Tag Archive for SPAM

| February 28, 2012
Comments Off

Romney Defeats Gingrich in US Spam Primaries

SPAMJust in time to get rid of all the annoying political ads on TV and radio leading up to the Michigan primary, GOP presidential wannabe Mitt Romney has been crowned King of political spam. His high-profile run as the leader for the 2012 nomination for the US presidential election has made him popular with spammers.

GOPMitt Romney, is also the favorite politician of spammers touting knockoff drugs and dubious bargains in junk e-mail according to a Bitdefender analysis of 8 million unsolicited messages spread in January.

Romney is mentioned in 45 percent of spam messages that reference US politics, ahead of second-placed Republican Newt Gingrich, who scored 33 percent,

SPAMRomney’s name was most often used in scam messages that advertise low-interest loans or free credit score analysis while Gingrich was mentioned in junk mail promoting miraculous energy-saving devices that almost certainly don’t exist. The article says most of these offerings actually redirect the unwary user to survey site scams or knockoff drugs for sexual dysfunctions.

US Republican hopeful Ron Paul came third in the BitDefender spammers’ list, with 12.18 percent. The most popular politician outside the Republican race that caught the spammers’ attention this year was Bill Clinton, with 3.99 percent.

Mitt Romney“Winning Most-Mentioned Politician in Bitdefender’s spam survey is probably not an honor that many politicians want,” said Bitdefender E-Threats Analyst Bogdan Botezatu, who coordinated the spam study. “And I don’t think we’ll see spammers suddenly turning into political pundits. But the results could tell us which politicians spammers think are most likely to get a reaction from random e-mail readers. Spammers are, ultimately, after money and they’re essentially making a bet on popularity when they favor one politician’s name over another.”

The author says spam messages often use names of celebrities or politicians in fragments of news items in trying to give credibility to the message and to trick antispam filters that look for the percentage of links versus other words in the message.

In the BitDefender overall analysis of spam not filtered to include only political references – the Republican politicians were handily beat by celebrities including Jay Leno, Eva Longoria, Kobe Bryant, and even political commentator Rush Limbaugh.

rb-

I wrote about spammers hijacking celeb’s identities to spread spam. In the past, Jay Leno  and Heidi Klum have been called the most dangerous celebs on the web.

 

Related articles
Category: Politics, Security | Tags: , , , , , , ,
| February 23, 2012
One comment

McAfee Labs 2012 Threat Predictions

Crystal ballComputer security company McAfee unveiled its Threat Predictions report (PDF), outlining the top cybersecurity threats organizations and individuals are likely to face in 2012. McAfee, a wholly owned subsidiary of Intel (INTC), says that for the most part, 2012 looks like it will look like 2011 only worse, with many of the recent threats gaining momentum. Here are the predictions:

Industrial Attacks: Cybercriminals will target Water, electricity, oil and gas utilities. These are essential services to everyday lives, yet many industrial systems are not ready for cyberattacks according to McAfee. Many of the environments where SCADA (supervisory control and data acquisition) systems are deployed don’t have stringent security practices. McAfee predicts attackers will leverage this lack of preparedness with greater frequency, if only for blackmail or extortion in 2012.

Legalized Spam: McAfee Labs says global spam volumes have declined in the past two years. However, legitimate advertisers are picking up where the spammers left off using the same spamming techniques, such as purchasing third-party email lists or databases from companies going out of business. McAfee Labs expects to see this “legal” spam and the technique known as “snowshoe spamming” to continue to grow at a faster rate than illegal phishing and confidence scams.

Mobile Threats: 2011 has seen the largest levels in mobile malware history, McAfee Labs expects that continue in 2012. They expect mobile attackers to improve on their skill set and move toward mobile banking attacks. Techniques previously dedicated for online banking, such as stealing from victims while they are still logged on while making it seem that transactions are coming from the legitimate user, will now target mobile banking users. McAfee Labs expects attackers will bypass PCs and go straight after mobile banking apps, as more and more users handle their finances on mobile devices.

Ames automatic governorEmbedded Hardware: Embedded systems are designed for a specific control function within a larger system, and are commonly used in automotive, medical devices, GPS devices, routers, digital cameras and printers. McAfee Labs expects to see proofs-of-concept codes exploiting embedded systems to become more effective in 2012 and beyond. This will require malware that attacks at the hardware layer, and will enable attacks to gain greater control and maintain long-term access to the system and its data. Sophisticated hackers will then have complete control over hardware.

Cyber terrorCyberwar: Countries are vulnerable due to massive dependence on computer systems and a cyberdefense that primarily defends only government and military networks. Many countries realize the crippling potential of cyberattacks against critical infrastructure, such as water, gas and power, and how difficult it is to defend against them. McAfee Labs expects to see countries prove their cyberwar capabilities in 2012, to send a message.

SSL Certificate keysRogue Certificates: Organizations and individuals tend to trust digitally signed certificates, however, recent threats such as Stuxnet and Duqu used rogue certificates to evade detection. McAfee Labs expects to see the production and circulation of fake rogue certificates increase in 2012. Wide-scale targeting of certificate authorities and the broader use of fraudulent digital certificates will affect key infrastructure, secure browsing and transactions as well as host-based technologies such as whitelisting and application control.

Greedy politicansLegislative Issues: DNSSEC (Domain Name System Security Extensions) are meant to protect a client computer from inadvertently communicating with a host as a result of a man-in-the-middle attack. Governing bodies around the globe are taking greater interest in establishing “rules of the road” for Internet traffic, and McAfee Labs expects to see more and more instances where future solutions are hampered by legislative issues.

Occupy wall stHacktivism: McAfee Labs predicts that in 2012 digital disruptions like Anonymous will join forces with physical demonstrators and will target public figures such as politicians, industry leaders, judges and law-enforcement, more than ever before.

Virtual Currency: McAfee Labs expects cybercurrency will be an attractive target for cybercriminals.  to see threats evolve to steal money from unsuspecting victims or to spread malware.

Hardware Attacks: McAfee Labs expects to see more effort put into hardware and firmware exploits to create persistent malware in network cards, hard drives and even system BIOS (Basic Input Output System). and their related real-world attacks through 2012.

Related articles

Category: Security | Tags: , , , , , , ,
| August 2, 2011
2 comments

Jay Leno Most Dangerous Celebrity in Cyberspace

MalwareThere are many late nights when I sit in the Bach Seat after a long day of coordinating shared technical services and need some silliness. Jay Leno was my late-night source of silliness until BitDefender told me he is the Most Dangerous Celebrity in Cyberspace.

Jay LenoAccording to an analysis of 25 million spam messages by the Bucharest, Romania based anti-malware firm, comedian and TV host Jay Leno is the most dangerous Hollywood celebrity in cyberspace. BitDefender found Mr. Leno mentioned in the subject line of 38,000 spam messages most of which focused around medicine and the purchasing of pills but come with enticing subjects such as ‘Jay Leno found taking drugs.’

“Cyber criminals follow the latest trends just as consumers do and they use these and the names of popular celebrities in their campaigns in order to lure people to websites that are full of malicious software (malware),” said Catalin Cosoi, Head of the BitDefender Online Threats Lab.

AfBitDefenderter Mr. Leno, the article at InfosSec Island says that cyber criminals next most often used Madonna and Cameron Diaz to spread spam. (I wrote Cameron Diaz’s reign and the McAfee “Most Dangerous Celebrity on the Web” here). The rest of the top 10 personalities used by spammers include:

Other notables on the list are:

Notable for their absence from the list are:

rb-

The use of celebrities to promote malware and spam is deeply rooted in social networking and Web 2.0. In 2009, Barracuda Networks identified a ‘Twitter crimewave’ on Twitter after popular celebrities joined the service to tweet to fans. Criminals followed the celebrities to the new service sensing a new population of easy-to-fool users, using a range of techniques including impersonation and simple link spamming to draw people to malware-infested websites. Facebook still has a major problem with celebrity abuse.

This may seem trivial because most firms have set up gateways to filter these spam-mails from hapless users in boxes. However, there are enough users that ignore the warnings and open spam-mails to make spamming on a vast scale worthwhile to the spammers.

What do you think?

Who is your favorite late nigt host?

View Results

Loading ... Loading ...
Related articles
Category: Malware, Security | Tags: , , , , , , , , , , ,
| February 9, 2011
2 comments

Who Moved My SPAM?

SPAm logoAnalysis of the spam trends by security vendor Commtouch reveals a significant drop in global spam levels according to the Help Net Security.  The article say that the average spam level for Q4 2010 was 83% down from 88% in Q3 2010. The beginning of December saw a low of nearly 74%. The New York Times also noted the decline in SPAM during Q4 2010. The NYT cites data from MessageLabs that global spam volumes dropped to about 30 billion messages a day from about 70 billion before Christmas. MessageLabs says the decline added to a downward trend under way since August, when spam peaked at some 200 billion spam messages a day, or 92.2 percent of all e-mail.

Symantec SPAM levels

computer spamThere are several theories why SPAM is drying up. One theory in the NYT article for why the botnets stopped spamming is that an important source of business may have dried up. September 2010 saw the Russians close down SpamIt, the organization allegedly behind much of the worlds pharmacy spam. Without SpamIt, “at least for now, there’s no content to fill the spamming cannons that Rustock has,” John Reid, of Spamhaus, a nonprofit group that tracks spammers, told the NYT.

Another theory put forward is that the botnet operators are intimidated. The NYT reports that in addition to going after SpamIt, Russian authorities recently arrested two spammers in Taganrog,in southern Russia, who had a database of nearly two billion United States and European Union e-mail addresses they had used to spread malicious programs, according to the HostExploit blog. “Even if the people were unrelated, the chilling effect of arrests can cause others to lay-low for a while,” Mr. Reid said, adding, “But all this is speculation.”

Symantec MessageLabsMatt Sergeant, senior anti-spam technologist at MessageLabs, a unit of the security-software maker Symantec (SYMC) wrote in a blog post, “Did the people in charge of these botnets suddenly go on vacation? Currently there are no explanations on why these botnets stopped spamming.”

Another theory could be that SPAMmers are changing tactics. The botnet operators appear to be shifting their focus to more lucrative social networking and mobile channels. Jamie Tomasello, Abuse Operations Manager at Cloudmark, told Help Net Security that these platforms allow SPAMmers to reach more responsive recipients compared with traditional email messages.

In a survey of Facebook users by F-Secure, the anti-malware firm, found that social networking spam is now a problem for three out of four Facebook users reported by ITNewsLink. F-Secure also found that 78 percent think spam is a problem on the site and 49 percent report they frequently see something in their newsfeed that they consider spam.

cloudmarkMs. Tomasello explains that technically, a botnet can send any kind of content and so they are increasingly being used to send messages that spoof content from social networking sites. This works in a similar way to email phishing attacks, where a message would drive the recipient to a malicious payload, or to a website to capture the recipient’s social network credentials. The cybercriminal could then log in to the social networking site with the compromised credentials and send spam via the platform to the compromised recipient’s friends.

Cloudmark’s Tomasello says that these messages can be much more convincing than email spam messages because social networks, and the friends a user is connected with, are often well trusted. Once a cybercriminal has compromised credentials they will use them to try to gain access to other e-commerce, social network, email or bank accounts, because many internet users use the same username and password combination across multiple web sites.

Mobile devices are also seeing increased threats. Gareth Maclachlan, Chief Operating Officer of AdaptiveMobile, a mobile security firm told ITnewslink “With the increasing pervasiveness of Smartphone devices, 2010 has undoubtedly been the year that fraudsters have truly turned their attention to mobile platforms.” Mr. Maclachlan continues:

With Smartphone penetration reported to reach 37 per cent in Europe and 44 per cent in the US by 2012, we predict that the number of threats targeted at unsuspecting mobile users will continue to increase at an exponential rate throughout the course of 2011. Even more significantly, the nature of the threats we are seeing will increase in sophistication. … next year will see the emergence of the ‘compound threat’ – intelligent scams designed to exploit multiple phone capabilities in order to reap maximum reward for the criminals, before the user even realises they have become a victim.

rb-

My SPAM data tracks with what the big boys are saying. The average number of SPAM emails I receive has dropped to a near record low 12.3 SPAM messages per day in January 2011 from a high of 77.5 SPAM messages in May of 2009.  The record low monthly average was 11.0 SPAM messages in May 2010. The number of SPAM messages I get on my Blackberry has been minimal, but the number of junk email’s I get even through LinkedIn has climbed.

Average Daily SPAMAre SPAMmers taking a break or reloading?

What are you doing to prevent SPAM on mobile devices?

Related articles
Category: Networking, Security, Social Networking, Wireless | Tags: , , , , ,
| August 16, 2010
Comments Off

2009 SPAM results

PC World chronicles how analysts at the a California-based security company FireEye executed a plan to shut down the Mega-D (or Ozdok) botnet in early November 2009. At one point the Mega-D botnet reportedly accounted for 32 percent of all spam. In order to shut down this threat, Afit Mushtaq and two FireEye colleagues went after Mega-D’s command infrastructure.

According to the article, the botnet’s command infrastructure was its weak-point. The Mega-D owned bots infesting PC’s were directed from online command and control (C&C) servers throughout the world. If the bots could be separated from their controllers, the researchers found that the undirected bots would sit idle on the PC’s not delivering their malware. Mushtaq found that every Mega-D bot had been assigned a list of destinations to try if it couldn’t reach its primary command server.  Taking down Mega-D would need a carefully coordinated attack.

To coordinate the attach the FireEye team contacted the Internet Service Providers (ISP’s) that hosted Mega-D control servers. Mushtaq’s research showed  that most of the Mega-D C&C servers were based in the United States, with others in Turkey and Israel. The FireEye team received cooperation for the U.S. based IPS’s but not the overseas ISPs. The FireEye team took down the U.S. based C&C servers.

Since the ISP’s in Israel and Turkey refused to cooperate, PC World reports that Mushtaq and company contacted domain-name registrars holding records for the domain names that Mega-D used for its control servers. The registrars collaborated with FireEye to point Mega-D’s existing domain names to no­­where. This cut off the botnet’s pool of domain names that the bots would use to reach the overseas ISP based Mega-D C&C servers.

As a last step, PC World says that FireEye and the registrars worked to claim spare domain names that Mega-D’s controllers listed in the bots’ programming and pointed them to “sinkholes” (servers FireEye had set up to sit quietly and log efforts by Mega-D bots to check in for orders). Using those logs, FireEye estimated that the botnet consisted of about 250,000 Mega-D-infected computers.

MessageLabs reports that Mega-D had “consistently been in the top 10 spam bots” for the earlier year. The botnet’s output fluctuated from day-to-day, but on November 1 Mega-D accounted for 11.8 percent of all spam that MessageLabs saw. Three days after FireEye’s operation, Mega-D’s share of Internet spam to less than 0.1 percent, MessageLabs states.

Mushtaq recognizes that FireEye’s successful offensive against Mega-D was just one battle in the war on malware. The criminals behind Mega-D may try to revive their botnet, he says, or they may abandon it and create a new one. But other botnets continue to thrive. “FireEye did have a major victory,” says Joe Stewart, director of malware research with SecureWorks in the PC World article, “The question is, will it have a long-term impact?”

Mushtaq says that FireEye is sharing its method with domestic and international law enforcement,  “we’re definitely looking to do this again,” Mushtaq says. “We want to show the bad guys that we’re not sleeping.”

rb-

The take down of Mega-D by FireEye has had a noted decrease in the level of SPAM I observed. During the 10 months before the Mega-D take down, the daily average of SPAM messages (DASM) received 49. After the November 2009 Take down, DASM rate dropped to 33. A step down in to the numbers reveals that the November 2009 DASM was 35 and the December DASM was 29.


The overall DASM trend line for 2009 was down. In order to keep the trend going down, firms should investigate the ShadowserverASN & Netblock Alerting & Reporting Service. This free reporting service is designed for organizations that directly own or control network space. The service provides reports detailing detected malicious activity to aid in their detection and mitigation program.  Shadowserver has provided this service for over two years, and now generate over 4,000 reports nightly.  The reporting service monitors and alerts the following activity:

  • Detected Botnet Command and Control servers
  • Infected systems (drones)
  • DDoS attacks (source and victim)
  • Scans
  • Clickfraud
  • Compromised hosts
  • Proxies
  • Spam relays
  • Malicious software droppers and other related information.

Detected malicious activity on a subscriber’s network is flagged and included in daily summary reports detailing the previous 24 hours of activity. These customized reports are made freely available to the responsible network operators as a subscription service.

Category: Malware, Security | Tags: , , ,
« Older Entries  

Switch to our mobile site