Site Sponsor:
Ask the Expert
Search this site
Entries from Realtime Community | Messaging and Web Security tagged with 'spam'
Spam Botnet is Back; ISP Shuts Down Command and Control
The Srizbi botnet that was shut down recently when the ISP hosting command and control servers were cut off. The botnet re-emerged because bots were able to reestablish contact with C&C serves; the botnet designers were thinking ahead and planning...
Study of Cybercrime and Underground Economy
A new study from Symantec (pdf) tries to get a picture of the underground economy for cybercrime by monitoring publicly available sites and channels. This type of survey provide insight into the exposed side of cybercrime but as the report...
Spam Levels Still Down but Expected to Come Back
In a followup to last week's story about the drop in spam volume that came after an ISP cut off a large volume spammer, the Washington Post reports spam volumes are still down....
Spam Is Down But Will Be Back
Spam has dropped 66%-75% with the shutdown by some ISPs of a Web hosting company with spam spewing clients. Not only will this not last but spammers will be back and with a more resilient strategy....
Facebook Target for Cybercrime
Forget your underwater stock options, you know your startup is a success when cybercrime takes notice....
Researchers Study Spam Botnet Up Close
Biologist spend a lot of time observing organisms under various conditions to understand how they work and what they're made of. Some computer scientists took a similar approach to studying in the inner workings of the Storm botnet....
Death of a Spam Ring
One of the largest spamming groups on the Internet, HerbalKing, has been effectively shut down by the Federal Trade Commission....
YouTube Fakes Push Malware
A kit is now available on the Internet to help build fake YouTube sites which can be used to push malware....
Increase in Spam Carrying Malware
There has been a 10x increase in the amount of spam that is carrying a malware payload since the early summer....
Unsecured WiFI is Asking for Trouble
If you think sharing your WiFi is some kind of public service or you're just not sure how to go about securing your access points, it's time for a change....
"Political Sex Scandal" Lure to Spread Malware
Looking for dirt on a presidential candidate? Be careful what you wish for....
This Summer's Malware Spike
A couple of stories from the Google Enterprise Blog and McAfee Avert Labs indicate attackers are taking advantage of top news stories once again to push malware....
Small & Midsized Companies Targeted by Cybercime, Too
A significant number of SMBs think they are too small to be of interest to cybercriminals but that misses the point. It isn't a matter of being "of interest", its a matter of can a bot herder control your computers...
Malware, Spam, Pop-ups and The Most Likely Domains to Find Them
McAfee (sponsor of this site) uses data from it's SiteAdvisor service to compile data for it's annual reported called Mapping the Mal Web Revisited. While I think detailed data from SiteAdvisor is generally more useful than aggregate data, its useful...
Simple Solution to Spamming
Have you ever seen the Visa commercials depicting well choreographed customers happily flowing through coffee shops swiping their Visa cards only to have a cash wielding colleague gum up the works? The happy go lucky types are easily thrown off...
Spam, It's Not Just for Email Anymore
If you've traveled through the southeast US you may have seen an invasive vine called kudzu that seems to spread quickly to the point of overtaking other plants in an area. The Nature Conservancy says: it grows out of control,...
Super Strength Threats & Resilient Malware
Malware like Storm is highly adaptive and resilient. Combating and controlling the latest forms of malware will take new techniques. This podcast examines the characteristics of super strength threats, looks at the Storm botnet as an example, and discusses new...
Localized Malware
We've just posted a new article on localized malware. Researchers are finding more region and culture-specific malware; here's an excerpt:...
Anti-Phishing Measures: How Effective Are They?
Anti-phishing measures like customer selected site-images and Extended Validation SSL green bars are not the panacea we may have hoped for. Why? Partly because of the adaptive behavior of computer users and partly because of a lack of information about...
Largest Botnet Gains Foothold in Fortune 500
A botnet possibly twice the size of Storm is not just a consumer PC user problem. 50 of the Fortune 500 have been compromised according to Dark Reading:...
Celebrity Popularity and Spam
It's not surprising to hear Hillary Clinton, Barack Obama and John McCain were popular topics for spammers last month, but they weren't the only celebrities making the spam rounds. Micheal Jackson, Heather Mills, and Indiana Jones are climbing in the...
Don't Write Off CAPTCHAs Yet
Spammers are like some presidential candidates, just when you think they are beaten or at least not too much of a threat, they make a come back - just ask Hillary Clinton or John Mcain. The spammers' comeback is at...
Free Web 2.0 Sites Used to Push Porn
Online porn can be a money maker if you can get the traffic to sites and it looks like some are turning to Google Groups to help drive customers. InformationWeek is reporting that porn spammers compromised Google's services possibly bypassing...
Spam Bots Concentrating but Anti-Bot Options Increasing
Bots have become a main tool of cybercrime for generating spam, launching denial of service attacks, and stealing information. A couple of stories out recently look at the role of bots in spamming and the emergence of new anti-bot technologies....
Reports Show Threats from Cybercrime and Insiders
According to two reports, both cybercrime and self-inflicted security incidents were up last year. The IBM X-Force report shows camouflaging techniques are now used almost 100% of the time by malware attackers, and the Storm worm typifies the problems tracked...
Laws Need to Catch Up With Cybercrime
Art Coviello, executive vice president of EMC Corporation, and Robert Hollyeman, president and CEO of the Business Software Alliance, argue in an op ed piece in the San Jose Mecury News that federal legislation is required to stem the increasingly...
Phishers Luring Mules into Money Scams
Phishers are using middlemen to receive funds from defrauded bank accounts and then transfer the money on to the phishers. In one case, these mules were arrested by Dutch authorities for their participation in what sounds like a run-of-the-mill phishing...
Phishing for the Holidays
The holiday season brings is a busy time for all of us and phishers are no exception to the rule. This is a prime time to target online shoppers and others online. The last year has had good news in...
Spam is Getting Worse but We Don't Know How Much Worse
A couple of studies have come out with different estimates on the rate of spam growth this year. Barracuda analyzed over a billion messages and found an 85-90% increase in spam; Symantec's measurements show a 56% increase. Not that the...
Sophisticated Attack on Nuke Lab - Spam and Phishing Lures Still Malware Threat
The browser is a prime method for distributing malware, especially through drive by downloads from compromised sites. This doesn't mean email is no longer a problem as a couple of stories make clear. The first is from the New York...
Tracing Ron Paul Spam
SecureWorks has taken the time to investigate the October round of spam supporting Republican presidential candidate Ron Paul. Thanks to their work (with the help of myNetWatchman, IronPort and Spamhaus), we have a good case study in just how easy...
A Novel Approach to Spam Detection
Here is a twist on the reputation and Bayesian filter techniques usually employed in spam detection: profile the recipient. That's the approach taken by Abaca, a Silicon Valley email filtering company started by Steven T. Kirsch. The New York Times...
Survey Shows Our Irrational Reaction to Phishing
A survey out of the UK shows that our reactions to security threats isn't always rational. The Register describes a survey by YouGov on responsibility for spam. Suprisingly Two in five UK adults (42 per cent) quizzed feel that their...
Hacking for the Holidays
The holiday spam and phishing lures are on the way. As sure as stores will open early on Friday and shoppers start their annual treks to the mall or Amazon.com, the scammers will be pushing wares. From ComputerWorld we get...
Stripping for Spam
Spammers have come up with an innovative way to get around those scrambled letters used to prevent automated registrations. They've turned the tables on using humans using computers to computers using human to solve a problem. Spammers get humans to...
Porn Spammers Go To Jail
You had to wait 4 years and thought it would never come true, but yes there is a case that used the CAN SPAM Act of 2003. Before you get too excited and think this is the bleeding edge of...
Social Enginnering Techniques Changing
Another article has been added to the Messaging and Web Security library. This one is on how social engineering techniques are changing to lure more victims. Here's an excerpt from the article: Phishing is a well-known and established fact of...
This Week in Spam: Good News and Bad News
The Register is running a story today And now for something completely different: Good news on spam because there has been a drop in stock pumping spam: In the ever-escalating world of cyber insecurity, it's rare to find good news....
Storm Worm Responsible for Spam Spike
MessageLabs analyzed patterns in Strom work activity and discovered a spike in spam two days later according to The Register. The worm is propagating rapidly in part because it the developers use techniques to change the code every half-hour to...
Phishing and Countermeasures - Part 2
In Phishing and Countermeasures - Part 1 I reviewed an introduction to phishing, phishing attacks, spoofing and countermeasures, and pharming from Jakocsson and Myers Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. Today I'd like to turn...
Spammers Tapping Computing Power of Botnets
Say what you will about spammers and bot herders, at least they don't waste CPU cycles. With large botnets at their disposals, spammers are adding 3D effects to their image spam. F-Secure is reporting an increase in 3D image spam....
Phishing and Countermeasures Part 1 - A Comprehensive Resource
I've just started Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft edited by Markus Jakobsson and Steven Myers, and so far there is every indication it will be a solid resource. For starters, Jakobsson and Myers edit...
Storm Spam Doubles, Attackers Experimenting with New Techniques
Morphing social engineering techniques is the latest trick used by spammers, especially with the Storm spam and it fits with a strategy of targeting vulnerabilities with users less than with technology. It doesn't seem so long ago that PDF spam...
Yet Another Spam Type Coming Your Way
PDF spam is now joined by another file type, Forms Data Format (FDF), which can escape basic spam filtering according to John Leyden at The Register. (For details on PDF spam, see the article New Kid on the Block: PDF...
Blocking New Kinds of Spam: Check Content not File Types
The recent a drop in image spam and an increase in PDF spam is no surprise. Once detection rates improve beyond a certain point, its worth the time and effort of spammers to find another tactic. It also means we're...
Cybercrime Getting Worse for Victims, Easier for Criminals
In yesterday's post I talked about speech by Richard Clarke, former cybersecurity czar, in which Clarke argued that cybercrime and industrial espionage is worse than many of use think. Today I thought I'd run down some examples, research and other...
Summary of Latest Spam News: Some Good, Some Bad
Quick note, a new article on application security metrics has just been posted at the community site. Ok, back to spam,spam and more spam. Reading security news is like watching the stock market: some days are good, some are bad...
Threats to Mobile Devices Growing – Tipping Point on the Horizon
Kris Lamb, a security researcher at IBM, describes emerging threats to mobile devices in a lengthy article in Computerworld. He points out that mobile threats (mostly annoyances) are more common in Europe and Asia but he sees five trends that...
Anti-spam Specification from IETF
Implicit trust is a problem with a number of Internet protocols. By exploiting that trust, spammers and phishers have had their way with spoofed emails. The pending adoption of DomainKey Identified Mail looks more likely with the Internet Engineering Task...
Symantec-Veritas Merger Improves Anti-Malware
Radical improvements in anti-malware detection isn't going to come from marginal tweaks to existing algorithms and techniques. We need fundamental changes. The Symantec Veritas merger is showing how this can be done. By combining disk scanning techniques that can bypass...
Phishing, Brandjacking and Little Progress on User Awareness
A recent survey by MarkMontior finds phishing and kiting (quickly registering and dropping domain names similar to those of legitimate sites) is not suprisingly on the rise. The study tracked the worlds top 25 brands along with others from eight...
Effective Security Can Be Simple (sometimes)
Yesterday I advocated for a simple approach for controlling botnets: turn off your PC. It's simple and even the least technical user can handle that one. Mike Knight, an IT consultant in the UK, has a similar keep it simple...
Botnets & Earth Day: A Common Solution
Strange as it may seem the botnet plague and environmental concerns have a common, partial solution: turning off all those PCs. Botnets, those distributed mass generators of spam, phishing attacks, and denial of service attacks, are getting more and more...
VA Tech Tragedy Exploited by Malware Writers
After the past several days in Blacksburg I guess I should have realized there are no depths too low for some but I didn't see this one coming. The Register and the SANS Institutes are reporting attackers are exploiting the...
5 New Anti-Spam Techniques: Promising Technologies for Dealing with Spam and Phishing
Increasing volumes of spam and phishing messages, along with more sophisticated techniques for avoiding detection, has prompted the development of new kinds of spam management. This podcast examines five new techniques for combating spam: duping, image spam detection, filter combination,...
Feds Aren't All Bad At Security: What Makes the Difference
Every year U.S. Federal agencies get graded on their information security, and this year is a mixed bag. Some agencies did well, others failed. Assuming private sector enterprises have the same range of the good, the bad, and the ugly,...
Pump and Dump Schemes Shut Down
In eWeek's Welcome to the Spam Economy we a hope of some legal tools for dealing with spam. The Securities and Exchange Commission won a court order to freeze the assets of a Latvian bank involved in a pump and...
Spam is Up - Thank Better Botnet Design & Economics 101
I noted in an article that botnets are becoming more robust with distributed command and control structures. This seems to be contributing in an upsurge in spam and especially phishing. Gregg Keizer's article forecasting trends in spam for 2007 noted...
Authenticated Email: Crypto Techniques Help with Spam
Protecting email servers and scanning messages isn't enough to stem the tide of spam. Email authentication techniques are discussed in this email as another tool to help minimize the problem of unwanted messages....
Who Can You Trust? Another Way to Block Spam and Phishing Messages
Many of the techniques used to combat spam have focused on trying to classify messages either based on their content or by comparing the sender to blacklists. Spammers and phishers will of course try to work around these detection methods...
Not Much Good News on the Phishing Front
The Anti-Phishing Working Group has released a report on phishing trends as of August, 2006. The bad news is the number of phishing reports is up from the previous month. The good news is the trend has slowed slightly. Another...
Feed Subscription
If you use an RSS reader, you can subscribe to a feed of all future entries tagged 'spam'. [What is this?]
