So why are some people who share the common vision of a spam-free, bot-free world more than a little irked by Microsoft’s actions?

At CircleID, Wout de Natris, an international cybercrime consultant and trainer of spam enforcement, wrote a telling article about the back story behind Microsoft’s latest foray into cybercrime enforcement. Depending on how one reads what’s happened, one might wonder whether Microsoft is nothing more than a headline-grabbing maverick, jumping the gun at the expense of other efforts intending to battle cyber jerks; or whether the software giant is merely acting as the new sheriff in town, ready to pump cyber lead into any offenders who try to disrupt the computer operations of law-abiding citizens. One might even be compelled to ponder why in the heck these organizations, seemingly sharing in the common goal of stamping out the spambags, are fighting amongst themselves.

According to The Register:

“The takedown came after Microsoft filed suit against 39 unnamed parties on Monday (16 March) asking for permission to sever the command-and-control structures of these ZeuS botnets. The action follows the same tactics as previous successful takedowns of Waledac, Rustock and Kelihos spam-distribution botnet networks.”

Microsoft detailed its actions, which came after months of investigation into the illegal activities of said botnets. End of story, right?

Not so fast, says Michael Sandee, Principal Security Expert at the Dutch security firm Fox IT, who has a lot to say on the matter. In a lengthy blog post published April 12th, Sandee makes no bones about his displeasure at Microsoft and its actions. He describes the entire operation as:

“very twisted and [something which] will leave you with an uneasy feeling.”

He goes on to describe the events in which “Microsoft has endangered the success of countless ongoing investigations in both the private as the public sector all over the world from east to west.”

Furthermore, “Microsoft’s declaration contained statements which were incorrect and even contain misleading information regarding the invasion of privacy regarding the victims of ZeuS botnets, as their personal information may end up in the hands of Microsoft.”

In summarizing the whole thing, Sandee pulls no punches when underscoring his scathing diatribe.

“This irresponsible action by Microsoft has led to hampering and even compromising a number of large international investigations in the US, Europe and Asia that we knew of and also helped with. It has also damaged and will continue to damage international relationships between public parties and also private parties. It also sets back cooperation between public and private parties, so called public private partnerships, as sharing will stop or will be definitely less valuable than it used to be for all parties involved.”

All this has led to accusations directed squarely at Microsoft about their actions and the repercussions of compromising what appears to be many ongoing investigations. In one example, a security researcher who works at mapping criminal networks against botnets has been compromised in the sense that

[Note: Google translation from Dutch to English] “one of his identities is now public, because Microsoft Access in a subpoena access to all his e-mails demanding.”

In fact, some critics are pointing out that Microsoft’s actions of taking down the two servers has had little effect and that the ZeuS botnet is alive and well and hurling thunderbolts from Olympus even as you read this article.

Ultimately, people may want to question Microsoft’s motives in what seems to be a botched operation. de Natris offers some valuable insights, however:

“What seems clear to me is that a company like Microsoft has tremendous resources that outdo most national police organisations. These investigative resources should not be lost due to a, it seems like, badly coordinated, but unintentional, action. If the clamour shows something, it is that both sides need to be more open to each other and learn to use respective strengths and avoid weaknesses.”

Here endeth the lesson.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Can’t We All Just Get Along?

The change comes from spammers reacting to many things:

• How spam filters identify their messages
• How recipients react to their messages
• What types of spam campaigns yield a profit
• The evolution of the botnet
• The ability to take advantage of malicious web pages
• The large amount of zero day threats
• More knowledgeable recipients.

In light of all of these changes, you can still say that spam works by sending as many messages to as many inboxes as they possibly can. While this is certainly the gist of how it works, it doesn’t even scrape the surface of what goes on behind the scenes.

If you have ever wondered as to how spam really works stick around, we are about to take a trip through a spam campaign.

Obtain email addresses

Before a spammer can start sending out junk emails, they have to know where they are going. They need a list of email addresses to send to.

The easiest way to do this is to simply buy email addresses. Several companies actually sell large databases of email addresses, some complete with other demographic information such as age, sex, occupation, income levels, etc.

Buying lists, however, can get expensive. A cheaper way for spammers to build a list is to use an automated program that searches forums, message boards, blogs, news groups and web sites for the @ sign. The software then captures these addresses and puts them into a list that can easily be uploaded into the spammer’s mass mailing program.

Creating the message

Spammers are sales people.

They are paid when they can convince someone, their victim, to take action. That action can be to make a purchase, click a link or download a file.

This being said, the spammer has to create a message that:

1. Gets the recipient to open the message
2. Gets the recipient to read the message
3. Gets the recipient to act upon the message

So they have to craft something that sells. Fortunately, many spammers are such poor writers that their sales copy actually tips us off to the fact that they are not legitimate.

Putting zombies to work

A spammer can’t just send tens of thousands of emails from their server each day. If they were to do this, they would be easy to spot.

Instead, they enlist the help of botnets that comprise of hundreds of thousands of zombie computers, also known as bots. This army of mindless computers then carries out the commands of the botmaster, a server that disseminates orders to the zombies. In the case of a spammer, these bots then send out the spam messages to those addresses on the email list.

Because thousands of computers can be utilized for this task the spammer can blanket millions of inboxes without concern. After all, if an ISP identifies the sender’s IP address and adds them to a blocklist, the spammer isn’t hurt at all. Their operation continues and the person who owns the compromised computer, the zombie, is forced to deal with the problem.

Since thousands of computers are compromised and turned into zombies every day, there is never a lack of willing recruits waiting to carry out orders.

Spammers can opt to build their own botnet by infecting the victims’ computers with malware that connects them to the network. While this gives the spammer complete control over their botnet, it takes time and some technical skill.

Most spammers instead opt to rent out an army of zombie computers for their spam campaigns. For as little as 9 dollars an hour, or 67 dollars for 24 hours, someone with the intention of sending out spam messages can make use of an already assembled botnet. All it is waiting for is instructions from the command and control server to get the spam flowing.

Look at the data (optional)

Once spam has been sent, the spammer needs to look at the data provided by their mailing software to tell them how many messages were filtered by anti-spam solutions, how many messages were opened and how many recipients converted on the action – whatever that may be.

Based on the feedback and data they receive, they will be able to craft a better spam campaign the next time around.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

How the Cycle of Spam Works

This campaign has several layers of brandjacking in it, making it a little more complex than most. Since it seems designed simply to allow the phishers behind it to steal email accounts and doesn’t attempt to install malware on the victim’s computer, it’s not that harmful as far as malicious spam goes.

Why the attempt to steal so many email addresses? Obviously to allow spammers to send out more spam, but it may also be an attempt to gather resources for another attack. Have you ever received an email from a friend or colleague telling you they are overseas, got robbed, and need your help to get home? Chances are they fell for a phishing email like the ones being sent out in this new attack, which allowed the scammers to access their email accounts and spam their contacts.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

OpenID Exploited by New Spam Campaign

Why they work

FUD is used to prey upon a victim’s ignorance, self-doubt, paranoia, and general willingness to believe anything that is negative. Spammers, phishers, and their like use FUD like a blunt object, because it works. This works for any number of reasons. More people tend to be trusting than not, and many more are willing to believe that they did something wrong, or that anyone with the semblance of authority is to be believed. Far too many non-technical users still think that because they don’t work for a big company or have their own website, no one could find them so anyone who does must be legitimate. Our own banks, credit card companies, mortgage holders, large companies, and governments, contribute to the problem by either sending out confusing communications themselves, or worse still, not making absolutely clear what they will and will not send to customers in email. This leads to a situation where a user cannot be sure what is and is not legitimate email, and they tend to err on the side of belief, where they should instead be skeptical by default.

How to recognize them

First things first – If you get an email from a company that you have not done business with, then you should automatically be suspect of the message. That is not to say that you should always trust any message that purports to be from a company you have done business with; only that you should know who you deal with and suspect anything that comes to you from someone you don’t.

Look for some of the hallmarks we’ve discussed in earlier articles in this series, especially links. Mouse over them without clicking on them, and see if what appears in your status bar, or in pop-up text, matches what is in the email, and that is seems to go to the business website.

Requests for personal information are almost universally a sign that the message is bogus, and if it is legitimate, the company should know better. Anytime you are directed to log onto a site and update your information, consider it a scam.

The more urgent a message seems, or the more emphatically it directs you to action, the more likely it is to be a scam.

What you should never do

1. Never click on a link in any message like this.
2. Do not reply to any message that you suspect may be bogus.
3. Do not forward any message that you suspect is bogus.

What you should do if you still aren’t sure

If you want to make absolutely certain that a message is fake, you can do one of two things. You can either call the company directly, or visit their website. DO NOT trust any phone number or URL that is contained in the suspicious email. If you really do have a relationship with the company that the email is allegedly from, go get your invoice or monthly statement and find the phone number or URL printed on that. If you don’t have that, use your favourite search engine to find their phone number or website. If you do have an account with the company and they really did need you to do something, either the customer service representative you speak to will have that information on the screen in front of them, or you will get a warning about what is required as soon as you log on.

You might also use your search engine to check to see if anyone else has reported a scam. Search for the name of the business and the word scam or fraud to see what results come up. You can also visit sites like http://www.hotscams.com to search for the name of the company to see if there are any reported scams that look like the message you have received.

A healthy degree of skepticism is critical in this day and age when anyone in the world can send anyone else an email that purports to be from anyone else. Reputable companies know the dangers of FUD, and will never send you an email requesting personal information, or that contain links to websites other than their own. Keeping always in mind that scams abound, you should be ready to recognize and to handle (that means delete) any scam message that gets past the filters and into your inbox.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Let’s Talk About Spam – FUD

Newt 2012, the organization behind the now defunct presidential campaign of former House Speaker Newt Gingrich, is showing a truly ugly side of itself. It’s no secret that presidential campaigns require a lot of money, and Gingrich’s was no exception. Even before he pulled out there were claims that it was struggling for money and seriously in debt. Those claims have been confirmed – they owe over $4 million.

Now that the campaign is over, guess how they’ve decided to make some fast cash?

By selling their email list to spammers. The list, which contains the names and email addresses of people who donated or otherwise supported the campaign, is being offered to any spammer will to fork over some dough. By doing this, they have made it clear their privacy policy is full of lies:

“We are committed to protecting your privacy online.”

“We may also use your email address to provide you news and information about Newt 2012. We may also…send you email messages about upcoming events or activities in your area.”

They are also engaging in a shady practice known as email appending:

““Email appending”…refers to taking known demographic information and using various methods to determine an email address for the purpose of adding people to a list or otherwise sending them email messages.”

In other words, even if you did not give the campaign your email address when you made a donation, they can find it and add it to their list anyway.

Let this be lesson to you about how NOT to do business. It doesn’t appear that what they are doing is in violation of the CAN-SPAM Act (although it should be), doing either of these things is a really great way to anger customers, damage your reputation/brand, and get you on spam blacklists, among other things.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spammers Love Newt Gingrich

In today’s post, we’re going to take a look at some actual spam messages to help you get a feel for what spam looks like. We’ll point out some of the obvious characteristics, as well as some of the more subtle traits that tend to be common amongst spam, to help you get more familiar with identifying it yourself. Once you know what to look for, spotting spam becomes less like “Where’s Waldo” and more like spotting the wolf amongst the sheep. Once you know what to look for, it’s hard to believe you ever missed it.

Who is that?

Unless you make it a habit of giving out your email to every stranger you meet, treat any email that comes from someone you don’t know as suspect. This doesn’t hold true if you are the contact person at your work, but for your personal account, don’t assume you have to open every message sent to you. If you don’t recognize the sender, it’s probably going to be junk.

Open attachment

Any email that contains nothing more than an attachment, and maybe a short one liner telling you to open the attachment to read the important message is not only spam, it may well be malware. Delete these without opening the attachment, and if you did open the attachment even though I warned you not to, make sure to run a full anti-virus scan immediately.

Dearest friend

Not too many people speak like that, except for those scammers who are trying to get you to help them smuggle unclaimed funds out of their country, or are appealing to you to donate to their worthy cause.

???.?????

Unless you actually read the language, it’s a safe bet that any messages that arrive in your inbox with subjects or senders that look like this are probably spam.

me

Odds are, if you email yourself something, you’ll remember it. Anything else that looks like it came from you to you is from someone spoofing your email address.

RE:

If you see a message with the subject line starting with RE: you will probably think it is a reply to an email you sent. Think about it though. Do you recognize the sender and do you remember sending an email with that subject? If both of those answers are no, hit the delete key.

Big Government Entity

Spammers often pretend to be a governmental agency to get you to open their messages. Law enforcement and tax authorities are often spoofed. If someone from the FBI was going to email you, it would probably come from some username @ fbi .gov, not FEDERAL BUREAU OF INVEST. and would likely be in response to an email you sent. Look at the sender and the subject line, and ask yourself if it even feels a little bit legit. Odds are you’ll be hitting the delete key and you’ll be right to do that.

Big Corporate Entity

Same thing here. You just aren’t going to see legitimate emails from COCA COLA COMPANY or WALT DISNEY WORLD as the sender.

You may already be a winner

And you may already know what to do with any message that promises winnings from some contest you never entered.

Blessings to you

Should be immediately followed by deleting by you. Many of the phishing scams out there start with some benediction because hey, anyone nice enough to start an email that way must be honest, right?

ANYTHING IN ALL CAPS

This is almost universally equated on the Internet with shouting at the top of your lungs, and it’s just not going to be something legitimate email is likely to have.

no subject

Most mail clients will warn the user before they send a message with no subject, but no spammer program will. If the message has no subject at all, it is almost certainly spam.

While none of these are 100% absolutely and without exception guaranteed to be the hallmarks of spam, each and every one of them is something you want to watch for, and be suspicious of any email you receive that falls into one of these categories. The best thing you can do is approach your inbox with a healthy bit of skepticism, and err on the side of caution.

I’m sure some of you are wondering why I left off your favorite spam warning sign. Please, share the best with the rest of us by leaving a comment below!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Let’s Talk About Spam – The Worst Offenders

Spammers are now looking at new targets to help them replace that lost income. Along with increasing efforts on social networks, which they’ve been pummeling steadily for the last few years with various phishing and likejacking schemes, they’ve also been fine tuning their black hat SEO techniques and focusing on the newest player in the spam game-mobile devices. SMS spam has started to rise and in some countries has already become a huge problem.

Does this mean your inbox is safe? Not really. The spam that’s still being pumped out is more highly targeted and sophisticated. Spear phishing attacks have seen an increase, as have campaigns featuring malware ridden spam messages. Some of these campaigns feature the Zeus Trojan while others offer lesser known variants. All are designed to steal log in info and bank/credit card details. The spammers could be harvesting such info with the intent to sell it, or to make a quick buck. It’s also possible that they are trying to create new botnets or repopulate older ones, but the huge audiences on social networks continue to be the most popular targets. One out of every 60 messages posted on Facebook and one out of every 100 tweets on Twitter are spam.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Cybercriminals Leaving Email Spam Behind

Most people wouldn’t find this surprising at all because of the assumption that India is a base for cyber criminals intent on ripping off the hard working public.

But if this were the case, why did India unseat the United States for this honor?

It might be because the number of computers in India has ballooned over the years. In fact the Deccan Herald reports that the number of computers in urban India has doubled over the past three years to 28 million.

That means at least 14 million new computers are in the homes of people who haven’t had much experience using them before.

These naïve new users are just the kind of targets spammers are looking to manipulate; and it seems to be working because most of these spam messages come from “domestically hijacked PCs”.

Spam isn’t going anywhere

Despite being constantly told that spam is declining numbers like these show us that spam really isn’t going anywhere, anytime soon.

As computers become more accessible, spammers, and other cyber criminals, will find new victims to take advantage of. These victims often come from economies that have seen a sudden growth over the last few years. Take, for instance, some of the other countries that have found themselves on this list:

• South Korea
• Indonesia
• Brazil
• Pakistan
• Vietnam
• Poland
• Peru
• Taiwan

Of course countries like the United States, Russia and Italy remain on the list as well.

What does this mean for the fight against spam?

In addition to having a much larger threat landscape as a result of all the newly connected computers, the bad guys are dealing with a new crop of computer users who haven’t been taught how to avoid spam and malware. These potential victims will continue to add zombie computers to help rebuild the fallen botnet armies and establish newer one as well.

But it doesn’t have to be this way. As a matter of fact, each new computer user that plugs into the Internet for the first time offers the good guys a chance to start with a clean slate, a tabla rasa when it comes to doing the stupid things that make it easier for spammers to flourish.

So just what are the things we would like to see ingrained in these fresh minds? Take a look and see:

1. Get them used to creating strong passwords right from the beginning to make it hard on the bad guys.
2. Understand that anti-malware scanning takes time but it still needs to be done daily.
3. In addition to scanning for malware, they need to know that the definition files need to be updated constantly. This too takes time but it has to be done.
4. Don’t click on links that you don’t trust. Even if you do trust them, be extremely cautious.
5. If your computer becomes infected with malware, change all your passwords immediately after cleaning your computer.
6. Don’t sign up for free stuff. Punching a monkey will not get you a free iPad or Xbox. Coupon sites are dangerous also. Most of them will flood your inbox with targeted spam because you filled out a pretty detailed questionnaire.
7. Don’t post your email address all over the web. If it is listed on a website you will get spam sent to you.
8. Use a throwaway email address for registrations. Never use your good email to sign up for stuff online.
9. Teach your spam blocking software what junk mail is. The more you identify spam, the smarter it becomes.
10. Keep your work email and personal email separate.

Who knows, maybe if enough people are taught how to avoid spam, malware and phishing from the beginning we can really see some significant reductions in their numbers.

Did I forget a tip that you know of? If so, be sure to mention it in the comment section below!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

India is the New Spam King – What Can We Do About It?

Coming on July 9, “Internet Doomsday”, as it’s been dubbed by the media, is the day when countless Internet users will be disconnected from the lifeblood they so desperately need to friend people, like (but not unlike) things, make deep and lasting statements in 140 characters or less, tend to virtual farm animals, fire angry birds at things (question: why are they angry? One might presume it’s because we fire them at things, but you have to remember that they were angry before that) and generally get their fill of free porn, dubious accounts of movie stars, and as many uncorroborated facts as people care to digest. Simply put, Internet Doomsday is the day when the ultimate payload of a five year-old Trojan comes crashing down.

The case of DNSChanger came to a satisfying end last November when the FBI, in partnership with law enforcement agencies that included cops in Estonia, carried out a bust dubbed Operation Ghost Click, only the coolest nickname for a criminal operation, like, ever. DNSChanger, which has been around since 2007, spread itself widely through spam e-mail, while infecting millions of computers and netting the spammers untold riches in advertising revenues. Basically, when it delivers its payload, DNSChanger modifies the DNS settings of the infected system so that legitimate URLs are redirected to malicious sites designed to steal information and earn ad revenues for the scam artists.

Operation Ghost Click saw two data centers and hundreds of C&C servers in the U.S. shut down on November 8, while six Estonian scumbags were carted off in handcuffs; but the hard work of law enforcement continued long after the bust. The FBI had to put something in the place of DNSChanger’s servers – a legitimate redirect service so that infected systems could continue to operate. As indicated on GFI Labs, July 9^th is the date when law enforcement pulls the plug on the clean DNS servers. After that, users who weren’t aware that they were infected – and there will be many – will have to deal with the unfortunate reality of virtual crops wilting away, and they will have to figure out why the Internet connection thingy ain’t working so good no more.

That’s why the FBI and other agencies have put the word out. The hope is that people will learn of the impending doom on July 9^th and have their systems checked.

To learn more, head on over to the FBI’s site. You should direct as many users as you can to that site and to the DCWG’s site (http://www.dcwg.org/detect/), where you can choose a URL from the provided list to determine if your DNS is being routed properly. There’s even a section that lets you manually check your system for infection. If no infection has been detected, users can promptly get back to liking things and firing angry birds at them. If, however, a user’s system is having its DNS re-routed, then users should follow the advice at DCWG’s site, or contact their ISP right away.

It is not recommended that users write 140 character diatribes lamenting that their world is about to end on July 9^th. Tell them to write about something happy, like Brangelina and those six lucky kids. Me, I’m still trying to get them to adopt me.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Doomsday Coming July 9, Mayans Disagree

“Defendants are using anonymous gmail.com email accounts and have sent five or more emails to hundreds of AT&T employees located in the aforementioned call centers. These emails are being distributed via internal AT&T email distribution lists. As a result, AT&T has been forced to reconfigure its email distribution systems, perform scans for malicious programs, and install electronic safety measures – all of which resulted in damage to AT&T’s computer systems,” the complaint states.

It’s not clear how reconfiguring their email, running an anti-virus scan, and installing security software (shouldn’t they have had those to begin with?), could possibly damage their systems, but the company says the spammers, who used Gmail accounts and pretended to be various AT&T management officials, sent messages to the various call centers announcing fake dress code changes, fake call center closings, and even a fake emergency evacuation.

“AT&T claims the emails have disrupted services at its call centers and have “affected AT&T’s ability to provide services to its customers. This disruption in service has resulted in additional customer service costs as well as increased overhead costs as AT&T was required to compensate its employees for significant non-productive time.”

What does seem clear is that the person or persons behind the spam have a definite grudge against the company and may be a disgruntled employee or former employee. The complain stated one of the Gmail account names was “”ImTooUppityForThisJob,”

AT&T plans to subpoena Google to find out the identity of the spammers. They are seeking damages under the  federal computer fraud and abuse act.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

AT&T Sues Gmail Spammers