Search
Police nab Shadow creators, force botnet to commit suicide - Via Ars Technica:
The Dutch High Tech Crime Unit has arrested a 19 year-old man and his 16 year-old brother and charged them with operating (and attempting to sell) the Shadow botnet. Shadow was created by the two brothers, and is currently thought to infect some 100,000 machines, down from a peak of 150,000. Shadow appears to have been mostly confined to the Netherlands, as the messages and phishing hooks were all sent in Dutch, but had apparently infected some US systems as well, as the FBI is credited for assisting on the case.
The arrests actually occurred several weeks ago, on July 29, but it's what happened afterwards that has made this situation interesting. Instead of simply shutting the botnet down, the High Crime Tech Unit took control of it. read more »
Canadians File Class Actions Over Incoming SMS Fees - Via Slashdot:
dontmakemethink writes "CTV reports that over the last couple of weeks class-action lawsuits have been filed against two major Canadian cellular service providers, Bell and Telus, for imposing fees on incoming text messages. While there has been very vocal opposition to the introduction of the fees, those who cannot change providers due to binding contracts feel the situation is actionable in court. Some of those not bound by contract, such as myself, have given their service provider notice that they will charge the provider for having to contact them to have charges reversed for unsolicited texts. Because service providers are aware of the volume of unsolicited texts, we feel they are liable for the inconvenience to their clients for preventing spam charges, and more importantly under no circumstances should service providers profit from spam. We also feel that requiring us to buy text bundles to avoid the inconvenience of reversing spam charges constitutes extortion. They can charge me for texts when they stop the spam."
(Read Original Article - Via Slashdot.)
Spam King and Family Dead in Apparent Murder-Suicide - Via Threat Level:
Edward Davidson, who was known as the "spam king" (although the moniker has been given to nearly every spammer who has ever been caught) has been found dead in Colorado, along with his wife and 3-year-old child, apparently in a murder-suicide. Another child approximately 7 months old was found unhurt, and a teenage daughter had been shot in the neck with a bullet but managed to run away.
Davidson had escaped from a minimum-security facility on Sunday -- essentially a work camp -- allegedly with help from his wife. read more »
Gmail Reveals the Names of All Users - Via Slashdot: Your Rights Online:
ihatespam writes "Have you ever wanted to know the name of admin@gmail.com? Now you can. Through a bug in Google calendars the names of all registered Gmail accounts are now readily available. All you need to find out the names of any gmail address is a Google calendar account yourself. Depending on your view this ranges from a harmless "feature" to a rather serious privacy violation. According to some reports, spammers are already exploiting this "feature"/bug to send personalized spam messages."
Spammers Announce World War III - Via Slashdot:
schliz writes with the stub of a disheartening article at IT News: "Hackers are deluging web users with malware-laden spam claiming that World War III has started following a US invasion of Iran. Security experts warned [yesterday] that spam emails with subject lines including 'Third World War has begun,' '20000 US Soldiers in Iran,' and 'US Army crossed Iran's borders' have been intercepted. The emails contain links to a malicious webpage that displays what appears to be a video player showing the mushroom cloud of a nuclear explosion."
(Read Original Article - Via Slashdot.)
What Happens When You Reply To ALL of Your Spam - Via Slashdot:
bednarz writes "For Tracy Mooney, a married mother of three in Naperville, Ill., the decision to abandon cyber-sense and invite e-mail spam into her life for a month by participating in a McAfee experiment was a bit of a lark. The idea of the Spammed Persistently All Month (S.P.A.M.) experiment — which fittingly started on April Fool's Day — was to have 50 volunteers from around the world answer every spam message and pop-up ad they got. Mooney was game, especially since McAfee was giving a free PC to all participants. She told her story to Network World."
(Read Original Article - Via Slashdot.)
Storm and the Future of Social Engineering - Via Slashdot:
Albert writes "Storm shows several key characteristics, some new and advanced. It uses cunning social engineering techniques — such as tying spam campaigns to a current event or site of interest — as well as a blend of email and the Web to spread. It is highly coordinated, yet decentralized — and with Storm using the latest generation of P2P technology, it cannot be disabled by simply 'cutting off its head.' In addition, Storm is self-propagating — once infected, computers send out massive amounts of Storm spam to keep recruiting new nodes."
(Read Original Article - Via Slashdot.)
Spammers Get Slammed… Again - Via CDT - PolicyBeta:
What do you do when a couple of spammers send almost a million deceptive and spammy emails to your users? You sue them! Under the CAN-SPAM Act, MySpace asked for - and was granted - a massive $230 million in damages from the spammers that were taking advantage of the site’s users and breaking the site’s terms of service by ‘phishing’ and spamming.
This case is just the latest in “Spam King” Sanford Wallace’s spammy history. Wallace has been spamming since the early 1990’s, and apparently he just can’t seem to get out of the junk mail business. The MySpace case is just one in a long line of enforcement actions against Wallace’s companies. In 2004, CDT filed a complaint with the FTC, who then brought suit against Wallace in the first major FTC suit in spyware. read more »
Digital Deception - Via washingtonpost.com - Technology:
With a test, Web sites let people in and keep out computers set to unleash spam attacks. Now, computers are cracking the code.
Are you a human or a computer?
Over the Internet, it's getting harder and harder to tell.
Some of the common tests used by Web sites to distinguish between legitimate flesh-and-blood visitors and malicious human-mimicking computers recently appear to have been outwitted.
Last month, the human verification tests, which typically require users to identify deformed letters set against a cluttered backdrop, were broken by a computer. The computer then repeatedly created free Hotmail e-mail accounts and sent spam from them, according to Websense, the security firm that detected the hacking. read more »
30th Anniversary of First Spam Email; No End in Sight - Via Freedom to Tinker:
Today marks the 30th anniversary of (what is reputed to be) the first spam email. Here’s the body of the email:
DIGITAL WILL BE GIVING A PRODUCT PRESENTATION OF THE NEWEST MEMBERS OF THE DECSYSTEM-20 FAMILY; THE DECSYSTEM-2020, 2020T, 2060, AND 2060T. THE DECSYSTEM-20 FAMILY OF COMPUTERS HAS EVOLVED FROM THE TENEX OPERATING SYSTEM AND THE DECSYSTEM-10 (PDP-10) COMPUTER ARCHITECTURE. BOTH THE DECSYSTEM-2060T AND 2020T OFFER FULL ARPANET SUPPORT UNDER THE TOPS-20 OPERATING SYSTEM. THE DECSYSTEM-2060 IS AN UPWARD EXTENSION OF THE CURRENT DECSYSTEM 2040 AND 2050 FAMILY. THE DECSYSTEM-2020 IS A NEW LOW END MEMBER OF THE DECSYSTEM-20 FAMILY AND FULLY SOFTWARE COMPATIBLE WITH ALL OF THE OTHER DECSYSTEM-20 MODELS. read more »
spammers gone wild - Via Freedom to Tinker:
I’m sure this sort of behavior is old news, but it’s still really annoying. Starting last night and continuing as I’m writing this, some annoying spammer has been forging my email address as the “From” line of a variety of spams. This is causing a staggering volume of backscatter, mostly of the “Delivery Status Notification (failure)” variety. Sampling these messages, I’m seeing several interesting things. read more »
Trojan Horses Still Kicking After All These Years - Via Wired News: Security Blanket:
About 3,000 years ago Thursday, some Greeks left the people of Troy a wooden horse at the walled city’s front gate -- a free gift, no cost, no obligation from would-be invaders who wanted their adversaries to think they had left in peace.
Accepting the Trojan horse at face value turned out to be a big mistake.
Some things never change. In the 21st century Trojan horses are made of electronic "1s" and "0s" but are still left for you in all innocence and in plain sight: your e-mail inbox, in IMs and on a web page. But the intent, and the outcome, is pretty much the same: to pillage and steal. read more »
Geist Creates His Own Do-Not-Call List - Via Slashdot: Your Rights Online:
average_cdn writes "Canadians looking to put a stop to pesky telemarketing calls before the federal government's do-not-call registry takes effect this summer have a new tool at their disposal. At IOptOut.ca, Canadians can enter their phone number and e-mail address and simply choose the organizations they would prefer not to hear from while the website generates a mass request that the user be added to those companies' do-not-call lists. The site, a beta version of which was launched yesterday, is the brainchild of University of Ottawa law professor Michael Geist and features information on how to avoid telemarketing calls from more than 140 different companies and organizations. Mr. Geist said that iOptOut helps Canadians finish the job that the do-not-call registry failed to complete."
Google: Spam, Virus Attacks to Get More Clever - Via eWEEK :
Google's Postini team recommends enterprises guard against socially generated spam and virus attacks in 2008.
Spam and virus threats to enterprise messaging security and compliance may level off this year compared to 2007, but social engineering techniques are evolving to challenge businesses and security software providers, according to a new report released by Google's Postini team.
The report, released March 6 after Google's Postini team commissioned the study to survey 575 IT professionals, found that Postini data centers recorded 57 percent more spam and virus attacks in 2007 compared to 2006. read more »
Slashdot | Extending SpamAssassin and Amavis - Via Slashdot | Developers :
An anonymous reader writes
"Spam filtering solutions are a necessary evil in today's e-mail climate. There are many different tools and systems available for the filtering and removal of spam e-mail. Tools like SpamAssassin and more detailed agents, such as Amavis use a variety of different methods to identify and capture spam. An IBM article shows how you can extend SpamAssassin and Amavis, providing additional filtering facilities to lower the amount of spam hitting e-mail boxes."
(Read Original Article - Via Slashdot | Developers.)
Mega-D Botnet Overtakes Storm, Accounts for 32% of Spam - Via Slashdot:
Stony Stevenson writes "The new Mega-D Botnet has overtaken the notorious Storm worm botnet as the largest single source of the world's spam according to security vendor Marshal. This botnet currently accounts for 32 percent of all spam, 11 percent more than the Storm botnet which peaked at 21 percent in September 2007. It started about 4 months ago but has been steadily increasing since then. It is also using news headlines to trick victims into opening the spam, a technique synonymous with the Storm worm."
(Read Original Article - Via Slashdot.)
CAPTCHAs: Humans vs. Bots - Via IEEE Security and Privacy:
A close examination of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) use and the technology behind it.
FTC Takes On Sanford Wallace… Again - Via CDT - PolicyBeta:
Earlier this week, the FTC filed a new brief against notorious spammer/spyware purveyor Sanford Wallace, and his partner Walter Rines, for violating the default judgment against them that was originally based on CDT’s 2004 petition.
Good to see that the Commission is not letting Wallace and Rines slip, but let’s hope that they can collect more than the $50,000 that it did last time around.
(Read Original Article - Via CDT - PolicyBeta.)
Phishing Group Caught Stealing From Other Phishers - Via Slashdot:
An anonymous reader writes "Netcraft has written about a website offering free phishing kits with one ironic twist — they all contain backdoors to steal stolen credentials from the fraudsters that deploy them. read more »
Zombie Computer Army Targets Bank Account Passwords - Via Threat Level:
Every security geek's favorite zombie computer army from 2007 -- the Storm Worm botnet -- has a new trick for 2008, using its huge collection of infec
Delicious
Digg
Reddit
Google
Yahoo
Technorati