A new spam campaign is exploiting Twitter in an effort to spread fake anti-virus software hawk shady prescription drugs and lead recipients to phishing sites. It began last week and appear to still be going strong.

The emails look like they were sent from Twitter complete with the site’s logo. One version informs the recipient that an account hijack attempt was detected and instructs them to click on a link to download a “security module”.  The link leads to a fake Twitter site that downloads a trojan that installs a rootkit and a fake anti-virus program called “Protection Center”.

Another version of the spam tells the recipient the email address associated with their account has been changed and to follow a link to confirm or report a problem. The link leads to a fake Twitter login page designed to steal the user’s login credentials, presumably to send even more spam.

A third less common version of the spam looks like a message from Twitter but displays ads for internet pharmacies and drugs under the Twitter logo. Links in the message lead to the “Canadian Pharmacy” scam sites.

Phishing has become a thriving underground economy. Researchers say nearly 4 billion phishing emails have been sent over the past 12 months and that number is expected to continue to rise. Furthermore, scammers and spammers are continuing to increase their skills making it more crucial than ever for IT departments and end users to continue to increase theirs in order to fight back effectively.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

New Spam/Phishing Campaign Exploits Twitter

The security of social networks was thrust into the spotlight yet again this week with the successful hack of the Twitter Grader application run by Hubspot, a maker of social media and internet marketing tools.

The Twitter Grader application uses an algorithm to calculate, or grade, a Twitter user’s ranking among their peers.  This type of tool has been very popular with Twitter users who willingly grant access to their Twitter accounts for websites that offer this type of ego-feeding information.

The compromise resulted in thousands of unauthorized messages being sent from Grader users’ Twitter accounts containing a link to a web page that hosted an embedded video.  The content turned out to not be malicious and it has been speculated that this was an attempt to increase the search engine rankings of the website.

The hack was quickly acknowledged by Hubspot who proceeded to take down the Grader application while they investigated the issue.  Grader users are advised to revoke access for Grader to their Twitter accounts and also to consider changing their account password.In this particular incident the fallout is mainly embarrassment for Hubspot and some disgruntled users.  With no serious data breach of Hubspot’s paid customer base the matter will quickly fade into the background with no ongoing attention paid to it.

The potential impact of these sorts of breaches cannot be ignored.  Social networks carry a much higher degree of trust between relative strangers than other online communications.   One of the most popular users of these networks is sharing of interesting links, often masked by URL shortening services.

Simply put, the timing of the unauthorized message may have meant that it was sent by a particular user while they were conversing with an online friend and sharing a series of links with each other.  In that situation the recipient would not hesitate in clicking the spam link as well.

If the link was to a malicious web page that contained a web browser exploit then the number of compromised computers from this one hack would have been enormous.  The sad fact is that many computers connected to the web use outdated, unpatched operating systems, web browsers and other applications.  Even those that are completely up to date may have undisclosed vulnerabilities that hackers can exploit before security researchers can discover and patch them.  One of the most common exploits today is using PDF files.

For a home user a compromised computer can be a moderate inconvenience.  For a business network a compromised computer can be a major disaster.

So what can be done about these threats to businesses?

Technical Solutions – filtering of social networks to only approved users, blocking of URL shortening sites, and real-time scanning of file downloads.

Human Solutions – the cornerstone of any network’s security is the level of awareness of the end users to the potential threats that are out there.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Twitter Grader Hack Highlights Social Network Spam Risks

British ISPs have reacted strongly to the suggestion of Trend Micro CTO David Rand that the ISPs should actively combat the problem of spam on the internet.

Rand’s suggestion is the blocking of TCP port 25 (the port used for SMTP, or email, communications between servers on the internet), making contact with customers who they suspect may be the source of spam outbreaks, as well as stronger government legislation.

The legislation idea has merit, after all the lack of cooperation between government agencies is how many international spam operations manage to go unpunished.  The blocking of SMTP on the other hand is impractical and costly to implement, both from a technical and a service perspective.

The basis of the idea is this.  Customers send mail using SMTP, therefore by blocking SMTP and requiring that customers send mail via the ISP’s mail servers allows close monitoring of email traffic and detection of spam.

The solution is problematic though because many ISP customers, both home users as well as businesses, have perfectly good reasons to not send their email via their ISPs mail servers.  These customers would need to be unblocked from using SMTP, and hence cannot be closely monitored.

The monitoring itself also presents two problems – firstly customers object to having their email correspondence inspected by other parties including their ISP.  Secondly, any false positives could have disastrous consequences if important emails were blocked.  ISPs do not want the exposure to liability if they block an email that results in monetary loss for the sender or recipient.A serious issue is also that of costs.  A higher email load combined with more thorough monitoring means more costs to the ISP for servers and software to do those jobs.  The human resource costs also increase, both in the management of the systems as well as the teams who need to contact and support customers who are suspected of sending spam.

Although email is currently the largest source of spam on the internet there are other forms of spam that are quickly becoming very common that would not be addressed by this solution.  Social networks such as Facebook and Twitter have become rich hunting grounds for spammers and phishers who are able to target victims with highly personalized attacks thanks to the open nature of these networks.

In a world where ISPs block spam email from customers the focus of botnets would simply shift to exploiting social networks and identity theft for the same outcomes.  Because these networks run simply as interactive websites they become impossible to block at the protocol level, and blocking them on a site by site basis would immediately outrage customers.

The British ISP heads who commented are correct in their view that businesses and email administrators need to take the responsibility of blocking spam that is sent to them, rather than expect ISPs to do all the work for them.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

ISPs Don’t Want to be Spam Cops

Business Week reports that a study by researchers in New York reveals that as many as one in five young, overweight people have been a victim of email spam.

The study revealed some interesting statistics:

• 88% of overweight individuals reported receiving spam pitching weight loss products, compared to 73% of other respondents
• 42% of overweight individuals said they opened the spam, compared to 18% of other respondents
• 18% of overweight individuals said they bought products promoted in the emails, compared to just 5% of other respondents

Firstly why do overweight people receive more weight loss spam?  One theory is that these people are visiting more web sites on that topic than other people, and therefore end up in marketing databases.  This means that the spam is either coming from the website owner, or another party that is given access to the database of email addresses.  This access may be either from selling the list or by using co-registration, which is a legitimate lead-sharing strategy that is often abused by spammers.

For any email marketer a 42% open rate is outstanding.  It means that the subject line for the email was very effective at enticing the recipient to open the email and read more.

For a spammer sending 1,000,000 emails 42% open rates do not mean 420,000 people opened them.  Most of those recipients will never receive the spam due to anti-spam protection on their email server or their computer.  But even a 1% penetration could mean several thousand people open the email.

Finally the conversion rate for overweight people is very good at 18%.  Several hundred conversions of a weight loss product likely to cost $50-$200 is a good day’s pay for the spammer.

So what does this tell us about why spam works?  Well like any form of marketing with more accurate targeting comes higher conversions.  Valentines Day spam converts better in January/February, and Christmas spam converts better in November/December.

Interestingly the statistics above are only for email spam.  This type of spam is the most common and is still quite easy to accomplish (for example by requiring an email address submission before revealing the “25 Amazing Weight Loss Tips for 2010”).  Spam is perceived as a big problem and yet email addresses are perceived as low value and are quickly given up.

But the last few years have seen a strong emergence in other types of spam such as in social networks, where the targeting is much easier for spammers because of how much information we make public about ourselves.

Consider how easily a spammer can send messages to people who post “I want to lose weight” on Twitter as a new year’s resolution, sending them a link to those “25 Amazing Weight Loss Tips for 2010” so as to capture their email address.  Or how easily single women aged 35-45 can be targeting with a Facebook ad for weight loss, leading to a female-focused website, and then female-focused follow up email messages.

More accurate targeting means higher conversions.  So why does spam work?  Because we give spammers everything they need to know to make it work.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Weight Loss Scams Reveal Why Spam Works

It has been a big year for the internet with social networks continuing to grow at an amazing pace, search engines scrambling to keep pace with user demand for fresh news, and as always spam and malware causing havoc around the world.

A look at the year’s major spam event shows some consistent trends.

• Season spam such as Valentine’s Day and Christmas remains predictable
• Spammers quickly move to exploit any major global news events such as celebrity deaths and wars
• Spam networks are becoming more distributed and resistant to shutdown attempts
• Social networking spam is on the rise as spammers attempt to exploit the perceived trust between people and their online “friends”
• Human error continues to be a big part of the spam landscape, both through inadvertent data exposure and through people falling victim to social engineering

Here is a look at some of these major events throughout the year.

January

Scams promising free money from US government grants attempts to exploit the news of corporate bailouts and the increase in unemployment.

Fake CCN news alerts take advantage of a clash between Israel and Hamas.

Global spam volume begin returning to normal levels after the McColo shutdown of November 2008.

The inauguration of US President Barack Obama leads to a wave of spam spreading rumours that his inauguration is invalid or that he resigned and attempts to trick users in downloading malware.

Spammers also get a head start on Valentine’s Day with malware-carrying love letters.

February

Human error at Google marked the entire internet unsafe (is it really that far from the truth?).

The poor economy continues to cause unemployment to increase, leading to a new wave of fake job spam.

Microsoft offeres a $250,000 reward for information leading to the arrest and conviction of the Conficker worm creators.

March

Citibank falls for a Nigerian 419 scam to the tune of $27 million, but is saved when the transfers fail due to invalid account numbers provided by the scammers.

The BBC gets itself into hot water when it buys a botnet to research a story and then uses it to send messages to potential victims.

April

Security vendor PGP exposes hundreds of customer email addresses by not using the BCC field for a broadcast email.

Global spam volume makes a complete return to the level it was at prior to the McColo shutdown.

Researchers discover the first ever SMS virus in the wild, capable of spreading between mobile phones via text messages.

Twitter suffers its first major malware outbreak due to a cross-site scripting attack by a bored teenager.

May

The Swine Flu outbreak gives spammers a new hot topic to exploit in their latest scams, with fake drugs and “survival guides” offers flooding mailboxes.

The Cutwail botnet, previously seen during the Valentine’s Day spam season, makes a fresh start pushing fake weight loss products, and Acai Berry scams appear all over the internet.

June

Air France flight 446 crashed in the Atlantic ocean, giving spammer a new tragedy to exploit.

A UK furniture company makes a major PR blunder by using Twitter hashtags for the Iranian conflict to promote their products.

Michael Jackson dies, nearly causing an internet meltdown as search engines, social networks and news websites struggled to copy with the unprecedented burst in traffic.  Spammers quickly jumped on the public thirst for details about Jackson’s death with new spam messages.

July

The ZBot Trojan appears in a new attack that uses a fake Microsoft update notice to trick users.

A botnet launches a major DDoS attack against US government websites to coincide with the July 4^th holiday.

Spammers begin using free URL shortening services to bypass spam filters.

August

Another Twitter phishing/spam combo attack appears causing disruption for users.

Twitter, Facebook and other sites were all knocked offline for several hours due to a targeted DDoS attack against a pro-Georgian blogger.  The event was so prominent in the news that spammers began exploiting it with email and search engine keyword spam to cause further denial of service and compromise more computers.

Another spammer ISP is shutdown but this time the effect is nowhere near as successful as when McColo was taken offline, suggesting spammers are building more resilience into their networks.

September

A South Australian woman shares her experience of being the victim of identity theft when her Facebook account is hacked and used to scam money from her friends.

Popular blogging software WordPress becomes the target of a new worm that attempts to insert spam links in thousands of blogs.

A new Koobface worm variant appears targeting Facebook users.

October

A court order leads to an innocent Gmail user losing their email account when Google is forced to close it down.  The court order was granted after a bank employee accidentally emails customer information to the Gmail account.

A list of over 50,000 email addresses and passwords for major online web and email services appears on the internet.

A thriving marketplace of open source malware is uncovered by security researchers.

Geocities shuts down, taking with it thousands of spammer’s websites.

Facebook wins a massive $711 million judgement again one of the world’s biggest spammers.

November

The first Christmas season spam starts to appear to exploit the rising trend in online shopping.

Researchers successfully kill the Mega-D botnet.

Twitter job spam starts appearing promoting “get rich quick” schemes to exploit high unemployment rates.

An Australian amateur programmer writes an iPhone virus that causes relatively harmless infection on jailbroken iPhones.  His code is quickly repurposed by people with more malicious intent, and a security vendor is criticized by the wider community for rewarding him by offering him a job.

December

A New Zealand man is fined $15 million by the US FTC for operating a worldwide spam gang.  The same man faces charges in Australia soon after.

The Koobface worm adds a Christmas theme to its Facebook phishing attempts.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

2009, The Year in Spam

The Sydney Morning Herald reports that security researchers investigating the recent Twitter spam and denial of service attacks found at least one account that was using Twitter to control a botnet.

          “Jose Nazario with Arbor Networks said he found a Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious websites, where they download programs that steal banking passwords.”

Social networking services such as Twitter have recently become associated with spam and phishing attacks due to the lack of inbuilt protection from malicious users.  This new development of using Twitter messages to control botnets takes the issue another step forward.Typically a botnet is made up of computers connected to broadband connections that have been compromised in some way, usually by either tricking the owner into installing malicious software (a browser toolbar, fake antivirus software, or a porn dialer) or by exploiting a vulnerability in the operating system or web browser that they are using.  A lot of these attacks occurred over email, which lead to the need for the email anti-spam protection software most of us are using today (either on our own computers or on the email servers of our businesses and ISPs).

Botnets were often controlled using IRC channels, which were quick and easy for spammers to set up anywhere in the world and control remotely.  Over time IRC traffic became almost synonymous with botnets, and despite its legitimate intended uses it is really only used by tech enthusiasts so most businesses simply block IRC traffic at their firewall.  Many consumer broadband modems and routers also block IRC traffic by default.

Twitter on the other hand simply works over the HTTP protocol, which is almost always open on business and consumer firewalls.  Most Twitter clients will even work seamlessly through web proxies.  This makes the use of Twitter for controlling botnets a very serious problem.

There is no doubt that social networking such as Twitter can be a valuable tool for businesses to use to communicate with their customers.  However the lack of content filtering exposes the end user to attacks such as messages with URLs that lead to web pages designed to trick the user or exploit a software vulnerability.  The URLs are often masked with URL shortening services making malicious URLs more difficult to detect at a glance.  Even a message from a known, trusted friend may be an attack because of the tendency for people to willingly give away their Twitter password to third party services.

The security challenge here is complex.  Businesses would like to trust their users to engage in social networking for work and for pleasure, but even the best online security training for staff will still leave gaps as people’s awareness and attentiveness wanes over time.  Blocking the services entirely is undesirable, which just leaves blocking of URL shortening services in email and at the web proxy as a counter-measure.  This of course cripples one of Twitter’s more useful benefits, the ability to quickly share interesting and useful links.

Ultimately the best on-premises solution a business can implement will still be vulnerable without better inbuilt security measures for social networks.  But as long as these networks remain free and open for anyone to use they will often lack the resources to invest in security even as they continue to attract malicious users.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Botnets Now On Twitter

Hackers and spammers are taking advantage of the DDoS attack that hit Twitter and Facebook last week. The attack was apparently targeted at a single user of the sites, a Georgian blogger named Cyxymu. Cyxymu has used the sites to speak out against the 2008 war between Russia and his country.

Hackers are using the high profile nature of the attack to spread scareware. They are poisoning search engine results so that people searching using the keyword Cyxymu will be given results that redirect to malicious sites that push rogue anti-virus programs.

Spammers are also exploiting the attack. A new flood of spam has been detected that claims to be a grammatically garbled apology from Cyzymu and links to his blog. Experts say it is likely an attempt by those behind the DDoS attack to further alienate him and get him in trouble. His actual email address was spoofed, and as a result his email box was probably flooded with bounce messages, out of office auto responders, and similar noise. This, experts say, was the attacker’s way of sending a message to Cyzymu, and the link to the blog is an attempt to send a flood of traffic to the site in hopes of crashing it.

While it’s not yet known exactly who is responsible for the initial DDoS attack or the spam and malware attacks spawned from it, Cyzymu has told news outlets that he believes the Kremlin is behind it all.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

DDoS Attack Against Georgian Blogger Inspires Spam, Malware Attacks

Twitter has been in the news the past few days, and it’s not been pretty. On Wednesday, the Mashable blog reported that scads of Twitter accounts were seen sending out Twitter spam with URL links all at once. The spam was not being generated by run-of-the-mill spam accounts that were created just for the purpose of disseminating spam, but rather, they were regular accounts that had obviously been hijacked. Spammy tweets had been going out by the hundreds, making it appear to many people that their friends were recommending a get-rich-quick scheme, which of course, they were not.

There has been very little news about the Twitter spam attack other than the one notice on Mashable, which has been circulated far and wide. Twitter’s own blog hasn’t said anything about it–but then again, the past day, Twitter has been hard to find, since it got hit by a denial-of-service attack yesterday and the site went down. There may be no connection between the denial-of-service attack and the wave of spam–Twitter is after all, what you might call an “attractive nuisance” that attracts all kinds of evil-doers.

Given these recent attacks, one asks should Twitter be allowed in the workplace? There’s no clear answer, except for “it depends.” Marketing people use it to good advantage to keep partners and customers informed. But one thing’s clear, workers need to be informed of the potential risks. Already, there have been many cases of malicious Twitter spam that contains links to nasty web sites that contain malware that could infect the computer or the entire network. Follow Twitter links at your own risk. This is especially dangerous as Twitter uses the abbreviated URLs, making it difficult to tell whether you’re being sent to a legitimate site.

This isn’t the first time compromised Twitter accounts have been used to send out spam. Just a few months ago in March, 750 accounts were hijacked to send links to porn sites.  And the spammers are on top of Twitter, and they’re apparently promoting its use at “Spam University,” or wherever it is they go to learn their trade. There are already commercial Twitter spamming tools out that can generate bogus Twitter accounts automatically for sending out ads.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Twitter hit by spam wave

A new study says phishing scams make up 7% of all spam sent and that on average, 55,000 people a month fall for them and give up their personal info. Social networks such as Twitter and Facebook are an increasingly popular target for phishers. Twitter has been hit by two phishing attacks lately. One, the Twitter Porn Name scam, claimed to be a seemingly harmless game where Twitter users were told to put the name of their first pet with their mother’s maiden name and/or first street they lived on to get their “porn name” and then tweet it. Those particular pieces of information are gold to a phisher because they are the answers to the questions most websites ask when a user needs to retrieve or change their password. The second scam was the TwitViewer scam. Users got a tweet inviting them to check out the TwitViewer site to find out the last 200 people who visited their Twitter profile. The site asked for their Twitter name and password. Once entered the visitor was shown a screen full of thumbnails that claimed to be those of the last 200 people that had visited their profile. They weren’t, they were just random people, and the visitor found their account spammed everyone they were following and Twitter at large with the same invite they had responded to, and if they clicked on any of the thumbnails their account automatically followed them. Twitter claims to be working on tightening security but their recent roll out of their new URL blocking system shows they have a long way to go.

Phishing attempts in email are still rising as well. Most of these attacks target banks and other financial institutions; in fact the top 2 targets of phishing attempts between January and June of this year were Bank of America and Paypal. While in the past phishing emails and the fake sites they lead to could be easily spotted due to their extremely poor grammar and sloppy formatting, experts are finding that more recent phishing attacks have shown a sharp rise in attention to detail with nearly perfect layouts and error-free grammar. Of course they still can’t hide the true destination of their fake URLS though. Hover your cursor over the link (don’t click) and the real URL will be revealed in the information bar.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Study Finds Phishing Scams Fool Over 55,000 a Month

Twitter users were hit with a spam attack over the weekend. It started with a simple question: “Want to know who’s stalking you on twitter!?” and a link to TwitViewer, a site that claimed it would show them the last 200 people that visited their Twitter profile. The problem was that TwitViewer demanded their Twitter username and password in order to do so.

Those that did so had their Twitter account promptly spam everyone they are following with the same question and link, and if they happened to click on any of the people in the gallery of thumbnails the site claims are people that visited their profile (but they didn’t-there is no way for a site to be able to collect that kind of information), their account automatically followed them-and of course spammed them with the TwitViewer link. All in all a very slick phishing scheme.

How do your users protect themselves? Simple-tell them to never ever give their usernames, passwords or any other personal info out to sites like TwitViewer and better yet, to be very careful what links they click on in their Twitter feeds. This is admittedly hard to do thanks to the URL shortening services that are a must because of Twitter’s strict 140 character limit. A good rule of thumb is to never click on links offered from anyone you don’t know very well.

The good news is that the TwitViewer site is now down, but the bad news is the site owners say they will return with a new domain.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Twitter Users Hit By Malicious TwitViewer Spam

It was reported recently that popular URL shortening services are being exploited by spammers to circumvent common spam filters and trick users into following links to malicious web sites.  The explosion in popularity of these services is largely due to the growth in the number of people using Twitter, a micro-blogging service that limits users to messages of 140 characters or less.

URL shortening services allow Twitter users to share URLs with each other without concern for the length of the URL.  For example, http://www.veryinterestingwebsite.com/funny-video (49 characters long) can be shortened to http://tr.im/s74hs (a mere 18 characters long).  There is no doubting that this is convenient for services such as Twitter, but it really serves no useful purpose for normal email communication.

As Microsoft’s Terry Zink points out:

“I checked out all of these sites… and I couldn’t believe the insecurity running on them! It was unreal! All I had to do was enter in a URL, click the button and bam — I had a compressed URL ready for me to use.

There was no CAPTCHA on the site either, so all that would need to be done is have a spammer write a script to plug tons of these things in there. A spam filter could not easily key on the URL in the message to block the message since the root domain is all the same; the filter would have to travel through to the site and then extract the URL to see if it was good or not.”

In other words, to safely check each shortened URL that is in an email message the anti-spam server would need to follow that URL to the URL shortening service and be redirected to the real URL that it leads to.  This is not a trivial amount of time and computational effort, especially for a server checking hundreds of thousands of email messages every day.

So why permit them at all?

Some email users may be using these services to share perfectly harmless URLs in messages but it is a fairly pointless exercise because:

a) It raises suspicion that the real URL is being hidden for malicious reasons; and

b) There is no character limit on email messages so no compelling reason to use shortened URLs to begin with.

Given these two points, and the risks that these services are presenting, some email administrators are simply blocking all messages containing shortened URLs.  Lists of popular URL shortening services such as this one at Mashable can be found by a simple Google search.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Prevent Phishing by Blocking URL Shortening Services

British furniture retailer Habitat has apologized for exploiting the Iran conflict in an attempt to promote its Twitter feed. The company came under fire after it began using keywords related to the current conflict in its tweets, which otherwise had nothing to do with the subject. This is referred to as hashtag spam and is widely frowned upon by Twitter users. The company also used other high trending keywords such as #Apple and #iPhone.

          Sky News Online has reported a Habitat spokesman as saying: “This was a mistake and it is important to us that we always listen, take on board observations and welcome constructive criticism. We will do our utmost to ensure any mistakes are never repeated.”

The company has not issued an apology on Twitter but did quietly delete all the spam tweets it posted. It’s not clear why they felt hashtag spamming was okay to do, although they told a blog that it was done without their knowledge. That sounds a little hard to believe but it wouldn’t be the first time a rouge employee was blamed for a blunder that became a PR nightmare.

The moral of the story? Twitter can be a valuable tool to help you reach out to customers and potential customers, but tread carefully and follow the rules. Spam is no more acceptable there than it is anywhere else.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

UK Furniture Company Apologizes For Exploiting Iran Conflict in Twitter Spam

The first electronic spam that many businesses ever encountered came via email.  Before that spam was only in the form of “junk mail” delivered by post or received by fax.  Although a minor annoyance most pre-electronic spam was fairly harmless.  Rarely was a piece of junk mail intended to be malicious or an outright scam (beyond a normal degree of outlandish marketing hype anyway).

As email became a crucial business tool the spam problem rose rapidly to become the major problem it is today.  Regular research is released that puts spam at over 90% of global email traffic.  Despite this not every business takes it seriously enough to actually do something about preventing it.  Those that do will implement a quality anti-spam solution for their email and continue about their business hopeful that it will protect them from those on the internet with malicious intent.

However as the web evolves new spam threats have emerged that also need to be considered by businesses.

Email Spam

Email spam is a continually shifting landscape of new threats as spammers develop new techniques.  For example, spammers have gone from putting spam content in emails, to putting it in file attachments, to putting it in password-protected file attachments, to putting it in image files, to putting it on web pages that they link to, each technique intended to keep them a step ahead of anti-spam vendors and the protective measures built in to their products.

Spammers have used, and continue to use, home PCs on broadband connections that have been compromised by viruses.  When these don’t work thanks to RBL providers such as Spamhaus, they turn to free webmail services and simply break through the CAPTCHAs that are in place by breaking their algorithm or simply paying people in developing countries to manually enter the CAPTCHAs for them.

This continually evolving threat highlights the need to deploy serious protection for email spam.  A “bits and bobs” solution cobbled together from separate free components will not have the effectiveness of a comprehensive, integrated anti-spam product from a vendor committed to ongoing support and protection for new threats.

Social Networking

The emergence of social networking has changed business communication forever.  Although email remains critical to businesses more and more we see interaction occurring outside of email using social networking services such as Facebook and Twitter.  Staff may be using social networking only for personal use, but business use is also becoming common.

The threat posed by social networking is that messages will not be scanned or filtered by an email anti-spam solution. This leaves users open to phishing attempts and scams.  Although web filter technology can be used to simply block these services entirely, that makes them unavailable for genuine business use.

A better solution is one of user education.  Although social networking fosters close relationships with people around the world the same level of suspicion should be applied to social networking interactions as it is to email.

URL Shortening Services

The explosive popularity of Twitter has lead to an equal explosion in the use of URL shortening services.  These services convert a very long URL into a much shorter one, making them perfect for the limited space available in a Twitter post.  Because of this their use is spilling over to other social networking services, and also being used in emails.

The problem presented by these services is it disguises the true destination of the URL, which can thwart content filters that check for URLs for domains with a reputation for spam.  I was recently working at a customer site where all such URL shortening services were outright banned, which is a short sighted approach to the problem.  Given that the URL redirects the browser to the real destination, and that destination is still accessed via the same web proxy, the proxy could still apply URL filtering to the ultimate destination.

Rather than viewing URL shortening services as the problem, a better solution is to ensure that all web traffic is subject to URL filtering that will block known malicious websites.  This makes web filtering part of an overall anti-spam solution, by protecting users from malicious short URLs sent via email or over social networks.

Free File Hosting

Terry Zink of Microsoft recently considered the problem of free file hosting services and who is responsible for scanning the content stored in them for viruses.  The spam problem here is an email saying “Check out this important file…” which links to a malicious file at a free hosting service run by an otherwise trusted and reputable web company.

He makes a good point but businesses don’t need to wait for the problem to be sorted out by the providers, nor do they need to be blocked entirely which deprives users from making genuine use of them.  Instead the same approach can be taken as for URL shortening services.  By utilising web filtering that scans file downloads the threat can be greatly reduced.

Comprehensive Strategy

As new threats emerge it demonstrates a need to consider spam prevention not just in respect to email, but for all online interactions that our end users might engage in.  With a combination of email protection, web filtering, and end user education a business can be protected from these threats as they evolve.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Dealing With New Spam Threats to Business

Twitter has become a valuable tool for businesses. Many now use it as a way to stay in touch with customers, enhance customer service, and as part of their marketing plan. However, as we’ve seen in the past few months, Twitter has also been a target of spammers and hackers. At first they used worms to do their dirty work, but now they’ve gone back to basics and are using Twitter’s own search tool to harvest email addresses.

How they do it is disturbingly easy. They simply do a search on the phrase “email me at” and/or on a specific domain or domains. An example would be something like: aol.com OR yahoo.com OR “email me at”.  The result is a nice collection of email addresses ready for the spammer to add to his database.

          “You can sit and just watch the email addresses steadily trickle in,” said Twellow’s lead developer Matthew Daines . “I wouldn’t doubt it if spammers are harvesting these. It would be trivial to write a script that gathers these addresses. They could have several hundred thousand over a few weeks at the rate they trickle in. The Twitter stream really weeds out all sorts of irrelevant data and cuts right to the email addresses within 140 characters, so it’s a lot less intense, and would require very little coding skill.”

Since Twitter’s TOS clearly states they are not responsible for what people put in their tweets, don’t look to them to do anything about the problem anytime soon. Instead, have your employees refrain from putting their emails in their tweets (tell them to ask to be DM’d instead), and don’t ask your customers to provide theirs. Direct Messaging is much safer. Don’t make a spammer’s job easier!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Email Harvesting Latest Twitter Problem

Here’s a puzzle that needs to be solved by our email administrators. Dancho Danchev reports on a new marketing software product called tweet tornado as a spamming tool.  Now Dancho comes with solid credentials as an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and E-crime incident response.  In Dancho’s article “Commercial Twitter spamming tool hits the market” he points out that the tweet tornado pitches itself as a “fully automated advertising software for Twitter”.  He goes on to say “this software potentially empowers phishers, spammers, malware authors and everyone in between with the ability to generate bogus Twitter accounts and spread their campaigns across the micro-blogging service.”

The blog “Threat Chaos” apparently agrees with Dancho in its article “More on Mr. TweetTornado“.  This blog article states “It is basically a spam tool in that those using TweetTornado generate multiple Twitter identities and put links in them back to their sites that generate revenue through affiliate networks or simply Google ads.” Commenting on this article, the developer of Tweet Tornado defended his marketing software with: “TweetTornado only adds followers. People have to click on the page and choose to follow someone so there is no spam involved, only opt in marketing. The only people who receive anything are the people who follow and give permission. Everyone needs to realize this is not like a typical spam tool. This is permission based opt in marketing! And if Twitter would quit shutting the accounts down for no good reason then the software wouldn’t have to create unlimited accounts anymore. I don’t see how this software is bad for Twitter, anyone can do the same thing without software the difference is this software saves you a lot of time following people.”

I viewed the video on Tweet Tornado, which provides an overview on its usage.  It appears to automate the process people perform on Twitter in creating an account, posting 140 character tweets of current status with a link back, following people and other people following the account holder.

Where the puzzle question comes in is whether Tweet Tornado is a potential spam tool, because it automates continuous tweets on Twitter with website link backs. It automates acquiring more followers in a shorter period of time, thereby driving traffic to a linked back website. Although a slower process, isn’t that what people do on Twitter manually?  People post tweets on Twitter with link backs to their website. People search Twitter by category to find like minded people they can follow and potentially market their products or services. Could it be that Tweet Tornado just appears to accomplish this faster?

Post a comment and let us know what you think?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Legitimate Marketing Tool or Spammers’ Delight?

The malware that hit Twitter, called the Mikeyy worm, appears to have been created by a 17-year-old New York boy who had nothing better to do and wanted to drive traffic to his website. The worm exploited a cross site scripting flaw to compromise nearly 200 accounts and send more than 10,000 tweets. Users were infected simply by visiting the compromised profiles. The worm hit Twitter 4 separate times this weekend, each time sending tweets aimed at directing users to the site StalkDaily.com, a Twitter copycat site owned by the teenager in question. A copycat worm also jumped on the bandwagon, sending out spam tweets of its own with a link that claimed to be directions on how to remove the worm.

          “A message like this is particularly nasty, as there were plenty of re-tweets of this malicious message sent by genuine users,” said F-Secure Corp.’s chief research officer, Mikko Hypponenin in a blog post just minutes after Monday’s attack began. “The bit.ly link got redirected back to Twitter, to user reberbrerber’s profile which would infect Twitter users who viewed it.”

Experts say attacks on social networking services will only increase as more and more cybercriminals seek out vulnerabilities and use them to carry out XSS/PHP/SQL attacks. These attacks they say, will likely be used to gather lists of personal information which will then be used in more traditional spam and phishing attacks. To protect your company, don’t use sloppy code! Check and double check for JavaScript vulnerabilities and other security holes and block any you find as soon as possible. Your company’s reputation could depend on it!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Twitter Spammed by Teenager Using Worm

I use Twitter to keep people updated on my latest and most interesting articles and books, it shortens the URL when I include the link. I always thought it was convenient, especially since it saves space–which is of course at a premium when you’re Twittering. But who else is using those URL shortening services, and towards what end?

I saw a very informative post today on the Unweary blog that points out some risks I had previously not considered when using a third party service to redirect you to a Web page. Normally, when I get an email that contains a link, I will always mouse over the URL so I can see if it’s really going to go where it says it will. If the email claims to be from my bank, but the URL is from some domain in Russia, then I know it’s obviously bogus. But with the shortened URLs, this becomes impossible. You have to just click to see where it goes. Apparently, spammers have discovered this as well, and are using these URL shorteners in their spam emails as another way to disguise a link’s true destination. The shortened URL may also bypass spam filters, which may recognize a spam domain but may let the shortened URL get through.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Shortened URLs used in spam

Yesterday I experienced quite a scare.  Several client social networks I created and maintain all had fake member registration forms filled out. I immediately identified each registration as spam. Luckily all registrations must be manually approved by the administrator.  I found this to be a very sophisticated spam attack. In each instance the spammer even uploaded a required picture of a pretty girl.  The registration form field entries each had the same entry of “I’ll tell you later”.  This indicates an automated spam machine was used. The different email addresses entered all used the malinator.com domain.  All the social network administrators have been notified to be on alert.

With account registration moderation in place, the scenario above is a more controlled environment. So spam infiltrations are much harder to achieve. More mainstream popular social networks, like Facebook and Twitter, do not moderate registration. So spammers can slip in very easily to target legitimate members.

As mentioned in a previous article “Belated Spam Predictions“, spammers will continue to phish social networks, but use more sophisticated approaches. The goal is to collect not only personal information, but also retrieve information surrounding a person’s inner circle of friends and associates.

Continue to educate your email users to be prudent about information entered into their social network profiles. People must be more vigilant about the nonchalant acceptance with the comfort and trust in entering all types of information about themselves on social networking sites.

A balance must be created between personal branding or making networking connections, while keeping your personal information safe. If a phishing spammer gets to you, that means your friendship connections are also at risk.

It may seem innocuous to share your favorite books or movies on your profile. How about providing your real birth date as opposed to making yourself 10 years older or younger? So what, if you receive those automated or personal friend birthday wishes on the wrong day. At least you make your personal identification information safer. Your hobbies and interests may seem like it’s not a big deal. The more profile information you share, just makes it that much easier for cyber criminals to assume your identity. The more personal information shared, the higher the chances another person can become YOU to get closer to scamming your friends.

The next time you receive a “heart” invitation, a virtual “drink” or a “birthday” card from a friend on Facebook, look closer at the safety message displayed. It says “Allowing Birthday Cards access will let it pull your profile information, photos, your friends’ info, and other content that it requires to work.”  Each time the “Allow” button is clicked, your personal information and your friends list is being shared.

Social networks are powerful marketing and networking tools.   How much personal information do you think a person should share in a profile? Will the profile accuracy impact personal or business relationships?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Social Network Spam Scare

There’s a new service that lets advertisers target Twitter users by monitoring Twitter posts for keywords and allowing them to send ads to users based on their location and/or if they’ve posted links or questions in their posts. However, the company behind the service, called TwitterHawk seemed unaware that the service is basically a tool for spammers, even though they’ve already changed the TOS so the advertisers can only send one ad a day to Twitter users. (That’s not likely to do much, if they have 100 advertisers and they are allowed to send just one ad a day each, that’s still 100 ads a day being sent!)

          In response, TwitterHawk owner Chris Duell has restricted advertisers to sending only one message a day per Twitter account, and said that the restrictions on advertisements may be increased again if the service is abused or causes the Twitter community “unwanted problems”.

“We did not expect such an explosion in use of the tool and considerably underestimated its effect on the social medium,” he said.

Duell said that he would not condone the use of spam, and wanted the service to bring relevant information and services to Twitter users that would “add value” to their social networking experiences.

He added that he wanted to provide a “non-intrusive service” similar to Google Adwords, which allows marketers to target people according to their search terms.

That’s all well and good, however Google Adwords appear on webpages and are, for the most part, very unobtrusive.  TwitterHawk uses a bot to send ads in response to keywords it picks up in Twitter posts. Very very big difference! This is bound to annoy many Twitter users.  Further research has revealed that the one message a day per advertiser has been further restricted to one message a day per keyword targeted, but again, that will have little impact if the service is used by a large group of advertisers all targeting different keywords – if you happen to post more than one you’ll get an ad for each one. The powers that be behind TwitterHawk need to understand that any unsolicited message, whether it be an email, tweet, IM, etc, is considered spam. I expect this service to quickly wear out its welcome on Twitter. I’m a big Twitter user and although I haven’t received any ads yet ,if I do I will be annoyed. If you’re a Twitter user too, drop us a comment and let us know what you think!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

New Service Allows Companies to Spam Twitter Users