Tag Archive for SPAM

| March 18, 2016
Comments Off on Michigan Leader in SPAM

Michigan Leader in SPAM

Michigan Leader in SPAMIn a surprise finding, the New Jersey based anit-malware company Comodo’s Threat Research Labs found that Michigan is one of the leading sources of unsolicited e-mail on the Internet. Unsolicited bulk email is also known as “SPAM.” SPAM is usually considered junk e-mail. The Great Lake state ranked third behind California and New York in spewing out the most SPAM.

MichiganThe Comodo researchers examined all the emails Comodo filtered for customers in the second half of 2015, specifically looking at SPAM. In doing their research, they conducted an IP address analysis of the millions of pieces of email SPAM that came into the Threat Research Labs from their customers.

Through this analysis, researchers have been able to break down SPAM by state and find where it originated from. IP addresses from California (24.37%) and New York (22.36%) sent nearly half of the spam Comodo filtered, while Utah (19.42%), Michigan (10.79%), and New Jersey (3.68%) IP addresses rounded out the top five states.

Comodo State SPAM Map

Fatih Orhan, Director of Technology and lead at the Comodo Threat Research Labs said:

California and New York were not really surprising in terms of the top two states because of population and technology innovation taking place in those geographies — but finding Utah and Michigan in the top five was somewhat shocking

rb-

I have followed the battle against SPAM since 2009. Here are some tips to help protect yourself from SPAM

  • Keep your Junk E-mail Filter updated

Updates are available at Downloads on Office Online. Under Office Update, click Check for Updates.

  • Block images in HTML messages that spammers use as Web beacons

By default, Outlook is set to block automatic picture downloads. To verify your settings are, on the Tools menu, click Options. Click the Security tab, and then click Change Automatic Download Settings. Verify that the Don’t download pictures or other content automatically in HTML e-mail check box is selected.

  • Watch out for checkboxes that are already selected

When you buy things online, companies sometimes add a check box (already selected!) to indicate that it is fine to sell or give your e-mail address to other businesses. Clear the check box so that your e-mail address won’t be shared.

  • DO NOT sign up for commercial mailing lists.
  • DO NOT reply to email or unsubscribe from a mailing list that you did not explicitly sign up for.
  • Configure your email client to send and receive emails in Plain Text or Rich Text Format.

For Microsoft Outlook go to: Tools > Options… and click the Mail Format Tab. Change your Message format to Text Click OK.

Lest we forget, this is the same Comodo that was responsible for releasing 9 fraudulent certificates onto the Internet which, Sophos says impacted the trusted root authority on all default Windows and OS X installations, as well as high-profile websites like:
mail.google.com
www.google.com
login.yahoo.com (3 certificates)
login.skype.com
addons.mozilla.org

Sophos states that this breach allowed an attacker to easily masquerade a malicious website as one of the above with the HTTPS authentication succeeding.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| November 20, 2015
Comments Off on Shadiest Neighborhoods on the Web

Shadiest Neighborhoods on the Web

The Internet is organized into domains. Readers of Bach Seat are familiar with the .net domain since you got here. You are also probably familiar with other web neighborhoods like .com where Facebook and Google live. The folks in charge of the Intertubes have added more neighborhoods or technically Top Level Domains (TLD), and now we have over 1,000 TLDs, many of which have only been around for the past two years.

This rapid growth raises questions about how well those in charge of these new TLD’s secure their neighborhood against malware and other threats. CSO Online explains that just like any city, the Web has neighborhoods where dubious activities often take place: spam, scams, the distribution of potentially unwanted software (PUS), malware, botnets, phishing, and other suspicious activity.

Web security and WAN optimization firm Blue Coat Systems (BCSI) regularly analyzes hundreds of millions of Web requests from more than 15,000 businesses and 75 million users to track “shady activity” on the Web. In September, it released Do Not Enter: Blue Coat Research Maps the Web’s Shadiest Neighborhoods (PDF), with a list of the 10 top-level domains (TLDs) on the Web that are home to shady sites.

Blocking traffic to the riskiest TLDsBlue Coat recommends that organizations take steps to protect themselves, including blocking traffic to the riskiest TLDs and cautioning users to be careful clicking on any links that contain these TLDs. It further suggests that users who are unsure of a source hover their mouse over a link to help verify that it leads to the address displayed in the text of the link, or “press and hold” links on a mobile device to do the same verification

Blue Coat’s list of TLDs most associated with shady sites is constantly in flux but here is their September list.

  • .review – The .review TLD is shady mostly due to scam sites, Blue Coat’s Larsen says. “Just looking at the list of domain names, I would say all of the top 15 are scam sites,” he adds, “.review does not seem to be making any effort whatsoever to keep the bad guys out.”

How to read a URL

  • .country – The security firm says the .country TLD appears to have been colonized by scam networks that like to use a game/survey “reward” or “prize” as bait. Blue Coat’s Larsen told CSO there is a strong connection between some of the supporting ad networks on and known PUS networks (adware and spyware). Mr. Larson says, “So if you’d like to block that entire TLD on your Web gateway, I wouldn’t blame you.
  • Faux-lebrity.kim – The .kim TLD hosts some legitimate domains, most notably a Korean tech blog and several Turkish sites. According to Blue Coat, the TLD earned its shady online reputation due to the presence of scam networks linked to PUS, malware, and at least one domain that hosts a domain generation algorithm (DGA) used to pump out domain names that can be used with malware according to the blog.
  • .cricket – Named for the world’s second-most popular sport, the .cricket TLD is another shady neighborhood on the Web. The author notes that while home to some legitimate sites, researcher Larsen points to many instances of search engine poisoning. For instance, StarWarsMovie.cricket pulls lots of random Star Wars items into one place to get traffic — including images clearly lifted from other places.
  • .science – The .science TLD may be a victim of its own marketing. In trying to raise the TLD’s profile, the registry gave away free .science domains and became one of the shadiest TLD’s on the web. Blue Coat’s Larsen described their downfall in the CSO article. “Generally they tend to run into trouble when they run promotions for bulk registrations for really low prices … If you can register a domain for a buck, generally there will be bad guys there registering domains.” He says the .science domains seem to be largely associated with spam, and scam sites. The shady activity included a sizable network of ebook sites, which led to a download network that’s been associated with PUS activity in the past.
  • .work – The .work TLD seems to be more about spam and scams than malware, though Larsen’s team did find a few tentative connections to PUS networks. There were some legitimate sites, though Larsen notes that they might be worth blocking as well. Examples include a Turkish porn site. 
  • .Party domainparty – Mr, Larson told CSO that a number of the sites on the .party TLD may seem legitimate. However, he warns, “There are some yellow flags.” of search engine poisoning. The TLD also hosts a number of MP3 sites — probably piracy or something malicious. There’s also a site that hosts what appears to be a shady tracker.
  • .gq – The .gq TLD is the country code for Equatorial Guinea which Blue Coat’s Larson notes is in many ways a lifetime achievement award winner. He says, “If we look at all of the .gq sites … nearly 99 percent are shady”. Most of the abuse of .gq noted by Blue Coat has been in the form of search engine poisoning and many cookie-cutter “shady video” sites associated with PUS. It also features some “shocking video” spam/scam sites that spread via social media and a smattering of malware, phishing, and porn sites.
  • Barrel full of monkeys.link – The .link TLD is rife with porn content delivery networks and piracy sites, neither of which is counted as “shady” by Blue Coat. There are apparently a handful of legit sites in .link but beyond these legitimate domains are a host of survey scam sites. “Historically, it’s been a place for spammers to live,” Larsen says.

Of course, there are well-run TLD’s. The best according to Blue Coat are:

Safe web neighborhoods

rb-

These TLD’s are why companies like BluseCoat, Websense, and OpenDNS are in business. (OK- Websense and OpenDNS are no longer stand-alone companies anymore. Websense was gobbled by defense contractor Raytheon and then spit out as ForcePoint and OpenDNS has been assimilated into Cisco (CSCO).

You can use these tools to just block almost anybody from going to these shady parts of the web for the reasons explained above.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| June 30, 2015
Comments Off on How Social Engineering Works

How Social Engineering Works

From where I sit in my Bach Seat, it isHow Social Engineering Works clear that cyber-attackers will try anything to penetrate your online security. They will even exploit human nature to get access to a firm’s digital assets. In the human world, people who exploit human nature are often called politicians, con-men, or grifters. In the digital domain, we call it social engineering. Most online attackers use some sort of social engineering to get users to do something risky.

Social engineering psychological tricks

Here is a list of 6 psychological tricks that social engineers use to trick staff.

1- Reciprocation – When people are provided with something, they tend to feel obligated and then repay the favor.

2 – Scarcity – People tend to comply when they believe something is in short supply. As an example, consider a spoof email claiming to be from a bank asking the user to comply with a request or else have their account disabled within 24 hours.

3 – Consistency –  Once targets have promised to do something, they usually stick to their promises because people do not wish to appear untrustworthy or unreliable. For example, a hacker posing as a company’s IT team could have an employee agree to abide by all security processes, then ask them to do a suspicious task supposedly in line with security requirements.

4 – Liking – Targets are more likely to comply when the social engineer is someone they like. A hacker could use charm via the phone or online to win over an unsuspecting victim.

stick to their promises5 – Authority – People tend to comply when a request comes from a figure of authority. So a targeted email to the finance team that appears to come from the CEO or company president will likely prove effective.

6 – Social validation – People tend to comply when others are doing the same thing. For example, a phishing email might look as if it’s sent to a group of employees, which makes each employee believe the message must be valid if other colleagues also received it.

Conditioned to click

An article at Help Net Security Proofpoint argues that humans are psychologically conditioned (rb- Remember Pavlov’s dogs from Pysch 101?to click on links. Cyber-criminals leverage this conditioning by designing phishing emails most likely to trigger your automatic click response.

Proofpoint says that social engineering emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link. To put that into context a legitimate marketing department typically expects a <2% click rate on their advertising campaigns.

Steps to protect against social engineering

They offer the following suggestions to protect against social engineering phishing emails:

  1. Understand that you are not being targeted specifically, you and your machine are just collateral damage.
  2. Upgrade your computer from Windows XP (as Microsoft is no longer providing security updates to the OS) or disconnect it from the internet – it’s that dangerous.
  3. Don’t use simple predictable passwords that are easy to crack.

Businesses need to:

  1. Put in place layered security to provide an in-depth defense against the latest attacks and malware.
  2. Run awareness campaigns with your staff telling them not to click on links within social networking emails such as LinkedIn invitations. They should instead open their browser or app, log in, and manage their invites/messages from there.
  3. Deploy new technologies that combine big data security analytics with advanced malware analysis. These technologies provide predictive and click-time defense, end-to-end attack campaign insight. They also offer automated incident containment capabilities through connectors to your existing security layers.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| December 23, 2014
Comments Off on Instagram Purge

Instagram Purge

Instagram PurgeJust in time for the holidays, online time-waster Instagram cleansed itself of several million fake followers. The photo-sharing service warned all of its “users” they were going to delete fake accounts and low-n-behold they actually did. The inevitable whining from the entitled generation ensured as their follower’s nee spambots were deleted one by one.

faux-lebritesThe moaning and wailing and gnashing of teeth that was coming for LA-LA land and its faux-lebrites whose “followers” disappeared overnight. According to the site 64px.com  (bravo sir!), the top biggest loser was Instagram itself which lost nearly 19 million fake followers. The biggest faux-lebrity losers (and click-bait) in the #InstagramRapture according to the site are:

RankAccountUsers disappeared% Users disappeared
1Instagram18,880,21129.44
2justinbieber
3,538,228
14.86
3arianagrande1,529,206
7.03%
4kimkardashian1,300,9635.53
5selenagomez1,116,032
5.70%
6kendalljenner
906,897
5.32%
7kyliejenner826,5295.28%
8beyonce
831,971
3.75
9khloekardashian
748,269
4.70%
10taylorswift725,3794.39%
11mileycyrus
711,898
5.03
12snookinic378,1167.2838%

Not only the denizens of LA-LA Land that were impacted by the Instagram purge, but several businesses also lost large numbers of bogus fans. Besides Instagram the biggest business loser include:

  • natgeo lost nearly 289,000 followers
  • nike lost over a quarter of a million spambots followers
  • forever21 lost 245,210 followers
  • nba account lost 195,531 fake fans and
  • louisvitton lost 106,740 bogus followers

rb-

I wrote about another social media “issue” when Cisco was reportedly buying followers on Twitter. Maybe Cisco has been selling its followers to the tweenies on Instagram.

We can hope that the #temperature teaches the entitled generation that life is not fair, especially when your friends are spambots. Go outside, talk to people, learn a programming language, stop supporting reality TV and porn actors.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , ,
| October 16, 2014
Comments Off on How to Spot Phishing

How to Spot Phishing

Phishing scams are spam emails sent by cyber-criminals that can lead to identity theft at home and data breaches at work. Phishing attacks pretend to be from a legitimate person or organization to trick you into revealing personal information. A phishing attack begins when a cyber-criminal sends an email that looks like it originates from your bank.

PhishingThe email might hint at a problem with your account asking you to “confirm” account information by clicking on a link that takes you to a fake website. The fake website asks you to type in your bank account user name and password. The goal is to convince the target that the web page is legitimate so that they will enter their credentials. Once entered, attackers can access an individual’s finances.

Phishing attacks

RSA reports 2013 was a record year for phishing attacks. They report that nearly 450,000 phishing attacks were launched in 2013 with losses estimated to be nearly $6 Billion. The security firm believes that these attacks will continue for the foreseeable future. They point out that it only costs an attacker $65.00 to spam 500,000 email addresses.

spoofed financial organizationsSymantec reports (PDF) that 1 in every 392 emails a user receives is a phishing attempt. 71% of the phishing attacks were related to spoofed financial organizations and login credentials for accounts seem to be the main information phishers are looking for. Dell SecureWorks delved into the depths of the online underground economy and found the value of personally identifiable information (PII).

value of personally identifiable information

  • Visa and Master Card account numbers are worth up to $15
  • American Express account numbers are worth up to $18
  • Date of Birth (DOB) is worth up to $25

On his excellent website, Brian Krebs revealed the black market value of hacked credentials.

  • Active accounts at Facebook and Twitter retail for just $2.50 apiece,
  • $4 buys hacked credentials at wireless providers ATT.com, Sprint.com, Verizonwireless.com, and Tmobile.com,
  • Groupon.com accounts fetch $5,
  • Fedex.com, Continental.com, and United.com accounts for go for $6.
  • iTunes accounts go for $8 on the cyber underground economy.

medical records

In a new phishing twist, attackers are going after medical records to exploit the broken healthcare industry. Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cybercrime protection company.

With these threats in mind, PhishMe developed an infographic, click on the image below to see the complete image.

How to Spot a Phish

PhishMe infographic

rb-

Since many cyberattacks originate with phishing emails, the best way for organizations and individuals to protect themselves online is to recognize and avoid phishing emails.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
« Older Entries   Recent Entries »