Spam in the News

Spam in the News

This blog dedicates a spot on the internet where to find latest information about Email Security and Anti-Spam measures.

| Next >

• Recently
• Last comments

Search

Categories

• All
• Announcements (35)
• Background (2)
• News (29)

Archives

• May 2008 (4)
• April 2008 (2)
• August 2007 (7)
• December 2006 (7)
• November 2006 (17)
• September 2006 (5)
• August 2006 (20)
• More...

Linkblog

Announcements

• 'Image Spam' and VoIP Scam Attacks on Rise

  By Gene J. Koprowski
  www.TechNewsWorld.com
  Part of the ECT News Network

  So-called "image spam" is on the rise once again -- as clever hackers try to sneak by spam screening software that tests messages for spam based on keywords.

  After declining steadily throughout 2005 -- from about 12 percent of all spam at the beginning of the year, down to about 5 percent in November -- the use of image spam jumped dramatically in December 2005, to 25 percent of all spam. It has remained at that level fairly consistently for the last six months, according to Postini, a messaging management company based in San Carlos, Calif.
  

  "Postini attributes this increase to spammers testing the deliverability of image spam in early 2005 and realizing that many older spam filters are helpless when messages contain text to analyze, so the use of images helps get their spam delivered," said Postini spokesperson Catherine Leahy. "Upon seeing the positive results, they converted much of their spam to image spam."
  Spam Filters
  To be sure, up-to-date spam filters, like the patented PTIN technology, can detect and block image spam based on other attributes of the sending computer, message envelope and headers, Leahy explained.

  There are other, emerging threats too -- like VoIP spam scams. Scammers pretending to be banks e-mail people and ask them to dial a telephone number, then enter the personal information needed to gain access to their finances. These fake VoIP services are reducing the costs associated with conducting such attacks, providing the perpetrators with a lower risk of discovery.

  This spring, San Francisco-based Cloudmark detected two new VoIP-specific attacks. It is advising clients against dialing phone numbers received in e-mails that appear to be from banks and dial the numbers printed on their ATM cards instead.

  The company has seen two separate "VoIP attacks hit our network, the first we've been able to analyze in detail," according to Adam J. O'Donnell, a senior research scientist at Cloudmark. "In these attacks, the target receives an e-mail, ostensibly from their bank, telling them there is an issue with their account and to dial a number to resolve the problem."
  'Personally Devastating' Attacks

  Callers are then connected over VoIP to a PBX -- private branch exchange -- running an IVR system that sounds exactly like their own bank's phone tree, directing them to specific extensions, O'Donnell said.

  In these VoIP phishing attacks, the phone system identifies itself to the target as the financial institution and prompts them to enter their account number and PIN. "The result," O'Donnell surmises, "can be personally financially devastating."

  Surprisingly, traditional content and identity rules based on volume analysis for capturing spam do not work for these phishing threats -- phishers move quickly to avoid detection, using and breaking down multiple phony sites to launch the same attack in different form. VoIP-based services allow phishers to cheaply add and cancel phone numbers that are harder to trace than conventional numbers.

  Scientists are using fingerprinting algorithms that are able to identify the phone numbers used in VoIP phishing attacks, however. Researchers first spotted and began to block these threats this spring.

  These attacks are "highly sophisticated, targeted, transient and dynamic, thereby making it far more difficult to uncover and capture the perpetrators," according to Dr. Jose Nazario, a senior security engineer and member of the Arbor Security Engineering & Response Team (ASERT) at Arbor Networks, a network security leader for global business networks.

  
• 5 Things You Didn't Know About Spam

  By Thomas Bey
  Entertainment Correspondent - Every other Sunday

  Your opinion of spam is probably a matter of context: Spam can either be the canned meat from your bachelor days, a hilarious Monty Python sketch or one of the most annoying PC occurrences this side of the Blue Screen of Death.

  Digital spam actually got its name from the comedy routine. Though the first known unsolicited e-mail was sent in 1978, spam gained its moniker and greater frequency in the 1980s. Users in early forms of chat rooms and Usenet groups would discourage new users from participating by posting blocks of Monty Python script or entering “SPAM” repeatedly. Either way, it shuffled the newbies’ entries off the screen.

  In the 1990s, the spam ball really got rolling when two attorneys began flooding the Usenet and e-mail with advertising for their law firm. Today, spam has slithered its way further into our digital lives, making appearances in blogs, instant messaging, search engines, and mobile phone text messages. It’s hard to believe something so evil shares a name with something so enjoyable. As I said, it’s all a matter of context.

  1 - Spamming is legal

  About all an enterprising spammer has to do to remain legal is play within the boundaries of the United States CAN-SPAM Act of 2003. Like so many governmental creations, CAN-SPAM is a backronym for Controlling the Assault of Non-Solicited Pornography and Marketing. The act bans false or misleading header information, prohibits deceptive subject lines, mandates that recipients must be offered an opt-out method, and requires that commercial e-mail be identified as such.

  Spammers caught violating the act’s provisions may face fines and/or jail time. Though some successful legal action has resulted (namely, Yahoo! vs. Eric Head), critics -- and some spammers, it would seem -- largely dismiss the threats. It seems that the act doesn’t have enough bite to be much of a threat, giving spammers enough latitude to keep on keepin’ on.

  2 - Many companies you know use spam

  Some e-mail is obviously spam; you know something’s sketchy when you win a foreign lottery you never entered. Other e-mail is not as obvious, including that from “phishers” who pose as legitimate businesses (your bank, for instance) and ask you to reveal account numbers, PINs and the like.

  But what about legitimate spam -- or, at least, spam from legitimate companies like Blockbuster, eBay and Thompson Cigar? It happens more than you realize. When you browse companies’ websites, especially when you opt to receive e-mail from them and their affiliates, you open the door to affiliate networks like Affiliate Fuel and IncentaClick. Your reaction to this sort of spam could go either way: You might like learning about offers and companies related to your interests or you might equate it to your buddy handing out your e-mail address to someone you’d rather avoid.

  You might be sending spam without knowing it.

  3 - The spam is coming from inside your house

  It has all the elements of a Wes Craven flick. The hot babysitter keeps getting spam. First, she thinks it’s a joke, then she gets annoyed, then terrified. She barricades herself inside and has the spam traced. To her horror, the spam is coming from inside the house! (Insert slasher music here).

  Spam isn’t just generated by antisocial geeks living in their parents’ basements. When you open spam, the sender can receive a confirmation that your e-mail address is active. At the very least, it’s a green light for the spammer to slam your inbox. At worst, viruses can be attached to spam. Some of those viruses can even render your PC a “zombie,” or a hard-to-trace, low-volume spam distributor. Just when you thought it was safe to surf…

  4 - Some groups cite freedom of speech to defend spam

  Logically, retailers and affiliate networks don’t want spam to go away, and you’d better believe spammers don’t want it to disappear. But you might be surprised to learn who else is in spam’s corner. Groups like the American Civil Liberties Union and the Electronic Frontier Foundation contend that spam is a free-speech issue, not “freedom of only the speech you want to hear.” Other critics cite less-than-perfect anti-spam software that is prone to misrouting legitimate e-mail and spam alike as a reason we’ll all just have to exist together. Beyond that, there’s the issue of intervention. Whether or not you’re willing to live with spam, the real question is whether you’re willing to allow the government to step in further and exercise greater control over the web and your e-mail.

  5 - It’s a multibillion-dollar industry

  The California state government found that spam cost U.S. organizations $10 billion in 2004. That staggering figure includes damages, downtime, and human and electronic resources required to combat it. If it makes you feel any better, you aren’t alone. In 2004, Microsoft’s Steve Ballmer stated that Bill Gates “literally receives four million pieces of e-mail per day, most of it spam." Now that’s Spamalot. Regarding the irony of all the get-rich and debt-relief spam he receives, Gates has commented, “It would be funny if it weren’t so irritating.”

  Gates even predicted that spam would come to an end within two years if spammers were charged for unwanted e-mail. That was in 2004. Today, spam seems more prevalent than ever and is found on virtually every type of web-enabled service and device. It’s not that we question Gates’ sincerity or the industry’s efforts to squash spam, but it does underscore the size of the beast.

  Spam is a subject with many interests. Consumers research the latest safeguards against it. Software developers try to get a grip on the massive issue by producing more accurate and aggressive products. Finally, the spammers themselves do their best to stay a step ahead of consumers, developers, and in some cases, the law. Because spamming is not difficult and requires little start-up capital, it’s tempting for would-be spammers to hit the web and try their luck.

  Spam will not likely be eliminated in the near future. For the time being, too many conflicts are unresolved surrounding free speech and governmental control. On top of it all, experienced spammers are adept at covering their tracks, making it difficult to follow their moves. So for now, you’ll have to find relief by watching a Monty Python DVD with a can of SPAM.

  
• Anti-Spam Bill restrains porn

  Press Release: United Future NZ Party

  Anti-Spam Bill restrains porn

  United Future MP Gordon Copeland today endorsed the anti-pornography amendments included in the Unsolicited Electronic Messages Bill reported back today from Parliament's commerce committee.

  "The Bill provides a user-friendly means of dealing with gratuitous spam containing sexually orientated material. I think that is a great step forward," said Mr Copeland who is deputy chair of the committee.

  "I know that many parents simply don't want such material arriving, unsolicited, on their home PCs and in future they will be able to convey that message directly back to spammers through the Enforcement Agency set up under the Bill.

  "Pornographic spam may be technically unobjectionable in terms of current New Zealand law but it is, nevertheless, important that parents and others are able to make a firm decision in relation to pornographic spam so that the tap is turned off, at least in so far as their household is concerned," said Mr Copeland.

  
• Bogus Apple iPod spam hides Trojan

  Malware contained in self-extracting zip file

  Robert Jaques, vnunet.com

  A Trojan horse has been detected in spam emails notifying recipients that they have been charged almost $500 to pay for a non-existent Apple iPod.

  The Dowdec-A Trojan arrives in the messages claiming to be related to the purchase of an iPod. The emails claim that the music player is being shipped via FedEx and that a payment of $479.95 has been received from the recipient's e-gold account.

  The malicious emails have the subject line 'Track your order'. The message body reads as follows:

  Dear email.address
  Please read the following message carefully.
  We notify that your order was approved and shipped to you via FedEx 2Day Service, track 792531968828.
  The amount of $479.95 USD was recieved from your e-gold account.
  The details of transaction and specification of chosen product we send you in self-extracting compressed-zip file.
  Read it carefully to make sure that there's no mistakes in characteristics of chosen product.
  We appreciate your choice!
  According to the rules, refund must be based on your original method of payment. Any requests to refund using e-gold are not accepted, if the payment method was credit card.
  IPod For Your, Yahoo Shopping.

  Security firm Sophos warned that a file called OrderInf.zip, which unpacks to OrderInfo.exe, is attached to the emails.

  Executing this file infects the user's computer with a Trojan that attempts to download further malicious code from the internet. The Trojan only works on Windows computers, and cannot infect Apple Macs.

  "With luck the spelling mistakes in this email will warn many users that there is something not quite right about it," said Graham Cluley, senior technology consultant at Sophos.

  "Additionally, anyone who doesn't use e-gold should be able to smell a rat when it is claimed that almost $500 has been taken from their account.

  "But everyone should practise safe computing, and be wary of any unsolicited email attachment that arrives in their inbox. Hackers are aiming to infiltrate the Windows computers of home users in their pursuit of more people to spy on and steal from."

  
• Botnet Eavesdropping: Inside the Mocbot (MS06-040) Attack

  EWeek.com Article
  By Ryan Naraine

  When Joe Stewart spotted a variant of the Mocbot Trojan hijacking unpatched Windows machines for use in IRC-controlled botnets, he immediately went to work trying to pinpoint the motive for the attacks.

  Stewart, a senior security researcher with LURHQ's Threat Intelligence Group, set up a way to silently spy on the botnet's command-and-control infrastructure, and his findings suggest that for-profit spammers are clearly winning the cat-and-mouse game against entrenched anti-virus providers.

  "The lesson here is once you get infected, you are completely under the control of the botmaster. He can put whatever he wants on your machine, and there's no way to be 100 percent sure that the machine is clean," Stewart said in an interview with eWEEK.

  Stewart, a well-respected researcher who specializes in reverse-engineering malware files, echoed a warning issued earlier this year by Microsoft.

  "The only way to be [completely] sure the system is malware-free is to completely wipe the hard drive and reinstall the operating system," he said.

  Stewart arrived at that conclusion after eavesdropping on Mocbot for a few hours.

  "I have two machines here running in an isolated network. I infect one with the malware, and I have the other machine pretending to be the entire Internet," he explained.

  The second machine, known as a sandnet, is a custom-made tool for analyzing malware in an environment that is isolated, yet provides a virtual Internet for the malware to interact with.

  "I can sit back and see all the interaction up to point where it [the infected machine] joins botnet's control channel. Then I can take that information, go outside and replicate it. I can see what the real server is doing to get an entire picture of the operation," Stewart said.

  Read more here about the ongoing battle to shut down botnet command-and-control infrastructure.

  With Mocbot, which was targeting the Windows vulnerability patched with Microsoft's MS06-040 patch, Stewart was able to figure out that the infected drones were connecting to two hard-coded command and control servers at "bniu.househot.com" and "ypgw.wallloan.com."

  He was able to capture the IRC (Internet Relay Chat) login sequence generated by the bot. This included a user, a nickname, the channel name and the first bit of instructions to the infected machine.

  The command schemes were all encrypted, forcing Stewart to create a custom Perl script to decode the algorithms.

  "They're using trivial encryption, so a bit of reverse-engineering had to be done. You can see some of it in the code of Mocbot, and I wrote a little script to do the decoding. When I visit the channel and he gives a command, I can easily decrypt it to see the instructions he's sending to the bot," Stewart said.

  Using telnet to connect to the command-and-control server on Port 18067 (the port number for the IRC server), Stewart successfully started spying on the control channel, but there was not much to see.

  "The IRC server code was stripped down to give almost no information to the client, except the channel topic line, which was encrypted," he said.

  Once decoded, he found that the botmaster was telling the infected machines to join another control channel to receive another encrypted message.

  When decoded, the command simply served up a URL hosted at PixPond.com, a free image hosting service.

  "The command is an instruction to download and execute [a second] file in the provided URL," Stewart said, noting that the mission of the botmaster was to get the second file into the infected system.

  
• Email Cleaners Official Blog

  Email Cleaners has now launched it's official blog.
  New information will be updated to keep the entire community informed about advancements in the field of Anti-Spam and Email Security.
  Please check back here at http://www.emailcleaners.com/blog

  
• Happy birthday to spam! 30-years-old this weekend

  By Daniel Sung

  Would you like your penis enlarged, you have just won $1,000,0000 and aLL kINds oF thINGs WrITTeN LiKe ThIS; we all hate spam and it'll be 30 years to the day, on this Saturday 3rd May, that we've suffered it.

  Ah yes, what would we do without spam, you know, apart from lead much happier lives? The man to shake your fists at this weekend is Gary Thuerk who, in 1978, sent an e-mail out to 393 Arpanet Network users as marketing manager of Digital Equipment Corp and was given a good talking to by the network admin team for abusing the system.

  Around 80% of e-mails today are thought to be spam and personally I blame Arpanet. Had they come down on Thuerk like a tonne of bricks - chucked him off the network or got him banged up for a while to think about what a naughty boy he'd been - we wouldn't be in the pink, homogenised meat mess we're in today.

  
• Image spam rates quintuple in 2006

  Overall junk e-mail up nearly 100 percent

  by Michael Crawford

  Global spam has increased nearly 100 percent year on year according to current statistics from the IronPort Threat Operation Center - a key driver of which is the proliferation of image-based spam.

  According to IronPort's statistics, worldwide spam levels in October 2005 were 31 billion messages per day. That figure has risen to 61 billion messages per day in 2006.

  25 percent of this spam was image-based compared to 4.8 percent the year before. The average message size also increased from 8.9 kilobytes to 13 kilobytes. Global spam contributed to more than 819 terabytes of bandwidth per day during 2006.

  IronPort squarely lay the blame on the falling "catch rates" of spam on signature-based antivirus solutions. IronPort marketing vice president Tom Gillis said rapidly changing randomization techniques, the basis of image spam, are counteracting signature-based tools.

  Adam Biviano, Trend Micro premium services manager, said image-based spam is one technique that does circumvent "legacy" security software, adding that is why the majority of tools now incorporate more than one form of detection method.

  "If you look at 25 percent of image-based spam being hard to pick up with a signature-based tool that still leaves 75 percent of spam out there for which there are already signatures," Biviano said.

  "Image-based spam is definitely one of the techniques employed to get around legacy technologies which is why spam filters look at more than image content for traffic patterns associated with sources and use reputation databases.

  "A combination of technology needs to be used because the spammers know how to get around some products."

  Paul Ducklin, Sophos Australia and New Zealand head of technology, said image-spam is becoming a more prevalent from of spam because it defeats older, simpler spam classifying engines.

  Ducklin said any product relying solely on text-oriented classification will struggle because of the lack of words - Bayesian filters also have the same shortcomings.

  "This is not anything new and there are lots of tools available to construct images, put background speckles in it and even use multilayered images in a GIF file across three different layers so when superimposed the message is legible," Ducklin said.

  "There are a lot of legitimate e-mails already with corporate logos and the reason so many companies send mail like this is that marketing people say it gets a better response so it is not surprising spammers are doing the same thing."

  Rob Forsyth, Sophos country manager, agreed with image-spam levels being around 25 percent of all global spam. Forsyth said at times this figure can peak at 40 percent.

  
• McAfee lists top 10 spam subject lines

  by Carla Moore

  Internet security firm McAfee has released a list of the top 10 spam subject lines used during July 2006, reports online news source Net Imperative.

  Spam is unsolicited, bulk messages sent for promotional purposes via electronic messaging systems like email. Spammers often try to disguise the content of their messages so that their messages have a better chance of getting through email filters.

  According to McAfee, the top 10 subject lines for spammers are:

  1.Message from eBay Member
  2. PayPal Notification
  3. Restore Your Account Access
  4. Chase Online Banking Service
  5. eBay Member aw-confirm@ebay.com
  6. eBay Item Not Received Dispute Opened for Item
  7. Question from eBay member
  8. Question from eBay Member
  9. Barclays International informs you
  10. Amazon.com – Account maintenance – Profile Update

  
• Mich. charges claim 2 firms ignored anti-spam list

  by Associated Press

  LANSING -- Michigan Attorney General Mike Cox said Thursday he is charging two companies with breaking a new law against sending unsolicited e-mails about inappropriate topics to children listed on a state registry.

  The spam sent by RR Media Inc. of Cathedral City, Calif., and Data Stream Group Inc. of Bonita Springs, Fla., sought to entice children into gambling sites and promoted alcoholic beverages, Cox said.

  Messages seeking comment were left with both companies.

  Cox filed criminal and civil charges against the companies, saying they violated a state law that requires them to check e-mail addresses against a registry designed to protect children from inappropriate e-mails. The Michigan Children's Protection Registry allows parents to list their children's electronic addresses with the state, and companies are supposed to check the list.

  The companies could be fined up to $10,000 in the cases, which are the first of their kind under the registry set up last year, Cox said.

  "Spamming is a huge problem with no easy solution," Cox said in a news release. "The registry law is an attempt by our state to find an effective way to protect children from the most offensive variety of spam."

  
• New Word Document Spam

  by biosmagazine.co.uk

  Marshal’s Threat Research and Content Engineering (TRACE) Team today announced a new form of spam that is hidden in Word documents.

  The new type of spam uses a combination of obfuscation and social engineering in an effort to bypass anti-spam software and spam-savvy e-mail users.

  This latest version of spam looks like a typical business e-mail containing a Word document attachment. The e-mail subject line and file name are also business related, so that recipients are more likely to open it. The message body contains little or no text but the Word document contains the spam message.

  Users open the document expecting to find an invoice or purchase order and instead find a spam message. Marshal’s TRACE team has identified over 100 examples of the new Word spam since it first appeared on August 17 2006.

  According to the TRACE team, the new strain is being sent out from a number of different countries, indicating the spam is likely being distributed from zombie PCs.

  “Spammers have traditionally avoided emailing spam as an attached Word document because not everyone has Word and the it makes the size of the e-mail larger than normal, making it less efficient to distribute in large volumes,” said Bradley Anstis, Director of Product Management for Marshal.

  “However spammers now realise that fewer regular spam messages are getting through anti-spam filters. They are turning to new ways of trying to circumvent them. In this case, they are accepting the penalty of increasing the message size in order to get more spams through the filters.”

  
• PartnerWeekly Subscribes to LashBack’s CAN-SPAM Compliance Monitor

  E-mail Marketing’s First Complete Compliance Service Monitors More Than 2,000 Affiliates in PartnerWeekly Network

  LAS VEGAS--(BUSINESS WIRE)--PartnerWeekly, LLC, a SellingSource.com company, has joined a growing list of LashBack, LLC CAN-SPAM Compliance Monitor clients. LashBack is a provider of compliance and reputation services for senders and receivers of commercial e-mail. The Web-based service automates checking of all major points of compliance for advertisers, ad networks, affiliates, agencies, publishers and e-mail service providers.

  “LashBack’s CAN-SPAM Compliance Monitor enables us to observe all of our affiliates and be notified automatically of any irregularities. We can see what our affiliates are sending and thus increase accountability and compliance,” said Jason Murphy, delivery strategies manager for PartnerWeekly.

  “We are excited to add a leader such as PartnerWeekly to our client roster,” said W. Brandon Phillips, co-founder and CEO for LashBack. “With more than 2,000 publishers in the PartnerWeekly network, there is a complex web of compliancy relationships to manage that is both simplified and held accountable with the use of CAN-SPAM Compliance Monitor.”

  PartnerWeekly’s CMO Wayne Anderson adds, “The world of Internet marketing is rapidly becoming more complex. We are continuously searching for new products and services to enhance our ability to responsibly communicate with consumers. LashBack enhances our capability to deliver our advertiser’s message to target consumers while elevating our level of corporate compliance.”

  CAN-SPAM Compliance Monitor checks suppression list abuse, unsubscribe mechanism visibility and operability, failure to honor unsubscribe (10-day rule), physical address verification, forged headers, subject line relevancy, from-line accuracy, open-relay sending, and e-mail address harvesting. LashBack also provides custom compliance monitoring and best-practice checks.

  
• Penny-Stock Spam Yields Profits -- for Some

  A new study suggests that spam e-mails advertising penny stocks can have a real effect on the stock market. And someone is making good money as a result -- though it's not usually the recipients of the spam. When people respond to the e-mail by buying the advertised stock, it can bump up the price of the stock.

  That's when spammers -- who bought the stock before they sent the email -- sell. Robert Siegel talks with Laura Frieder of Purdue University about her study.

  
• Postini Message Security and Management Update for October Reveals That Spam Is Back With a Vengeance

  Spam Skyrockets 59 Percent September to November; 91 Percent of All Email Is Now Spam

  Postini, the industry's leading provider of on-demand Integrated Message Management services making electronic communications like email, instant messaging (IM) and the web more compliant, productive, secure and reliable, today announced that spammers are out in full force, severely threatening corporate networks while seeking financial gain. Postini processed nearly 70 billion email connections from September to November, and saw a 59 percent spike in spam over that period. Unwanted email is currently 91 percent of all email, and over the past 12 months the daily volume of spam rose by 120 percent. Postini also saw a dramatic increase in overall email traffic with 10
  billion more connections in October than in September.

  "This dramatic rise in spam attacks on corporate networks has the Internet under a state of siege," said Daniel Druker, executive vice president of marketing at Postini. "Spammers are increasingly aggressive and sophisticated in their techniques, and protection from spam has become a front-burner issue again. Spam has evolved from a tool for nuisance hackers and annoying marketers to one for criminal enterprises."

  Spammers now use massive networks of hijacked computers called "bot-nets" to initiate attacks. The attacks are aggressive -- Postini tracks more than one million infected computers that are coordinating spam and virus attacks each day, with 50,000 or more active at any instant. Spammers are also continuously evolving their tactics. Image spam and MS Office document spam now makes up as much as 30 percent of all junk messages, up from two percent in 2005. Hackers now use techniques such as re-arranging as many as 25 tiny images into a message in an HTML email or using animated GIF attachments to bypass optical character recognition technology in an effort to bypass email security systems. Infected computers are now also re-trying temporarily blocked email connections just like real mail servers do.

  Postini's PREEMPT(TM) multi-layer anti-virus technology also blocked over 31 million viruses for October. The Stration virus, also known as Warezov, was particularly active and aggressive in October. This trojan virus is designed to take over target computers, harvest email addresses and turn infected computers into spam-spewing robots.

  
  The top five viruses for October were:
  
  Virus Name Quantity Blocked
  stration 6,482,308
  netsky 5,524,450
  mytob 2,784,030
  mime 2,524,038
  mydoom 1,525,975

  Postini's StatTrak(TM) is available at http://www.postini.com/stats and provides the most up-to-date statistics on the latest viruses, spam and DHAs.

  About Postini
  Postini is the global leader in Integrated Message Management, providing compliance, security, availability, and visibility solutions for corporate email, instant messaging and web. Postini offers a complete suite of on-demand services including archiving, spam and virus blocking, content
  control, encryption, and business continuity. The company's powerful managed services infrastructure seamlessly integrates with customers' environment, providing uncompromising security for more companies than any other provider in the world. Postini's services protect organizations from a wide range of threats, reduce compliance and legal risks, ensure reliable communications, and enable the intelligent management and enforcement of enterprise policies that protect companies' intellectual property,
  reputations and business relationships.

  
• Postini's Seven Anti-SPAM Tips

  Andrew Lochart, senior director of marketing, Postini says internet users should follow theses seven commandments to reduce spam:

  1. If you are prompted for your email address when surfing the web, first read the privacy policy for the company. Make sure it states that they will not share your email address with anyone else whether they are affiliated with their business or not.

  2. If you subscribe to newsletters, verify what the privacy policy is as well.

  3. If you receive an unsolicited newsletter, do not follow the unsubscribe prompts. This will let the sender know that your email account exists and is in use.

  4. Only list your email address in public when it’s absolutely necessary.

  5. If you participate in any newsgroups, online communities or at social networking-websites make sure you have your preferences set to hide your email address.

  6. Only ever use your email signature with trustworthy recipients, particularly, when it includes your email address.

  7. If you fill out forms for raffles, subscription cards, or registration cards that prompt for your email address, leave it off.

  Many at ISPr are also quite fond of the free Thunderbird (Mozilla.org) e-mail client, which has some simple, yet quite effective, anti-SPAM filters of its own.

  
• Quiz tests your spam IQ

  By AP AND STAFF

  Your spam savviness could save you from a deluge of unwanted e-mails.

  And now you can test how well you spot unsafe sites thanks to an online quiz by anti-virus software maker McAfee Inc. (Visit mcafee.com/spamquiz.)

  The eight-question quiz provides consumers with two pairs of websites and asks them to pick the one more likely to guard their e-mail address.

  The stakes for failing are high: When McAfee registered at each of the unsafe sites in the eight pairs, it resulted in 2,697 e-mails each week. That's 104,244 e-mails per year.

  Signing up at the worst e-mailer offender in the quiz resulted in 1,075 e-mails per week.

  
• SEC sues over stock market spam scam

  By John Leyden

  A US couple have been charged over an allegation they made $1m via a stock market pump-and-dump scam, promoted using spam emails.

  Jeffrey Stone, 42, of Greenwich, Connecticut, and his missus Janette Diller Stone face a civil lawsuit from the Securities and Exchange Commission (SEC) over their alleged use of junk mail tactics to artificially increase the value of stock they held in start-up firm WebSky Inc.

  The pair allegedly bought 288m WebSky shares in September 2004 through various front organisations they controlled before selling them weeks later for a profit of $1m.

  The SEC alleges spam emails sent by stock promoters on behalf of the Stones falsely stated that WebSky's business in Argentina was bringing in revenues of $40m. In reality, the start-up had little or no revenue from Argentina or anywhere else at the time the spam emails began circulating.

  The junk email campaign helped ramp up WebSky's share value by around 300 per cent, according to the SEC.

  The dishonest promotion of WebSky shares is an example of so-called pump-and-dump stock campaigns which net security firm Sophos estimates currently account for approximately 15 per cent of all junk mail.

  WebSky itself had no involvement in the attempt to dishonestly promote its stock market price through spreading false rumours. But its chief exec, Douglas Haffner, was charged with selling stock to the Stones in a subsequent deal without registering the sale or obtaining an exemption from registration.

  In settlement against these charges, Haffner and WebSky have agreed to surrender $35,000 made from the transaction and to abide by an injunction against further violations of the registration provisions of federal securities law. Haffer has also agreed to pay a $25,000 fine as a part of a proposed settlement, which is subject to court approval, in which neither WebSky or Haffer make any admission of wrongdoing.

  
• Spam carrying embedded images designed to evade filters doubles

  Article by Tash Shifrin
  Monday 14 August 2006 - ComputerWeekly.com

  The amount of spam carrying embedded images designed to evade filters has doubled over the past three months, security experts have warned.

  Messaging security firm CipherTrust warned that at peak times, the devious image-based spam accounted for more than 30% of all spam messages.

  The increase has come as spammers have developed new tools that can generate completely randomised images and deploy them in spam at speeds of up to one million an hour.

  Overall, malicious message volumes have been rising sharply, with a 20% spike in global mail volumes last month, CipherTrust said.

  The security firm also warned that the number of “zombies” – compromised PCs used to pump out spam, viruses and phishing frauds – was continuing to increase, with the number of newly created zombies shooting up by 20% in May alone, the last major spike in numbers.
  
  CipherTrust chief technology officer Paul Judge said: "Over the last four years, the people responsible for spam have continued to use aggressive, and frankly ingenious, techniques to make their messages blend with legitimate e-mail.

  “It is a high-stakes, high-profit business, and they continue to invest heavily in attempts to get messages delivered to users in the face of increasingly effective anti-spam systems. The growing use of zombies and image-based spammers are examples of these initiatives.”

  
• Spam Filtering Floods Innocent Inboxes

  Do challenge/response spam filtering systems create more problems than they solve? One analyst argues against them.

  By Thomas Claburn
  InformationWeek

  Two weeks ago, Ferris Research messaging analyst Richi Jennings awoke to find his e-mail inbox filling with spam at a rate of about a message per second. Over the course of two days, a spammer using a bot net -- a collection of PCs that have been subverted through security exploits to send spam -- sent an estimated 10 million messages that purported to come from several of Jennings's e-mail addresses.

  That resulted in more than 25,000 bounce messages, from ISPs that return spam to the supposed sender (rather than deleting it) and from challenge/response filters that reply to spam with a note asking the listed sender to answer a challenge question before the initial message gets delivered.

  "It's kind of like a denial of service attack," says Jennings, who notes that while his coverage of anti-spam issues makes him a likely target for spammer retaliation, he has no evidence to prove that. This sort of attack also is referred to as a "joe job."

  Despite the fact the Symantec's Brightmail service did "an impressively good job" in blocking most of the bounced e-mails, Jennings nonetheless had to deal with hundreds of unwanted messages -- "about half a gigabyte of unwanted, 'backscatter' e-mail" -- that made it to his inbox.

  For Jennings, the episode reveals a fundamental flaw in challenge/response spam filters. "Challenge/response filters have more Achilles' heels than they have feet," he says.

  "Over the last year or two, I've spoken to countless challenge/response filter vendors and they all have their own excuse about why their solution is completely different, and really, yes, they agree this is a problem with badly written challenge/response spam filters, but their spam filter would never do anything so stupid and broken," says Jennings. "And of course I'm looking at an example from just about every one of those vendors that I got two weeks ago."

  Jennings argues that because challenge/response spam filters essentially create more spam, they end up harming the user's reputation. "The fact challenge/response causes backscatter means that the users of challenge/response filters are actually, perversely, more likely to have their messages blocked, because their reputation -- the reputation of their IP or domain -- will go down simply because people like me are receiving these things and class them as spam," he explains.

  In addition, Jennings suggests that users of challenge/response systems are foisting their spam problem on others, as if one were to respond to litter thrown in one's yard by shoveling it onto the street for someone else to deal with. "What the users of challenge/response spam filters are effectively doing is saying it's my job to filter their spam for them," he says.

  Tal Golan, CTO, president, and founder of Sendio, maker of a challenge/response e-mail appliance used by more than 150 enterprise consumers, disagrees strongly with Jennings's assertion that challenge-based filtering has problems. "Without question, the benefit to the whole community at large drastically outweighs that FUD [fear, uncertainty, and doubt] that's out there in the marketplace that somehow challenge/response makes the problem worse," he says. "The real issue is that filters don't work. From our perspective, challenge/response is the only solution. This whole concept of backscatter is just not true. Very, very rarely do spammers forge the e-mail addresses of legitimate companies anymore."

  Golan also dismisses the idea that challenge-response systems burden senders with filtering spam for recipients. Says Golan, "Most people out there today are very, very happy to make the world a safer place."

  
• Spam Levels Up by 80 Percent

  Image-based spam blamed for surge in junk e-mail over the past month.

  by Cara Garretson, Network World

  Researchers and IT managers are confirming security vendors' claims that spam levels have spiked in the past month--some say by as much as 80 percent--and show no signs of decreasing.

  "There are enormous amounts of spam; it's shot up like crazy since the beginning of October," says John Levine, president of consulting firm Taughannock Networks and co-chair of the Internet Research Task Force's Anti-Spam Research Group, which operates a number of e-mail addresses that aren't filtered for spam. "Earlier this year I was seeing about 50,000 spam messages a day, now I'm seeing 100,000."

  What's to Blame?

  Levine's assumption is this spike in spam levels is a result of a new generation of viruses and zombies that can infect PCs more quickly and are harder to get rid of. In its October report, messaging security vendor MessageLabs says the spike is largely due to two Trojan horses, Warezov and SpamThru.

  Others say a new breed of spam messages called image spam--messages with text embedded in an image file that evade spam filters, which can't recognize the words inside the image--is responsible.

  At North Shore-LIJ Heath System, a network of hospitals based in Great Neck, NY, with about 12,000 e-mail users, there's been an 80 percent increase in spam received in the last 45 days, says system architect Steve Young, and most of it is image spam.

  "We got slammed with a 50 percent increase [in spam] in one day. For the past year-and-a-half none of my users ever got a spam message; in that first 48 hours [of image-spam blasts] there were 500 calls and over 1000 complaints from users," he says.

  The majority of these image spam messages are so-called pump and dump scams, where spammers purchase a penny stock, promote it through e-mail, then sell it at a profit. Most appear to come from Europe, says Levine.

  After receiving so many calls from his users Levine called BorderWare, his e-mail security vendor, to ask for help. The company enrolled him in a beta program for its new technology designed to block image spam, which Levine says is working. "We blocked 7000 image spam messages in the first day" of trialing the new technology.

  Image Spam Headaches

  What's made image spam so vexing is that spammers have learned to represent words in an image that are recognizable to the human eye because of the way people recognize images that a computer can't understand, says Andrew Graydon, CTO of BorderWare.

  "They're banking on eye recognition, and so many of the solutions out there only deal with text analysis," says Graydon. The company's new technology, set to be unveiled next week, analyzes image spam and comes up with a characterization of the message that tracks 30 different pieces of information about it that mimic the way people visualize.

  Of course, as vendors come up with new techniques, spammers do, too. Image spam began popping up a few months ago, and security vendors responded with products that create a "fingerprint" of the message and match that against new incoming messages. Then spammers began randomizing image spam so that each message was slightly different from the last, therefore evading fingerprinting technology.

  "On a scale of one to ten, I would rate image spam as an eight" in terms of how troublesome it is, says Paul Judge, CTO of Secure Computing. "This is because spammers have leapfrogged from hiding text within other text to now moving it to a place that is unreachable by most antispam systems."

  Looking for a Magic Bullet

  Secure Computing is touting its TrustedSource Message Reputation fingerprints, which take a snapshot of a message identified as spam and then assigns a correlating reputation score to it. The company is adding ImagePrinting technology to this service that creates fingerprints specifically for images.

  While spammers can circumvent fingerprinting by changing even one pixel in the image, Judge says Secure Computing's ImagePrinting technology performs image normalization "to ignore variations and focus on reoccurring parts."

  Tumbleweed on Tuesday introduced its Adaptive Image Filtering technology designed to block image spam by using an image-processing technique called wavelet transform, which reduces an image to a mathematical formula that represents the message but still allows for variation, according to company officials. With the addition of this new filtering technology to Tumbleweed's e-mail security appliances and software, the products can catch image spam that has been randomized in order to circumvent spam filters, they say.

  The company has already analyzed thousands of image spam messages and continues to build its pattern-matching database to check incoming e-mail messages against, officials say.

  Whether or not antispam products can catch this new variant of spam, this huge increase in unwanted e-mail levels is concerning because it necessitates more bandwidth and computing power for anyone running an e-mail system, says Levine.

  "Spam is a huge tax on e-mail, and the tax just doubled," he says.

  

Misc

• Login...
• Register...

XML Feeds

• RSS 0.92: Posts, Comments
• RSS 1.0: Posts, Comments
• RSS 2.0: Posts, Comments
• Atom: Posts, Comments

Who's Online?

• Guest Users: 25