Spamnation

The Long and the Short

Tue, 07 Jul 2009 20:37:01 -0500

MessageLabs is reporting that use of URL shorteners in spam has exploded, with more than 2% of all spam now containing shortened URLs. The technique is reported to be heavily used in spam sent by the Donbot botnet.

Bind their kings in chains

Sat, 27 Jun 2009 23:39:10 -0500

June looks like being a bad month for some of the big names in the world of spam. First to hit the news was Sanford Wallace, who may face criminal charges for spamming Facebook in defiance of a court-ordered injunction. Then, on Monday this week, Alan Ralsky pleaded guilty to charges of wire fraud, money laundering and violations of the CAN-SPAM Act in connection with a stock spam scheme. His son-in-law and three others also face heavy fines and possible jail sentences for their part in the scheme.

Finally, Tuesday saw the arrest of 'Cajun Spam King' Ronnie Scelson, who faces charges related to the forcible rape of one teenage girl and the molestation of a second. Scelson may also be charged with drug possession, while examination of computers seized from his home may lead to additional charges.

Hotmail Hijack #2

Thu, 18 Jun 2009 08:36:42 -0500

We've had some more feedback from people who have been affected by Hotmail hijackers. It seems that changing your Hotmail password should be effective — provided that you can prevent the hijackers re-acquiring your new password.

In addition to changing your password and making sure that any 'alternate email address' linked to your account is correct, you should also check:

Your vacation message
Your signature

and remove any text that the scammers have added there. You can update your signature and vacation message through the "Options" menu at the top right of the main Hotmail mail page. Choose "More Options" from the pull-down menu to get access to your account settings.

Hotmail hijack

Thu, 14 May 2009 08:21:19 -0500

In an earlier post, I wrote about some Chinese fake-storefront scammers who are apparently using hijacked Hotmail accounts to send out spam. We've had a lot of messages from Hotmail users and their friends about this problem, so here's a quick explanation and some tips.

CAN-SPAM, eh?

Thu, 07 May 2009 07:18:17 -0500

Canada is currently considering a new anti-spam bill, touted as the Canadian equivalent of the US CAN-SPAM Act. The Electronic Commerce Protection Act (ECPA) is not yet law, but if it does pass without too much modification, it may offer Canadians better protection against spam than their neighbors south of the border currently enjoy, at least in theory.

Called it

Sat, 25 Apr 2009 09:00:00 -0500

In a recent post about an apparent scam involving eBay, I suggested that it would probably turn out to be a form of money transfer scam. So I mailed the scammer, pretending to be interested in their proposal. Here's what they wrote back:

Farewell Geocities

Thu, 23 Apr 2009 14:52:16 -0500

Ten days after my post about spammers using Geocities (and other free sites) to host their ads, Yahoo! has announced that Geocities will be closed down. I don't think this has anything to do with my post, and it may not even be directly due to the abuse of the service by spammers. Geocities had simply outlived its own initial success and, with nothing new to offer, was probably just a drain on resources. The spammers, like rats leaving a sinking ship, are already moving on to other hosts, such as LiveJournal.

Name that scam

Wed, 22 Apr 2009 06:55:48 -0500

I'm currently working on an upgrade to this site that will include a section about some of the scams most commonly seen in spam. I've already covered a few of the favorites — 419, money transfer, courier parcel, fake storefonts and so on (don't look for them just yet; the scam guide is part of a planned comprehensive upgrade which may take months). However, I think I've just come across a new one.

Who's a-scraping?

Sat, 18 Apr 2009 17:55:37 -0500

I'm currently soak-testing a new spamtrap system, aimed at getting some additional metrics and information about spammer behavior and in particular the way that they use 'web-scrapers' to find email addresses. The system works by hiding email addresses on web pages and then counting the spams that get sent to them.

The results have been interesting. Just to throw out a random example, an email address that was handed out to a web crawler running on a server hosted at theplanet.com in December 2007 now receives just under 40 spams a day. The spam sent to that trap consists of the usual fake watches, diplomas, penis enlargements and pharmacy spam. That's a lot of spam for an address that has only ever been seen by a single robot.

An inconvenient half-truth

Thu, 16 Apr 2009 09:03:03 -0500

Security vendor McAfee has released a report on the carbon footprint of spam, in which it tries to estimate the environmental costs of spam. According to the report, each spam generates the equivalent of 0.3g of CO2, making the yearly impact of spam equivalent to driving a car round the Earth 1.6 million times.

Remember Geocities? Spammers do

Mon, 13 Apr 2009 06:26:50 -0500

Back in the early days of the web — which is to say perhaps ten or twelve years ago — there was a popular website called Geocities. It was something like an early version of Myspace. In many ways, Geocities did a lot to popularize the idea of 'having a web page' for ordinary people. Anyone could sign up and start throwing content online. In its day, Geocities was a big deal, but it failed to evolve and duly dropped out of most people's awareness, overtaken by social sites like Myspace and Facebook, or blogging sites like Blogger and LiveJournal.

Phish food

Thu, 02 Apr 2009 10:00:00 -0500

I sometimes wonder if Google shouldn't have a big button in the middle of their homepage that reads:

Or perhaps they already do. To judge by some of the mail that we get, I can't rule out the possibility.

maddeast and Hotmail

Tue, 31 Mar 2009 23:00:00 -0500

Earlier this year, I received a message from an old friend, someone who I hadn't heard from for a few years. She wanted me to know about this great new website she had found that offered “all kinds of digital products” and “offer most competitive and reasonable price and high quality goods for our clients”.

Uselton update

Wed, 18 Mar 2009 21:31:00 -0500

Alleged stock spammers Darrel and Jack Uselton have settled with the SEC over civil charges filed against them. The Useltons neither admit nor deny the charges, but have agreed not to trade in penny stocks in future. Darrel will also pay back $2.8M, plus a $1M fine, and still faces possible criminal charges.

Sweets for my sweet

Tue, 10 Mar 2009 06:16:45 -0500

Readers who are under eighteen or easily offended should look away now. I'm going to discuss a slightly delicate topic. Because unsolicited email isn't all about bereaved Nigerians offering to share their wealth with you. It's also about ... well ... ahem ... increasing the size of your you-know-what.