Planet Antispam

Enemieslist: new patterns posted - 20120208 (maintenance patterns release)

2012-02-08T17:56:25+00:00

89931 patterns in 32784 domains, 12136 right anchor strings, 354554 test IPs

New patterns and updates from the various contributing feeds. There was
one minor release since 20120207.

PLEASE NOTE that this release contains a NEW CLASS: 'dedhost'. It
replaces 'static/colo' and allows for distinction between shared and
dedicated web hosting and colocated servers. It is now reflected in
the rbldnsd files and returns 127.0.2.3.

Sophos Blog (Spam Category): Hackers fail to extort $50,000 from Symantec, as pcAnywhere source code is published

2012-02-08T15:41:30+00:00

Symantec has confirmed that source code of an old version of pcAnywhere has been published on the net by hackers, as claims are made that the data thieves tried to extort $50,000 from the security firm.

All Spammed Up: Top 10 Spam Trigger Words

2012-02-08T15:00:40+00:00

Almost all spam filters rely on trigger words. These words are commonly found in spam messages and serve as a pretty good indicator of which messages are legit and which aren’t. To keep your company and marketing emails on the good side of these filters, take a look at the top 10 trigger words and try to avoid them, especially in your subject lines:

1. Meet Singles - This subject line is used endlessly in many types of porn spam.

2. Work From Home - Work from home scams are among the most common types of spam. Work at home jobs are highly sought after, especially in today’s shaky economy.

3. Business Opportunity - Have you ever gotten a 419 or Nigerian Scam message? These spam messages often offer fake business opportunities along with the fake inheritances and pleas for help smuggling a fake family fortune out of an obscure country.

4. Buy Direct - A favorite phrase for spammers hawking counterfeit designer goods and pharmaceutical products.

5. Clearance - Another favorite phrase. Spammers like to create a sense of urgency to help make recipients think they are getting a huge deal.

6. Pre-approved - A tell-tale sign of financial spam. Mortgages, credit cards, payday loans, you name it.

7. Hello - This innocent sounding salutation has been thoroughly exploited by spammers thinking the casual and familiar feel it gives their messages will make them more likely to be opened and read.

8. You Have Been Selected - The favorite subject line of spam messages claiming the recipient has won a fake foreign lottery or one hosted by Yahoo! or Microsoft.

9. Weight Loss - Weight loss pills are often touted along with other shady drugs and supplements in pharmaceutical spam.

10. Limited Time - Subject lines like this create a sense of urgency, which spammers love.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Top 10 Spam Trigger Words

Richi Jennings: BBC iPlayer deinterlace #fail ... Also, HD quality ain't all that. [Crop is from HD version of Bo...

2012-02-08T11:48:09+00:00

BBC iPlayer deinterlace #fail ...
Also, HD quality ain't all that.
[Crop is from HD version of Bomber Boys credits; click image for full size]

bbcrop.jpg

Richi Jennings: #ITBW: Chrome browser app for Android OS: Review roundup $GOOG

2012-02-08T11:04:26+00:00

#ITBW: Chrome browser app for Android OS: Review roundup

$GOOG

Chrome browser app for Android OS: Review roundup

Google's (NASDAQ:GOOG) shipped a beta Chrome browser app for the Android OS. Well, for version 4.0, at least. In IT Blogwatch, bloggers review and analyze.

Richi Jennings: "It was unclear where he was getting his numbers," is presumably J-school-speke for &qu...

2012-02-08T10:20:11+00:00

"It was unclear where he was getting his numbers," is presumably J-school-speke for "He lied." ;-)

glyn moody originally shared this post:

Oregon Tries to Criminalize Tweets - http://onforb.es/yLmMar dangerous stuff

Oregon Tries to Criminalize Tweets - Forbes

Twitter may have caught a lot of flak for their recent decision to censor themselves based on local laws, but it looks like the government is trying to do it for them, right here in America. The Orego...

Richi Jennings: Is The Market Ready For A Phablet? - +Forbes

2012-02-07T15:23:05+00:00

Is The Market Ready For A Phablet? - +Forbes

Is The Market Ready For A Phablet? - Forbes

The benefit of a phablet (a cross between a phone and a tablet) is that it can still fit in a pocket, one of the chief criteria for phone-like portability, and yet it offers more precious screen real ...

All Spammed Up: Will DMARC Have Much Impact on Spam?

2012-02-07T15:00:43+00:00

Despite many reports and surveys that tout a major reduction in the amount of spam being delivered to inboxes, industry professionals know that the fight against spam cannot be won by resting on the laurels of past success.

To show how serious they are about their attempts to eradicate spam, fifteen companies have joined forces to help fight one of the most dangerous spam tactics of all – phishing.

This collective, known as the Domain-based Message Authentication, Reporting and Conformance (DMARC), has come together to develop standards that they promise will help combat the practice of spammers sending emails that appear to come from a legitimate organization.

According to DMARC, its work:

“draws upon a history of private industry collaboration with 18 months of dedicated work, to outline an enhanced vision for email authentication that can scale up to today’s Internet needs.”

Who Is DMARC?

The group of fifteen who have dedicated resources to this fight consists of:

Agari
American Greetings
AOL
Bank of America
Cloudmark
Comcast
Facebook
Fidelity Investments
Google
LinkedIn
Microsoft
PayPal
Return Path
The Trusted Domain Project
Yahoo!

And just what exactly they are trying to do is create a specification that allows senders and receivers of email messages to share information with each other about their authentication infrastructure to make sure that emails come from the organization they claim to be.

According to their website, DMARC attempts to address this by providing coordinated, tested methods for:

Domain owners to:

Signal that they are using email authentication (SPF, DKIM),
Provide an email address to gather feedback about messages using their domain – legitimate or not,
A policy to apply to messages that fail authentication (report, quarantine, reject).

Email receivers to:

Be certain a given sending domain is using email authentication,
Consistently evaluate SPF (Sender Policy Framework) and DKIM(DomainKeys Identified Mail) along with what the end user sees in their inbox,
Determine the domain owner’s preference (report, quarantine or reject) for messages that do not pass authentication checks,
Provide the domain owner with feedback about messages using their domain.

So What Makes DMARC Different?

Most companies already employ some type of analysis on incoming email messages to include SPF and DKIM so this specification isn’t turning to something new. In fact, they recommend a continued approach employing other techniques such as high quality spam filters and rate limiters to form a well rounded solution to fighting spam.

What DMARC is trying to do is to standardize and streamline the process of analyzing messages because participating companies can rely on the coordination of the group to establish trust when it comes to determining whether or not a sender is legitimate.

In plain English, DMARC looks to form a conglomerate of cooperation between email senders and receivers (the organizations like Google, Microsoft, Yahoo!, etc. not the individual users themselves) who share information about the emails they send to each other. Turning to the information made available to the group, it can be easier to see whether or not an email is spoofed spam or a legitimate message worthy of delivery.

Not only is it the hope that less spam will make it through, but that resources will be streamlined as a result of these efforts as well. Large datacenters could see a positive result if all goes as planned.

The Flipside

Of course not everyone is completely sold that DMARC’s work is a panacea when it comes to ending spoofing and spam.

John Levine, one of authors of the DKIM related Author Domain Signing Practices (ADSP) standard, had this to say in an interview with Information Week:

“It’s a good thing as far as it goes, but it does have some of the chronic Internet tendency to put a steel door on a cardboard box.” Like many security standards that are not mandatory, if it’s not implemented then it won’t fail. Neither DKIM nor SPF are at the point where a recipient can say that they will only accept messages that use them. Therefore you still need to keep your eyes open.”

Using Bank of America as an example, it was pointed out in the same article that to fight phishing and spoofing in the past domains suggestive of the name Bank of America, as well as typos, were purchased en masse. Because the pool is so large, Bank of America was not able to purchase every domain available. For example, wwwbankofamerica.com is not owned by them.

So if an email arrives from support@wwwbankofamerica.com it won’t fail any of the checks from SPF or DKIM because it is not a spoofed email address. By all accounts, the sender is legitimate.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Will DMARC Have Much Impact on Spam?

Enemieslist: new patterns posted - 20120207 (maintenance patterns release)

2012-02-07T14:48:40+00:00

89879 patterns in 32765 domains, 12129 right anchor strings, 354478 test IPs

New patterns and updates from the various contributing feeds.

Richi Jennings: #ITBW : Galaxy Note U.S. release date on AT&T 4G LTE. [Updated] In IT Blogwatch, bloggers can't w...

2012-02-07T11:04:30+00:00

#ITBW : Galaxy Note U.S. release date on AT&T 4G LTE. [Updated]
In IT Blogwatch, bloggers can't wait... except for the ones that think it'll bomb like Dell's Streak

$T $SMSN

Galaxy Note U.S. release date on AT&T 4G LTE

[Updated with more analysis and comment] The Samsung Galaxy Note U.S. release date is drawing nearer. It'll be on AT&T's 4G LTE network in 12 days. In IT Blogwatch, bloggers can't wait...

John R. Levine: Phish or Fair?

2012-02-07T07:43:04+00:00

It shouldn't be a big surprise to hear that phishing is a big problem for banks. Criminals send email pretending to be a bank, and set up web sites that look a lot like a bank. One reason that phishing is possible is that e-mail has no built in security, so that if a mail message comes in purporting to be from, say, accounts@bankofamerica.com, there's no easy way to tell whether the message is really from bankofamerica.com, or from a crook. Mail authentication schemes like DKIM and the new dmarc.org group use cryptographic signatures to help authenticate mail and prove that it really is from who it purports to be from. So, if the mail can authenticate the sender, the phishing problem goes away, right?

Unfortunately not. One huge problem is that even if you have all the crypto stuff so you can be 100% sure that a message really is from, say, BANK-AMERICA.COM, you don't know whether BANK-AMERICA.COM is actually your bank or not.

I've made a little game called Phish or Fair. It shows you a domain name, you guess whether it belongs to Bank of America. Try it out and see how you do.

Then see if you can figure out why a bank would use over a thousand different domains. My example here is Bank of America, but they're no worse than other big banks; I picked them because their name is easy to search for.

If banks were serious about phishing, they'd pick one name, one domain, and use that consistently. But they don't.

PS: BANK-AMERICA.COM belongs to some guy in France.

Terry Zink: What do ordinary people think of the Gmail man?

2012-02-06T23:28:32+00:00

A couple of days ago, I posted a link to a video by Microsoft parodying Gmail – the Gmail man. In it, the video pokes fun at Google’s habit of making advertisements more relevant to its user base by extracting keywords from emails and using them to serve ads that match those keywords.

I decided to ask a member of the regular public what they thought of such policy – my wife. We were driving in the car and I asked her a question: “What do you think about all of the ads that you see in your Gmail account? The ones that appear on the side of the window? Do you think they’d be useful to you if they were about topics that were of interest to you?” I then rattled off a couple of her interests.

“Uh,” she said and thought about. “I guess I’d like that but I never see them. I just see my message and my background image and never pay attention to those ads.” (I bet a lot of people say stuff like that).

I then asked a follow up question. “What do you think if Gmail were reading your email messages, looking for keywords, so they could match up to give you more relevant ads?” I explained that this was an automatic, not human process, and that they were using it to match words-to-topics.

“What?” she exclaimed in disbelief. “I don’t think they should be doing that!”

Based upon my sample size of 1 member of the general public, I bet almost all people would have issues with Gmail doing keyword extraction.

Richi Jennings: #HPIO Will Samsung Galaxy Note phablet be a phailure? [for +Esther Schindler]

2012-02-06T18:34:29+00:00

#HPIO Will Samsung Galaxy Note phablet be a phailure?

[for +Esther Schindler]

Will Samsung Galaxy Note phablet be a phailure? - Input Output

The Samsung Galaxy Note will soon be available in the U.S. It's already available in Europe, and is up for pre-order on AT&T. But will this hybrid phone/tablet be raging success, or embarrass...

Enemieslist: new patterns posted - 20120206 (maintenance patterns release)

2012-02-06T18:12:05+00:00

89846 patterns in 32754 domains, 12128 right anchor strings, 354436 test IPs

New patterns and updates from the various contributing feeds. There
was one minor release since 20120203.

Terry Zink: The Stratfor hack is not over yet

2012-02-06T17:32:37+00:00

Thanks to Anonymous and their Christmas hacking of Stratfor, I have not only had to change my credit card number and sign up for identity theft protection, I am also the target of spear phishing attacks.

This past weekend, I got the following message in my personal email account:

From: Stratfor
To: Me
Date: Sunday, Feb 5, 2012
Subject: Stratfor: Beware of false communications

<No body of message>

Attachment: STRATFOR.pdf

The message body is empty but there is a pdf attachment that I have yet to open. This is a spam message because the sending IP is not Stratfor’s but instead is 81.26.219.53, da.yourchance.nl. The sending domain is historyofpop.nl which passes an SPF check. There are a couple of ways to interpret this but it’s possible that domain is compromised and the spammer is sending mail from it.

The message looked very suspicious to me. An empty body? Sure, it passed an SPF check, but an empty body and a pdf attachment? Stratfor never sends mail like that, ever.

I have not opened up the pdf attachment yet. I suspect it is some sort of phishing message but something in the back of my head has kicked my paranoid meter into overdrive. I’m worried that even though I am nobody special, the attachment could be an Advanced Persistent Threat. Wasn’t RSA hacked in a similar manner last year when someone dug a message similar to that out of their spam folder?

So now this message just sits in my Stratfor folder, waiting, waiting, waiting. For what, I am not sure. Perhaps I will open it up on my Mac and have a look there. Hopefully it’s just a phishing attempt and nothing more than that.

All Spammed Up: Spam Fighting Boot Camp Week 1: Know Your Enemy

2012-02-06T15:00:52+00:00

All right, sweethearts, what are you waiting for? Breakfast in bed? Another glorious day in the Corps! A day in the Spam Corps is like a day on the farm. Every meal’s a banquet! Every paycheck a fortune! Every formation a parade! Welcome to week one of Spamfighting Bootcamp. We’re going to look at how spammers think, how they act, what their motivations are, and the cunning tricks that they play in their unending attempts to compromise our users’ inboxes. We’ll look at our own fortifications infrastructures through the eyes of a spammer, so that we can see the weaknesses that our enemy will attempt to exploit. I have seen the enemy, and he is us. He is our misconfigured relays, our slack attitudes towards secondary systems, and our disregard for technologies that are available now. He is our wide open whitelists, and our overly trusting users. He is our co-worker in marketing who CCs his entire contact list, our MTA that responds to VRFY commands. In short, to know your enemy is to know yourself.

Spammers don’t fill our inboxes with junk because they have nothing better to do; they send out tens of thousands of messages every day because somewhere someone is going to click a link, or buy some junk proffered in that message. It’s a numbers game, and when it costs the spammer nothing more than a little time, some CPU cycles, and a cheap Internet connection to spew out garbage, spew it they will. Even if only one message in ten thousand gets all the way through from sender to unwitting recipient, who then clicks that link because they really believe they can solve any problems with their own physicality, or that they really might get a cut of some dead millionaires foreign fortune, or they really need that timeshare on a beach for pennies a day, the spammer wins.

The spammer fights an ongoing underground campaign because he can. We let him. Our mission this week is to stop doing the very things that the enemy exploits. He turns our own resources against us because we let him. It’s an insurgency campaign we’re up against, but today is the day we can start to turn the tide. Here are some of the tricks spammers use to get their messages into your users’ inbox.

Reconnaissance

Information can be a very effective weapon, and nobody knows this better than the spammer. The enemy will use bots to scrape your company’s websites for email addresses, will run directory harvesting attacks against your MTAs trying to discover valid users, and will buy and sell mailing lists whenever and wherever they can. Too often we make it easy for them, by CC-ing dozens of unrelated users with marketing emails of our own, sharing out all those email addresses with who knows who. Unless you like revealing sensitive information to the enemy, it’s time to 86 that and now.

Configure your MTAs to reject VRFY queries and to ban source addresses that attempt multiple VRFY commands or attempt to send more than a small number of messages to invalid recipients. Set maximum recipient limits on all outgoing messages to stop your users from sending out messages that could carry too many valid addresses outside the company, and train your users on the benefits of BCC. Set any distribution lists you have that can be mailed to from the outside or that contain external recipients to moderated, and reject any messages that contain too many internal email accounts. Finally, keep your head down by not posting email addresses on the websites. Either use a contact form, or encode email addresses so that real humans can use them, but so bots cannot automatically harvest them.

Probing your perimeter

The enemy is probing our lines for weakness, so too must we. Port scans for systems listening on TCP port 25 can quickly identify any system capable of receiving emails. Too often those are not a part of the corporate email system, but can relay email in to internal users. They also will look at your MX records and try to send email to systems with higher weights, on the too frequently correct premise that those are valid, and not as up to date as your primary systems. Probe your own lines by setting up regular port scans on all IP address space, whether a part of your primary datacenter, your DR site, or your remote offices. Verify that each and every host that accepts a connection on TCP port 25 is a valid mail server, and is properly configured with the appropriate anti-spam measures at your disposal. Make sure that every host with an MX record in your DNS is appropriately configured as well.

Camouflage

Spammers will also try to get past your defenses, and your users’ own suspicions, by obfuscating links using a variety of methods including encoding, URL shorteners, and redirects. Your message filtering system should already be filtering that sort of thing out, but make sure you set low thresholds for the numbers of links that are in an email. Educate users on the dangers attachments present, and quarantine any encrypted attachments until you can confirm they are legitimate business communications.

Covert operations

Spammers will frequently spoof the sender address in email to get past filters. They may even use a recipient’s address or another in the same domain as the sender address so it looks more legitimate. To defend against such attacks, use the technologies available to you. Ensure your own SPF records are up-to-date, and set to hard fail (-) to protect others from spammers who try to masquerade as you, and reject any email you receive that fails an SPF check. Use DNS black lists to refuse mail from known spammers and address ranges that belong to residential and mobile services. You can always whitelist a partner but your default posture should be to reject any mail that fails to pass the sniff test.

Ultimately, if the spammer finds even a fraction of a percent of his efforts are successful, he will remain motivated to attempt more attacks. We have to take the financial incentive out of the equation, and that means spreading the word to our user base, our friends, our families, and the social groups we interact with. If no one responded to a spam message, or clicked a link in a piece of UCE, there’d be no financial motivation for a spammer to continue his campaigns against us. Will we get the word out to every single email user in the world? Of course not. But if we can educate our users to stop the activities that make all the user@ourdomain.com addresses pop up in the cross hairs of the spammer, and we take appropriate cautions and set proper configurations on our systems, in the long term we should see a marked downtick in the volume of spam heading our way.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam Fighting Boot Camp Week 1: Know Your Enemy

Richi Jennings: #ITBW : Windows 8 beta release date near, as rumors fly. In IT Blogwatch, bloggers warm up their ...

2012-02-06T11:04:14+00:00

#ITBW : Windows 8 beta release date near, as rumors fly.
In IT Blogwatch, bloggers warm up their download managers...

$MSFT

Windows 8 beta release date near, as rumors fly

The Windows 8 beta release date is drawing ever-nearer. Leaked Consumer Preview builds show that Microsoft (NASDAQ:MSFT) has done away with Windows' Start Button (or 'Orb' as pedants insist). In IT Bl...

Richi Jennings: Lucy in the Snow! Also starring +Suzanne Cooper...

2012-02-05T13:16:07+00:00

Lucy in the Snow!
Also starring +Suzanne Cooper...

Lucy in the Snow, February 5th, 2012

Here's Lucy, another Rhodesian Ridgeback. After Oscar died of bone cancer, we re-homed her in March 2011. Here she is, belting around the snow with Suzi, up at Bluebell Farm, near Ambarrow, Sandhurst -- the same place that we videoed Oscar two years ago: http://www.youtube.com/watch?v=x_kh9TWjaI4

Richi Jennings: Frustrated with Google's Postini... Once again, Postini is filtering email from Google Apps as sp...

2012-02-05T10:27:38+00:00

Frustrated with Google's Postini...
Once again, Postini is filtering email from Google Apps as spam. #facepalm !
Is anyone from +Google Enterprise listening?

MillerSmiles Phishing News: Weekly analysis - 28th January 2012 to 4th February 2012

2012-02-04T12:00:00+00:00

MillerSmiles provides its weekly phishing analysis for the week of 28th January 2012 to 4th February 2012

Enemieslist: new patterns posted - 20120203 (maintenance patterns release)

2012-02-03T21:11:24+00:00

89825 patterns in 32741 domains, 12127 right anchor strings, 354403 test IPs

New patterns and updates from the various contributing feeds. There
were two minor releases since 20120201-01.

Terry Zink: The Gmail man!

2012-02-03T17:43:38+00:00

I have to admit that this advertisement by Microsoft, poking fun at Google and Gmail – with an advert for its Office 365 service – is pretty funny.

In it, they take shots at Google’s habit of scanning your email messages and extracting keywords and tokens in order to better target advertisements that cross your screen. So, if I were to email people about the broker I use, say, TD Ameritrade, and talk about the run up in the Nasdaq we’ve had since the start of the year, then Gmail would serve me ads about investment seminars and trading products and maybe even advertisements for cheaper brokers.

On the one hand, I like targeted advertisements that are relevant to me. There are certain things I care about:

Thai food
Magic books
Software that would make stock trading easier so I don’t have to write it all myself using tons of copy/pasting in Excel

But do I want Gmail reading my email, looking for keywords? Do I care about targeted advertising that much?

Which do I value more? Keeping my email private or having relevant products brought to me for my perusal? Which do you value more?

All Spammed Up: Banks and Top Websites Develop New Spam Fighting Techniques

2012-02-03T15:00:52+00:00

In a new effort to fight spam, major financial firms such as Bank of America, FidelityInvestments, and Paypal are partnering with popular internet fixtures Facebook, Google, and Microsoft to create new industry standards designed to make it more difficult for spammers to brandjack for their spam campaigns and phishing attacks.
The companies have formed a group called DMARC.org (Domain-based Message Authentication, Reporting, and Conformance). They hope that by using Sender Policy Framework (SPF) and DomainKeys Identifed Mail (DKM), businesses can turn the tables on spammers by making email spoofing next to impossible. Paypal uses them, but only those with Yahoo and Gmail addresses can benefit at this time. The group would like to see that expand so that all users are protected.

What we need is an Internet standard that allows this level of protection to work at scale – without any discussion, without any partner agreements,” said Brett McDowell, a security manager at PayPal who serves as chairman of the group. “That is what DMARC does.”

Setting industry standards is an important step, but still more important is getting the corporate world to adopt them. There will probably be some protesting and the inevitable excuses such as “I don’t have the time to implement them/train my IT department” and the most popular excuse “cost too much in time/productivity/money”. It may take some time to get most businesses aboard, but I think once they are, it will make a dramatic difference in the amount of spam and phishing attacks sent from corporate addresses or exploting popular brands.

What do you think? Will your company adopted the new standards? If not, why?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Banks and Top Websites Develop New Spam Fighting Techniques

Richi Jennings: #ITBW: Confirmed: Windows Phone 8 OS 'Apollo' has PC kernel It's now been confirmed by people who...

2012-02-03T09:30:58+00:00

#ITBW: Confirmed: Windows Phone 8 OS 'Apollo' has PC kernel
It's now been confirmed by people who were under a non-disclosure agreement. Redmond isn't commenting though. In IT Blogwatch, bloggers cheer the death of Windows CE.

$MSFT

Confirmed: Windows Phone 8 OS 'Apollo' has PC kernel

The Windows Phone 8 OS, code-named 'Apollo', will have the same kernel as the Windows 8 for PCs and tablets. A leak of a Microsoft (NASDAQ:MSFT) partner video tells us this and much more info about th...

John R. Levine: World notices that Verisign said three months ago that they had a security breach two years ago

2012-02-03T01:53:03+00:00

The trade press is abuzz today with reports about a security breach at Verisign. While a security breach at the company that runs .COM, .NET, and does the mechanical parts of managing the DNS root is interesting, this shouldn't be news, at least, not now.

Since Verisign is a public company, they file a financial report called a 10-Q with the SEC every quarter. According to the SEC's web site, Verisign filed their 10-Q for June through September 2011 on October 28th. where it's been available to the public ever since.

Like every other 10-Q, it has a Risk Factors section which lists all the reasons that the company might fail, so don't sue us. Normally those sections are pretty routine, key employees might quit, customers might desert us, key contracts might not be renewed, that sort of stuff. But this 10-Q contained this bit:

We experienced security breaches in the corporate network in 2010 which were not sufficiently reported to Management.

In 2010, the Company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers. We have investigated and do not believe these attacks breached the servers that support our Domain Name System ("DNS") network. Information stored on the compromised corporate systems was exfiltrated. The Company's information security group was aware of the attacks shortly after the time of their occurrence and the group implemented remedial measures designed to mitigate the attacks and to detect and thwart similar additional attacks. However, given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information. In addition, although the Company is unaware of any situation in which possibly exfiltrated information has been used, we are unable to assure that such information was not or could not be used in the future. The occurrences of the attacks were not sufficiently reported to the Company's management at the time they occurred for the purpose of assessing any disclosure requirements. Management was informed of the incident in September 2011 and, following the review, the Company's management concluded that our disclosure controls and procedures are effective. However, the Company has implemented reporting line and escalation organization changes, procedures and processes to strengthen the Company's disclosure controls and procedures in this area.

Apparently nobody got around to reading it until today, at least nobody who understands the business well enough to know what it means.

All the press reports I've seen just regurgitate that paragraph, adding a few quotes from people close to Verisign who all said they didn't know about it either, and security types who told us that it's an enormous big deal. (Now that you've read the paragraph, you're as qualified to pontificate as anyone.)

Personally, I don't know if it's an enormous big deal or not. Risk factor sections tend to be written as pessimistically as possible, so you can skip over the parts about they cannot assure you and so forth. One thing I do know is that it happened over a year ago, so if anything significant happened as a result, and Verisign knew about it, they'd have told us about that, too, on the principle that you release all your bad news at once. So this means that either it really was just a minor network breach, or the evil consequences are so deep and subtle that we may not know about them for years and years, if ever. I'd tend toward the former, but then, I'm not a Verisign stockholder.

Spam Wars Dispatches: Your Telephone Account Number

2012-02-02T18:05:34+00:00

As frequent readers of this blog know, my primary concern is educating everyday users about avoiding tricks that criminals use to capture private data. An article at Trusteer warns of a recent attack technique that takes treachery to a new level. The underpinnings are a little complicated, but a user heading for trouble probably wouldn't notice what's going on. In fact, warning systems built into detecting bank account or credit card fraud essentially become disabled for the user, leading to incredible difficulty after the fact.

The problem begins — as if often the case — with a PC infected by a particular piece of malware. Now, before you say "But I have antivirus software installed on my PC!", there may be times when you find it necessary to use another person's computer, or a computer in a publicly accessible location to perform even a quick transaction (e.g., check your balance) with one of your financial institutions. You can't possibly know if that PC is clean, even when its owner or administrator swears on a stack of AV CDs that everything is OK (oh, well maybe the profiles haven't been updated this week...oops). These days, the same goes for using someone else's smartphone to access your accounts — a very risky proposition for numerous reasons.

So, this infected PC constantly monitors activity, looking especially for access to financial sites. At that point, it's easy for the malware to capture login credentials, which can then allow its masters to get inside your account. Rather than bleed your credit card or bank account dry for a quick shopping spree, the crook sends you a fraudulent email that tries to trick you into handing over your telephone number and account details. Why? So he can screw with your call forwarding such that telephone verifications from the institution are sent to established criminal call centers who provide all necessary verification data you've allowed to be phished or stolen. Your account stays alive longer for the crooks to bleed you even drier.

Because the institution has performed its job of verifying a transaction against information that only you, the customer, should know, you will have one helluva time getting things fixed.

How can you best protect yourself? You should be suspicious of any unsolicited email or telephone call you receive that asks for personal information of any kind. The more dire-sounding the reasoning behind the call, the more cautious you should be. If there is a genuine problem with your account, then you should be able to log into the account online the normal way (i.e., by following a pre-existing bookmark to the site) or call the institution by the telephone number on your most recent bill or statement. Just as you should not trust a link in an email, so should you mistrust a phone number given to you by an unsolicited telephone call.

If you're not paranoid about criminals coming after your valuables, you're crazy.

All Spammed Up: 5 Ways Your Users Can Help You Fight Spam

2012-02-02T15:00:35+00:00

Just about every company is all too aware of the problems that spam can lead to.

This has prompted a majority of IT departments to employ some sort of anti-spam, or spam filtering, solution to assist in keeping the inboxes of their users as spam free as possible.

But notice that the word assist is used in that previous sentence.

This is because no spam filter is going to completely eliminate spam. There are some out there that will do a great job of drastically reducing the amount of junk email that is successfully delivered, but despite the anti-spam solution’s best efforts there are users in every organization that will find a way to attract spam like ants to a picnic.

To help reduce the number of pharmaceutical advertisements and promises of great riches that fill the inboxes of your co-workers, try these hints to help involve them in the fight against spam:

1. There is no one giving you a iPad for free.

When you click on those advertisements that proclaim you the lucky winner of an iPad, XBox, smart phone, etc. understand that they are just collecting your email address and other personal information to sell off to spammers.

Instruct your users to avoid clicking on any advertisements when they using computer resources at work to avoid falling for scams that collect their email addresses and to stay away from sites that may install malware on their computer.

2. Social games harvest more than virtual crops.

When a game boasts over 70 million players, people take notice. Some of those people are spammers.

Social games are fun ways to pass the time, and most are free to play. And while the makers of these games will often charge for level-ups or other premium services they also make money other ways. When you register, you provide your email address, your age, your income and a host of other information that can help advertisers (and spammers) better target you for mass mailings.

Users should understand that they should only play games on sites that legitimately protect their personal information and that their work email should never be used to register on any site. Also, they can cut down on spam and advertisements by reading the fine print when signing up and opting not to receive product information from the company or its partners.

3. Unsubscribing tells spammers you are alive.

According to the CAN-SPAM Act, all email marketing must contain a way for recipients to remove their name from the mailing list. Spammers know this and use this for two things. First, it helps legitimatize them. People see this and think that it is merely an innocent advertisement. Secondly, it lets the spammer know that they have found an active email address instead of one that has long been abandoned.

Teach users how to block emails so that when they receive newsletters and advertisements that they don’t pay attention to, they can simply block them rather than opt-out.

Make it easy for users to help identify spammers. One organization I work with has an email address set up for users who receive spam or other suspicious mail. They simply forward the email message in question to that account and someone from the IT security team addresses the problem. Not only does this help feed the spam filter with more data to use, but it brings the users into the fight. They feel like they are helping to solve the problem.

Users can be one of the best weapons in fighting spam, if you make it easy enough for them to help. A simple email address where they can forward suspicious emails beats having them fill out a form or filing a formal report.

4. Never register for forums, websites, chats or newsletters using your work email address.

Many times, we sign up for things with our work address because it is something legitimately used for work. This can lead to users being comfortable with this process and eventually, they will post that address to a less than ethical site.

Make it a policy that company email addresses should not be used to register for anything other than with a trusted vendor, customer or partner.

5. Clean out your inbox regularly.

When forced to clear junk mail out of their inbox, most people will be more cognizant of how much spam is sent to them on a daily basis. When they find this process to be tedious, they will likely do a better job at managing their email address out in the wild.

Most companies have policies that address email inboxes, and just as many don’t really enforce these policies. Make sure that users know that this, or any other policy regarding email, will be enforced.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 Ways Your Users Can Help You Fight Spam

Richi Jennings: #ITBW: Apple FAIL: No ban on Samsung Galaxy Tab 10.1N Patent probably invalid, due to prior art. ...

2012-02-02T11:01:36+00:00

#ITBW: Apple FAIL: No ban on Samsung Galaxy Tab 10.1N
Patent probably invalid, due to prior art. In IT Blogwatch, bloggers count their Euros and run to the stores.

$AAPL $SMSN

Apple FAIL: No ban on Samsung Galaxy Tab 10.1N

Apple has failed in its bid to have Samsung's latest tablet banned in Germany. So Europeans can still buy the Galaxy Tab 10.1N. A Munich court ruled that a key Apple patent was probably invalid, due t...

Richi Jennings: Apology accepted (not that I'm authorised to accept it, just like Apology accepted (not that I'm authorised to accept it, just like +Paul McNamara isn't authorized to make it).

Anyway, our British authorities can go equally loony over Twitter traffic, as #TwitterJokeTrial proved:
http://blogs.computerworld.com/16084/twitter_bomb_joker_pauljchambers_fined_1500_in_twitterjoketrial
Paul McNamara originally shared this post:
I've seen a lot of lectures being directed at this young man: Be careful what you write on the Internet, tsk-tsk. That's all well and good, usually. But given the circumstances here -- we're talking about visitors being kicked out of our country for no fathomable reason, not someone losing a job opportunity -- it seems to me that apologies are more in order. ... So I did.
Buzzblog: A message to those tourists the U.S. kicked out over tweets
Somebody needs to say this ...

Enemieslist: new patterns posted - 20120201-01 (maintenance patterns release)

2012-02-01T19:38:26+00:00

89722 patterns in 32716 domains, 12126 right anchor strings, 354222 test IPs

New patterns and updates from the various contributing feeds. There
were five minor releases since 20120130.

Richi Jennings: Update: He changed his mind and wants a desktop PC!
Replies direct to Update: He changed his mind and wants a desktop PC!
Replies direct to +Sharon Gaudin, please, at the original post...
plus.google.com/100871988633812822339/posts/dfFtgux93ZM
Sharon Gaudin originally shared this post:
Calling my techie friends... My cousin is looking to buy a laptop. I'm sure he doesn't want to spend a fortune. He simply wants a good, solid machine. What would you suggest? What would you tell him to avoid?

All Spammed Up: 5 Tips to Keep Your Emails Out Spam and Junk Folders

2012-02-01T15:00:41+00:00

I do business with quite a few online retailers and services and most of them send me marketing emails and newsletters. Without fail, a few always wind up flagged as spam and redirected to my spam folder. I found out that even though they come from different senders, they tend to have a few things in common. Below are five reasons why they ended up in the spam and junk folders, and tips on how to avoid having your marketing emails meet the same fate:

1. Bad Subject Lines
Most spam filters are programmed to look for words like “free”, “sale”, “deal” and “discount” in subject lines. Since spammers love to use such words in an attempt to lure people into reading their messages, more often than not, legit emails with those words in the subject line will end up flagged as spam. It’s also important to check and double check before you hit send. I’ve received marketing emails with blank subject lines or “Type Headline Here” as the subject, indicating the person in charge of sending the marketing blast was either careless or inexperienced. Not only does this make your company look very unprofessional, but it can get your messages flagged as spam.

2. Careless Use of the CC Feature
You should never send emails to a large group using CC. This not only exposes your customer’s email addresses, but if one of them decides to respond and chooses to hit the ‘reply all’, it will end up causing an unintentional spam loop and a lot of unhappy customers. Emails with huge CC lists are also a common feature of spam generated via dictionary attacks. Use BCC or a mailing list manager like Constant Contact.

3. Sending Attachments
There should never ever be a reason for you to send your customers attachments, but I’ve gotten a couple of marketing emails with them. It was almost always caused by a poorly formatted HTML message which included the graphics as attachments. A big no-no!

4. Bad IPs
It’s important to check your IP addresses regularly to make sure they haven’t been placed on blacklist. False positives aren’t uncommon and it’s also possible to have your server compromised without knowing it. Email sent from a blacklisted IP will never make it to any recipient whose IP subscribes to that blacklist.

5. Buried Unsubscribe Instructions
There will always be people who subscribed and then changed their minds, and many will become easily frustrated and simply report your newsletter as spam instead of doing the right thing. Don’t rely on a tiny link buried at the end of the email. Make sure your unsubscribe link is easy to find.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

5 Tips to Keep Your Emails Out Spam and Junk Folders

Richi Jennings: People have asked how I manage to use Google Apps without needing to switch my G+ account from my...

2012-02-01T12:06:17+00:00

People have asked how I manage to use Google Apps without needing to switch my G+ account from my regular Google account.

Most of the time, this works for me:
1. Ensure not logged in to any Google accounts
2. Log in to regular Google account
3. Log in to Google Apps account

Doing it in that order seems to allow me to have a Google Apps email tab open and also use G+, YouTube, etc. with my regular Google account. It even keeps the sessions open across browser restarts. Works 95% of the time for me, anyway; YMMV.

Richi Jennings: #ITBW: Facebook IPO: Price per share $45 for $FB? In IT Blogwatch, bloggers wonder if it'll be (N...

2012-02-01T10:53:11+00:00

#ITBW: Facebook IPO: Price per share $45 for $FB?
In IT Blogwatch, bloggers wonder if it'll be (NYSE:FB) or (NASDAQ:FB)

Facebook IPO: Price per share $45 for $FB?

The Facebook IPO will be official later today, we're told. The rumor-mill sets the price per share at around $45, assuming the $100 billion valuation being bandied about. In IT Blogwatch, bloggers won...

Richi Jennings: Still no Google account migration tool in sight.
Still no Google account migration tool in sight.
+Julio Ojeda-Zapata is right. Ron Ho and other GOOG employees promised that this would be done almost three months ago. Now they're backtracking on the level of functionality it'll have, saying it won't even migrate G+ content!
More at http://blogs.computerworld.com/19569/3_things_google_apps_needs_to_fix
Julio Ojeda-Zapata originally shared this post:
Hey, +Vic Gundotra, Google Apps fanatics who embraced Google+ early on (via separate, generic Google accounts) have waited patiently for a promised migration tool to integrate their Plus content with their Apps accounts.

Care to provide any insight on when this will be available? It's overdue and Google+ fans like yours truly can't use the service properly without such integration. Thanks.

All Spammed Up: FBI Declares ‘Gameover’, Link to ZeuS

2012-01-31T17:00:27+00:00

Malware developers seem to appreciate a little humor when it comes to naming their schemes. One of the latest email scams to invade inboxes everywhere is no exception, it seems, and the FBI has been quick to let businesses know that if they don’t keep their eyes open for a phishing scam originating in an email from FDIC, NACHA and the Federal Reserve, opening the mail’s attachment could be one of the most devastating choices in a young 2012. Worse yet, this new scheme appears to be linked to the Lord of the Greek gods – or its eponymous malware, anyway.

‘Game over’ is never a good thing, whether it means that your last ship has been destroyed and your quarter spent, whether it’s a lame and overused witticism that yet again has found its way into the mouth of Hollywood’s action hero du jour, and yes, even when cyber criminals are searching for just the right name for their latest piece of malware. While we’re not averse to debating the first two, our interest here is firmly with the latter. It seems the U.S. Federal Bureau of Investigation shares that interest, as evidenced by a security bulletin earlier this month that identifies a new email scam, one which cyber criminals have decided to call – what else? – Gameover.

Gameover is a phishing attack that appears in the form of spam emails spoofing the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve Bank, or the National Automated Clearing House Association (NACHA). Like a multitude of others, the scheme preys on users’ fears and/or lack of vigilance, informing them that there has been a problem with their bank account or an ACH transaction (ACH stands for Automated Clearing House, a network for financial institutions in the U.S.). Sufficiently frightened, recipients are encouraged to click the included link, which instead of resolving the issue, takes the user to a malicious site where the Gameover malware is executed.

The malware has been identified as a variant of ZeuS, a notorious piece of malware which has been responsible for stealing financial information through the practice of keylogging for a number of years. Once activated, the cyber crooks can steal banking information such as account numbers and passwords.

As if that wasn’t enough…

More than just a keylogger, however, ZeuS (and coincidentally, Gameover) has an added payload. According to the FBI:

“After the perpetrators access your account, they conduct what’s called a distributed denial of service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site — probably in an attempt to deflect attention from what the bad guys are doing.”

But wait – there’s more!

In what sounds like a novel involving international intrigue, FBI investigations have been able to trace the attacks as far as to jewelers, as the stolen funds are used to purchase “precious stones and expensive watches from high-end jewelry stores”. The crooks contact the jeweler, tell them what they’d like to purchase and inform them that they will wire the money the following day. The following day, a “money mule” – a person involved in the money laundering part of the crime – shows up at the jewelry store to pick up the merchandise. The jeweler confirms that the money (the stolen money from the spam scheme) is in their account and upon doing so, turns the merchandise over to the mule, who in turn delivers the merchandise to the crooks or converts it into cash that upon being transferred, is effectively laundered.

Wow – It really is the stuff of imagination, but even more interesting is that the FBI has suggested that the mules could be unsuspecting victims of those omnipresent ‘work at home’ schemes that we see everywhere. While the federal agency has confirmed that many of the mules are willing participants, it has also noted that an increasing number are likely people who have succumbed to these schemes and have been unwittingly recruited into laundering money stolen from victims of the spam scheme.

Be on the lookout for this one and advise your staff ASAP. At very most, it could be a story worthy of a novel. At very least, it could save you and your users plenty of headaches and lost funds.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

FBI Declares ‘Gameover’, Link to ZeuS

Richi Jennings: S**t programmers say... Only slightly NSFW. via +Paul McNamara...

2012-01-31T14:42:28+00:00

S**t programmers say...
Only slightly NSFW.

via +Paul McNamara...

Buzzblog: Just one more: 'S**t programmers say'

This example scores points for its simplicity

Richi Jennings: #ITBW: iPhone 4S lottery in Hong Kong squashes scalpers. In IT Blogwatch, bloggers take a number....

2012-01-31T11:04:42+00:00

#ITBW: iPhone 4S lottery in Hong Kong squashes scalpers.
In IT Blogwatch, bloggers take a number.

$AAPL

iPhone 4S lottery in Hong Kong squashes scalpers

With its new iPhone 4S lottery system in Hong Kong, Apple (NASDAQ:AAPL) is trying to defeat Chinese scalpers. Now you can't just walk into the Central District and pick up the latest pomaceous shiny. ...

Terry Zink: New email authentication protocol – DMARC

2012-01-31T04:43:27+00:00

Today, a consortium of companies including Google, Microsoft, Facebook and Paypal announced that they were collaborating and coming up with a new protocol known as DMARC – the Domain-based Message Authentication, Reporting and Conformance.

What is DMARC?

This is very much a summary of DMARC in a nutshell (I will probably write an article about this in the future), but from the website:

A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes - such as junk or reject the message. DMARC removes guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

When I first heard about DMARC, I said to myself “Self, why do we need another email authentication protocol?” The answer is that DMARC is not another protocol but instead leverages existing email authentication protocols and provides feedback to the spoofed domain.

SPF already provides a way to say “If this message fails an SPF check, discard the message.” It’s called a Hard Fail. However, not all hard fails are illegitimate (there are significant false positives with SPF). DKIM, in itself, doesn’t provide a way to discard a message if it fails an authentication check. This makes it less useful in securing the Internet (i.e., it is a barrier to adoption).

Besides which, what happens if an SPF check asses but a DKIM check doesn’t? And if one of them fails, who should you tell? DMARC provides a mechanism that says “If one of these checks fails, discard the message.” But furthermore, it also provides a way to tell the responsible party that the message failed a check. For example, if security@paypal.com fails a DMARC check (either through SPF or DKIM), the email receiver can send the message to an email address that says “Hey, this message failed an SPF check. Was it legitimate or not?” If it is a false positive (perhaps a new server brought online), Paypal can add it to its SPF check. If it’s a phishing message, Paypal can investigate to have the website taken down.

The strength of DMARC is that it is a stronger way to protect a brand from being abused; receivers can discard spoofed messages and senders can figure out just who, exactly, is sending mail as them.

The weak point of DMARC is, unfortunately, the weak point of SPF and DKIM – spammers and phishers don’t need to spoof a domain in order to fool users into taking action. If a spammer sends mail from security@paypal.com.yakzas.com (a fictitious domain), many users just see that first part (paypal.com) without being more aware that there is more to the message.

And if a phisher signs up for a cloud service that issues temporary credentials, they can create the account paypale.onmicrosoft.com and send spam from there to avoid IP reputation blocking (and to the spammer that is abusing our Office 365 service, we know what you’re doing, you jackass) while hijacking the reputation of another brand in the From address.

The strength of DMARC is not so much that it combats phishing but that if a good domain is authenticated, mail user agents (like Gmail, Hotmail, Outlook, etc) can highlight that the sender is a trusted sender and highlight it in blue or put a little icon beside it. Since users use visual clues to make heuristic decisions, the lack of a trusted symbol can train people to be suspicious.

Anyhow, it’s nice to see that the authentication/validation protocols are consolidating.

The Internet Patrol: Email Providers Unite to Fight Spam and Fraudulent Messages

2012-01-30T23:33:14+00:00

Several email providers that normally compete with one another, like Google Gmail and Microsoft Hotmail, have teamed up in an effort to better protect email users from spam and fraudulent messages. The new system is called DMARC, short for Domain-based Message Authentication, Reporting & Conformance. With a united front, the war against spam may have a powerful new weapon.

Enemieslist: new patterns posted - 20120130 (maintenance patterns release)

2012-01-30T20:01:10+00:00

89549 patterns in 32661 domains, 12116 right anchor strings, 353934 test IPs

New patterns and updates from the various contributing feeds. There
were two minor releases since 20120127.

Richi Jennings: #HPIO: Samsung is #1 smartphone maker: Blowing my trumpet. /for +Esther Schindler

2012-01-30T18:52:34+00:00

#HPIO: Samsung is #1 smartphone maker: Blowing my trumpet.

/for +Esther Schindler

Samsung is #1 smartphone maker: Blowing my trumpet - Input OutputMultifunction Laser Printers | HP LaserJet Printers

As I predicted last month, Samsung is the world's #1 smartphone vendor, based on full-year figures. Apple failed to sell sufficient iPhone 4S units to prevent Samsung from wresting the top spot from ...

All Spammed Up: January Spam Roundup

2012-01-30T17:00:07+00:00

Along with a new year, January brought with it a new wave of spam campaigns, most ofthem malicious in nature. Here’s a look at some of the top headlines for the month:

Nokia Fined For Spamming Their Customers:

http://arstechnica.com/gadgets/news/2012/01/nokia-fined-in-australia-for-spam-texting-its-own-customers.ars

Top 9 Domains Used to Send Spam:

http://betanews.com/2012/01/25/what-are-the-top-domains-used-for-spam/

New Wave of Spam Infects Just By Opening Email:

http://www.darkreading.com/security/attacks-breaches/232500660/new-drive-by-spam-infects-those-who-open-email-no-attachment-needed.html

Global Spam Levels Drop, Malware Rises:

http://www.zdnet.com/blog/btl/global-spam-declines-as-malware-encounters-pick-up-report/67858

Man Accused of Running the Kelihos Botnet Says He’s Innocent:

http://www.computerworld.com/s/article/9223820/Accused_Kelihos_botmaster_proclaims_innocence

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

January Spam Roundup

All Spammed Up: Spam Fighting Boot Camp: The Mission

2012-01-30T15:00:16+00:00

Please read the following post with the voice of a drill sergeant in your mind. Imagine something between R. Lee Ermey and Samuel L. Jackson if you can, or maybe Stephen Lang. Alright people, listen up! Welcome to Spam Fighting Boot Camp, or what some mamby-pamby college puke might call Spamfighting 101! Over the next nine weeks I’m going to take you through a series of briefings designed to turn you into a lean, mean, spam fighting machine. We will teach you to know your enemy, train you to anticipate, out think, outmaneuver, and out fight your opponent, and leave you with the skills necessary to defend your email systems to the last message. Our users must be protected from the enemy, and that enemy is spam!

The best defence is a strong offence, but as much fun as a search and destroy mission behind enemy lines might be, our field of battle must remain within our users’ inboxes. Our goal is zero casualties people, and no mailbox gets left behind. Here’s what you can look forward to over the next several weeks:

Week 1: Know your enemy

We’re going to look at how spammers think, how they act, what their motivations are, and the cunning tricks that they play in their unending attempts to compromise our users’ inboxes. We’ll look at our own infrastructures’ fortifications through the eyes of a spammer, so that we can see the weaknesses that our enemy will attempt to exploit.

Week 2: Beware of friendly fire

While our mission is to oppose the enemy wherever we may find him, we don’t want to become the victim of friendly fire, and we don’t want anyone else mistaking us for a spammer. We’ll look at the proactive measures and policies that will prevent these sorts of accidents from happening.

Week 3: Improvise, adapt, overcome

Budgets are tight, and sometimes you must make do with what is at hand at the moment. We’ll look at the anti-spam technologies that are available to you in some of the most popular email systems.

Week 4: A well-regulated militia

Try as we might, sometimes the enemy slips behind the line, and arming our users’ workstations adds a layer of security to halt those spams that might get past our sentries.

Week 5: The last line of defence

Spammers continue their campaign against us because, at the end of the day, there’s always someone who will buy whatever line they’re selling. Here we’ll look at winning the hearts and minds of our users, educating them against the threats spam presents.

Week 6: Gearing up

To shore up our defenses, we have many options available. During this training mission, we’re going to look at the options available for shoring up our defences with bolt-on software solutions.

Week 7: Allied Forces

Some campaigns may require us to interact with allied forces. Understanding them completely can make the difference between a quick victory and a protracted campaign, and we’ll look at strategies for combining our strengths into an effective spam smashing force.

Week 8: Forward operations

The closer we can bring the fight to the enemy, the further away they are from our users, and cloud-based solutions move the fight from our datacenter to the Internet. We’ll examine strategies for success.

Week 9: Good to go

Training complete, you’re ready to engage the enemy. We’ll go over some last minute tactics and strategies to make you the complete spam killing machine.

Well alright then. Gear up, strap in, and get ready for some action! Spamfighting bootcamp is about to begin!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam Fighting Boot Camp: The Mission

Spamresource.com: What's DMARC?

2012-01-30T13:14:36+00:00

Return Path's Sam Masiello explains: "The genesis of DMARC was actually a private partnership between PayPal and Yahoo! and Google. They worked together in 20007 and 2008, respectively, to create a communication channel that would allow Google and Yahoo! to block all email purporting to be from a PayPal domain. It had a huge positive impact. At one point they were blocking, on average, 200,000

Richi Jennings: #ITBW : Megaupload sings sad song of destroyed evidence 'More than 50 million people' used the se...

2012-01-30T11:05:02+00:00

#ITBW : Megaupload sings sad song of destroyed evidence
'More than 50 million people' used the service for their legitimate cloud staorage needs -- not just copyrighted songs and movies. The U.S. government has washed its hands of the matter. In IT Blogwatch, bloggers hope that justice is seen to be done.

[Updated]

Megaupload sings sad song of destroyed evidence

[Updated with more comment and analysis] Megaupload is warning that its hosting service providers may be about to destroy evidence. The data is 'important' to the company's defense that &#...

John R. Levine: The state of mail database marketing

2012-01-28T20:53:03+00:00

My mail server has a lot of spamtraps. They come from various sources, but one of the most prolific is bad addresses in personal domains. Several of my users have their own domains, such as my own johnlevine.com, in which they use a handful of addresses. Those addresses tend either to be people's first names, for individual mailboxes, or else the names of companies. If I did business with Verizon (which I do not) I might give them an address like verizon@johnlevine.com. All those domains get mail to lots of other addresses, which is 100% spam.

The made up addresses are largely dictionary attacks, which is obvious when I see sequential spam to barry@, betsy@, and bruno@. Some of them are company addresses that leaked to spammers before the companies went out of business years ago. And some are just mysteries.

My friend Bob Frankston has had his own vanity domain since 1992, which gets a lot of spam to spamtrap addresses. I automatically diagnose and send off abuse reports for a lot of it. Today I got a hand written response to one of them from a database marketing company in Florida. It said, in part:

This email resolves to a master record for [a name and address of a guy in Pennsylvania].

The recorded was added to the client's file on 11/12/2002 per a trip preference card that was sent to the postal address listed above. The trip preference card asks where someone would like to travel, and for their email address to be sent notifications.

If [that address] had changed their mind about receiving emails, we diligently suppress/remove opt outs. However, I do not see that email in our suppression, opt out, or feedback loops.

That wasn't too surprising, I've gotten other mail to that spamtrap from other spammers who gave me the same guy in Pennsylvania, who has no relation to Bob, and it's barely possible that someone could have scribbled something on a postcard that might have been mistranscribed as the spamtrap address, although the name of the alleged subscriber has no visible connection to the spamtrap address either. It's certainly plausible that once someone had the bad info, they sold it to lots of other marketers.

But two things jumped out at me. The first is the date, 2002. They've been spamming this address for ten years. Since it is a spamtrap, it has never responded, never ordered anything, never "opened" a message (ESP-speak for fetching the URLs in the message.) But they keep pumping out the mail anyway. The competent ESPs I know all purge their lists of dead addresses eventually, certainly in a lot less than ten years.

The other is the inability to imagine that every address in their crummy database isn't a live potential customer. This address never "changed their mind" because it doesn't have a mind. It's a spamtrap. It sends no mail, and it won't opt out because it never opted in.

I wish this situation were atypical, but it's not. If the putatively legitimate e-mail marketing industry wanted to understand why they've earned such a poor reputation, it wouldn't be hard to figure out.

Fun fact: Bob's last name happens to be the name of a town in Australia. Someone there has misconfigured one of their systems to send status reports with personal information about their clients to yet another made up address in Bob's domain, which I expect is totally illegal under Australian privacy law. I haven't been able to stop that, either.

MillerSmiles Phishing News: Weekly analysis - 21st January 2012 to 28th January 2012

2012-01-28T12:00:00+00:00

MillerSmiles provides its weekly phishing analysis for the week of 21st January 2012 to 28th January 2012

Enemieslist: new patterns posted - 20120127 (maintenance patterns release)

2012-01-27T18:28:50+00:00

89458 patterns in 32635 domains, 12110 right anchor strings, 353802 test IPs

New patterns and updates from the various contributing feeds. There
were two minor releases since 20120126.

All Spammed Up: Phishing Scam Targets Victims Using Better Business Bureau

2012-01-27T17:00:10+00:00

This past holiday season showed that spending in brick and mortar stores was significantly off targeted projects.

People just weren’t spending as much money in the malls and department stores.

However every single study of consumer spending did show that companies with a strong online presence had a significant boost in sales this past year, including the holiday shopping season. In fact during December alone, non-store sales rose 10.6 percent from the same time one year ago. Even automobile sales online boasted a 9.5 percent increase.

To make sure they can stay competitive in the online retail sector, businesses must strive to build, and at the same time maintain, a solid reputation on the Internet.

Of course it was only a matter of time before spammers realized this as an opportunity to take advantage of this trend to dupe business owners into downloading dangerous malware.

How the Scam Works

Businesses are sent an email branded with the Better Business Bureau logo that reads:

“Thank you for supporting your Better Business Bureau (BBB). Your BBB receives more than 6,500 requests for information every day and provides reliability reports to consumers 365 days a year, 24 hours a day, and 7 days a week.

As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.

We encourage you to use our ONLINE FORM to provide us with this updated information. The URL below will take you directly to this form on our website:

CLICK HERE to login to your BBB account

You may also complete the form on the reverse side of this letter and mail to PO Box 1000; DuPont, WA; 98327; or fax to (206)436-5496.

Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily. In addition, many consumers may search our database using your e-mail and/or Web address, so please be sure to include this information as well. As a BBB accredited business, you receive a free hyperlink from your online reliability report to your company Web site if provided to us.

Thank you again for your support, and we look forward to receiving this updated information.

Sincerely,

Accreditation Services”

Eager to keep their information and good standing current, business owners and managers who click the link are not taken to a legitimate site hosted by the BBB. Instead their computer downloads malware and their account credentials are compromised by the phisher.

Another version of the phishing scam informs the recipient of the email that a negative review of their company has been posted to the BBB site. To refute the claim, the recipient must click on the supplied URL and address the problem. Failure to do so would result in the complaint resulting in a bad report being filed.

The URL here also directs the victim to a malicious site and has the potential for account credentials being stolen.

Fighting Back

This newest scam is the third of its kind in the last three months targeted at business owners.

Businesses have been instructed, by the BBB, to contact them directly if they receive emails claiming that they have received a negative complaint or that their information is incorrect or incomplete.

The Better Business Bureau is also taking steps to fight the problem, enlisting the help of the FBI.

“Our national organization in Arlington, Va. has been working for three months with the FBI, and I can tell you that they’ve closed down over 50 sites”, Katie Carrol, Director of Media Relations and Communications with the BBB, said.

They have also asked for business owners to help them fight this growing problem by contacting them at phishing@council.bbb.org if they received these emails, or any others like them.

IT departments should also be aware of this scam and take necessary precautions.

In house steps that can help prevent problems related to this latest attack, as well as others, include:

Keeping anti-malware software up-to-date.
Make sure anti-spam solutions are configured correctly and up-to-date.
Make sure that employees are aware of this scam.
Put procedures in place for employees who receive this email, or other spam messages, to report it.
Teach employees how to better recognize spam and phishing attempts.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Phishing Scam Targets Victims Using Better Business Bureau

All Spammed Up: Go Phish Yourself?

2012-01-27T15:00:26+00:00

A new open source toolkit is designed to provide a way for companies to educate their
employees on how to spot phishing scams, but it may give scammers a lot of help as well. The open source Simple Phishing Toolkit includes a scraper that will quickly clone any website and create a phishing lure. It also comes with tools that allow administrators to track how many employees click on the lure, what links they followed, when they did so, and even their IP addresses, browser info and operating systems.

Naturally, such tools would be very useful for IT departments and system administrators to educate employees on how to spot phishing scams. Employees falling for such scams are a leading cause of corporate data breaches, and such breaches can cost a company millions.

“The whole concept with this project started out with the discussion of, ‘Hey, wouldn’t it be great if we could phish ourselves in a safe manner?’” said Will, one of the Toolkit’s co-developers. “It seems like in every organisation there is always a short list of people we know are phishable, who keep falling for the same thing every six to eight weeks, and some of this stuff is pretty lame.”

While it appears the developers had honest intentions when they created the toolkit, the fact remains it could be pretty attractive to the bad guys and they have no way of controlling that. Right now it doesn’t record any data typed into the fake phishing sites it generates, but they said future versions of the kit will have that functionality. That may make it irresistible to scammers looking for a way to create phishing campaigns that’s fast and won’t eat into any profits.

What do you think? Are these toolkits helpful or just asking for trouble?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Go Phish Yourself?

Richi Jennings: LOL. Met Office issues 'yellow snow' warning? #youcouldnotmakeitup

2012-01-27T13:02:10+00:00

LOL. Met Office issues 'yellow snow' warning? #youcouldnotmakeitup

Met Office: UK: severe weather warnings

Richi Jennings: For those asking about the hard-core porn legal position in the UK, I found this amusing link. I'...

2012-01-27T11:33:08+00:00

For those asking about the hard-core porn legal position in the UK, I found this amusing link. I'm fairly sure it's not an urban legend...

Mull of Kintyre test - Wikipedia, the free encyclopedia

Kintyre is highlighted in red. The "Mull of Kintyre" properly refers to the promontory at the southernmost end, but in this context the apparent angle of the whole peninsula is the relevant ...

Richi Jennings: In N. Korea, use a cellphone and die. In IT Blogwatch, bloggers assume 'war crime' means they'll ...

2012-01-27T11:04:47+00:00

In N. Korea, use a cellphone and die.
In IT Blogwatch, bloggers assume 'war crime' means they'll be executed

#itbw

In N. Korea, use a cellphone and die

North Koreans found using cellphones are guilty of 'war crimes.' At least, during the 100-day mourning period for Kim Jong-il, we're told. In IT Blogwatch, bloggers assume that means they'll be execut...

Spam Wars Dispatches: Phony (and Inept) Intuit Email (Updated)

2012-01-26T19:59:01+00:00

I love it when crooks make simple mistakes that cost them. Look at the following email message claiming to come from Intuit (the accounting and tax return software company):

From: INTUIT INC.
Subject: Your tax information needs verification.

Dear Account Holder,

In order to guarantee that correct data is being maintained on our systems, as well as to provide you better quality of service; INTUIT INC. has partaken in the Internal Revenue Service [IRS] Name and TIN Matching Program.

We have discovered, that your name and/or Employer Identification Number, that is indicated on your account does not correspond to the data obtained from the IRS and/or SSA.

In order to check and update your account, please click here.

Yours truly,
INTUIT INC.

Corporate Headquarters
2632 Marine Way
Mountain View, CA 94043

Is this a phishing expedition or a malware lure? It's hard to tell because the doofus failed to set up the botnet spam sender to fill in the actual link. Here's the source code:

<a href="http://{int_link}">click here</a>

The {int_link} text is a placeholder for the actual link to be inserted. My gut feeling is that this template is supposed to be used to lure recipients to a hijacked web site for malware delivery. That's just my, um, intuition based on years of reading this crap.

Anyway, don't be surprised to see a subsequent blast with this social engineering trick — don't want to screw around with tax stuff, right? — but with the link "fixed."

Update (26Jan2012, 1800 PST): He's been going at it now for over six hours and still no change in the URL. He must be scratching his head over why he has zero responses (my favorite number). Here are variations in the Subject: line I've seen personally:

We need your tax information ASAP.
Your tax information needs verification.
Urgent update of tax information is requested.
Verify the correctness of your tax information.
Tax Information needed urgently.
Please update your tax information promptly.
Verify your information for INTUIT INC..

Message bodies also vary a little, but the basic intention is the same.

Somewhere along mid-run, the idiot figured out how to include the actual image binary data for the Intuit logo header at the top of the message. But he still can't figure out the active link stuff. He must have burned through at least a hundred bucks of botnet time with no chance of payback. I'm doing the Snoopy happy dance.

Enemieslist: new patterns posted - 20120126 (maintenance patterns release)

2012-01-26T18:03:15+00:00

89384 patterns in 32614 domains, 12107 right anchor strings, 353708 test IPs

New patterns and updates from the various contributing feeds.

All Spammed Up: Several New Phishing Campaigns Going Strong

2012-01-26T17:00:06+00:00

Several new phishing campaigns have been spotted in the wild.

The first one is a new incarnation of an old scam. Emails that look like they’ve come from your friends arrive with an urgent message about them being on a trip to a far flung place such as Madagascar, London, or Berlin and needing help. You see, they were mugged/assaulted and all of their money and documents were stolen, and they really need to go home but there’s the matter of their hotel bill. The messages generally ask for about $1600 to be sent via Western Union. Of course it’s just a variation of a 419 scam. If you get one, no matter how convincing it sounds, try contacting your friend first. In 99.9% of cases you’ll find they are safe and sound at home.

Next is the Better Business Bureau, who has joined the ranks of the brandjacked as new spam messages claiming to be from them are making the rounds. The messages tell the recipient that a complaint has been filed against them and urges them to click the included link to read it and respond. Anyone who does so is taken to a malicious site that attempts to infect their computer with the infamous Zeus Trojan. Zeus, distributes by a botnet with the same name, installs a keylogger and several other nasty bits on to the infected system and steals banking info and other sensitive data.

Finally, popular companies such as Facebook, American Airlines, Paypal, and several major banks are also being brandjacked by scammers. In some cases the phishing messages are receipts for fake purchases or reservations and in others, fake message or fraud notifications. In almost all cases, the attachments and links in the messages deliver malware. It looks like the spammers are hard at work building up their botnets!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Several New Phishing Campaigns Going Strong

All Spammed Up: Kelihos Actions Continue: New Defendant Named

2012-01-26T15:00:23+00:00

Last September we reported on Microsoft’s actions in taking down the Kelihos Botnet, and the civil actions pending against alleged perpetrators including Czech citizen Dominique Alexander Piatti and the dotFREE Group SRO. We then followed up with a story on the settlement reached and the dismissal of charges againt Piatti. Today Microsoft announced new actions in the legal followup to the botnet takedown.

The Microsoft Digital Crimes unit has continued its investigation into the perpetrators behind Kelihos, and today filed an amended complaint in the U.S. District Court for the Eastern District of Virginian, naming Russian citizen Andrey N. Sabelnikov as the alleged perpetrator.

Microsoft indicated in a blog post today that former defendants Piatti and the dotFREE Group have been cooperating with Microsoft, and it is this cooperation combined with new evidence that has enabled Microsoft to amend their complaint and name Sabelnikov.

In the amended complaint, Microsoft presented evidence against Sabelnikov alleging that he wrote code for Kelihos and either created or participated in the creation of the malware. Evidence was also presented supporting the allegation that

Sabelnikov “used the malware to control, operate, maintain and grow the Kelihos botnet.”

The complaint goes on to allege that Sabelnikov registered over 3,700 domains in the cz.cc namespace with the dotFREE Group SRO, using these in the ongoing spread and control of Kelihos.

A statement on Microsoft’s official company blog by Senior Attorney for the Microsoft Digital Crimes Unit Richard Domingues Boscovich asserts Microsoft’s commitment to continuing the investigation and taking action against all the individuals who participated in Kelihos. Remember that the original complaint named twenty-two John Doe co-conspirators. One can only assume that Sabelnikov is the first, with another twenty-one to be named as more evidence is developed.

Microsoft has also made available more information on botnets and free tools to help clean users’ computers if they have been infected. You can view that information at: http://support.microsoft.com/botnets.

As more information develops on this case, we’ll be sure to keep you up-to-date with continued coverage. Those of you with an interest in the legal actions involving Sabelnikov can read the amended complaint here (PDF, new window).

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Kelihos Actions Continue: New Defendant Named

Richi Jennings: Hard-core porn in Google+ -- Google asleep at the switch. Seriously, what's the point of reportin...

2012-01-26T11:41:07+00:00

Hard-core porn in Google+ -- Google asleep at the switch.
Seriously, what's the point of reporting abuse if Google ignores it?

#tlv $GOOG

Hard-core porn in Google+ -- Google asleep at the switch

Hey! Google! Wake up! Porn spammers are running rampant over your social networking baby. Reporting them seems to have no effect. Please get a grip.

Richi Jennings: iPhone 5 release date sooner than thought, says Foxconn nark Production is already 'gearing up.' ...

2012-01-26T10:50:46+00:00

iPhone 5 release date sooner than thought, says Foxconn nark
Production is already 'gearing up.' In IT Blogwatch, bloggers debate veracity of tittle-tattle.

#itbw $AAPL

iPhone 5 release date sooner than thought, says Foxconn nark

The iPhone 5 release date will be this Summer, according to a previously-reliably source at Apple's (NASDAQ:AAPL) contract manufacturer, Foxconn. The final design seems nearly finalized, and productio...