A new spam campaign is exploiting Twitter in an effort to spread fake anti-virus software hawk shady prescription drugs and lead recipients to phishing sites. It began last week and appear to still be going strong.

The emails look like they were sent from Twitter complete with the site’s logo. One version informs the recipient that an account hijack attempt was detected and instructs them to click on a link to download a “security module”.  The link leads to a fake Twitter site that downloads a trojan that installs a rootkit and a fake anti-virus program called “Protection Center”.

Another version of the spam tells the recipient the email address associated with their account has been changed and to follow a link to confirm or report a problem. The link leads to a fake Twitter login page designed to steal the user’s login credentials, presumably to send even more spam.

A third less common version of the spam looks like a message from Twitter but displays ads for internet pharmacies and drugs under the Twitter logo. Links in the message lead to the “Canadian Pharmacy” scam sites.

Phishing has become a thriving underground economy. Researchers say nearly 4 billion phishing emails have been sent over the past 12 months and that number is expected to continue to rise. Furthermore, scammers and spammers are continuing to increase their skills making it more crucial than ever for IT departments and end users to continue to increase theirs in order to fight back effectively.

The security of social networks was thrust into the spotlight yet again this week with the successful hack of the Twitter Grader application run by Hubspot, a maker of social media and internet marketing tools.

The Twitter Grader application uses an algorithm to calculate, or grade, a Twitter user’s ranking among their peers.  This type of tool has been very popular with Twitter users who willingly grant access to their Twitter accounts for websites that offer this type of ego-feeding information.

The compromise resulted in thousands of unauthorized messages being sent from Grader users’ Twitter accounts containing a link to a web page that hosted an embedded video.  The content turned out to not be malicious and it has been speculated that this was an attempt to increase the search engine rankings of the website.

The hack was quickly acknowledged by Hubspot who proceeded to take down the Grader application while they investigated the issue.  Grader users are advised to revoke access for Grader to their Twitter accounts and also to consider changing their account password. Continue reading Twitter Grader Hack Highlights Social Network Spam Risks»

British ISPs have reacted strongly to the suggestion of Trend Micro CTO David Rand that the ISPs should actively combat the problem of spam on the internet.

Rand’s suggestion is the blocking of TCP port 25 (the port used for SMTP, or email, communications between servers on the internet), making contact with customers who they suspect may be the source of spam outbreaks, as well as stronger government legislation.

The legislation idea has merit, after all the lack of cooperation between government agencies is how many international spam operations manage to go unpunished.  The blocking of SMTP on the other hand is impractical and costly to implement, both from a technical and a service perspective.

The basis of the idea is this.  Customers send mail using SMTP, therefore by blocking SMTP and requiring that customers send mail via the ISP’s mail servers allows close monitoring of email traffic and detection of spam.

The solution is problematic though because many ISP customers, both home users as well as businesses, have perfectly good reasons to not send their email via their ISPs mail servers.  These customers would need to be unblocked from using SMTP, and hence cannot be closely monitored.

The monitoring itself also presents two problems – firstly customers object to having their email correspondence inspected by other parties including their ISP.  Secondly, any false positives could have disastrous consequences if important emails were blocked.  ISPs do not want the exposure to liability if they block an email that results in monetary loss for the sender or recipient. Continue reading ISPs Don’t Want to be Spam Cops»

Business Week reports that a study by researchers in New York reveals that as many as one in five young, overweight people have been a victim of email spam.

The study revealed some interesting statistics:

• 88% of overweight individuals reported receiving spam pitching weight loss products, compared to 73% of other respondents
• 42% of overweight individuals said they opened the spam, compared to 18% of other respondents
• 18% of overweight individuals said they bought products promoted in the emails, compared to just 5% of other respondents

Firstly why do overweight people receive more weight loss spam?  One theory is that these people are visiting more web sites on that topic than other people, and therefore end up in marketing databases.  This means that the spam is either coming from the website owner, or another party that is given access to the database of email addresses.  This access may be either from selling the list or by using co-registration, which is a legitimate lead-sharing strategy that is often abused by spammers.

For any email marketer a 42% open rate is outstanding.  It means that the subject line for the email was very effective at enticing the recipient to open the email and read more.

For a spammer sending 1,000,000 emails 42% open rates do not mean 420,000 people opened them.  Most of those recipients will never receive the spam due to anti-spam protection on their email server or their computer.  But even a 1% penetration could mean several thousand people open the email.

Finally the conversion rate for overweight people is very good at 18%.  Several hundred conversions of a weight loss product likely to cost $50-$200 is a good day’s pay for the spammer. Continue reading Weight Loss Scams Reveal Why Spam Works»

It has been a big year for the internet with social networks continuing to grow at an amazing pace, search engines scrambling to keep pace with user demand for fresh news, and as always spam and malware causing havoc around the world.

A look at the year’s major spam event shows some consistent trends.

• Season spam such as Valentine’s Day and Christmas remains predictable
• Spammers quickly move to exploit any major global news events such as celebrity deaths and wars
• Spam networks are becoming more distributed and resistant to shutdown attempts
• Social networking spam is on the rise as spammers attempt to exploit the perceived trust between people and their online “friends”
• Human error continues to be a big part of the spam landscape, both through inadvertent data exposure and through people falling victim to social engineering

Here is a look at some of these major events throughout the year.

January

Scams promising free money from US government grants attempts to exploit the news of corporate bailouts and the increase in unemployment.

Fake CCN news alerts take advantage of a clash between Israel and Hamas.

Global spam volume begin returning to normal levels after the McColo shutdown of November 2008.

The inauguration of US President Barack Obama leads to a wave of spam spreading rumours that his inauguration is invalid or that he resigned and attempts to trick users in downloading malware.

Spammers also get a head start on Valentine’s Day with malware-carrying love letters.

February

Human error at Google marked the entire internet unsafe (is it really that far from the truth?).

The poor economy continues to cause unemployment to increase, leading to a new wave of fake job spam.

Microsoft offeres a $250,000 reward for information leading to the arrest and conviction of the Conficker worm creators.

March

Citibank falls for a Nigerian 419 scam to the tune of $27 million, but is saved when the transfers fail due to invalid account numbers provided by the scammers. Continue reading 2009, The Year in Spam»

The Sydney Morning Herald reports that security researchers investigating the recent Twitter spam and denial of service attacks found at least one account that was using Twitter to control a botnet.

          “Jose Nazario with Arbor Networks said he found a Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious websites, where they download programs that steal banking passwords.”

Social networking services such as Twitter have recently become associated with spam and phishing attacks due to the lack of inbuilt protection from malicious users.  This new development of using Twitter messages to control botnets takes the issue another step forward. Continue reading Botnets Now On Twitter»

Hackers and spammers are taking advantage of the DDoS attack that hit Twitter and Facebook last week. The attack was apparently targeted at a single user of the sites, a Georgian blogger named Cyxymu. Cyxymu has used the sites to speak out against the 2008 war between Russia and his country.

Hackers are using the high profile nature of the attack to spread scareware. They are poisoning search engine results so that people searching using the keyword Cyxymu will be given results that redirect to malicious sites that push rogue anti-virus programs.

Continue reading DDoS Attack Against Georgian Blogger Inspires Spam, Malware Attacks»

Twitter has been in the news the past few days, and it’s not been pretty. On Wednesday, the Mashable blog reported that scads of Twitter accounts were seen sending out Twitter spam with URL links all at once. The spam was not being generated by run-of-the-mill spam accounts that were created just for the purpose of disseminating spam, but rather, they were regular accounts that had obviously been hijacked. Spammy tweets had been going out by the hundreds, making it appear to many people that their friends were recommending a get-rich-quick scheme, which of course, they were not.

Continue reading Twitter hit by spam wave»

A new study says phishing scams make up 7% of all spam sent and that on average, 55,000 people a month fall for them and give up their personal info. Social networks such as Twitter and Facebook are an increasingly popular target for phishers. Twitter has been hit by two phishing attacks lately. One, the Twitter Porn Name scam, claimed to be a seemingly harmless game where Twitter users were told to put the name of their first pet with their mother’s maiden name and/or first street they lived on to get their “porn name” and then tweet it. Those particular pieces of information are gold to a phisher because they are the answers to the questions most websites ask when a user needs to retrieve or change their password. The second scam was the TwitViewer scam. Users got a tweet inviting them to check out the TwitViewer site to find out the last 200 people who visited their Twitter profile. The site asked for their Twitter name and password. Once entered the visitor was shown a screen full of thumbnails that claimed to be those of the last 200 people that had visited their profile. They weren’t, they were just random people, and the visitor found their account spammed everyone they were following and Twitter at large with the same invite they had responded to, and if they clicked on any of the thumbnails their account automatically followed them. Twitter claims to be working on tightening security but their recent roll out of their new URL blocking system shows they have a long way to go.

Continue reading Study Finds Phishing Scams Fool Over 55,000 a Month»

Twitter users were hit with a spam attack over the weekend. It started with a simple question: “Want to know who’s stalking you on twitter!?” and a link to TwitViewer, a site that claimed it would show them the last 200 people that visited their Twitter profile. The problem was that TwitViewer demanded their Twitter username and password in order to do so.

Those that did so had their Twitter account promptly spam everyone they are following with the same question and link, and if they happened to click on any of the people in the gallery of thumbnails the site claims are people that visited their profile (but they didn’t-there is no way for a site to be able to collect that kind of information), their account automatically followed them-and of course spammed them with the TwitViewer link. All in all a very slick phishing scheme. Continue reading Twitter Users Hit By Malicious TwitViewer Spam»