Anti-spam and malware enforcement agency ACMA reports on this (shocking high?) figure. Keep this up and ca. 50% of the Australian population is infected within a year. I remember a presentation from Sweden only a few years ago, that there were only a little over a thousand infected pc's in Sweden. (Reactions were: that can't be correct. Too low) Do you know what the numbers are for your country and maybe more importantly what your government and/or Industry is/are doing about it? more
All effective spam filters use DNS blacklists or blocklists, known as DNSBLs. They provide an efficient way to publish sets of IP addresses from which the publisher recommends that mail systems not accept mail. A well run DNSBL can be very effective; the Spamhaus lists typically catch upwards of 80% of incoming spam with a very low error rate. DNSBLs take advantage of the existing DNS infrastructure to do fast, efficient lookups. A DNS lookup typically goes through three computers... more
I'm sure many of you are familiar with the targeted ESP phishing attack that has been ongoing for almost a year now and has led to multiple known ESP system breaches. Return Path was recently a victim of this same attack... In short, a relatively small list of our clients' email addresses was taken from us, meaning those addresses are now the targets of the phishing campaign that are intended to compromise those client systems. more
McAfee, Inc. today unveiled its McAfee Threats Report: Third Quarter 2010, which uncovered that average daily malware growth has reached its highest levels, with an average of 60,000 new pieces of malware identified per day, almost quadrupling since 2007. At the same time, spam levels decreased in volume this quarter, both globally and in local geographies. Spam hit a two year low this quarter while malware continued to soar. More than 14 million unique pieces of malware were identified in 2010, one million more than Q3 2009. more
From time to time, we see unenlightened comments about the efficacy of laws in the fight against spam. "Laws won't stop spam" being the most common. No, they won't. What laws do is dissuade some people from undertaking shoddy mailing practices or even outright spam campaigns. Laws don't stop murder, rape and robbery either, but for those un-dissuaded who undertake such heinous crimes, we, as a society, have laws for punitive effect. They pay the price society exacts for their actions. C-28 will attenuate spam in Canada, and help us to fight spam internationally. more
The case Melaleuca v. Hansen has been moving slowly through Idaho federal court since 2007. On Sept 30 the court decided in favor of the defendants. Although the outcome is probably correct, the court's decision perpetuates the misreading of CAN SPAM from the infamous Gordon case that makes it in practice impossible to win a CAN SPAM case in the 9th Circuit. more
A small company in suburban Philadelphia called Holomaxx recently filed two lawsuits against large webmail providers, complaining that they weren't delivering mail from Holomaxx. The first suit is against Microsoft and Return Path, and the second suit is against Yahoo and Cisco/Ironport. Neither is going anywhere. more
If you haven't noticed lately, spam levels around the world have started dropping especially in October after a couple of events occurred. The first is a Russian crackdown on alleged spam king Igor Gusev, thought to be involved in the operations of SpamIt.com. SpamIt mysteriously shut down in late September, perhaps because Gusev caught wind of law enforcement starting to take notice of him. more
Spam and virus trends in Q3'10 confirm that spammers are still hard at work distributing malicious content in new and creative ways, according to the latest reports. The latest spam and virus trends report is produced by Postini, Google's email security and archiving service that, according to the company, processes more than 3 billion email messages per day and more than 50,000 businesses. more
Micorsoft has released a 253 page cybersecurity ebook primarily intended for teens but also serves as a useful resource for adults interested in overall understanding of various Internet security topics. more
Reading through Brian Kreb's blog last week, he has an interesting post up on the White House's call upon the industry on how to formulate a plan to stem the flow of illegal pharmaceuticals...It is unclear to me whether or not the goal of this initiative is to stem the flow of online crime in general or to reduce the flow of illegal pharmaceuticals flowing into the United States (since presumably this cuts into the profits of large pharmaceutical companies... more
Earlier today, Google and Verizon offered a widely publicized "Proposal for an Open Internet." There's been extensive comment with lots of reasons not to like it, but one I haven't seen is that the proposal would make it much harder to filter so-called "mainsleaze" spam. ... The problem is that under the pitifully weak CAN-SPAM law, a lot of spam is entirely legal. more
A few weeks ago, Spamhaus filed a motion to have the judge reconsider his recent $27,002 award to e360. Their brief hangs on three arguments. ... it's clear Spamhaus is prepared to take this to the Court of Appeals (again) if the judge doesn't reconsider. In my lay reading of the law, and the memo in support of motion to alter judgement I don't think Spamhaus is out of line in asking for the judge to reconsider. I expect that if the judge doesn't reconsider, then we'll see an even more aggressive filing taking it up to the Court of Appeals. more
In a perfect world, consumers recognize authentic emails from fake, update their operating system, browser and anti-virus software, and have a healthy skepticism about the safety of the Internet. The bad guys hate perfect, so we should be working with consumers to stop them. ... Organizations like mine are joining forces to recruit consumers -- who are also your customers and employees -- in the fight against cybercrime. more
M86 Security today released it's bi-annual security report for the first half of 2010, highlighting the evolution of obfuscation through combined attacks. From the report: "This threat trend is the latest to emerge as cybercriminals seek new ways to limit the effectiveness of many proactive security controls. Because existing techniques for 'covering their tracks' are becoming less effective, cybercriminals have begun using combined attacks, which are more complex and difficult to detect. By splitting the malicious code between Adobe ActionScript language - built into Adobe flash - and JavaScript components on the webpage, they limit the effectiveness of many of the the proactive security detection mechanisms in place today." more