Reported today on BBC: "Police chiefs are urging people looking for work during the recession to be alert to online scams that trick them into laundering money. The Serious Organised Crime Agency (Soca) says websites are currently being used to recruit 'money mules'. The 'mules are ordinary people who send and receive payments through their bank accounts to facilitate business." Neil Schwartzman has also informed us of a related report by RSA FraudAction Research Lab based on several months of tracking various reshipping scams engineered by online fraudsters. more
On November 2, 2009, Microsoft released its seventh edition of the Security and Intelligence Report (SIR). The SIR provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications. The following is an excerpt from the SIR, pp 29-32, about the Conficker worm and the industry response that showed an incredible amount of collaboration across vendors. more
When CAN-SPAM was passed in 2003, it was fairly clear that Congress wasn't trying to enable broad private enforcement. Everyone knew that rabid anti-spammers would seize any new statutory right for a litigation frenzy... Although I personally think Congress would better served all of us by omitting all private enforcement rights in CAN-SPAM, unquestionably the private rights in CAN-SPAM are drafted narrowly to prevent their abuses. That hasn't stopped some zealous anti-spammers from testing the limits of CAN-SPAM's private enforcement remedies anyway. more
Messaging Anti-Abuse Working Group (MAAWG) has issued the first best practices aimed at helping the global ISP industry work more closely with consumers to recognize and remove bot infections on end-users' machines. The paper outlines a three-step approach with recommendations for detecting bots, notifying users that their computers have been compromised, and guiding them in removing the malware. more
New research from the Anti-Phishing Working Group (APWG) has found that up to 81% of domain names used for phishing are legitimate domains that have been hacked. More specifically, out of the 30,454 phishing domains under observation, only 5,591 domain names (18.5%) were registered by phishers according to APWG. The remaining small percentage of the domains used in phishing belonged to subdomain resellers such as ISPs and other web-based services. more
In part 1, we explained that the DKIM "d=" value identifies the domain name which signed the message, which may be a different domain name from the author of the message. Tying the signing and author domains together will require an additional standard: Author Domain Signing Practices (ADSP). In IETF parlance, the "author domain" is the domain name in the From: header, so ADSP is a way for the author domain to publish a statement specifying whether any other domain name should ever sign a message purporting to be From: that author domain... more
This very interesting document was released by ICANN's Generic Names Supporting Organization (GNSO) for public comment yesterday. And it asks some fundamental questions while at the same time pointing to sources such as the Honeynet Alliance's reports on fast flux. more
As recently reported, spam volumes indicate spam has nearly jumped back up to its pre-McColo shutdown levels. However, Symantec's The State of Spam report has also observed that in recent days spammers are increasingly piggybacking on legitimate newsletters and using the reputation of major social networking sites to try and deliver spam messages into recipients' inboxes... In its special URL investigation the report also indicates that on average approximately 90 percent of all spam messages today contain some kind of a URL. Additionally, analysis of data from past recent days, according to Symantec, have shown that 68% of all URLs in spam messages had a '.com' Top-Level Domain (TLD), 18% had a China's '.cn' ccTLD and 5% had a '.net'. more
John Ferron is one of several "repeat" plaintiffs around the country suing over unsolicited email (perhaps not coincidentally, he's also an attorney). In this case, Ferron sued a variety of defendants associated with unsolicited email promoting dish satellite offerings for violations of Ohio's consumer protection law and the Electronic Mail Advertising Act (EMAA). more
The 2004 criminal spam case against large-scale spammer Jeremy Jaynes, which I've covered in several previous blog entries, appears to have come to an ignominious end with the state supreme court throwing out the law under which he was convicted. The Virginia anti-spam law was one of the first in the country with criminal provisions, but it failed due to the way that First Amendment cases are treated differently from all other cases. more
There's no denying that the fight against spam attracts a lot of crazies, both pro- and anti-spam. One of the common attributes of the anti-spam kooks is that they often think in terms of somehow taking revenge against the spammers -- regardless of who else gets hurt along the way. In 2005, that revenge came in the form of BlueFrog, a service which purported to launch what can only be called denial of service attacks against spammers' web sites... This week, a company called SpamZa was hurriedly making a similar mistake... more
There's a lot of chatter about a recent study purporting to show that 29.1% of internet users has bought something from spam. As ITWire reported, "Marshal were not only interested in how many people were purchasing from a spam source, but also what goods and services they were buying. Perhaps less surprisingly this revealed that sex and drugs sell well online." But at downloadsquad, Lee Mathews discovered the shocking truth: "the survey only involved 600 people." more
Call it outreach, call it propaganda or call it brilliance or even desperate measures, spammers (people) who favour the Georgian side in the recent conflict have been spamming using email, to get their point across. Depending on where in the world you are from, your ideological standpoint on Russia and your beliefs, when it comes to what email should be like, can be different and you may judge the action as you will. I call it spam. An Estonian colleague Viktor Larionov was quoted saying that whether there is a cyber war in Georgia or not, we know there is in fact a media war in play... more
This past week we have been seeing some heavy CNN spam -- that is, spam in the form of breaking news stories from CNN.com... These all look like legitimate news stories, and indeed, they probably are taken straight from an actual CNN news bulletin (I don't subscribe so I wouldn't know). Indeed, the unsubscribe information and Terms of Use actually link to actual CNN unsubscribe pages. However, if you mouse-over all of the news links, they go to a spam web page wherein the payload is either a spam advertisement or you click on another link to download a file and flip your computer into a botnet. more
In an article published by the Technology Liberation Front, Cato Institute adjunct scholar Tim Lee dissects a recent argument by the American Civil Liberties Union (ACLU) regarding free speech & anti-spam laws. It's been interesting to watch the ACLU wrestle with anti-spam legislation. Their entire purpose is to work through the legal system to protect our civil rights, as defined in the First Amendment -- which is why I've been a card-carrying member since before I was old enough to vote... more
A World-Renowned Source for Internet Developments. Serving Since 2002.