Earlier this month, popular website and newspaper The Onion, which offers a satirical look at the news and current events, had their Twitter account hacked by a Syrian group calling themselves the Syrian Electronic Army. The account was then used to send series of anti-Israel posts and posts attacking the US and United Nations. The Onion has revealed that the hack happened courtesy of a phishing attack and that one foolish employee and some sloppy security are to blame. In a post on their website they explained in detail:

Once the attackers had access to one Onion employee’s account, they used that account to send the same email to more Onion staff at about 2:30 AM on Monday, May 6. Coming from a trusted address, many staff members clicked the link, but most refrained from entering their login credentials. Two staff members did enter their credentials, one of whom had access to all of our social media accounts.

After discovering that at least one account had been compromised, we sent a company-wide email to change email passwords immediately. The attacker used their access to a different, undiscovered compromised account to send a duplicate email which included a link to the phishing page disguised as a password-reset link. This dupe email was not sent to any member of the tech or IT teams, so it went undetected. This third and final phishing attack compromised at least 2 more accounts. One of these accounts was used to continue owning our Twitter account.

To their credit, the Onion’s IT staff readily admitted their mistakes, saying the email addresses linked to their social media accounts should have been isolated from the rest of the company’s email and that it’s obvious they need to better educate their users. Education is never enough though, because you never know when a user will get impulsive, greedy, or just plain tired and not think before clicking. Humans are well…human. That’s why it’s important to protect your network and its data with software and hardware solutions and a little common sense.

Has your company ever been hacked? If so, what happened and what did you do to keep it from happening again?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Syria’s State-Sponsored Phishing Attack Nets an Onion

- from Spam: A Shadow History of the Internet, by Finn Brunton

It’s difficult not to hate spam, but ironically, it’s hard not to love it, too. It gives us something to discuss around coffee machines, it’s often laughable, and when it isn’t threatening to tear down our firewalls, it’s just plain entertaining. In his book Spam: A Shadow History of the Internet (MIT Press, ISBN 978-0-262-01887-6), Finn Brunton takes a long hard look at the fascinating history of spam, offering some invaluable insights and more than a few chilling perspectives on the origins of spam.

We caught up with Brunton and spoke with him about the book, his observations and what we might be able to learn from the past to help us deal with spam in the future.

ASU: Spam has been with us since 1971. If it’s been around so long, why haven’t we managed to conquer it?

Brunton: There are two primary reasons: first, if we take spam generally, because we keep shifting the goalposts. “Spam” means so many different things over the history of the word, things that are technically and socially distinct from one another (aside from the general similarity of using information technology infrastructure to exploit existing aggregations of human attention). Every new platform – Facebook, Twitter, search, mobile apps – generates its own forms of behavior and predatory business models that are dubbed “spam.”

Second, if we’re talking specifically about email spam, because we’ve got a last mile problem. All the low-hanging fruit – the small-time “entrepreneurs” with U.S. business addresses, and so on – are gone; the remaining spammers are a much more robust and sophisticated group, building botnets, and using friendly banks and ISPs often in problematic jurisdictions. And they’re insinuated into infrastructure that’s harder to reform, like easily exploited pirate copies of Windows, and shady international money transfer operations. That said, their model is also quite brittle.

ASU: If there’s one takeaway about spam that you’d like your readers to glean from your book, what is it?

Brunton: The takeaway from the history of spam is that it’s ultimately about how much we decide our attention is worth – who gets to distract us, how much noise is an acceptable price to pay for technologies, and how we instrumentalize those choices into things like software and law enforcement. Allocating attention will be one of the big resource issues of the 21st century.

ASU: What’s the most interesting or disturbing thing that you learned about spam when researching your book?

Brunton: I was fascinated by the circadian cycle of spam campaigns – that the biggest botnets cover enough of the Earth’s surface that you can follow the planetary rotation (people in the evenings and at night powering down their computers, taking them offline) in the crests and troughs of global spam volume. David Dagon has done some great research on this.

ASU: Do you think the advent of social media has made the war against spam unwinnable?

Brunton: No… I think it was (in retrospect) a trade-off we made in favor of openness. We could have had a totally spam-free network if we had wanted it to be like Minitel, locked-down and specified in every detail in advance. The opportunity cost of that would have been so high. There’s no way to “win” against spam as such, no more than you can win against, say, poverty, but we can manage and contain it – make it more like a low-level chronic problem, keep the profit margins thin, and protect the people most vulnerable to being tricked and exploited by it.

ASU: Have you reached any conclusions about the future of spam?

Brunton: Increasingly sophisticated spearphishing and lightweight identity theft with hacked social network accounts will be bigger and bigger problems – very, very hard to filter. New systems for authentication and verification will be really important (the age of the password needs to end – not that I take lightly the work involved in shifting to other models!).

Finally, a pet theory that makes me laugh: I hope the value of bitcoin stabilizes and grows, because once BC mining starts generating more value than sending spam, we might start to see the botnets switch over. It’s still exploiting compromised computing power, but at least it’s doing proof-of-work rather than sending out pharma messages!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

‘Spam: A Shadow History of the Internet’ Takes a Hard Look at the Dark Art of Spam

Pump and dump spam, once a thriving scam, roared back to life in Q1 years after it had quietly died out. Back in the early 2000s it was a one of the most popular types of spam, and it gave many a scammer a nice fat payday. It works by sending messages made to look like hot stock tips that urge the recipient to invest quickly before word gets out and the stock price rises. This is the “pump” part of the equation. These stocks are generally worthless and from companies you’ve probably haven’t heard from. Their lack of value got them the nickname “penny stocks” because they were often literally only worth pennies a share.

The scammers send their messages and sit back, hoping enough naïve and greedy people will take the bait and buy the stock. As they do the stocks value rises, albeit artificially, and the scammers know the bubble will eventually burst. When the time is right, they sell (dump) their shares, making a nice profit for themselves and then disappear. Everyone else who fell for the “hot tip” they got in their email is left in the cold when the stock price plummets again, making the stock worthless. The SEC doesn’t take kindly to this type of spam, but since the groups behind it are often overseas and protected by scammer friendly ISPs and webhosts, tracking them down and prosecuting is difficult at best.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Pump and Dump Spam is Back

According to

Yes, that’s right, your mother’s email. Let’s face it. If you are reading posts here on AllSpammedUp, you’re probably a geek. And that means that your mother probably has a PC you built or bought for her, or at least set up for her, and is using one of those free email services that you probably helped her set up.

When you make those visits to the old homestead to say hi, you probably spend at least an hour making sure that the antivirus software is up to date, and that Windows Updates have been applying like they should, and then you spend another hour removing the Ask Toolbar and updating Flash and Acrobat and getting Solitaire back to Draw One instead of Draw Three mode. Come on, show of hands. How many of you can relate to this? 

So while you are tweaking that PC, take a little time to tweak the email client, the junk mail filters, and if she needs it, to go over the basics with your mom about spam and phishing. At least here in the US, the large majority of people we hear about on the local news who have fallen victim to phishing attacks seem to be senior citizens. They have computers and email accounts, but they just don’t have the natural skepticism and suspicion that so many of us in IT have. When they get an email that seems to be from a family member asking for help, they tend to send money first and ask questions later. When they get an email that looks like it is from the grandkids with a link it says to click, they are expecting pictures from the school play, not a virus taking over their computer.

So what can you do to help your mom avoid being a victim, or having a mailbox full of spam? Several things.

• Make sure that Windows Update is configured and all patches are applied
• Make sure current antivirus software is installed, updating daily, performing real-time scanning and scheduled scans
• If your mother is using a mail client instead of just web mail, make sure it’s junk mail filtering is enabled
• Check for third party add-ons like browser plugins or other software that has no business being on the computer
• Walk her through our series on talking about spam.
• Give her flowers, and take her out for a nice dinner.

Okay, that last one won’t help with spam, but it will help make up for all those terrible things you did as a kid, and will put a smile on her face.

Happy Mother’s Day Mom, and to all the moms who read our blog, and to all the moms of all of our readers.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Give Your Mother a Spam-Free Mother’s Day

Now any organization with a good anti-spam solution in place, notice I said good, will see a great deal of these messages filtered out because their technological controls will spot these illicit messages and sent them directly to the spam folder.

But what about those messages that make it through? Criminal organizations, and individuals, who send spam are constantly working to circumvent these technical controls so that their messages make it into their victims’ inboxes.

In addition to your technical controls, your organization should be teaching your users the basics about spam and phishing. Organizations who are serious about supplementing their anti-spam solution with a human element should make sure that their users know the following:

Why malicious emails are so dangerous

Most users aren’t quite clear as to the problems caused by spam and phishing attacks. They don’t know that by clicking on that link they could be going to a web site that infects their computer with malware. They don’t know that most Advanced Persistent Threats use email as the manner in which they establish a foothold in the organization’s network. Most aren’t even aware of what an Advanced Persistent Threat is despite the term being thrown about in the wake of recent attacks. Without first understanding how dangerous these threats can be users may not take the rest of their education seriously.

How to spot a malicious email

Whether the email is a marketing email that is more annoying than dangerous or a spear phishing email that is loaded with malicious attachments or links users need to know how to spot the common characteristics used by these threats. Teaching them to spot a malicious email or any security threat for that matter, gives the rest of your education program, and your security program, a solid foundation in which to work from.

What to do with a malicious email

Different organizations have different policies for dealing with spam and phishing emails. Some instruct their employees not to interact with a suspicious email, but instead to simply delete it. Others may have the employee identify the email as such so that the anti-spam filter can analyze it to learn its patterns. Others may have employees forward the email to an address in the organization’s IT security department. Whatever course of action your organization takes, make sure that people know what it is.

Who to tell if they fell victim to an attack

Most users are embarrassed if they realize that they have fallen for a phishing scam, especially at work. Whether they fear ridicule from their manager, or simply fear for their job, when these problems go unreported it allows the threat to gain a foothold in the organization’s network and gives them time to identify confidential assets that they can compromise. When users are safe to report, and know how to report, if they have fallen for a suspicious email it gives IT security time to deal with the breach and possibly mitigate any losses as a result. It also helps the organization’s reputation with the public when it is disclosed that yes there was a breach but it was immediately contained and no data/resources were stolen.

Technical controls used to secure email have improved greatly over the years, and some offerings are even geared towards the management capabilities of the small to medium sized enterprise and abandoning the old one size, and one price, fits all mentality. But there needs to be an additional layer that supports the anti-spam filter and that layer is the employees themselves.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Do You Know What to Do When You Get Spammed?

It’s become part of the lore, the mythology, if you will, of the Internet, up there with Grace Hopper’s discovery of a dead moth inside the Harvard Mark II in 1947. Of course, the term ‘bug’ as a way of describing a glitch had been around for at least a hundred years before that, and Admiral Hopper never claimed to have found the moth herself. But that’s the beauty of lore. It doesn’t have to be truthful or accurate, and often sounds better when the facts become distorted. Much like politicians.

The origins of that nasty blight on society called email spam began on May 3, 1978, when the Interwebs was still an unuttered spark in the mind of George W. Bush. Back then, of course, it was known as Arpanet, and only the geekiest members of humankind – university professors, mostly – were permitted to play with it. in fact, it would have been far more appropriate to just get it over with and call it ‘Comicnet’, ‘Spockweb’, or ‘LucasNet’, but the US military had invented it, and they clearly have no sense of humor whatsoever.

Of course, partners to the research efforts promoted by Arpanet – mostly finding better and more efficient ways to kill people – were also allowed access to Arpanet, so it was a massively functional network of a few hundred users back in 1978. Put it into perspective this way: around 1980, there were approximately 20 operational networks on the Internet (Arpanet), while in 1995, the Internet had over 50,000. So, it just wouldn’t be right if the first spammer was a geek. Let’s face it: geeks are cute and mostly harmless, very reminiscent of Furbies.

Spoiler alert: you won’t be disappointed

How appropriate is it that the very first spammer was – wait for it – a MARKETING MANAGER? That’s right. On May 3, 1978, Gary Thuerk, a Marketing Manager for Digital Equipment Corporation, broadcast an email promoting a new DEC computer.

As the lore goes, Thuerk chose not to send out separate emails – a massive task for such a huge network as LucasNet – so instead he enlisted the help of assistant Carl Gartley, who wrote a single mass email. Now you may ask yourself: if it was a single mass email, why did he need an assistant? This is a troublesome head scratcher, indeed, but remember: Thuerk was a marketing manager, after all.

‘Mass’ Marketing?

Thuerk and Gartley broadcast the email to – wait for it – 393 people! Yes, in what would be considered a misfire in today’s world of nearly 2.5 billion Internet users, the very first spam message was a mere pimple upon a pimple residing on a freckle.

Laughably, perhaps, certainly in today’s scales, the reaction to the ‘mass’ broadcast was intense and fiercely negative. One can almost hear the clamorous voices of the researchers at MIT: ‘How dare you interrupt our Classic Trek marathon?’ or at Oxford: ‘Indeed? This chap’s gotten a little cheeky for my liking. He’s out of the Dungeons and Dragons tourney!’ or the Sorbonne: ‘Damn! I lost my count on these punch cards!’

Interestingly enough – and maybe this was a prophecy that foretold the persistence of spam even today – the first spam email did generate sales for DEC.

Of course, it’s way appropriate that the anniversary of spam comes the same week Hotmail finally gets its long awaited send-off into the ether of ‘it seemed like a good idea at the time’ (MySpace, I’m looking at you). After all, when we think of spam – I mean, those of us who weren’t research assistants fiddling with switches at Midwestern University – it’s probably laced with bittersweet memories of the pre-Microsoft Hotmail and those very first letters from African princes, offering us untold riches if only we’d respond…

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam Turns 35, Still Shouldn’t be Left Home Alone

“The important thing to realize is that the average attacker is going to keep coming back until that institution puts in an effective countermeasure,” says Gary Warner, director of research for computer forensics at the university. “So how do we learn from the past incidents? We have to log the data, analyze it and recognize the indicators.  If you understand how malware acts, with those command and control centers that make a difference in your ability to detect it and stop it.”

Traditional anti-phishing techniques generally involve educating the end user on how to spot phishing emails, but these days, with phishing emails looking more and more convincing and people being all too human and letting curiosity get the best of them, they aren’t all that effective. You can tell someone to hover their cursor over a link in an email to see where it really points to a hundred times, but there is no way to make sure they actually do so.  Putting a database like the one the University of Alabama has together can make your spam filters stronger, and keep phishing emails from ever reaching your users, eliminating accidental and impulsive clicks altogether.

Are you interested in using data mining techniques to help your company fight spam? Why or why not?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

How Data Mining Can Fight Phishing

If you are considering a hosted or cloud-based antispam solution, there are a few things you should consider to make sure you get the most for your money, have the best results you can get, and have the minimum number of issues. Hosted antispam solutions are a great way to save bandwidth while getting very effective results from your content filtering solution, but there are also some key points to consider, and some missteps you can make when setting them up. Here are some best practices for using hosted antispam with your messaging system.

There can be only one

One common misstep I see customers take is by setting up more than one. I guess the reasoning is “more is better” but in this case, it’s not. Whatever anti-spam solution you choose, it should be the only one. That’s not to say you cannot use additional anti-spam measures within your on-premises environment, but you will want to disable anything that looks at source IP addresses since every message filtered by your first hosted antispam service will show as coming from that service. That will make RBL and SPF lookups all fail, since the sending system (the first hosted system) won’t match the domain or SPF records.

Ensure redundancy

Hosted antispam is a great way to go, but don’t put all your eggs in one basket. Make sure your hosted provider has multiple data centers and Internet connections so that a single point of failure doesn’t stop mail flow for your organization.

Don’t create a bypass for spammers

Many companies like to keep their own SMTP gateway listed in DNS and able to receive email in case their hosted antispam solution goes off line. They may set up their SMTP gateway on-premises with a higher MX weight, thinking it will only get mail when the service provider goes down. Unfortunately, spammers are wise to this trick, and will send their junk to those systems specifically to get around the lower weight, more effective screening system. Your fallback method becomes a way to let spammers bypass your hosted service completely.

Have user self-service

Make sure your hosted antispam service offers a user self-service for releasing messages from quarantine or searching for blocked messages, and then make sure your users learn how to check things for themselves. You want your messaging team to spend time on messaging, not spam patrol, so empower your users to help themselves.

When selecting a hosted antispam solution, following the best practices laid out above will help to ensure you get the most effective protection for your investment, and that your users are satisfied with the results.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Best Practices for Using Hosted Anti-Spam

“I don’t believe any hardware issues were compromised,” Casey Robinson, the principal, told community radio station Ketchikan FM. “No software issues were compromised. I don’t think there was any personal information compromised. Now that we have all the machines back in our control, nothing new can happen. How we do business is definitely going to have to change when it comes to updating programs and resources that we have on the machines.”

The group, which is said to be made up of at least 18 students, is presumably facing disciplinary action. The computers they accessed appear to all have been set up for student access only, so it doesn’t appear they tried to change grades or edit report cards. This goes to show just how easy it is to create and carry out a phishing scheme, and that even educated professionals such as teachers can, and do, fall for them. Simply educating end users isn’t enough. Networks should have strong filters in place and if appropriate, links in emails should be blocked completely. Use of blacklists can help you block known phishing sites, adding another layer of protection.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Schoolchildren Use Phishing Scam to Take Over Computers

A new phishing campaign is involved in the compromising of over 100 websites across the
net. They are hosting fake login pages asking for Apple IDs and passwords and are linked to in spam messages. This scam has been around in various forms for a long time, but researchers have recently detected a sharp spike in activity. All 110 hacked sites are hosted on an IP registered to a single ISP in Houston, and still have not been cleaned up. It’s unclear if the ISP is aware of the problem. To date there are nearly 350 known phishing sites related to Apple.

The messages are typical of phishing emails, with generic greetings and sign offs, horrible grammar and broken English. Tech savvy recipients won’t fall for the notification that their Apple account is about to expire and their info needs to be audited, but the urgency of the message could possibly trick less knowledgeable users who might panic at the thought of their account being shut down.

Once the scammers have succeeded in getting someone to turn over their Apple ID and billing info, they can use it to go on a shopping spree at the Apple Store, impersonate you and possibly wipe your Apple devices, steal data stored in iCloud and even blackmail you. They can also use your credit card info elsewhere or sell it to another scammer. To protect yourself, take advantage of the new two-step verification Apple recently implemented, and never click on links in email asking for your info.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Scammers Compromise Over 100 Sites in Apple Phishing Campaign

And so it begins. Let’s face it: information is the commodity that makes the world spin today, and there seems to be no end to what you can purchase – for the right price, of course. Security firm Webroot reported in a blog post earlier this month that its discovered an underground ad offering a Microsoft Access file which exposes the information of a large number of executives, many of them coming from Forbes 100 companies. Who knew there was a black market for this stuff? It makes sense, of course, that there is, but when life starts imitating Hollywood, it seems that the Four Horsemen can’t be too far away.

“The inventory”, writes Webroot’s Dancho Danchev, “consists of 508 contacts of foreign companies based in Russia, and 380 contacts belonging to other companies such as Baltika, Mercedez-Benz Russia, Pernod Ricard Rouss, GM, LVMH, Credit Suisse, Gazprom Export”.

The list is a veritable who’s who of corporate glut and opulence, and the perfect gift for the aspiring young hacker. Toss in a license for Blackhole 2.0 and you’ve got yourself a recipe for mayhem.

The data itself is a mixture, in terms of its quality. Webroot discovered real information that appears to have been pulled from a database, ostensibly a corporate database; data which arose from fraudulent directory listing requests to companies, that is, fake requests to companies about inclusion in fraudulent business directories result in companies opting in and sending their information; harvested data, which is nothing more than grabbing what’s publicly available; and scanned data, basically scanned business cards. With the exception of the first category – compromised databases – there’s not much here in terms of quality, but the first category more than makes up for this and represents a valid threat to companies and a real opportunity for hackers.

In fact, the blog post highlights the trend that we’ve been seeing over the past few years, of spam shifting from shotgun blast mass mailer campaigns to advanced persistent threats (APTs), which are most notably focused on governments and military and human rights organizations. Indeed, there’s been a real industry built out of attacks based on performing real research about targets and personalizing the campaign to ensure the highest possible chances for success.

“These campaigns” Danchev writes, “spread primarily over email, are very well researched, and [the] basic marketing principles for increasing click-through rates are taken into consideration…[there are] several popular methods cybercriminals use in order to automatically obtain valid and versatile sets of personal information, to be later on used in social engineering driven campaigns.”

He also predicts that localization in spam and malware campaigns – the practice of crafting messages specifically for the end user using people who natively speak the language and therefore can customize the message according to local conventions and idioms – is the next big threat that will have a “widespread effect internationally.”

If you mess with the gladiator, you get the spear

Spear phishing has become far scarier over the past several years. The level of detail and focus on information harvesting has become the mantra by which hackers and spear phishers hang their hats. Simply put, if you can gain enough information about a person, it’s far easier to trick them into clicking, divulging their information, opening their door to you. That hackers have become this smart – this sophisticated – is a disturbing prospect, to say the least, and makes one wish for the good old days when they were so mind-numbingly stupid in their attacks that only the lowest common denominator of humankind could possibly fall for their schemes.

Now, however, we live in a brave new world where even the most innocent of email messages or social media requests could spell disaster. An example is the Facebook friending scheme, where valid Facebook friend requests are anything but valid. It’s seemingly harmless to confirm a person whose name you can’t recall, but maybe they’re a friend of a friend, that type of thing. by friending these ‘people’, you’re effectively giving them access to whatever personal information resides on your Facebook page, and you’re giving them access to every Facebook friend you have.

The message here? Guard your information – your corporate information, your personal information, everything – as if it was a helpless child.

That’s a pretty good analogy.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Info of Forbes 100 Executives Exposed by Phishing Black Market

But according to a recent post by Kelly Higgins of Dark Reading, spam has become much more than an annoyance we are forced to deal with.

In her article, she reports that out of 550,000 email messages identified as spam, 14,000 were infected with malware. In the same sample, 30,000 of these messages had a file attachment and of these 10,000 were identified as malware and nearly every message that was send with a ZIP file as an attachment was actually a malicious file using the compression to mask its danger.

Now organizations are forced to react to these findings. They cannot simply let that many malicious files infect their systems through email. Take the Associate Press for example. One malicious file that made it through the filter was enough to compromise their Twitter account allowing a fake tweet that sent the stock market in the United States crumbling for a few hours.

To fight back, organizations can take two approaches, they can fight these illicit emails very aggressively and block anything that even remotely poses a threat to them, or they can fight malicious emails the smart way.

Going the aggressive route

Aggressively blocking emails seems like the best solution to stopping anything illicit from entering the perimeter. Block all attachments, block any keywords, block specific senders, etc. No exceptions.

Yes, this can immediately restrict malicious emails from being delivered, but at what cost? If you employ the absolute tightest controls so that nothing even perceived as a threat makes it though you are likely stopping legitimate emails from making their way to their intended recipients as well.

When we go aggressive in security, and email security in particular, orders don’t make it to the sales people, quotes aren’t delivered to buyers and important announcements get held up at the filter. Problems that arise from an aggressive anti-spam campaign could be reduced revenues, reduced productivity, low morale among employees and even job loss. Yes, job loss; like what happened to Oakland Police Chief Howard Jordan who filtered all emails regarding to Occupy Oakland to his junk mail.  Because he missed emails from city officials and a federal court monitor he failed to comply and answer questions and subsequently lost his job.

Smart email filtering

Fighting illicit email is not an all or nothing proposition. You can opt to take the smart approach to filtering spam that will greatly reduce the noise created by junk email.

The smart approach is easy. Employ an easy to configure anti-spam filter so that you are not required to block everything by default. This allows you to manage the specific file types, domains and key phrases that you wish to have blocked by the solution. Add to this foundation a layer of heuristic filtering that learns what patterns the bad guys are using and questions emails that fit this criteria. Instead of outright blocking these emails, they are placed in a sandbox to see how they interact with your system and undergo further scrutiny; sometimes by the users themselves.

An additional layer to this solution would include the ability for users to spot malicious emails and report them as spam. This not only keeps the inbox clean, but it also helps to teach the anti-spam solution how to better identify illicit messages in the future.

Finally, teaching users how to spot spam and what to do when they see it will round out a smart email security solution. Focusing on technical controls that are easy to manage and educating users you can help keep the worst from happening in your organization by fighting spam effectively and efficiently.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Are You Fighting Spam Aggressively or Intelligently

Email marketing is still a valuable tool for businesses, but it must be done with care or at best, your carefully crafted messages could end up going straight to a spam or junk folder, and at worst, run you afoul of CAN-SPAM laws. Let’s take a look at some ways to make sure your campaign stays away from anything spammy.

Opt Out- Always make sure you make it easy for recipients to unsubscribe. Not only is it simply the courteous thing to do, it’s the law. If you don’t, your company could be hit with a stiff fine. A simple one-click unsubscribe is best. Don’t make people jump through hoops.

Contact Info- Your messages should always include your physical address. This can be a post office box if you don’t want to provide your exact location. Again, like the opt-out feature, this is a requirement under CAN-SPAM and failure to comply could result in high financial consequences. You’re not required to provide a phone number, but the more open and transparent you are, the more potential customers are likely to trust you.

Subject Line Formatting-Your subject lines are very important. Avoid all caps, which is considered shouting and turns off most people, and beware of stop words, which most spam filters are programmed to flag. They include words like free, clearance, cash, work from home, income, miracle and hello. It’s also a very good idea to proofread as typos and grammar errors are typical of spammers.

Email Lists-Finally, if you are buying email lists, do your homework. Buy from reputable firms who use double opt-in and make sure you’re buying one that is specifically targeted to your audience. Go through it regularly and remove any addresses that have bounced, and any that haven’t responded to your campaigns in a long time, and especially make sure that all unsubscribe requests are being honored!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

How to Keep Your Email Campaign From Looking Spammy

One of the decisions I see my customers consider time and again is how to handle quarantined mail. They deploy a spam filtering solution of some type, and it does an effective job of blocking junk from getting to users’ inboxes, but inevitably, there’s going to be a false positive in there somewhere, and my clients wonder what the best way to handle that is. In today’s post, let’s take a look at the dreaded false positive, what it can mean for both users and IT, and options for how to handle it.

False positives

When talking about spam, a false positive is a message that is identified as spam by the filtering system, but actually should be delivered to the recipient as legitimate mail. It might be that a key word or phrase tripped a filter, or perhaps the sending system either has a malformed SPF record or no record at all, or the sending ip.addr is in a range flagged for residential use. Whatever the reason, there is now a message that has been marked as spam, but should have been delivered to the recipient. If they were expecting it, they will be looking for it. Far more often, false positives were the first attempt at communication, never got to the recipient, and leave the sender wondering why they aren’t getting a response. When these false positives occur, something has to be done, or eventually they can use up all your available disk space.

HelpDesk tickets

One way to handle this is to leave all suspected spam in quarantine, and let users open helpdesk tickets when they are missing something. Whether the helpdesk can go check and release themselves, or if they need to route the ticket to the messaging team, will depend on you, but the biggest benefit to this is it lets you track your false positive rate, and also, tune your filters when necessary,

Self service

Most email admins and helpdesk members will vote for this. Let users go in and release their own false positives. Better yet, deliver all suspected spam to their junk mail folder and let them tend to things themselves. Both of these are good approaches if you use Outlook with Exchange, and trust your users to tend to themselves. It also cuts down on the amount of space quarantine takes up on your hub transport servers, though it trades that for space on your mailbox servers. Since you probably have more mailbox servers, and those each have more space than a hub transport server, it’s a fair trade.

The Island if Misfit Toys

Err, make that, misfit mail. These are the messages no one asked after. Most often, administrators configure their quarantine to automatically delete messages over a certain age, like thirty days. While that is one way to approach it, how many of those messages are from legitimate current or potential customers, and represent lost opportunities, or customer satisfaction issues. Best if someone parses those on a regular basis to find the messages that need to be forwarded, but that can be a significant amount of work. I like to leave that to the interns, newest employees, or assign it to those who hit reply all one time to many.

Dead and gone

Whether you keep mail in quarantine or deliver to each user’s junk mail folder, it’s important to purge out old messages or they will just take up more and more space. Thirty days is the default, but you may choose to change that based on your volume and needs. Make sure you educate users on this, and that they understand once a piece of suspected junk ages out that it’s gone for good. You don’t want to waste time and space backing up or restoring junk mail. Thirty days should be plenty of time for a user to notice that they are missing something.

Ultimately, it’s up to you how you choose to handle junk mail in your enterprise. Hopefully this post gave you some things to consider. Now, I want to ask you to give us some things to consider. How are you currently handling false positives and the quarantine? Do users open a ticket, can they self-serve, or does blocked mail simply go to the bit bucket with no chance for appeal? Let us know what you are doing, and how that’s working out for you. I’m curious about how you, our readers, address this topic. Thanks!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Self-service or HelpDesk – How Should You Clean Out the Spam Trap?

Instead the links lead the user to a compromised site that infects the computer with ransomware. This type of malware takes over a computer and locks down all its data and internet access. In order to get it back, the user is told to pay a fee, which can be in the hundreds of dollars. If they refuse to pay they could potentially lose all their files.

A second version of this campaign uses a Java exploit to infect computers with malware that intercepts all network traffic, keystrokes and login credentials. It also uses the computer to pump out massive amounts of spam. The malware is programmed to check what version of Java is running and customizes the attack based on that information. The user is directed to a page displaying 5 different YouTube videos but it also has an embedded Java applet that does the dirty work.

This massive campaign is just one of many. Expect to see more exploiting both the Boston Marathon bombings and the massive manhunt that gripped the city in the days that followed. Spammers love to take advantage of hot news stories, tragedies, natural disasters and other attention getting topics. With Mother’s and Father’s Day coming expect to find spam with those themes as well, along with summer vacation, graduation and World Cup themed spam.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Ransomware Lurking In New Boston Marathon Themed Spam Campaign

We’ve been reporting for a while now the new sightings of dangerous new spam campaigns, most notably the faux Facebook message that leads you to believe that a friend has tagged you in a photo, and a phony LinkedIn email that tries to suck you into clicking a link to find out why some dude you’ve never heard of is trying to connect with you.

In both instances, the messages are quite convincing. They’re clean and devoid of the obvious stuff that normally tips us off that the messages are from some clown with the language skills of a bearded dragon. They’re personalized, both in the subject line and the body of the message, giving you a name that’s randomized so you rarely get the same message twice. They even give you a little personal information about the fake sender. One recent message comes to mind, where an Anne Johnson, Store Manager at Jos. A. Bank Clothiers, was the ‘sender’. All this, of course, is meant to throw you off your game just long enough so that the itchy little index finger you’ve been clicking with all day falls prey to the centuries-old argument: “shucks, one more click’s not going to hurt nothin’.”

Very devious indeed. But getting you to believe the message is just part of the fun that the scam artists have planned for you. It’s the clicking part they’re really interested in, and a new report tells us just what’s in store for users who’ve been lulled into a false sense of security by promises of making new contacts and cleaning up in the office pool to see who can friend the most people.

It turns out, v3.co.uk is reporting, that a new security report has identified Blackhole as the lurking monster waiting to pounce if you’re unfortunate enough to have been lulled by that friend request. The links, apparently, are legitimate, but the sites have been compromised and polluted with hidden iframes and redirects that affect pretty much any operating system, from “Android to Windows,” the security expert writes, so we can assume that Apple and Linux fit in there, alphabetically. A number of other legitimate firms, like American Airlines, BBC, and Verizon are mentioned as candidates for the spoofed messages, all of them very convincing and similar to what you might expect from the real company.

Interestingly enough, while the tactics and delivery method are similar, the malware payload differs. The report finds that in some instances the infected links will turn your PC into a zombie, while in others, the game is purely for information theft. We might infer from that that while the campaigns are similar, the senders are very different.

That Blackhole is involved in this dastardly campaign isn’t really surprising. We know that the thing has been around for awhile in different variants, with version 2.0 being made available to wannabe hackers late last year. What this news does do for us is remind us that we’re not in Kansas anymore, Toto. If the old playing field was dangerous, the new playing field is littered with razor blades and shards of broken glass, and we’re being sent in to play in bare feet.

If your bones aren’t chilled to ice yet, they should be. What makes this so very dangerous is the seeming innocence and validity of these emails, making even the most educated users click without thinking twice. We’ve seen others, too, most notably, messages about failed package deliveries and one regarding a failed money transfer – both of which aren’t very good and seem to have been crafted by that bearded dragon we were talking about.

In fact, since the first article on the Facebook and LinkedIn scams, we’ve noticed a couple of new campaigns, these ones preying on a very real human emotion: loneliness. Dating services which – saints be praised! – have found local matches for you. Odd, since you can’t remember signing up for a dating service, but hey, if it came from the Internet, it must be for real, right?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Blackhole Rears its Ugly Head: Facebook and LinkedIn the Tip of the Iceberg

Security experts are warning Australians to beware of a new spam campaign exploiting the Boston Marathon bombings.

The campaign, which is sending out messages made to look like news stories about the attacks, delivers a malicious payload. Subject lines such as “Boston Marathon Explosion: Exclusive Video” and “2 Explosions at Boston Marathon” attempt to trick the user into clicking the included links thinking they will be directed toward exclusive footage or information. Instead, they are prompted to download an .exe file. It’s not clear what the exact type of malware it contains is, but it’s likely to be a variant of the Blackhole exploit kit that allows a hacker to completely take over an infected PC and control everything including the webcam.

Another wave of spam hitting Australians is masquerading as fundraising appeals for the bombing victims and their families. While they may appear to be from legit charities, the only thing those who donate will be contributing to is the spammer’s bank account. If you want to help victims and their families, donate to a well-known charity such as the Red Cross or United Way. Check out any fundraising appeals carefully and don’t respond to unsolicited emails looking for money. It’s a shame such a horrific and tragic event is being exploited, but it’s not unexpected. Spammers love to take advantage of news headlines, major events and natural disasters when crafting their messages and campaigns because they know they are more likely to grab someone’s attention and draw them in.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Boston Marathon Spam Strikes Australia

Hewlett-Packard is the latest big corporation to be brandjacked. A new spam campaign is
taking advantage of a feature found in HP printers. The feature lets users scan a document and email it right from the printer. The recipient will get an email telling them a document scanned into an HP printer was sent to them with a link for them to click to access it. The messages detected in the spam campaign are made to look like these notifications but the links lead to Russian websites filled with malware. The headers of the messages are forged to make them appear to have come from the recipients internal LAN to make them seem further convincing.

I got one of these messages last week. This is what the body of message looked like:

A document was scanned and sent to you using a Hewlett-Packard HP78664839

Sent to you by: DANA
Pages : 1
Filetype(s): Images (.jpeg) View

And sure enough, the email appeared to have come from my own domain. In my case it was easy to spot as spam because I don’t know anyone named Dana and the only person who has an email address on my personal domain is me, so I didn’t click on the link, which according to the info bar, was a .ru domain. That may not be the case in large businesses and it’s very conceivable that the link could be convincing enough to click on.

The malware the sites try to infect visitors with is called Mal/ExpJS-N and it’s made up of components of the infamous Blackhole exploit kit. This malware builds malicious websites, takes over computers, and checks for known Java, PDF and Flash vulnerabilities to exploit.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Malicious Spam Masquerades As HP Printer Notifications

Year over year, the numbers of overall spam are on a decline, there’s no arguing that. But while some choose to regard the general reduction in the amount of spam as a victory, others are taking a more grounded approach, pointing out that the numbers don’t mean anything if the spam that’s landing in your inbox is about to nuke you back to the stone age.

The problem: there’s a very real danger here that no one seems to want to discuss, or perhaps more accurately, no one’s outright considered. It’s that collected sigh of relief that occurs when the constant and unwavering bombardments of spam suddenly end. That sudden and deafening silence that occurs only when the screaming stops. The proverbial calm after the storm.

You see, spam filters have gotten so effective that, guess what? They actually work. That’s great news, and that’s exactly what we want out of our spam filters. But what that leaves us with – what gets through the filters and into our inbox – is a stuff so nasty and devious that it almost makes one wish for the good ol’ days when we were trashing Viagra ads by the bucketload.

A new report by German security firm A-V Test and a corresponding article by our friends over at The Register may help clear the air for a few of you who have opted for breathing a sigh of relief. Entitled “Spam – More Dangerous than Ever Before,” its title doesn’t leave much doubt as to the conclusions reached by A-V Test.

The firm conducted an 18 month study between August 2011 and February 2013, collecting and analyzing more than a half million spam emails. And the results just aren’t making us feel warm and fuzzy. The conclusion, says A-V Test, is that “the risk posed by spam is higher than ever.” Here are some of the key findings:

• Of some 30,000 emails with attachments, more than a third were laden with malware
• Of 550,000 emails identified as spam, 2.5 percent (14,000) were infected
• About 73 percent of the emails examined contained links that led to fraudulent sites selling counterfeit products
• 1 percent of the links led to malware-infected sites
• The normal cadre of offenders for attachments were used – SCR, PIF, ZIP, COM, EXE, BAT, and, of course, PDF and image files continue to be popular payload deliverers
• Almost all spam messages containing ZIP files were infected
• More than 80 percent of all HTML documents in the spam messages were infected
• Although most of the spam messages came from the U.S. (roughly 43 percent), only 15 percent of those were infected
• 78 percent of spam messages from India were infected
• 77 percent of spam messages from Vietnam were infected

Perhaps what’s most telling – and disturbing – about the study’s finding is how prevalent botnet infections are in office environments. A-V Test found that 25 percent of botnet activity came from businesses! They came to this conclusion based on some nifty reasoning:

“The results of the test showed that the amount of spam sent remained extremely consistent from Monday to Friday before reducing to 25 percent at the weekend, namely on Saturday and Sunday. The study therefore proves that 25 percent of all spambots are located in offices, where they are switched off at the weekend. The amount of spam sent then increases straight away on the Monday after the weekend.”

It must have been pretty eerie to observe that phenomenon unfold in real time and come to the understanding of what was going on.

All in all, it’s a pretty revealing study, and if nothing else, it gives us reason to bolster our paranoia. A-V Test even includes complimentary botnet checking (found near the end of the report), so this might be a good opportunity to see if any of your systems are infected.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Spam More Dangerous than Ever

A new spam campaign is using an old technique – fake news stories. This time they are
taking advantage of the rising tensions between North Korea and the rest of the world, specifically the United States. The subject line states “Fwd: Re: War with N. Korea,” and the message reads, “Hi, bad news. War with N. Korea.” The link, which seems to lead to a new story, actually lead to a malicious site that infects the visitor’s computer with the Cridex malware. Cridex is designed to steal login credentials for a variety of popular web sites including:

• Facebook
• Twitter
• LinkedIn
• Bank of America
• CitiBank
• Wells Fargo
• Flickr
• LiveJournal
• Chase

It then uses the stolen info to clean out financial accounts and pump out even more spam.

The campaign also uses a variety of other relevant news headlines such as “Re: Bank of America bankruptcy”, “Re: Fwd: Tax havens busted” and “Re: M&I Bank bankruptcy”, and all offer the same payload. Fake news headlines, stories and videos are a popular spam technique, and it isn’t going away anytime soon. Expect to find a fresh wave with fake stories about the tragedy in Boston, where a terroristic bombing at the finish line of the Boston Marathon killed three people and injured over 100 others. It’s sure to be a top news story for sometime to come and spammers know it and will exploit it as much as they can. No matter how tempting a news story may sound, don’t click on it if it didn’t come from a well-known, reputable source.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

New Spam Campaign Warns of War With North Korea