected. That may not sound like much, but it equals about 4 million users whose accounts were turned into mail bombing machines by the bug. That’s a lot of email.

Google probably wishes the timing had been better as the bug hit in the same week they had called a press conference to announce that Google Voice and GMail have been integrated.

Security researchers say the massive Rustock botnet is currently responsible for 40% of the world’s spam volume. This is particularly impressive considering the number of infected computers under its control has dropped from 2.5 million to 1.3, probably as a result of increased detection by anti-virus software. Still, even with the reduction in size it is still pumping out nearly 50 billion spam messages a day.

Compromised computers spew spam.

Most of that spam is pharmaceutical, hawking counterfeit prescription drugs offered by the infamous group of Canadian Pharmacy websites. The drugs, which are freely distributed without a prescription, are made in India and China and are not regulated or inspected in any way. The group behind the Canadian Pharmacy scams is said to be connected to the Russian Mafia.

Rustock was thought to be using Transport Layer Security to encrypt its spam in an effort to make detection difficult but appears to have abandoned the practice, probably due to the affected it had on bandwidth and processing speed.

The botnet has been thriving since its recovery from the McColo shutdown back in November 2008. When the cybercriminal-friendly ISP had its service terminated by its upstream providers, Rustock went dark, but the herders behind it acted quickly to switch its command and control servers to another host and began developing ways to keep it from depending on a single host, which has kept it from further shut downs. Botnets are now programmed with a list of different domains and IPs to contact for instructions, so if one goes down, a new one can easily and quickly be found.

Thousands of UK students are furious with the country’s Universities and Colleges Admission Service after receiving an email from them with the subject line “You’ve Been Accepted”. The message, which led students to believe it was an acceptance notice from a university, was actually a spam message advertising discounted HP laptops. This infuriated students, as this is the time of year when they are awaiting their A-level results and scrambling to apply to the limited amount of university openings available. In the UK there are more qualified students than there are spots at the most sought after universities. Many students feel that the spam message was not only misleading, but cruel and in poor taste. The UCAS, red-faced, quickly offered an apology.

A UCAS spokesman said: “We understand and apologise for the confusion this has caused to some applicants, and we are looking at reviewing our quality filters to avoid this type of situation in future.”

It’s not known who approved the message or its deceptive subject line. HP has declined to comment on the matter. This story illustrates how important it is to use care in sending newsletters and other bulk mailings to the customers on your mailing list. A deceptive subject line, even if it wasn’t intended to be, can cause a real public relations headache for your company, and thanks to social networking services like Facebook, your unhappy customers can make themselves heard in a hurry! Avoid wordplay and other attempts to be cute and keep your subject lines and messages simple and straightforward. The old saying, “Keep it simple, stupid!” really is the best policy.

Spammers have begun sending out fake LinkedIn notices that have spam attached to them. At first glance they look like the notices you get when someone wants to add you to their network but they have a linked image attached which is usually an ad for Viagra Cialis and other related types of drugs. The link leads to a site called PathTasty. PathTasty appears to be one of the hundreds of fake internet pharmacies that fall under the “Canadian Pharmacy” umbrella. This isn’t a phishing scam – if you place an order you will get it but it will be a counterfeit version of the drugs you paid for. These fake drugs are made in China and India with unknown ingredients and are completely untested and unregulated. There have been no reports of anyone getting sick or dying from taking the fake drugs but the FDA was concerned enough to issue an alert warning consumers to stay away from these sites.

Canadian Pharmacy has been around for quite sometime now. Its spam is pumped out by the massive Rustock and Mega-D botnets and is run by GlavMed, which bills itself as an “affiliate program” but most security experts consider it a criminal organization. It’s located in Russia however which makes it difficult to track down.

Ironically there is a very legit company called Canada Pharmacy and they are said to be quite irate over the association with Canadian Pharmacy. Canada Pharmacy is a real pharmacy doing business on the net and unlike Canadian Pharmacy, they won’t dispense drugs to anyone without a valid prescription for them.

Office supply retailer Office Depot is the latest company to be brand-jacked by spammers. The company says they’ve received many reports of both customers and non-customers receiving fake order receipts for merchandise they never bought. The order total appears to always be the same amount, $151.06.  While they won’t say exactly how many reports they’ve got, company representatives say the problem is wide spread and have issued a warning:

“Office Depot has been alerted that both customers and non-customers have received an unsolicited email confirmation of an Office Depot order that they never placed,” Office Depot spokesman Brian Levine said in a statement. “This message was not sent by Office Depot. We are asking recipients of the email to delete it. Office Depot only sends email confirmation messages to customers who request one at the time that they place an order and this confirmation comes from an Office Depot email account. ”

No other details about the spam campaign have been released but if it’s like similar campaigns that have brand jacked big names like Amazon and UPS, there is probably some sort of attempted phishing attack or malware delivery involved. Presumably the spammers are trying to get people click on a link that leads to a fake Office Depot page, much like the Amazon attack that sent fake Amazon order confirmations included links that led to a fake Amazon login page. Spammers and scammers are getting more and more brazen about using the names of well known companies to trick people into falling for their schemes.

It’s difficult to keep your brand from ending up in a scammer’s campaign so it’s important to make sure you have a strong response strategy. Take any reports of such activity very seriously. Send an immediate take down order to any domain you find hosting a fake copy of your company website and issue warnings to all your customers and vendors. Being proactive is your best defense.

A new spam campaign has begun spreading across the net. Disguised to look like a ticket purchase email from Midwest Airlines, it is an attempt to spread the Zbot Trojan. The email thanks the recipient for using the company’s new “Buy Airline Ticket Online” feature and provides the login details of an account that was created in their name along with the receipt for a purchase of over $800 that was charged to their credit card. It goes on to tell them the ticket is in the email’s attachment.

Of course the feature, receipt, ticket, and charge are all fake and if the user opens it the Zbot Trojan is downloaded and installed.

Zbot is distributed by the Zeus botnet and is a virulent banking Trojan that has stolen millions from bank accounts around the world. Last month alone it was responsible for stealing over $1 million from customers of a bank in the United Kingdom. Once installed it monitors the system and strikes when the user visits a site on its list. These include e-commerce sites and most major banks, credit card companies, and other financial institutions. Once a site is visited a keylogger drops and records the login info, then sends it back to the command and control server. After the stolen information is used to transfer funds from the account to the criminals, a fake statement is created to hide the crime.

Investigators and researchers aren’t sure who is behind ZBot, but given that the C&C servers are located in Eastern Europe some suspect the stolen funds are being siphoned to the Russian mafia.

Six people, five men and one woman, have been arrested for their parts in a huge phishing ring. UK authorities say that the group has so far stolen over $550,000 and compromised over 20,000 credit card and bank accounts but say the tab could potentially reach over $6 million once they are able to establish the full extent of the operation. The five were arrested in London and County Meath, Ireland by the Metropolitan Police as part of an investigation called Operation Dynamophone.

          “We have taken this action to shut down an organised criminal network running an online phishing and account take-over operation,” said the Met’s Detective Inspector Colin Wetherill.”A great deal of personal information was compromised and cleverly exploited for substantial profit. By disrupting the operation we have hopefully prevented further loss to individuals and institutions across the UK.”

The group sent out fake emails made to look like they came from legit banking institutions in an attempt to trick them into going to the lookalike sites they created and turning over their login info. Once the info was in their hands they went to town cleaning out bank accounts and maxing out credit cards. Detective superintendent Charlie McMurdie of the Police Central eCrime Unit (PCeU) said they are also trying to determine if the gang distributed malware as part of their operation.

          “In high-volume phishing, malware infection goes on,” said McMurdie. “One million emails through various channels and in various forms will get a certain percentage of response.”

The accused remain in custody in London on suspicion of conspiracy to commit online banking fraud and violations of the Computer Misuse Act.

A new spam statistics report is out that names the top 10 most spammed states. Let’s take a look:

1. North Carolina-91.3
2. New Hampshire-91.3%
3. Washington-91.3%
4. Utah- 91.5%
5. Illinois-91.8%
6. Tennessee-92.1%
7. Indiana-92.7%
8. South Carolina-93.6%
9. Alabama- 94.4%
10. Idaho- 95.2%

North Carolina, New Hampshire, and Washington were all tied for the 10^th spot while Idaho came in first for the second year in a row. All 10 states had spam levels well above the national average of 89.3%. On the other end of the spectrum, Puerto Rico came in as the least spammed U.S. state or territory for the second year in a row. It’s not known exactly why some states get more spam than others, but it may have to do with state spam laws and advertising regulations.

Some other facts the study revealed:

Most Spammed Industries: Engineering, Construction and Automotive.

Least Spammed: Admin, Public Sector, and Finance.

Most Spammed Countries: Luxembourg, China, Hong Kong, Germany, and The Netherlands.

As far a phishing goes, New Zealand takes the top spot while Japan was the least phished country. A new phishing scam was discovered – this one sent came in the form of emails offering a brand new PDF reader. Overall phishing levels increased with 1 in every 557.5 emails being a phishing attempt, an increase of .02% over June.

The report also found that the Storm botnet has come raging back and is pumping out pharmaceutical spam using URL shortening services. The masked URLs are easier to get by spam filters and blacklists. Storm was once the largest botnet in the world.

Virus levels decreased slightly with only 1 in ever 306 emails containing malware. That’s a drop of .04% from June.

A security firm has put together a top 10 most wanted list of botnets. These botnets are responsible for pumping out the majority of the global spam volume which is now at a whopping 230 billon messages a day. Most of them have originated in Eastern Europe which makes the criminals behind them very hard to track down. Lets take a look at the list:

1. Rustock- Responsible for 43% of the global spam volume this is the biggest active botnet on the web. It pumps out millions of pharmaceutical spam messages for the infamous Canadian Pharmacy and others.
2. Mega-D- Coming in second with 10.2% of total spam volume, this is one of the longest running botnets around. It too sends out mainly pharmaceutical spam and gets its name from one of the fake drugs it hawks.
3. Festi- This newcomer is responsible for 8% of the total world spam volume and seems to work in tandem with the Pushdo bot net.
4. Pushdo- This is  a very complex botnet that carries out multiple campaigns and distributes malware as well as spam. Currently responsible for 6.3% of the total spam volume.
5. Grum- This is another pharmaceutical spam spewing botnet, currently responsible for 6.3% of total spam volume.
6. Lethic-Responsible for 4.5% of total spam volume and also acts as a spam proxy.
7. Bobax- Responsible for 4.3% of total spam volume. Pumps out pharmaceutical spam.
8. Bagle- Primarily acting as a proxy, Bagle is responsible for 3.5% of the total spam volume.
9. Maazben- With 2% of the total spam volume, Maazben sends only casino related spam.
10. Donbot-Another pharmaceutical spam spewing botnet responsible for 1.3% of total spam volume.

A new study says most ISPs simply don’t make outbound spam a priority and are reluctant to do much about it. While inbound spam is highly fought with a variety of tools including spam filters, junk folders and blacklists, outbound spam is largely ignored. ISPs block port 25 and blacklist specific IPs, but do little else. This less than effective approach doesn’t adequately address the very real problem of in network spam generated by the infected computers of customers. These zombies are capable of pumping out huge amounts of spam in a short period of time, taking up valuable resources and often causing problems for customers when other ISPs block their legit emails in an effort to protect their own customers from the flood of spam.

The study concluded that ISPs are beginning to acknowledge outbound spam is a problem and can lead to increased costs of doing business, unhappy customers and possibly being added to blacklists. Continue reading Outbound Spam Not a Priority for ISPs»