Tag Archives: Spam

SpamAssassin’s new year hangover

0
Posted by Tech Paranoia on January 4, 2010 – 12:00 pm
Filed under Email
Tagged as , ,

The Apache SpamAssassin spam filter has been shipping with a rule which defined any year past 2009 as “grossly in the future” and adding 3.2 to the email’s spam score. The default threshold for spam is 5.0, so the error makes it much more likely that legitimate mail will be falsely marked as spam.

The problem was noted by Mike Cardwell, a UK based developer, who brought up the issue on the spam filter’s mailing list. The problem had been reported in 2008 and fixed in the SpamAssassin repositories, but the rules were not backported to 3.2 for users until new years day when the omitted update was noticed.

SpamAssassin users will need to run the sa-update command to update their rule set. If they are unable to do this, for whatever reason, then adding score FH_DATE_PAST_20XX 0.0 to the local.cf file will work around the problem.

Source: H Online

Pharma link spammers invade Live Space

0
Posted by Tech Paranoia on December 23, 2009 – 11:14 am
Filed under Spam
Tagged as ,

Cybercrime affiliates of unlicensed pharmaceutical websites have begun moving on from attacks purely designed to poison Google search engine results, and are now targetting Microsoft’s web properties.

Search engine poisoners are actively making use of Microsoft’s Windows Live Spaces blog hosting environment, net security firm eSoft reports. Miscreants are creating accounts which they use only to push links to the pharma-fraud sites. As a result the search engine ranking of these spamvertised sites is pushed up.

In addition, spam emails contain the URLs of fake blogs, from which surfers are redirected onto penis pill sites. The tactic is designed to evade spam filters that might already have blacklisted the fraudulent website.

The misuse of fake blogs on Live Spaces is a refinement of the well established practice of link spamming: posting “comments” on legitimate blogs that supply links to dodgy pharmaceutical websites and the like.

Attacks similar to the Live.com blogspamming for fraudulent pharmacy sites have also recently been thrown against both Yahoo and Blogger sites, eSoft adds. The security firm adds that the recent Google job spam scam also infiltrated Microsoft’s Life Space environment.

Source: The Register

Honeynet Project Hits 1 Billionth Spam Mark

0
Posted by Tech Paranoia on December 15, 2009 – 2:05 pm
Filed under Spam
Tagged as ,

Stats from the one billion spam messages blocked by Project Honey Pot over the last five years provide an insight into junk mail trends and spamming practices.

The Honey Pot project was formed by a community of web administrators as an alliance against online fraud and abuse back in 2004. The group now numbers 40,000 members in 170 countries, making it the biggest effort of its kind on the web.

Last week, the group trapped its one billionth spam email message – an IRS phishing scam junk mail – since when the group has been poring through its archives, teasing out trends.

Stats from the project reveal that Monday is the busiest day of the week for email spam, and Saturday the quietest. Spam volumes peak around 12:00 (GMT) and reach a low around 23:00 (GMT). Spam volumes drop nearly 21 per cent on Christmas Day and 32 per cent on New Year’s Day, a sign that junk mailers take time off over the holidays just like everyone else.

The project reckons it takes the average spammer around two and a half weeks from harvesting an email address to sending the first spam message to this address, twice as fast as junk mailers operated five years ago. Every time a user’s email address is harvested from a website, it results in an average of 850 spam messages.

Source: The Register

The future of spam: 2010 and beyond

0
Posted by Tech Paranoia on December 15, 2009 – 1:00 pm
Filed under Spam
Tagged as

The economics behind spam dictate that 2010 will be another active year for spammers.

The distribution of spam emails is set to continue as long as distribution channels remain relatively cheap, botnets continue to be active and shift locations, and spammers develop new and innovative ways to attempt to bypass anti-spam filtering.

The specific predictions have been outlined by Symantec in their latest spam report:

1. Distribution networks are becoming more dynamic as additional broadband connected targets are coming online every day. Distribution paths are also getting more complicated with spammers now sending messages directly from infected machines, routing through compromised relays and continuing to use webmail/SMTP Auth abuse.

2. Botnets are also set to continue jockeying for position as botnets which were previously dominant are undermined by the actions of new more sophisticated botnets. The number of botnets is set to grow as hackers target developing IT infrastructures in certain regions.

3. In an attempt to evade anti-spam filters through obfuscation and hijacking the reputation of legitimate websites, spammers are set to continue using tactics such as URL shortening and using freeweb hosting servers, damaging the reputation of some services until they go out of business.

4. Spammers are set to continue the progress of blending where they utilize spam to tempt an end user into buying a product or service, to more mischievous and even dangerous practices such as phishing where a spammer tries to steal a users identity and computer resources to obtain money or add to the strength of bot networks by compromising PCs.

Source: Help Net Security

New Spam Tactics Threaten Social Networks

0
Posted by Tech Paranoia on December 11, 2009 – 11:00 am
Filed under Malware, Spam
Tagged as ,

If you think the spam problem is bad right now — and it is, with more than 90 percent of email consisting of spam — the good news is it’s not going to get worse. The bad news is it’s going to get much worse.

Spam is a huge business and spammers, like all business owners, are always looking for new ways to lower costs, increase profits and get their products in front of more people. The efficiency of today’s spam filters and the fact that most Internet users have been trained to ignore any of the junk that does get through their filters had made that job much harder for the spammers.

So instead of continuing to bang their heads against the wall to come up with new spam salad subject lines or creative ways to spell Viagra, the spammers instead are busily finding entirely new methods of polluting the Internet. For years they’ve been using the comment fields on blogs and news sites to push their junk, and not they’re taking that one step further.

Many spammers now have large staffs of people working on nothing but building out completely fake personas for non-existent users on social networking sites and blog networks. The spammers use these personas to create accounts on Twitter, Facebook, Blogspot and other sites that have high levels of user interaction.

But these are not the easily identifiable spambots and fake profiles that have been cluttering these sites from the beginning. Instead, the personas have all of the attributes that one would expect in a real user, such as clearly defined interests, specific geographic locations, favorite bands and movies. The spammers who control these profiles are not using them to loudly and obviously push diet pills or porn, but are aiming to make them look as average and unremarkable as possible.

“Their goal is to be right down the middle, not too high or too low on the radar,” said Robert Hansen, a security researcher who discussed the new tactics during a webinar Wednesday put on by Black Hat and Dark Reading. Hansen, who has spoken with some of the spammers using these techniques, said that they can create as many as 500,000 to a million new personas in a single day.

Source: ThreatPost

Botnets pushing out even more spam

0
Posted by Tech Paranoia on December 8, 2009 – 2:00 pm
Filed under Spam
Tagged as ,

Cybercrooks have adapted to the takedown of rogue ISPs by building more resilient botnets.

An annual security survey by MessageLabs found that the already high level of spam reached 87.7 per cent of email traffic during 2009, with highs and lows of 90.4 percent in May and 73.3 percent in February respectively. Junk volumes increased still further compared to the 81.2 per cent spam rate recorded by MessageLabs in 2008.

Compromised (zombie) machines accounted for more than four in five (83.4 per cent) of an estimated global volume of 107 billion junk mail messages sent out every day during 2009.

The shutdown of botnet-hosting ISPs – such as McColo in late 2008 and Real Host in August 2009 – has forced hackers to re-engineer botnets so that the reins of command and control system can be picked up within hours, instead of the weeks of confusion that followed the McColo shutdown.

The Register

Report claims that 2009 was a year of stronger botnets and increased spam

0
Posted by Tech Paranoia on December 8, 2009 – 10:00 am
Filed under Security
Tagged as ,

There has been an average rate of 87.7 per cent in detected spam in 2009, as a small number of botnets have become stronger.

According to the MessageLabs intelligence annual security report for 2009 from Symantec, cybercriminals have sharpened their survival skills and operated a volume and variety approach over the past 12 months.

It showed that there was a high of 90.4 per cent of detected spam in May, and a low 73.3 per cent in February. Paul Wood, MessageLabs intelligence senior analyst at Symantec, claimed that following the shutdown of McColo just over a year ago levels did drop but soon picked up again.

Source: SC Magazine UK

Spam ring leader fined $16 million

0
Posted by Tech Paranoia on December 2, 2009 – 9:00 am
Filed under Security
Tagged as

Lance Atkinson, the Australia-based New Zealander that has been found guilty of organizing a spam ring along with American accomplice Jody Smith, has been fined with more that $16 million by the US Federal Trade Commission (FTC).

The two of them, allegedly aided by Atkinson’s brother and another man, used a botnet consisting of 35,000 computers to send billions of emails that directed the recipients to websites (hosted on servers in China) selling weight loss and male enhancement pills that supposedly came from a legitimate US pharmacy, but were actually “fakes” shipped from India. Credit card information was processed in Cyprus and Georgia (ex USSR).

Source: Help Net Security

Tiger Woods car accident leads to malicious sites created and detected

0
Posted by Tech Paranoia on November 30, 2009 – 1:00 pm
Filed under Security, Viruses
Tagged as ,

The car accident involving golfer Tiger Woods has led to Google trends being dominated by the event.

Hon Lau, senior security response manager at Symantec, claimed that from an IT security point of view, this is just another fruit ripe for the picking as far as malware writers are concerned.

“So it comes as no surprise that the creators of rogue anti-virus or misleading application software have already jumped on the bandwagon and attempted to poison web search engine results to take advantage of this spike in web search activity,” said Lau.

Symantec reported that search engine results are redirecting to malicious domains that go through the usual fake scanning activity, before pointing out a whole host of serious errors and threats that needs to be cleaned from your computer.

Source: SC Magazine UK

Thanksgiving scams: Warming up for Christmas

0
Posted by Tech Paranoia on November 30, 2009 – 12:00 pm
Filed under Privacy, Security
Tagged as , ,

Sometimes it is difficult to tell the difference between legitimate online offers and malicious spam. In this day and age, you can be pretty sure that financial and government institutions won’t send you emails asking you to change your account details.

But, sometimes the only thing preventing you to fall prey to cyber crooks that use fake promotional discounts and other special offers online to lure you into giving up your personal information is – your memory. Do you remember having subscribed to those offers and promotions? If you can’t remember, delete the email – no matter how tempting the offer sounds.

Holidays are usually a time of great activity for scammers, especially holidays that involve gift-giving. Trend Labs received a lot of spam samples that took advantage of Thanksgiving. Some of them were fishing for an email address so they can spam you extensively.

More at: Net-Security