Planet Antispam

Terry Zink: Today is my 8-year anniversary of fighting spam

2012-07-13T01:03:15+00:00

Today is my 8-year anniversary of fighting spam. It was July 12, 2004, that I got the job at Frontbridge as a spam analyst and we headed down to Los Angeles for 4 weeks of training. Here’s a recap of 8 general trends that have happened since then:

Image spam - In 2006, there was a huge outbreak of image spam. This was a different kind of spam in that the content had very little words and just an inline jpg or gif. This type of spam far dwarfed any campaigns we had seen to that point. Image spam is not nearly as popular now and most filters have adapted to it, but it was the first major spam campaign I had seen that did a good job at evading filters.
The rise of botnets to spam – Also in the year 2006 and spilling into 2007, spam from botnets increased substantially. While botnets had always been used, during that time their use exploded (at least in mail sent to our networks). It was during this era, and through until 2009, that spam reports in industry would make the claim that spam was 95% of all email. Since 2010, that percentage has declined.
The diversification of botnets – As spam filters started getting better and better at blocking botnets, mostly by making use of IP blocklists, the botnets adapted. The biggest shift is away from sending spam from bot’ted machines to using botnets to send spam from legitimate webmail accounts like Hotmail, Yahoo and AOL. Spammers use these botnets to remotely login to accounts they have created to send spam from them, knowing full well that spam filters will not block these IPs.

Botnets have diversified into other activities, too. They host malware, compromise websites, perform fast fluxing, do black search engine optimization, and other criminal activity.
The rise of using compromised accounts – Also related to the above, spammers have shifted away from using compromised machines to compromising legitimate accounts. They will steal user credentials and use their botnets to login to users’ accounts and send tons of spam from them. They do this because people will not trust mail from users they don’t recognize, but they might trust mail from people they regularly communicate with.
The disappearance of spammers – There has been a lot of activity in the anti-abuse community infiltrating botnets and shutting them down (Rustock, Zeus, Spyeye, etc). In response, spammers have gotten smaller. Spam is now only 2/3 of all email, way down for its peaks. This is because spammers are more narrowly targeting their attacks and trying to avoid attracting so much attention.
The rise of bulk mail – I wrote a post recently that Hotmail is providing tools to block bulk mail. When I first started, this type of spam was common but it was much less than malicious spam. Nowadays, greymail (dark shades of gray) outnumbers malicious spam. Spammers who used to send out malicious spam are still doing it, but they are not doing it via spam the way they were before. This has created a niche market for the snowshoe spammer.
The rise of malware – Viruses in the 1990’s were designed to disrupt user’s productivity; it was a bit of a fun thing. During the past 8 years especially, malware has become more dangerous – they are designed such that the user is unaware of their presence, but they are doing nasty things like steal money from your bank accounts, or turn your computer into a spam-spewing agent. Malware has seen a rise in frequency similar to the way spam did in 2006 and 2007.
The rise of state sponsored malware – With revelations earlier this year that the Stuxnet worm was the work of governments, it signals a shift in the way we view malware. Who’s at risk? Should ordinary users be concerned? What are the rules of engagement? Is Die Hard 4 going to come true? This is the least transparent trend out of all of them.

That’s the way I saw the world during the past 8 years. What will happen in the next 8? I didn’t foresee #5 and #8. I wasn’t too surprised at #3.

What do you think is the next big thing?

Terry Zink: My credit card information was leaked to the Internet and all I got was this interesting eBook

2012-07-13T00:34:48+00:00

This past December, private geopolitical analyst firm Stratfor was hacked when hackers from the Anonymous group broke into their servers and posted users’ passwords and credit card information online. My credit card information was among them and I wrote a bunch of blog posts about my experience:

Stratfor hacked by Anonymous – and my information gets stolen (Dec 25, 2011)
Fallout from the Anonymous/Stratfor hack (Jan 6, 2012)
Some more on the Anonymous/Stratfor hack – protecting user data (Jan 12, 2012)
The Stratfor hack is not over yet (Feb 6, 2012)
The Stratfor hack – the gift that keeps on taking (Feb 27, 2012)

After the hack occurred, I was really mad. Not at Stratfor, but at Anonymous hacker who broke in and leaked the data. But I confess, as time passed and nothing bad seemed to occur, it fell down a lot lower in priority at the bottom of my mind.

Yesterday, I got an email that apparently some subscribers (or maybe 1 subscriber) got together and sued Stratfor for negligence. They argued that Stratfor didn’t do enough to protect their subscribers’ data and were looking for restitution.

Stratfor settled the lawsuit out of court, and as a subscriber who was affected by the breach, I get the following:

One month of free access to Stratfor, valued at $29.08, free-of-charge. While this sounds like a pretty good deal, I usually subscribe to Stratfor by waiting until the last minute when they have their annual specials and it costs either $199 or $249 per year. That works out to roughly 3 months free-of-charge access. So this deal isn’t that great, although if they never run their discounts again I’ll be out of luck.
I get some money from Stratfor’s Insurance company if they ever collect anything.
I get an eBook called “The Blue Book.” I don’t know what this book is, but I’ve read three or four of Stratfor’s books in the past and I really enjoy them.

I admit that I am easy to please. I had to change my credit card and password, but I didn’t have any fraudulent charges nor did anyone login to any of my other accounts. No harm done, so I’m happy with the book even though I don’t know what it is (and can’t find anything on it after doing a quick Internet search).

But what really sealed the deal for me was when I read in The Register that police had caught and charged a hacker with the Stratfor breach, and that was a result of the ringleader of the Anonymous group deciding to co-operate with the FBI last year:

Jeremy Hammond, 27, of Chicago, Illinois, was charged in March with access device fraud and hacking offences in relation to to the Stratfor hack. He is alleged to be the infamous Anonymous figure "Anarchaos".

Hammond's arrest took place with the assistance of LulzSec suspect turned FBI informant, Hector Xavier 'Sabu' Monsegur, officials said. Court documents reveal that Monsegur offered an FBI-supplied server as a repository for 20GB of data extracted from Stratfor, an offer that was accepted.

So from my perspective, the hacker who did the deed was caught and I get a free book. Since that’s all there seems to be to the story (i.e., no other of my information was hacked), I’m happy.

But more importantly, it (probably) illustrates a shift going forward, and new opportunities for emerging businesses:

Companies are going to start thinking about protecting data-theft insurance. Rather than take their chances with a breach and getting sued, they will buy insurance so that if (when?) it does happen, their risk is mitigated.
This will create new business for insurance companies (if hackers hate big business, their plans have backfired because they just created more of it). They will evaluate the risk/reward ratio of providing these services and will see it as a new revenue stream.
This will also create new business for companies doing risk assessments for large (or even small) corporations. This could be consulting companies who go in and assess risk for insurance companies in order to set premiums, or companies who are buying this insurance to figure out where they are most at risk and fix (or mitigate, or take it as an accepted risk) those vulnerabilities.

That’s my update on the Stratfor hack.

Terry Zink: Hotmail looking to combat gray mail

2012-07-12T23:52:56+00:00

Wired yesterday reported about an initiative that Hotmail is working on that combats gray mail – mail that isn’t spam or legitimate mail, but is in-between, a shade of gray. Gray mail is bulk mail and some people want it, while others do not.

Hotmail has come up with the tools to help you get control back. They can help you un-clutter your inbox and give you your time back. Tools such as flagging important emails at the top and the sweep tool to blitz unwanted emails, will help you take control of your inbox. Spend 60 seconds slicing through the clutter with Hotmail's 'Sweep' tool and set rules to automatically schedule filing and deleting emails you don't want in your inbox.

Hotmail has a video of the feature available here: Hotmail Explains the Sweep feature. As someone who has worked in email a long time, I can confirm that gray mail (or greymail) is one of the most difficult types of mail to classify because of its personal component – what is spam to one person is legitimate to another. And while a large proportion of some users may think a message is spam, say 85%, the other 15% wants that mail. Therefore, implementing rules to block the messages globally results in very high rates of false positives. But not blocking them at all results in lots of users complaining about “spam” in the inbox.

This gets complicated as we scale the solution. Some spam filters try to predict or memorize classifications according to what it knows, or thinks, the users want to receive. This works if a spam filter protects several hundred thousand, or even a couple of million, users.

However, if a spam filter has to protect hundreds of millions of users, such as in a large web mail service, there are a lot of resources required to sync all that data and transmit it across data centers. It’s not only a filtering problem, but also an Operations problem – transferring such large data sets strains bandwidth, and processing such huge settings (200 million x 150 custom settings) requires lots of processing power. Just how much effort do you want to put behind a free email service? The law of the rate of diminishing returns applies here.

Finally, greymail is difficult to filter in general because different senders of mail have different reputation classes. There are:

Good mailers who do everything right – they double opt-in users and never spam.
Well-intentioned mailers who do some things right – they may have permission to send but their emails don’t pass SPF checks, they say “To exclude yourself from this message, reply with UNSUBSCRIBE in the subject.” Seriously, what year is this, 2002? Where’s the 1-click unsubscribe?
Mailers who take your contact details from your business card and opt you into their mailing lists. Maybe their services are relevant to you, and maybe they considered you giving them your business card implicit consent to send you mail (‘cause you didn’t read the fine print).
Mailers who can’t be bothered to do anything right and therefore look a lot like spam… but some people might consider them legitimate and if you block it, you get false positive complaints.
Outright snowshoe spammers.

Because of the variations in greymail, it confuses spam filters. Some error on the side of catching more spam (and thus alienating people who want the mail) and some error on the side of allowing more mail (and thus alienating people who don’t want it). The solution is to provide the users tools to quickly and easily deal with their own mail streams.

Kudos to Hotmail for providing tools to allow users to do just that.

Richi Jennings: Excuse me little girl, but did you misplace your soul? #redheadsrock #gingerthursday Josh...

2012-07-12T17:42:18+00:00

Excuse me little girl, but did you misplace your soul?

#redheadsrock #gingerthursday

Josh Dros originally shared this post:

Here is my contribution to #GingerThursday . This one is probably going to give me nightmares.

The Internet Patrol: How to Report Text Message Spam to T-Mobile, Verizon, Sprint, and ATT

2012-07-12T17:13:40+00:00

Isn't it frustrating when you receive an SMS text message and it turns out to be SMS spam? Don't you wish that you could report those spammers to your wireless carrier? Well, you can! Whether you want to report text spam to ATT, T-Mobile, Verizon, or Sprint - or any other North American carrier, it's as simple as forwarding it right from your phone. Here's how to do it.

Richi Jennings: Thank you! I just love the level of interaction here. I just wanted to recognize all you wonderfu...

2012-07-12T14:16:23+00:00

Thank you!
I just love the level of interaction here.
I just wanted to recognize all you wonderful people who comment, share, and +1 my posts. You make it all worthwhile; thanks!

All Spammed Up: UK Spam Complaints Up by Whopping 43%

2012-07-12T14:00:03+00:00

The London Olympic Games are almost upon us, and it’s no great surprise that there’s been an uptick in spam activity related to the games. Spammers love to latch onto any topic that will lower a person’s guard long enough to click on a malicious link or open an attachment. The psychology is simple: pick a subject that’s in everyone’s mind and the battle is half-won. And in a year that’s seen conflicting reports and dramatic changes in the nature of e-mail spam, it seems that the battlefield has changed, or perhaps more appropriately, grown, to include multiple scam methods.

It’s the simple premise of economies of scale. Why just implement a spam e-mail and SMS campaign – a ‘push’ mechanism that requires the scammer to broadcast a message in the hopes that a user will read the e-mail and choose to click the link? It makes a lot of sense to target e-mail, SMS, as well as other methods like Twitter and Facebook – methods in which the user ‘pulls’ the message, in a sense, by actively participating when they log into the site and click links that appear to be valid messages from compromised friends, or scammers masquerading as site staff.

It’s long been a malady – a growing pain, really – of the Internet that users have had little control over what got delivered to their inboxes. Most users feel hopeless to do anything about it, and God forbid that they get scammed….what then? We don’t really know how successful the scammers have been over the past twenty or so years that e-mail scams have been around. In the early days of the Internet, people who succumbed to a scam probably reacted in much the same way you would today – call the police. But without laws, or even a general understanding of what the technology was all about, most people probably heard what you’d expect the police to say at a time when Windows 95 wasn’t yet available and Steve Jobs was still in exile from Apple: “there’s nothing we can do.”

Jump to 2012 and the story hasn’t changed much. Your local po-po ain’t going to be able to do much about a Nigerian ‘prince’ who just scammed your nana out of her life savings, unless that prince happens to show up in your neighborhood and gets nabbed for driving his Ferrari too fast. Fortunately, Microsoft and several international law enforcement organizations have been working hard for you, shuttering botnets, redirecting your DNS so you can continue to friend people and fling angry birds at things, and putting bad little spammers behind bars. Laws have been put in place, but remain fairly toothless. So what’s an honest, taxpaying citizen to do? Well, in the UK, you can give the Information Commissioner’s Office the ability to fine those individuals and organizations who have a love affair with bugging people.

Earlier this year, the ICO was given the ability to levy fines up to £500,000, although they haven’t had much success in finding someone to fine. They are, however, getting people riled up enough to do something about the glut of spam oozing out of inboxes. According to the BBC, the ICO reports that consumer complaints over spam and e-mail have risen this year by a whopping 43%. The greatest complaints are over automated phone calls (35%), unwanted text messages (29%), live phone calls (19%) and email (14%).

Unfortunately, like any public complaint forum, not every complaint is valid. According to the BBC, the ICO’s annual report revealed that:

“of the complaints made only 11% were considered for investigation. The majority – 60% – were classed as “ineligible” or “made too early”.”

Now, the 43% isn’t quite so impressive when you consider that the total number of complaints only amounted to 7,095 in the last year. But it’s still significant if you consider that people are taking matters into their own hands. Twenty years ago, people had little or no recourse when being electronically harassed, and twenty years later, at least we can vent a bit. And the ICO recognizes that it’s faced with a mighty task.

“It has proved difficult in the past,” an ICO spokesman stated to the BBC, “for the ICO to get the information needed from telecommunications providers to allow us to sufficiently investigate spam.”

The ICO chooses to remain optimistic, and maybe some of those consumer complaints will result in a few hurtful fines. If nothing else, we are not nearly as helpless as we were twenty years ago.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

UK Spam Complaints Up by Whopping 43%

Sophos Blog (Spam Category): Watch Sophos's James Lyne audition for TED2013

2012-07-12T12:31:56+00:00

Sophos's James Lyne recently auditioned to present at next year's main TED conference in Long Beach California: "The Young. The Wise. The Undiscovered." Take a look and see what you think. Watch his audition, and let TED know what you think.

Richi Jennings: Pirating is bad but reselling digital work is OK, says EU ruling . #HPIO UK for + HPUK by +...

2012-07-12T11:40:59+00:00

Pirating is bad but reselling digital work is OK, says EU ruling.
#HPIO UK for +HPUK by +David Amerland...

Pirating is bad but reselling digital work is OK, ... - Input Output

Richi Jennings: Today I Learned that medical practice is "tyrannical, hierarchical, controlled, intolerant,...

2012-07-12T11:22:36+00:00

Today I Learned that medical practice is "tyrannical, hierarchical, controlled, intolerant, dogmatic"

Spence D. What happened to the doctor-patient relationship? BMJ 2012;344:e4349

TIL medical practice is "tyrannical, hierarchical, controlled, intolerant, dogmatic" : Health

Richi Jennings: Yahoo! Voices hack reveals 453,492 passwords, claims D33Ds Company . Today's #ITBW for +...

2012-07-12T10:08:34+00:00

Yahoo! Voices hack reveals 453,492 passwords, claims D33Ds Company.
Today's #ITBW for +Computerworld by +Richi Jennings...

$YHOO

Yahoo! Voices hack reveals 453,492 passwords, claims D33Ds Company

Enemieslist: new patterns posted - 20120712 (maintenance patterns release)

2012-07-11T23:53:59+00:00

100536 patterns in 35746 domains, 12350 right anchor strings, 382954 test IPs

New patterns and updates from the various contributing feeds.

PLEASE NOTE that this release contains a NEW CLASS: 'dedhost'. It
replaces 'static/colo' and allows for distinction between shared and
dedicated web hosting and colocated servers. It is now reflected in
the rbldnsd files and returns 127.0.2.3.

Enemieslist: new patterns posted - 20120711 (maintenance patterns release)

2012-07-11T15:51:22+00:00

100478 patterns in 35724 domains, 12350 right anchor strings, 382575 test IPs

New patterns and updates from the various contributing feeds.

Richi Jennings: Drop Everything and Disable Gadgets! #HPIO UK Editor's blog for + HPUK by + Richi Jennings...

2012-07-11T14:56:12+00:00

Drop Everything and Disable Gadgets!
#HPIO UK Editor's blog for +HPUK by +Richi Jennings...

Drop Everything and Disable Gadgets! - Input Output

All Spammed Up: GMail’s Spam Filter is Faltering

2012-07-11T14:00:11+00:00

Google has long been lauded for its superior spam filtering. GMail users rarely see spam in their inboxes and hardly ever have to think about their spam folder, in fact Gmail keeps it hidden by default. That was just fine with most users because the spam filter was so good, the chances of legit emails being flagged as spam were slim to none.

Not anymore.

Google recently updated GMail and, since then, users have been reporting a high incidence of legit emails not making it to them. Upon digging up the spam folder and looking through it, those legit emails were found. I can verify this. I’ve been a GMail user for years and today for the first time found two legit emails in my spam folder. Why is this happening? It appears Google tweaked their algorithm and made it more aggressive – perhaps a bit too much so.

It’s important to note that much of the false positives are legitimate bulk emails such as newsletters the recipients have opted into, order confirmations and update notifications. What does this mean if your company sends out these kinds of emails? Set up test accounts on GMail if you haven’t already and send your emails to them. If they get flagged as spam, contact your ISP or email provider and have them contact Google with a complaint.

Users, at least for now, had better get used to checking their spam folders everyday. A hassle? Yes, but a much more tolerable one than having an inbox full of spam. Still, let’s hope Google tweaks their filters again and finds some middle ground.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

GMail’s Spam Filter is Faltering

Richi Jennings: iPhone 5 design pictured: Confirms rumors, confounds bloggers . Today's #ITBW for + Computer...

2012-07-11T10:14:37+00:00

iPhone 5 design pictured: Confirms rumors, confounds bloggers.
Today's #ITBW for +Computerworld by +Richi Jennings...

$AAPL

iPhone 5 design pictured: Confirms rumors, confounds bloggers

Spamresource.com: Guest Post: Canada's New Anti-Spam Bill - Is Anyone Listening?

2012-07-11T09:59:08+00:00

Today's guest post comes to us courtesy of Kevin Huxham, Director of Deliverability at CakeMail, creators of an email marketing application for small and medium-sized businesses, based in Montreal, Canada. Kevin has more than twelve years working in various email-related roles on both the sending and receiving sides of the industry. He has been around since the early days at CakeMail and helps

Enemieslist: new patterns posted - 20120710 (maintenance patterns release)

2012-07-10T16:16:15+00:00

100441 patterns in 35709 domains, 12356 right anchor strings, 382469 test IPs

New patterns and updates from the various contributing feeds.

Richi Jennings: Protect Your Data from a new Rogues' Gallery of Vulnerabilities . #HPIO UK for + HPUK by...

2012-07-10T16:10:44+00:00

Protect Your Data from a new Rogues' Gallery of Vulnerabilities.
#HPIO UK for +HPUK by Oliver Rist...

Protect Your Data from a new Rogues' Gallery of Vu... - Input Output

All Spammed Up: Let’s Talk About Spam – Wrapping It All Up

2012-07-10T14:00:12+00:00

Welcome to the last in our series on talking about spam to end users. We’ve spent the past several weeks talking about spam, phishing, and malware; how to recognize it; how to protect ourselves from it; and we’ve done so using what I hope was a minimum of technical jargon or geek speak. The ideal behind this series was to either provide our technical readers with a blueprint they could use to speak to their non-technical friends, family, and coworkers about spam, or to give them something they could point these people to so they could read it on their own. Let’s review what we have covered in the past several weeks.

Here’s a run down on the posts that make up our series on talking about spam.

Let’s Talk About Spam - Our introduction to this series set the stage for admin and end user alike.

Let’s Talk About Spam – Spam, Phishing and Malware - Here we go over each of the big bad three-how they are similar, how they differ, and just what they can do to you.

Let’s Talk About Spam – Why Should I Care? - Far too many home users think malware and phishing are just attacks against businesses. Here we set the record straight so they understand just why everyone needs to care.

Let’s Talk About Spam – How to Identify Spam - Seasoned professionals can spot spam by the third word in the subject. With what we cover in this post, end users will have a better idea of what stands out in spam.

Let’s Talk About Spam – The Worst Offenders - Playing off the previous article, we provide some examples here of actual spam, phishing, and malware to help drive home the previous lesson.

Let’s Talk About Spam – FUD - In this article we discuss fear, uncertainty, and doubt and how spammers and scammers play upon human nature to try to scare you into reading their emails, opening their attachments, and visiting their websites.

Let’s Talk About Spam – Identifying Suspicious Links - Once again playing off the previous, here we look at links in emails to help you recognize dangerous links for what they really are.

Let’s Talk About Spam – Personal Information - Personal information is exactly that, and in this post we discuss why you should think twice before giving it out.

Let’s Talk About Spam – To Unsubscribe or To Ignore? - We try to answer the age old question here, and help you determine when to click the unsubscribe link or just the delete key.

Let’s Talk About Spam – Reporting Spam - While there is no spam fighting army on the Internet, in this post we discuss what some of the major services do when you report spam to them.

Let’s Talk About Spam – Do You Really Want To Do That? - Back on the idea of personal information, and how readily some folks will give out their email address, we discuss the pros and cons of this, and offer some suggestions for alternatives.

Let’s Talk About Spam – Ways To Protect Yourself - With a better understanding of spam, phishing, and malware, and how to identify them all, reader should now have a better appreciation of just why they actually need good antivirus software, should user d/ls, not forward emails blindly, and why a throwaway account might be a good thing to have.

Let’s Talk About Spam – What to Do when You’ve Done the Unthinkable - Accidents happen, and even when you understand the threats, you can make a mistake. Here we talk about how to hand those oops moments.

And then finally, this post to wrap it all up. You might just want to book mark this one, since it contains links to all the rest, so the next time a friend, family member, coworker, or stranger on the street asks you about spam and what they can do about it, you can point them to this one site and send them on their merry way. By the time they read through the entire series, they should have all the information they need.

For those of you who have stuck with this series from beginning to end, thank you. I hope you found this useful. With this series done, I find myself needing to come up with the next round of articles. If you have any ideas for another series, or a set of topics you wish we would cover here at AllSpammedUp, please leave a comment and let me know what you would like to see. If I can cover it, and my editor approves, you might just spawn the next series. Thanks in advance for your suggestions or requests.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Let’s Talk About Spam – Wrapping It All Up

Richi Jennings: Mountain Lion release date & Apple system requirements puzzle devs. Today's #ITBW for +...

2012-07-10T09:59:44+00:00

Mountain Lion release date & Apple system requirements puzzle devs.
Today's #ITBW for +Computerworld by +Richi Jennings...

$AAPL

Mountain Lion release date & Apple system requirements puzzle devs

Terry Zink: More pirated software leads to more malware infections, poorer countries at more risk

2012-07-09T20:27:44+00:00

I decided to take a look at the relationship between the rate of software piracy and the rate of malware infections. If you pirate your software, are you more at risk of getting infected with malware? It sounds plausible so I decided to investigate.

First, I downloaded a copy of the 2011 BSA Global Software Piracy Study. Then I went to Microsoft’s latest Security Intelligence Report (SIR), volume 12, and looked at the Worldwide Threat Assessment. In the SIR, Microsoft has a measurement that it calls CCM, or Computers Cleaned per Thousand executions of the Malicious Software Removal Tool. They also include some telemetry from the Microsoft Security Essentials software. One execution/removal of the MSRT corresponds to a malware infection.

I took the data from the piracy study and checked it against Microsoft’s malware data from the 4th quarter of 2011 and then plotted them in a scatter plot. I tossed out the countries for which I had no data for one or both data points, and also excluded one outlier (China – Microsoft’s data on China is too low to be credible). Below is the result:

There is a positive correlation (and statistically significant) of 0.498 between the rate of software piracy in a country and the detected rate of malware infection/cleanups. I classify this relationship as medium strength*.

Conclusion: Pirated software increases your chances of malware infection.

Okay, so using pirated software is risky. But who buys pirated software? Is it people in the developed world? Or people in the developing world? Do wealthier countries buy their software more often?

To determine this, I used GDP per capita that is published in the World Economic Outlook database, maintained by the International Monetary Fund. I adjusted for the outliers, again discarding China (malware infections far too low), and Qatar and Luxembourg (GDP per capita too high). I then plotted rate of piracy vs. GDP per capita, below is the result:

In the above, the regression line is statistically significant (a strong correlation) and it slopes downward, indicating an inverse relationship GDP per capital and the rate of software piracy. Or, to put it another way:

Users in poorer countries have higher rates of piracy than users in wealthier countries.

Finally, I decided to check the rate of malware infection against GDP per capita. We know that users in poor countries pirate software more often, and pirated software is more at risk than legitimate software. To calculate this, I combined the three datasets above to come up with the following chart, once again adjusting for China, Qatar and Luxembourg:

The trend line in this chart is the same as the trend line in the previous chart, but the correlation is only medium strength. But the result is the same:

Users in poorer countries have higher rates of malware infection than users in wealthier countries.

The above analysis confirms what I suspected – acquiring software illegitimately increases your risk of malware infection, and users in the developing world (as defined by International Monetary Fund) are more at risk.

* In this analysis, I use the following categories:

correlation < 0.10 = No statistically significant relationship
0.10 ≤ correlation < 0.30 = Weak correlation
0.30 ≤ correlation < 0.60 = Medium strength correlation
0.60 ≤ correlation ≤ 1.00 = Strong correlation

Enemieslist: new patterns posted - 20120709 (maintenance patterns release)

2012-07-09T17:41:30+00:00

100434 patterns in 35704 domains, 12355 right anchor strings, 382462 test IPs

New patterns and updates from the various contributing feeds. There
was a minor release on 20120707.

Richi Jennings: Mozilla Thunderbird: Goodbye and Good Riddance . This week's #HPIO Mobility Matters by +...

2012-07-09T17:31:53+00:00

Mozilla Thunderbird: Goodbye and Good Riddance.
This week's #HPIO Mobility Matters by +Richi Jennings...

Mozilla Thunderbird: Goodbye and Good Riddance - Input Output

Richi Jennings: Wow! A V-22 Osprey just flew low over my home office... www.hightech-edge.com/wp-content/uploads/...

2012-07-09T16:14:13+00:00

Wow! A V-22 Osprey just flew low over my home office...

www.hightech-edge.com/wp-content/uploads/boeing-bell-v22-osprey-550x402.jpg

All Spammed Up: Android Botnet or Spoof?

2012-07-09T14:00:27+00:00

A new spam campaign whose messages have the tagline “Sent from Yahoo Email on
Android” has led some security researchers to believe there is a new Android-based botnet out there. Others disagree, saying the spam is a result of users downloading malware-ridden apps from the Google Play store. Still others say it’s simply traditional spammers exploiting Yahoo’s buggy Android email app. Who’s right? That remains to be seen.

Another theory is that a traditional botnet is adding the tag line to fool people into thinking it’s coming from an Android device. While some may ask why a spammer would want to do so, it does make sense in a way. What if the goal of the campaign isn’t spamming, but sabotage? It’s no secret that Apple is viciously apposed to all things Android and has been fighting tooth and nail to annihilate it. Just recently they forced both the Samsung Galaxy Tab 10.1 and the Samsung Galaxy Nexus off the market through a nasty court battle (the court promptly lifted the injunction on the Nexus a few days later) but lost similar lawsuits against HTC and Motorola.

Could it be even remotely possible that Apple is behind this odd spam campaign in an effort to make Android users believe the OS is dangerously insecure? Apple of course has long prided itself on being the only virus free OS. Something to think about, yes? Leave a comment and let us know what you think about this odd new spam campaign.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Android Botnet or Spoof?

Richi Jennings: How to Escape Death (by PowerPoint): Part 2 . #HPIO UK for + HPUK by Chris Barton... How to...

2012-07-09T13:10:51+00:00

How to Escape Death (by PowerPoint): Part 2.
#HPIO UK for +HPUK by Chris Barton...

How to Escape Death (by PowerPoint): Part 2 - Input Output

Richi Jennings: IT spend up 3% in 2012, thanks to cloudy thinking . Today's #ITBW for + Computerworld by +...

2012-07-09T09:57:10+00:00

IT spend up 3% in 2012, thanks to cloudy thinking.
Today's #ITBW for +Computerworld by +Richi Jennings...

IT spend up 3% in 2012, thanks to cloudy thinking

Richi Jennings: DNS OK? dns-ok will say if DNSChanger at bay . Today's #ITBW for + Computerworld by + Richi...

2012-07-07T14:00:13+00:00

DNS OK? dns-ok will say if DNSChanger at bay.
Today's #ITBW for +Computerworld by +Richi Jennings...

DNS OK? will say if DNSChanger at bay

Richi Jennings: BT Bandwidth: Lower Leased-Line Prices Proposed . #HPIO UK for + HPUK by + Richi Jennings ... ...

2012-07-07T10:51:48+00:00

BT Bandwidth: Lower Leased-Line Prices Proposed.
#HPIO UK for +HPUK by +Richi Jennings...

$BT $BT.A

BT Bandwidth: Lower Leased-Line Prices Proposed - Input Output

Richi Jennings: Paul Gray originally shared this post: I had a interesting chat with policeman last night. ...

2012-07-07T08:10:42+00:00

Paul Gray originally shared this post:

I had a interesting chat with policeman last night. Turns out that when they finish there shift they quickly change out of uniform and generaly don't let anybody know they work for the Police. Turns out people attack them and other silly stupid things. Chap mentioned he'd not travel alone on a bus in uniform for fear of being attacked. Which is hardly inspireing for us public. I did say why don't you get some plain clothes and one chap in uniform and get these idiots to claim there time in jail.

So if your out and about, see a Policeman, do say hello and thank you as they realy don't deserve this. Remember the Police look after us, we should look after them.

#ukpolice #metpolice #police

Terry Zink: Breaking into the security field

2012-07-07T00:38:59+00:00

Brian Krebs is running a series on how to break into the Computer Security field. These are in response to inquiries that he receives and that these types of posts of his are very popular. So, he went and started talking to people who are well known in the industry on what they suggest people do in order to break into it.

I enjoyed Schneier’s interview (and Ptacek’s, too). Schneier gives the following advice to a fledgling security professional:

Study hard – This doesn’t have to be classwork, although that is important. Read books and blogs, but not just about security. Economics, psychology and sociology are important, too.
Do it – You’ve got to practice at it. Try to break existing security systems (but do it legally).
Show others – Take part in mailing lists. Write blogs. Create podcasts. Be visible.

I agree with these comments above. I broke into this business by answering an ad in the newspaper for a spam analyst. A year later the company I worked for (Frontbridge) was acquired by Microsoft.

Yet I always had an interest in security. When I first joined Frontbridge I hated spam. I had crafted rules in Outlook to stop it in my personal mail but I knew that they weren’t good enough. Had I had Perl regexes back then, I would have had a lot greater success. I’m still doing spam fighting all these years later.

Schneier closes with the following:

One final word about cryptography. Modern cryptography is particularly hard to learn. In addition to everything above, it requires graduate-level knowledge in mathematics. And, as in computer security in general, your prowess is demonstrated by what you can break. The field has progressed a lot since I wrote this guide and self-study cryptanalysis course a dozen years ago, but they’re not bad places to start.

When I was in university, I took Computer Engineering instead of Computer Science. That means I had a greater focus on hardware rather than software, and cryptography was not an elective. That’s too bad and I wish it were (looking back on it now; at the time I didn’t care that much).

However, in my last year of study, I took a Telecommunications course that was possibly my favorite course of all time. In it, there was a section on Cryptography and I enjoyed it a lot. I wish I still had the notes. But in it we learned about encryption algorithms, how the government enforced DES encryption at only 56 bites and caused people to think that they had a secret back door, asymmetric and symmetric hashes, relatively prime numbers and public/private key encryption. It’s because of that class that I understand the technology behind DKIM, and even basic security protocols like TLS, HTTPS, and DNSSEC.

Microsoft has some internal courses about encryption and it’s similar to what I remember from that university class (Bob talking to Alice). Every time I’ve done a refresher course I’ve always found it interesting.

While I enjoy fighting spam and have done so for a number of years, the two things that I haven’t gotten to work much with are encryption and vulnerabilities (e.g., SQL injections). Doing penetration testing, and especially augmenting that social engineering, is a fascinating field of study. I think using mathematics to reverse engineer and break encryption algorithms is neat because it would mean that all those calculus, differential equations and complex numbers I took in school would come in handy in real life. If I ever left spam fighting, I’d probably look into those fields, or maybe doing something else with statistics (my favorite mathematical field).

I particularly agree with the part about writing a blog as it serves multiple purposes:

When you write things down, you understand it better. When I wrote my series on backscatter several years ago, I understood it far more after writing it than I did before. Same with SPF and DKIM.
Writing is a difficult skill. The more you do it, the better you get. You might be a brilliant engineer but you need to be able to communicate it with others.

Anyhow, it’s good stuff coming from Krebs.

John R. Levine: Three more ill-advised lawsuits against mail providers

2012-07-06T21:03:04+00:00

Press reports say that three recently filed lawsuits claim that Google and Yahoo are illegally spying on the incoming mail of their webmail users. Two of the suits, Diamond vs. Google and Sutton et al. vs. Yahoo, are filed in Marin county court, the third, Penkava vs. Yahoo is in Federal court in San Jose.

I only have copies of the Penkava case, since the county court documents aren't online, but according to press reports all three make the same argument that the defendants are spying illegally on incoming mail, under the California Invasion of Privacy Act (CIPA.) So let's see how persuasive Penkava's arguments are.

Penkava, who does not have a Yahoo account, claims that Yahoo is wiretapping or eavesdropping on mail he sends to Yahoo users. The evidence is that they choose ads to CIPA is a law about wiretapping, and I can't see any connection at all to anything that a web mail provider does beyond wishful thinking.

So I'm wondering how Yahoo (and presumably Google in similar cases) will make the suit go away. Possibilities include:

1. This law is clearly about telephone and telegraph wiretapping. Yahoo is not a telephone company, and e-mail messages are neither phone calls nor telegrams.

II.a. Sec 631(a) limits its applicability to unauthorized connections to "any telegraph or telephone wire, line, cable, or instrument". Yahoo Mail doesn't use any of those.

II.b. Yahoo Mail's connection to whatever wires it does use is authorized, since it is providing mail service for its customers.

II.c) Sec 632 refers to "any electronic amplifying or recording device." Yahoo doesn't use them, either.

C) The law excludes "any public utility engaged in the business of providing communications services and facilities..." To the extent relevant to this law, Yahoo Mail is acting in the role of a public utility.

iv) A Federal law called the Electronic Communication Privacy Act does regulate e-mail privacy, so even if CIPA applied to e-mail it would be preemmpted. Under the ECPA, Yahoo and Google's actions are legal since recipients can permit their providers to "divulge the contents" of their mail.

It would certainly be nice if the US had meaningful privacy laws like Canada and most European countries do, but it doesn't other than in a few narrow areas like HIPAA for health care information. Attempting to twist wiretap laws to do something they don't just wastes the court's time and is likely to create case law that is hostile to any real privacy cases that arise.

I'm trying to get copies of the two Marin County cases, and will report back if they say anything interesting.

Terry Zink: Cyber criminals infiltrate even small businesses

2012-07-06T20:10:44+00:00

I read an interesting article in the Wall Street Journal today entitled Cyber Criminals Sniff out Vulnerable Firms. It’s a story of a small business owner in New York whose company was broken into by cyber criminals and stole $1.2 million from its bank accounts, although the owner was able to later recover about $800,000 of that.

The moral of the story is that small businesses feel like they are not a major target for online thefts like these. Because big companies have more money, they would be the logical target.

Yet statistics prove otherwise. According to the Verizon 2012 Data Breach Investigations Report, small business are frequent targets for hacker intrusion:

So while it is true that large businesses have more money to steal, they also frequently have more resources dedicated to implementing security. Smaller firms use off-the-shelf software like firewalls, A/V software and spam filters. Those give you the most bang for the buck because it doesn’t require a lot of human capital after the initial installations.

The trouble is that because it’s off-the-shelf, hackers can acquire them too, and try to reverse engineer them to get around them. A large company has the above software but they also have dedicated departments whose job it is to enforce security compliance and monitor if anything is wrong. Thus, a hacker has to dodge software in the small business, but software plus humans in the big business. For some hackers, the cost/benefit ratio is better for small businesses.

The owner of the business didn’t know how he got hacked. He was running Windows 7 (which is more secure than previous versions) and used an internal firewall to connect to the Internet. Their computers were running A/V software. In other words, he was doing everything that security experts tell people to do. One theory from the WSJ:

Experts say that it's possible that after one of Mr. Keilson's staffers tried to log onto the website for the company's bank, a virus may have redirected him or her to a fake page that looked identical to the bank's site.

If the employee typed in a username and temporary password provided by a secure-ID token, the virus might have sent that information to a thief who could have quickly logged into the bank's real website to make money transfers before the temporary password changed.

Passwords created by tokens tend to be valid for about two minutes, say Web security experts. It's important to note that Mr. Keilson isn't able to confirm that this is what happened.

Compromised accounts are among the toughest to deal with. That’s why they have become a favorite with spammers over the past couple of years (as opposed to using bots to send out spam directly).

One tactic for catching them is performing statistical analysis and looking for deviations from the norm. For compromising accounts that send out spam, it is typical to see someone go from sending a handful of messages a day under normal circumstances to sending out tens of thousands when they are hacked.

Cyberthieves had made off with $1.2 million, wiring the money through nine transactions of about $150,000 each to three major U.S. banks and one Chinese bank.

Mr. Keilson, an ordained rabbi and attorney who co-founded Lifestyle Forms & Displays in 1985, said the business normally makes just one or two wire transfers a day totaling no more than $300,000.

It doesn’t say how long it took the thieves to make off with the money, but if the business normally makes 1-2 transfers per day then I will hypothesize they most likely did it overnight. The business could use this knowledge as part of their detection algorithms – if any transaction is more than $200,000, or the running sum of transfers is more than $300,000, disallow the transaction and require manual clearance. In the article, the business now requires verbal clearance for all outbound transactions which is fine, but the algorithm is another layer of protection.

Verbal clearance works if there isn’t a lot of manual work involved. But when clearance gets noisy and there’s lots per day, people start to ignore them an look for shortcuts. When you scale up in size, you need a way to alert when something deviates from the norm otherwise you’re barely doing better than when there is no monitoring (because people just file them away and don’t look at them in real time).

Keeping track of deviations from the norm works when hackers and spammers make large, sudden changes in behavior. It doesn’t work as well if they fit into established patterns. Those are still difficult to detect.

Catching those requires another set of security policies.

All Spammed Up: Four Ways to Avoid Spam Filters

2012-07-06T14:00:23+00:00

Email marketing is still high on the lists of most companies as an effective way to reach new
and existing customers. However, with spam filters becoming more and more powerful, your carefully crafted messages may end up in a junk folder or marked as spam instead of in front of your customers. Here are 4 ways to reduce the chances of that happening:

1. Make sure your mailing list is clean. If you buy from a third party provider, make sure their lists were collected in an ethical and legal way. No addresses that didn’t opt-in should be on your list. If the mailing provider isn’t upfront about their collection methods and won’t provide details, steer clear.

2. Sign up for feedback loops and pay attention. This service, which will let you know when and how many recipients of your emails mark them as spam, is offered by most ISPs and is invaluable. Pour over this data and look for any and all patterns. You’ll be able to see if certain campaigns or ISPs are complaining about you.

3. Respond to complaints promptly and professionally. Enough said. Being receptive to complaints and rectifying them quickly can go a long way. Ignoring complaints is a good way to get your domain blacklisted. Getting off a blacklist can be a time consuming chore.

4. Do regular housecleaning. Remove any address that bounces or rejects your emails, and periodically remove inactive users. Don’t forget to make it clear to recipients how they can unsubscribe from your emails, and if you change your email address, make sure they know so if they want to keep receiving your emails, they can whitelist you.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Four Ways to Avoid Spam Filters

Richi Jennings: UTM: Cheap Weaponry vs. 2012 Security Threats . #HPIO UK for + HPUK by + Alison Behr ... UTM:...

2012-07-06T13:08:13+00:00

UTM: Cheap Weaponry vs. 2012 Security Threats.
#HPIO UK for +HPUK by +Alison Behr...

UTM: Cheap Weaponry vs. 2012 Security Threats - Input Output

Richi Jennings: How spam filters do a quality job of removing junk . Spam filtering is tremendously difficult...

2012-07-06T12:17:15+00:00

How spam filters do a quality job of removing junk.
Spam filtering is tremendously difficult to get right. Just about anybody with an email address knows about it. But it’s a complex subject, with more to it than meets the eye.

+The Telegraph reprinted another one of my #HPIO UK articles...

How spam filters do a quality job of removing junk - Telegraph

Richi Jennings: Amazon's iPhone 5 killer rumors: Kindle Phone release date murky . #ITBW for + Computerworld...

2012-07-06T10:06:27+00:00

Amazon's iPhone 5 killer rumors: Kindle Phone release date murky.
#ITBW for +Computerworld by +Richi Jennings...

$AMZN $AAPL

Amazon's iPhone 5 killer rumors: Kindle Phone release date murky

Spam Wars Dispatches: Malware Deliveries With More Bite

2012-07-05T19:43:02+00:00

For the past few months, malware distributors have been sending messages that resurrected an old chestnut: Trying to trick recipients into opening an attachment supposedly of some compromising photo featuring the recipient. The attachment, of course, isn't any kind of photo, but rather a packaged malware installer. The accusation against the recipient is not too serious — on the order of "I can't believe you were caught in this photo, dude!"—and the tone is almost friendly conspiratorial.

Well, the tone has seemed to shift in the last couple of weeks to be much more hostile. The messages aren't friendly so much as threatening. Here are a few samples:

Subject: You can't say I haven't warned you now enjoy the consequences.

Sorry to disturb you [email address account ID]

Why did you have to put these photos online? All the hell is gonna break loose now don't you understant? Take them down immediately! Don't tell me you don't know what photos I'm talking about! Check attachment!

Subject: Let's put this behind us once and for all I know you broke into my email.

Hello there [email address account ID]
This is quite crazy but someone sent me a nude picture of your girlfriend. Is seems to be her in attachent right? We'll have to track down the bastard who did it I can help you!

Subject: You pig!

You should be stoping ignoring me or i will send this photos to your spouse!!!

It may be difficult to resist getting at the bottom of a false accusation, but we must teach the world's email users that these messages are coming from automated systems that don't know squat about the recipients, other than their email addresses. All attachments and links in such emails should be treated as both molten and radioactive. Direct contact can lead to injury or death (of one's privacy).

Terry Zink: A bit more on that spam from an Android botnet

2012-07-05T16:35:30+00:00

A quick follow up on my previous post about spam from an Android botnet, there are a few things I need to point out:

Sophos discovered the same thing on their Naked Security blog:

The messages appear to originate from compromised Google Android smartphones or tablets. All of the samples at SophosLabs have been sent through Yahoo!'s free mail service and contain correct headers and SPF signatures.

This is the same evidence that I found.

It is likely that Android users are downloading Trojanized pirated copies of paid Android applications. The samples we analyzed originated in Argentina, Ukraine, Pakistan, Jordan and Russia.
The BBC picked up the story and got some comments from Graham Cluley of Sophos where he says:

Security expert Graham Cluley, from anti-virus firm Sophos, said it was highly likely the attacks originated from Android devices, given all available information, but this could not be proven.

That’s true.

This was the first time smartphones had been exploited in this way, he said. "We've seen it done experimentally to prove that it's possible by researchers, but not done by the bad guys," he told the BBC. "We are seeing a lot of activity from cybercriminals on the Android platform.

In comments of various blogs a lot of people have suggested that these headers are spoofed, or there was a botnet connecting to Yahoo Mail from a Windows PC and sent mail that way. Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the message-ID thus overriding Yahoo’s own Message-IDs and added the “Yahoo Mail for Android” tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices.

On the other hand, the other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices.

Before writing my previous post, I considered both options but selected the latter.

Those are the things I wanted to add.

Richi Jennings: Warning: Google cloud email spam FAIL . #TLV for + Computerworld by + Richi Jennings ... [Inside...

2012-07-05T15:22:31+00:00

Warning: Google cloud email spam FAIL.
#TLV for +Computerworld by +Richi Jennings...

[Insider: free reg. requested]

Warning: Google cloud email spam FAIL

All Spammed Up: Is a Recent Yahoo Spam Surge Something to Worry About?

2012-07-05T14:00:59+00:00

On June 5, 2012, Yahoo Mail was recognized as being DMARC compliant joining the ranks of Facebook, AOL, Bank of America, Hotmail, Google, LinkedIn and PayPal to name a few.

To be in compliance with the Domain-based Message Authentication, Reporting and Conformance specification means that the email sent, received, or both, should be protected against phishing attacks, spam and spoofing.

With a company like Yahoo, who is an email host, mail that is not authenticated by SPF (Sender Policy Framework) or DKIM(Domain Keys Identified Mail) should be flagged as illegitimate.

For a few weeks, Yahoo was able to ride high on the news of their DMARC compliance as the web congratulated them for their progress in the fight against spam. However news during the latter part of June took the wind right out of their sails.

Apparently, reports of Yahoo email boxes being filled with spam started flooding the news wires and worse, the social channels.

Twitter feeds started blasting out tweets such as:

Something is wrong with Yahoo mail. Getting spam mails from Yahoo IDs with no subject and just one link in content. – @DeepXP
Good greief @yahoo, @yahoocare, your spam filters are pathetic. 113 spams since last night. – @katebevan
Has #yahoo been hacked? I’ve got spam coming from multiple Yahoo addresses. My wifes yahoo account lists logins from around the world. – @JasperWestaway
Is there anyone whose yahoo email hasn’t been compromised to send spam? – @obadayo
I get a lot of spam links from friends’ hacked email accounts. But EVERY SINGLE ONE is a yahoo.com email account. #sortitoutpeeps – @somesimestardy

Now just about anyone who has used email in the past year has received some sort of spam from a friend’s email account with the tell tale single link.

Even I wrote about my Gmail account being hacked in a post titled When Spam Comes From a Friend.

It happens. But when it happens right after a major player is riding high on their efforts to fight spam, things couldn’t look worse for the good guys.

In Yahoo’s (and DMARC’s) Defense

When an inbox is flooded with emails from a particular domain, odds are that the spammer is spoofing known email accounts to trick victims into trusting the email message enough to open it up and click on any links or download any attached files.

The main focus of DMARC, and by default Yahoo’s involvement with them, is to prevent phishing and spam that results from spoofed email addresses as this was considered by many to be one of the most widely used techniques by cybercriminals.

This latest outbreak of Yahoo spam, however, came from verified email accounts; not spoofed ones.

Take a look at the tweet from Jasper Westaway, the CEO of oneDrum. When he announced that his wife’s Yahoo account is being accessed from all over the world it becomes clear that the recent avalanche of spam is coming as the result of compromised accounts.

Unfortunately for Yahoo, we’re talking about a large number of compromised accounts.

And as you may have guessed, when we are dealing with compromised accounts that are sending spam many of the traditional methods to fight it are rendered useless.

White listing by address does not work, nor does relying on only things like blacklisted IP addresses or DNS blocklists. If the sender is trusted, the mail is going to get through.

Fighting Spam In the Future

As the recent outbreak of spam from Yahoo email accounts shows, one method of spam prevention cannot be relied upon to protect against illicit emails. In fact, two or three methods cannot provide adequate protection if they all rely on similar technologies.

Fighting spam requires a solution that protects against known threats, like spoofing, but also provides a defense against zero-day based threats.

While compromised accounts have been a thorn in the side of spam fighters for years, the ability to immediately recognize that something is wrong (even when the sender is trusted and authenticated) and deal with the threat is imperative as spammers and cybercriminals strive to bypass known defenses.

Without the ability to level the playing field, this recent spam surge is definitely something we all need to worry about.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Is a Recent Yahoo Spam Surge Something to Worry About?

Richi Jennings: When to Report a Data Breach #HPIO UK for + HPUK by + Lisa Vaas ... When to Report a Data Breach...

2012-07-05T12:02:39+00:00

When to Report a Data Breach
#HPIO UK for +HPUK by +Lisa Vaas...

When to Report a Data Breach - Input Output

Richi Jennings: PSA: If you're using + Gmail , check your Spam folder. It looks like they've made the...

2012-07-05T10:28:06+00:00

PSA: If you're using +Gmail, check your Spam folder. It looks like they've made the filter much more aggressive, which is causing some big false-positive problems.

Please share...

Warning: Google cloud email spam FAIL

Richi Jennings: ACTA treaty not passed in Europe: Victory for evil, evil pirates . Today's #ITBW for + Comput...

2012-07-05T10:03:30+00:00

ACTA treaty not passed in Europe: Victory for evil, evil pirates.
Today's #ITBW for +Computerworld by +Richi Jennings...

ACTA treaty not passed in Europe: Victory for evil, evil pirates

Enemieslist: new patterns posted - 20120704 (maintenance patterns release)

2012-07-04T20:36:38+00:00

100414 patterns in 35701 domains, 12355 right anchor strings, 382438 test IPs

New patterns and updates from the various contributing feeds.

All Spammed Up: Spam Report Card for First Half of 2012

2012-07-04T14:00:29+00:00

The first half of 2012 has come to an unceremonious end, and as Internet Doomsday looms like the plot from a bad Nicholas Cage movie (yes, I realize the oxymoron), it seems somewhat appropriate to fondly look back at the past few months and wonder what in the hell has happened to the state of spam. In some ways, it seems as if a divisive carving knife has cut right down the middle of the whole spam debate, the masses on one side slapping themselves on the back and congratulating each other for bringing an end to the pesky stuff; and those on the other are walking around with placards foretelling the end of the world, reminding everyone that yes, spam email volumes have gone down, but malware and targeted campaigns are on the rise.

Occasional spikes in spam mail volumes have done little to settle what seems to be a growing debate: Have we seen the end of the Golden Age of spam? Is it all downhill from here? Will we continue to see dwindling numbers? Will spam be relegated to a pesky nuisance that incites nostalgic sentences beginning with words like “y’know sonny, when I was your age, I spent thirty hours a day deleting spam emails from my inbox.”? The answer, across the board, is of course not. Sure, we’ve seen dips in email spam campaigns and recent suggestions of new growth. New delivery methods – most notably social networking sites like Facebook and Twitter, as well as vishing and m-spam campaigns – have resulted in the spam love being spread around far more than we are accustomed to, and certainly way more than five years ago, when many of the modern delivery methods didn’t exist or simply weren’t popular enough to be a target.

All this combined with spammers getting smarter and more personal in their attacks, as well as the takedown of a couple of high-profile botnets responsible for some heavy spam traffic , and it’s not at all surprising that considering only email spam is going to make it appear that spam levels are on a decline.

So now that the year is half over, how are we doing in 2012? Emailtray, a purveyor of email client software, published an interesting infographic this past week, and the numbers are worth a look. According to the study, which spans 2011-2012 and focuses on February of both years:

68 out of every 100 emails was spam in 2012
1 in every 298 emails was a phishing email in 2012
Email spam dropped from 81% to 68% between February 2011 and February 2012
Phishing emails dropped from 0.46% in 2011 to 0.28% in 2012
Broken down by top 10 countries, China is getting the most spam at 74% and Japan is at the bottom of the list at 65.1%
Not surprisingly, sex-related (43%) and pharmaceutical (30.5%) spam emails topped the list of spam email categories
Of the 10 most popular phishing targets, PayPal topped the list followed by Facebook and TAM Filedade

The infographic ends with some nice, if not common sense, tips about recognizing spam emails and it may be worth sending to your friends and co-workers if you suspect they need a refresher at how to spot spammy nastiness.

So, if we’re to consider these numbers, little is surprising. As previously stated, new and multiple delivery methods are helping to spread the spam around, and reductions in bulk emails due to botnet takedowns can explain the reduction reported by Emailtray between 2011 and 2012. The phishing numbers can probably be treated in the same respect as spam mails, that is, they’re dropping in the email category due to the delivery method being spread around.

What is of great interest, however, is that first number. If 68 out of every 100 emails is spam, even if that number is down, then there are a few takeaways. First, we still have a lot of work to do. Even though we sometimes treat spam as a source of humor, there’s nothing funny about people losing their life savings and companies losing their valuable data and millions of dollars.

Second, we’re still seeing a significant amount of email spam, and because we now know that the scammers are using multiple methods and personalized attacks, it’s time to remind ourselves why we’re here: our users. Take a minute to review your training and vigilance policies. Is enough being done? Is it time for an in-class refresher? And take a few minutes to talk to your users. Do they have any questions? Do they know how to recognize a bogus email? Do they really understand what happens when they click a link?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam Report Card for First Half of 2012

Richi Jennings: iPad 4 is Mini 7-inch tablet: Release date rumors rumble on [u] . ...with an update $AAPL iPad 4...

2012-07-04T13:59:47+00:00

iPad 4 is Mini 7-inch tablet: Release date rumors rumble on [u].
...with an update
$AAPL

iPad 4 is Mini 7-inch tablet: Release date rumors rumble on [u]

Richi Jennings: LCD + Sunlight = Rubbish! #HPIO UK for + HPUK by + Alfred Poor ... LCD + Sunlight = Rubbish! -...

2012-07-04T11:01:44+00:00

LCD + Sunlight = Rubbish!
#HPIO UK for +HPUK by +Alfred Poor...

LCD + Sunlight = Rubbish! - Input Output

Richi Jennings: iPad 4 is Mini 7-in: Release date rumors rumble on . Today's #ITBW for + Computerworld by +...

2012-07-04T09:25:55+00:00

iPad 4 is Mini 7-in: Release date rumors rumble on.
Today's #ITBW for +Computerworld by +Richi Jennings...

$AAPL $GOOG $AMZN

iPad 4 is Mini 7-in: Release date rumors rumble on

Terry Zink: Spam from an Android botnet

2012-07-03T22:50:00+00:00

I came across some interesting spam samples today.

The messages all come from Yahoo Mail servers. They are all from compromised Yahoo accounts. They are sending all stock spam, the typical pump and dump variety that we’ve seen for years.

But what is interesting about them is that they all contain the following Message-ID:

Message-ID: <1341147286.19774.androidMobile@web140302.mail.bf1.yahoo.com>

Furthermore, they all have the following at the bottom of their spam:

Sent from Yahoo! Mail on Android

All of these message are sent from Android devices. We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices. These devices login to the user’s Yahoo Mail account and send spam.

Luckily, Yahoo stamps the IP address in the headers of where the device connected to its service. I looked up where the IPs are geo-located: Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.

What’s unusual about these countries?

I’ve written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace. But if you get it from some guy in a back alley on the Internet, the odds go way up.

I’ve also written that users in the developed world usually have better security practices and fewer malware infections than users in the developing world. Where are almost all of those countries in the list above? Mostly in the developing world.

I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app.

This ups the ante for spam filters. If people download malicious apps onto their phone that capture keystrokes for their email software, it makes it way easier for spammers to send abusive mail. This is the next evolution in the cat-and-mouse game that is email security.

Richi Jennings: Here's one for + Emma Byrne ... [picture credit: AMC]

2012-07-03T15:21:53+00:00

Here's one for +Emma Byrne...
[picture credit: AMC]

All Spammed Up: Let’s Talk About Spam – What to Do when You’ve Done the Unthinkable

2012-07-03T14:00:35+00:00

We’ve been talking about spam on a strictly non-technical, friends and family level for the past several weeks, in an attempt to either provide you with a way to discuss spam with those who have a need to know but not necessarily a technical inclination, or just as likely, to give you a series you could link to when your Uncle Bob asks you a question you don’t want to answer. In this post, we’re going to provide a list of things to do in case someone has done the unthinkable – they’ve clicked a link, found their machine to be infected, submitted personal information to a form, provided their username and password to a phishing site, or forwarded a chain mail.

You’ve clicked a link

You got an email, you thought it seemed kind of strange, but you saw no harm so you clicked your mouse. Something flashed on your screen, you antivirus software threw up a warning, and now you are in a panic. What do you do?

First, don’t panic. It’s not (necessarily) the end of the world, yet. Close all your running applications, and then launch your antivirus software. Run a full scan of your machine, setting the options to scan everything that you can. This could take hours to run, but let it run to completion. If you do find a virus, read more about what to do below.

Check your browser to be sure nothing has been added to it. Here’s links to how to do that for some of the more popular browsers.

You found a virus

You’ve run the scan, and it found a virus. Review the results, delete any files in quarantine, and then run the scan again to be sure. Many IT professionals (myself included) will format a machine and reinstall everything from scratch, rather than deal with an operating system that has been infected, but this is often an overreaction, and remember, we’re IT pros, so rebuilding a machine from scratch is what we do for fun. Yeah, we do really need to get out more, don’t we?

Of course, if you haven’t kept your antivirus software up to date, things just got a whole lot worse. You can use one of the online antivirus scanners you can find online, but an ounce of prevention is worth a pound of cure, and if you’d kept your antivirus software up to date, you might have been fine. Once you get this squared away, make a good back up of all your critical data, and keep that up to date. That way, if you do get hit again, you at least have your critical data safely stored away. I use Dropbox, an online storage system. If you’d like to get a free 2GB account with an extra 250MB of space, you can use this referral link http://db.tt/W5FMJvy. That gets me some added space too.

You provided NPI into a form that later turned out to be bogus

Try to recall what information you provided. If it was just your contact details, you may have to do nothing more than start screening your calls and dealing with more spam in your inbox. However, if there was more sensitive information involved, you will want to contact your bank, credit card companies, etc. and set up a fraud watch on your account. In the US, you should also notify the major credit bureaus to flag your account so that if someone tries to open credit in your name, they can flag that. See this site for more information on how to do this. http://www.fightidentitytheft.com/flag.html

You’ve given up your credentials

Immediately contact the security team or admin of whatever system is involved and let them know what happened. It’s simple. “Hi, I think I was just victimized by a phishing attack, and may have given out my credentials to what I thought at the time was a legitimate request.” They can immediately take steps to prevent further damage, and will help you to reset your account.

Trust me, they will be much happier that you notified them immediately. People make mistakes, and it’s how we deal with them that counts. Security professionals will not yell at you or curse you for a fool; they will thank you for responsible reporting.

You CC’d hundreds of unrelated individuals when you should have used BCC

This could get ugly. People can get really upset when they see themselves copied on an email with dozens or even hundreds of others that they don’t know, because this frequently leads to a spike in spam. The odds that at least one person on the recipient list has a virus that is harvesting email addresses from their mail is pretty good, and you just fed that bug everyone else’s email address.

Apologise by sending a BCC email to all, set up a blind Distribution List to use going forward, and grow some thicker skin. It’s likely you will get some scathing replies, but at the end of the day, learn from the mistake and do better next time. That’s really all anyone can ask.

You forwarded a chain mail

Okay, for this the response is a bit more radical. Go to the chalkboard, and write out 1000 times “I will not forward chain mails without using BCC.” Really, that is all there is to that. Delete all the paragraphs of email addresses from the body, only put your friends and family into BCC, and then, if you are absolutely certain each and every one of them will think this is a LOL, send it. But if you are not sure they’d love that sort of thing, skip this one.

Just remember, accidents happen, and we’ve all learned from our mistakes. The trick when making a mistake is to not make the same one twice. We’re all human, and next time, you’ll know better. After all, Bob’s your uncle, right?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Let’s Talk About Spam – What to Do when You’ve Done the Unthinkable

Richi Jennings: ICYMI: a review of June at Input/Output UK . #HPIO UK Editor's blog for + HPUK by + Richi...

2012-07-03T12:43:59+00:00

ICYMI: a review of June at Input/Output UK.
#HPIO UK Editor's blog for +HPUK by +Richi Jennings...

ICYMI: a review of June at Input/Output UK - Input Output

Richi Jennings: Nexus 7 tablet vs. Nokia patents . Today's #ITBW for + Computerworld by + Richi Jennings...

2012-07-03T10:04:34+00:00

Nexus 7 tablet vs. Nokia patents.
Today's #ITBW for +Computerworld by +Richi Jennings...

$GOOG $NOK $NOK1V $MSFT

Nexus 7 tablet vs. Nokia patents

John R. Levine: Of course there will be an auction, part 2

2012-07-03T05:43:03+00:00

A few days ago I opined that if several people want the same TLD and can't come to terms otherwise, they should arrange a private auction. It would be an odd sort of auction, since the buyers and sellers are the same people, so unlike normal auctions, the goal is not to maximize the selling price. How might it work?

We have several applicants, call the number N, and an auctioneer. The auctioneer is disinterested, that is, not related to any of the bidders, and has no stake in the outcome. Since the goal of the auction is to persuade all but one of the bidders to drop out, there's no need for more than one round. Each of the applicants figures out what amount it would take to persuade him to drop out, the highest amount wins, and the losers all get their drop out price.

So assuming that all of the applicants have agreed to participate in this auction:

Each bidder figures out his price, what it would take to persuade him to drop out.
Each bidder then sends the auctioneer a bid which is N-1 times his price, plus the auctioneer's fixed fee. That is, if there are five bidders, and your price is $100,000, send the auctioneer $400,000 plus his fee.
Each bidder also sends a copy of his TAS login credentials, which the auctioneer can use to log in and cancel the applications of the losing bidders. This avoids problems with applicants reneging on their agreement to drop out. A smart auctioneer will log in and test the credentials before accepting the bid.
Once the auctioneer has all of the bids, he opens them and finds out who the winner is. If there's a tie for the highest bid, use a good quality random number source like LavaRnd to draw lots and pick one.
Each losing bidder gets back his bid, less the auctioneer's fee, plus the amount of his price taken from the winner's bid. The winner gets back whatever's left of his bid after all the losers are paid.
At some agreed time, the auctioneer logs into TAS and cancels all of the losers' applications.

Unlike a regular auction, there is no rule against bidders colluding. If several of the bidders want to agree to bid the same, or preferably one bids $1 more to avoid having to fire up the Lavarnd, go ahead. The auctioneer keeps the bids secret until they've all arrived, but if any of the bidders wants to tell the others what he's bid, that's OK, too. Of course, he might be lying.

The hardest part to figure out here is how to work this in the context of the ICANN application process. The sooner the losers withdraw their applications, the more of their $185,000 application fee they get back. On the other hand, if they withdraw them before ICANN has agreed to delegate the domain to the winner, it's possible that there will be an unexpected objection either to the applicant (ICANN decides he's a domain squatter, perhaps), or to the string (the GAC decides it's a dirty word.) I don't have a great answer for this beyond all of the bidders agreeing in advance both when the losing applications are cancelled, and when the money is paid out. If the winning bidder is disqualified before the others are cancelled, then it's straightforward to give the former winner his money back and re-score the auction with the remaining bidders to pick a new winner. If it's after that, well, oops.

Richi Jennings: SSD price crash: 80¢ per GB! #HPIO for + Esther Schindler by + Richi Jennings ... SSD price...

2012-07-02T15:29:01+00:00

SSD price crash: 80¢ per GB!
#HPIO for +Esther Schindler by +Richi Jennings...

SSD price crash: 80¢ per GB! - Input Output

John R. Levine: CBC Ideas asks "Where is the Internet?"

2012-07-02T15:23:03+00:00

Ideas is a consistently interesting program on the CBC. On the June 11th show, host Barbara Nichol asked "Where is the Internet?"

I can say that she's an excellent interviewer because one of the people she interviewed was me. Listen to the show, including quite a lot of that interview, on their web site here.

All Spammed Up: Maryland Man Known For Suing Spammers Finally Loses One

2012-07-02T14:00:26+00:00

Paul Wagner, a man who’s built a reputation for suing spammers, has lost his latest suit. Wagner sued Kraft Foods for over $12 million under Maryland’s anti-spam law, claiming the food giant had flooded the inboxes of the ISP he runs with spam. A jury disallowed the suit, deciding that Wagner’s company did not qualify as an actual internet service provider. Under Maryland’s law, ISPs can sue for $1,000 per spam message.

Kraft’s lawyers say Wagner intentionally attracted spam just so he could sue for it, since that appears to be how he makes his living. While Wagner’s lawyer admitted his client spends more time suing spammers than on his business, he insists Wagner does so as an attempt to fight back against spammers.

The judge in the case has asked for arguments from both sides on whether the state’s law requires a company to be an ISP in order to sue or not. His decision could change the way anti-spam laws are interpreted.

Kraft was relieved by the decision, saying it eased concerns that just anyone could harvest spam emails and then turn around and sue to ensure themselves a big payday. They claim Wagner had his brother send him thousands of the spam messages he’s suing about.

How do you feel about the decision? Should individuals and all companies be allowed to sue under the anti-spam law or only internet service providers? Do you believe Wagner is in the right? Leave a comment and share your thoughts with us.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Maryland Man Known For Suing Spammers Finally Loses One

Richi Jennings: Want to be a Social Media Guru? How to Land a Job. #HPIO UK for + HPUK by + David Amerland ......

2012-07-02T10:42:09+00:00

Want to be a Social Media Guru? How to Land a Job.
#HPIO UK for +HPUK by +David Amerland...

Want to be a Social Media Guru? How to Land a Job. - Input Output

Planet Antispam

Terry Zink: Today is my 8-year anniversary of fighting spam

Terry Zink: My credit card information was leaked to the Internet and all I got was this interesting eBook

Terry Zink: Hotmail looking to combat gray mail

Richi Jennings: Excuse me little girl, but did you misplace your soul?﻿ #redheadsrock #gingerthursday Josh...

The Internet Patrol: How to Report Text Message Spam to T-Mobile, Verizon, Sprint, and ATT

Richi Jennings: Thank you! I just love the level of interaction here. I just wanted to recognize all you wonderfu...

All Spammed Up: UK Spam Complaints Up by Whopping 43%

Sophos Blog (Spam Category): Watch Sophos's James Lyne audition for TED2013

Richi Jennings: Pirating is bad but reselling digital work is OK, says EU ruling . #HPIO UK for + HPUK by +...

Richi Jennings: Today I Learned that medical practice is "tyrannical, hierarchical, controlled, intolerant,...

Richi Jennings: Yahoo! Voices hack reveals 453,492 passwords, claims D33Ds Company . Today's #ITBW for +...

Enemieslist: new patterns posted - 20120712 (maintenance patterns release)

Enemieslist: new patterns posted - 20120711 (maintenance patterns release)

Richi Jennings: Drop Everything and Disable Gadgets! #HPIO UK Editor's blog for + HPUK by + Richi Jennings...

All Spammed Up: GMail’s Spam Filter is Faltering

Richi Jennings: iPhone 5 design pictured: Confirms rumors, confounds bloggers . Today's #ITBW for + Computer...

Spamresource.com: Guest Post: Canada's New Anti-Spam Bill - Is Anyone Listening?

Enemieslist: new patterns posted - 20120710 (maintenance patterns release)

Richi Jennings: Protect Your Data from a new Rogues' Gallery of Vulnerabilities . #HPIO UK for + HPUK by...

All Spammed Up: Let’s Talk About Spam – Wrapping It All Up

Richi Jennings: Mountain Lion release date & Apple system requirements puzzle devs. Today's #ITBW for +...

Terry Zink: More pirated software leads to more malware infections, poorer countries at more risk

Enemieslist: new patterns posted - 20120709 (maintenance patterns release)

Richi Jennings: Mozilla Thunderbird: Goodbye and Good Riddance . This week's #HPIO Mobility Matters by +...

Richi Jennings: Wow! A V-22 Osprey just flew low over my home office... www.hightech-edge.com/wp-content/uploads/...

All Spammed Up: Android Botnet or Spoof?

Richi Jennings: How to Escape Death (by PowerPoint): Part 2 . #HPIO UK for + HPUK by Chris Barton... How to...

Richi Jennings: IT spend up 3% in 2012, thanks to cloudy thinking . Today's #ITBW for + Computerworld by +...

Richi Jennings: DNS OK? dns-ok will say if DNSChanger at bay . Today's #ITBW for + Computerworld by + Richi...

Richi Jennings: BT Bandwidth: Lower Leased-Line Prices Proposed . #HPIO UK for + HPUK by + Richi Jennings ... ...

Richi Jennings: Paul Gray originally shared this post: I had a interesting chat with policeman last night. ...

Terry Zink: Breaking into the security field

John R. Levine: Three more ill-advised lawsuits against mail providers

Terry Zink: Cyber criminals infiltrate even small businesses

All Spammed Up: Four Ways to Avoid Spam Filters

Richi Jennings: UTM: Cheap Weaponry vs. 2012 Security Threats . #HPIO UK for + HPUK by + Alison Behr ... UTM:...

Richi Jennings: How spam filters do a quality job of removing junk . Spam filtering is tremendously difficult...

Richi Jennings: Amazon's iPhone 5 killer rumors: Kindle Phone release date murky . #ITBW for + Computerworld...

Spam Wars Dispatches: Malware Deliveries With More Bite

Terry Zink: A bit more on that spam from an Android botnet

Richi Jennings: Warning: Google cloud email spam FAIL . #TLV for + Computerworld by + Richi Jennings ... [Inside...

All Spammed Up: Is a Recent Yahoo Spam Surge Something to Worry About?

In Yahoo’s (and DMARC’s) Defense

Fighting Spam In the Future

Richi Jennings: When to Report a Data Breach #HPIO UK for + HPUK by + Lisa Vaas ... When to Report a Data Breach...

Richi Jennings: PSA: If you're using + Gmail , check your Spam folder. It looks like they've made the...

Richi Jennings: ACTA treaty not passed in Europe: Victory for evil, evil pirates . Today's #ITBW for + Comput...

Enemieslist: new patterns posted - 20120704 (maintenance patterns release)

All Spammed Up: Spam Report Card for First Half of 2012

Richi Jennings: iPad 4 is Mini 7-inch tablet: Release date rumors rumble on [u] . ...with an update $AAPL iPad 4...

Richi Jennings: LCD + Sunlight = Rubbish! #HPIO UK for + HPUK by + Alfred Poor ... LCD + Sunlight = Rubbish! -...

Richi Jennings: iPad 4 is Mini 7-in: Release date rumors rumble on . Today's #ITBW for + Computerworld by +...

Terry Zink: Spam from an Android botnet

Richi Jennings: Here's one for + Emma Byrne ... [picture credit: AMC]

All Spammed Up: Let’s Talk About Spam – What to Do when You’ve Done the Unthinkable

You’ve clicked a link

You found a virus

You provided NPI into a form that later turned out to be bogus

You’ve given up your credentials

You CC’d hundreds of unrelated individuals when you should have used BCC

You forwarded a chain mail

Richi Jennings: ICYMI: a review of June at Input/Output UK . #HPIO UK Editor's blog for + HPUK by + Richi...

Richi Jennings: Nexus 7 tablet vs. Nokia patents . Today's #ITBW for + Computerworld by + Richi Jennings...

John R. Levine: Of course there will be an auction, part 2

Richi Jennings: SSD price crash: 80¢ per GB! #HPIO for + Esther Schindler by + Richi Jennings ... SSD price...

John R. Levine: CBC Ideas asks "Where is the Internet?"

All Spammed Up: Maryland Man Known For Suing Spammers Finally Loses One

Richi Jennings: Want to be a Social Media Guru? How to Land a Job. #HPIO UK for + HPUK by + David Amerland ......

Richi Jennings: Excuse me little girl, but did you misplace your soul? #redheadsrock #gingerthursday Josh...