Security experts say spammers and cyber criminals have already begun sending out holiday spam. The messages hawk fake goods and lotteries, offer info on President-Elect Obama, or temp job hunters and those worried about the economy with messages made to look like employment opportunities from major companies.

The shopping spam offers fake Rolexes and urges the recipient to start their Christmas shopping early. Similar messages promise a chance to win money for holiday spending. Some of the messages lead to phishing sites, others install malware and turn the recipient’s PC into a zombie machine.

Read the rest of this entry »

A web hosting company allegedly responsible for at least 75% of the daily spam volume worldwide has been forced offline, thanks to evidence gathered by security experts. McColo Corp, based in California, had its service terminated by its ISP, Hurricane Electric earlier today.

Experts say the company hosts a vast community of cyber criminals including spammers, phishers, malware distributors and even peddlers of child porn. It’s also believed that McColo servers hosted the massive Rustock and Srizbi botnets. But will the move really take a bite out of cybercrime? Probably not. The criminals will in all likelihood move their operations elsewhere, most likely to an overseas host. Another ISP notorious for hosting cyber crime, Intercage, was shut down twice last month, and while experts say that closure helped kill the Storm Worm, evidence shows some of Intercages clients have set up shop on a server hosted in the Ukraine. As long as there are webhosting firms willing to look the other way, these shutdowns will only be temporary obstacles rather than permanent solutions.

Researchers at the University of California, San Diego and Berkley successfully infiltrated the Storm Worm to measure the conversion rate of spam. They found that it took only a single response from 12 million spams sent for spammers to reap huge profits.

The infiltration was accomplished by impersonating a component of the network used to send instructions between the host server and the infected PCs (commonly known as bots or zombies) it controls. This allowed them to place their own URLs in some of the spam sent. These URLs redirected to fake store fronts appearing to offer a variety of pharmaceuticals. These fake stores were fully functional up until the point a customer tried to check out. Before they could enter any payment info the site gave them an error message. The researchers never collected or even saw any personal info.

Read the rest of this entry »

A California man has been sentenced to a year in federal prison for hacking into his former employer’s computer system and giving spammers access to the mail server.

Steven Barnes was also ordered to pay a fine of over $54,000. Prosecutors say Barnes hacked into Akimno Systems’ network, turned the mail server into a massive open relay which sent out so much spam that the company’s email service was restricted, deleted its Microsoft Exchange data base, and compromised core boot files. Barnes pleaded guilty to the charges.

Read the rest of this entry »

Over the last few months I’ve noticed a resurgence of e-card spam scam from our unfriendly neighborhood spammers.

According to security expert Bill Mullins, in the last year, email inboxes have being swamped with similar scamming emails from fraudulent sites like Greetings.com, and 2000Greetings.com, amongst others.

This time around, the domain name being used by these scammers is Greetingcard.org, which is a legitimate site of The Greeting Card Association, a greeting card industry trade association. This organization makes no bones about it when it says on its website, “We do not publish cards, nor do we have an e-card pick up. If you receive an e-card notification from our association, it is fraudulent and should be deleted”.

Read the rest of this entry »

Last week one of my clients received the resurfaced American Express phishing email. And yesterday an associate told me a dastardly story about being fleeced out of $2,700 from his Citibank account.  This was the result of responding to a phishing email.  Although email administrators may be more educated and wiser to phishing emails, we must continue to stick to the basics in reiterating and providing ongoing  education to our email end users.  As mundane and simple as it may be to us, it’s important to stick to the basics.

Educate your email users with the following information in your next phishing alert email or newsletter:

What is phishing?  Phishing is when some one sits there and creates a spam message to fool the user into thinking that they are going to a legitimate web site and ask them to give up personal information, such as their social security, credit card and bank account numbers.  However, this fake web site is only set to steal the user’s information. The email may look like it is coming from a legit company - creating a web site is easy and to make it look like one from a legitimate business is not hard either.

Read the rest of this entry »

ICANN, the organization charged with overseeing the address system of the internet, has revoked the right of notorious registrar EstDomains to sell domain names. EstDomains is known as a registrar that caters to phishers, spammers, and other cybercriminals. ICANN handed down its decision after the company’s president was convicted of fraud.

          “This termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction,” Stacy Burnette, ICANN’s director of contractual compliance, wrote. ICANN rules permit the group to terminate registrars who have officers or directors convicted of a crime related to financial activities, she said.

Read the rest of this entry »

Posted in Fighting spam, Spam news No Comments Tags: phishing, spam

The reports are in and the news is not good. Malicious spam rose sharply in the third quarter. From July to September 2008, one in every 416 emails was malicious spam - compared to one in every 3,333 emails in the second quarter of the year. The rise is blamed on several large attacks such as the “Penguin Panic” attack. What was made to look like an innocent game for the iPhone was actually a nasty Trojan. This attack was responsible for nearly 27% of malicious spam. A similar attack pretending to be a Microsoft security patch was second, accounting for 12% of malicious spam sent.

Read the rest of this entry »

Every day, millions of people receive dozens of unsolicited commercial emails, known popularly as “spam.” Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch email addresses. This leads many email users to submit helpdesk requests to email administrators with the question “How did these people get my email address?”.

The Center for Democracy & Technology (CDT) embarked on a project to attempt to determine the source of spam. They set up hundreds of different email addresses.  Then the CDT waited six months to see what kind of mail those addresses were receiving. It should come as no surprise to most email users that many of the addresses the CDT created for this study attracted spam.  What is very interesting is the different ways the email addresses attracted spam. There were also the different volumes, depending on where the email addresses were used.

Read the rest of this entry »

Escaping: This technique uses legal URL formatting to hide the address.  Escaping encodes the URL with a percent sign followed by a hexidecimal code. An escaped URL can look like “http://%2E%2E%2E%48%20%18%32%2F%48…”. You can easily decode this by copying it into the location bar of your browser and hitting return. The status area of your browser will usually show you the translated address. If you don’t want to make your browser go the the URL, then you can decode the URL with a good old ASCII translation table. Many of these have decimal, hex, and octal codes for each character.

Read the rest of this entry »