3 hours ago
How Can So Much Spam Come From One Place
At roughly 4:30 p.m. Eastern time last Tuesday, the volume of junk e-mail arriving at inboxes around the world suddenly plummeted by at least 65 percent, an unprecedented drop caused by what is believed to be a single, simple act. According to security experts, one Silicon Valley based computer firm was playing host to computers of various organizations that controlled the distribution of much of the world's spam. Confronted with evidence tracing the spam activity back to the hosting firm, McColo Corp., Internet service providers pulled the plug, severing McColo's online connections. By nearly all accounts, spam volumes have remained at far diminished levels, though experts interviewed for this story expect spam to soon bounce back or even exceed previous levels. But the question remains: How could such a massive concentration of spam activity be hosted for so long from the servers at a single U.S.-based facility, in the belly of the security and tech community in Silicon Valley?
4 hours ago
Brits get 400 spam messages a month
The average Brit receives over 10 spam messages a day (372 per month) by either email or text according to a new survey. The study, from price comparison website moneysupermarket, indicates that despite being spammed every day, the survey reveals nine out of 10 (90 per cent) adults do not protect themselves against spam by automatically filtering their emails. This leaves them open to potentially dangerous messages. 81 per cent say the spam messages they receive are a nuisance, with the most common types of spam messages being sales (35 per cent), phishing (27 per cent) and pornography (16 per cent). Although spam is widely seen as a nuisance, one in seven (14 per cent) people admit to acting on, or replying to, a spam message. The under-twenties seem to be the worst offenders with nearly a fifth (17 per cent) admitting to acting on spam.
4 hours ago
Spam, Phishing and Malware Jeopardize the Future of the Information Society
The 63rd Session of the International Telecommunications Union (ITU) Council opened with a High-Level Segment, on November 12-13, 2008. The meeting was inaugurated by two Heads of State, H.E. Paul Kagame, President of Rwanda, and H.E. Blaise Compaoré, President of Burkina Faso, as well as by United Nations Secretary-General Ban Ki-moon via video message. It was attended by some 400 participants, 21 Ministers, Ambassadors and heads of regulatory organizations and UN agencies. The High-Level Segment concluded on November 13, 2008 with the following declaration by ITU Secretary-General, Dr. Hamadoun Touré: "Cyber-security is one of the most important challenges of our time. The rapid growth of ICT networks has enabled opportunists to exploit online vulnerabilities and attack countries' critical infrastructure. Spam is a constant and growing problem that threatens to stretch the capacity of the Internet to transport data to the fullest, while phishing and malware affect computer systems around the globe. The costs associated with cyber threats and cyber-attacks are real and significant -- not only in terms of lost revenue, breaches of sensitive data, cyber-attacks and network outages but also in terms of lives ruined by identity theft, debts run up on plundered credit cards or the online exploitation of children. Our very trust in the online world is at stake -- jeopardizing the future of the information society, which is in danger from these growing cyber threats. ITU has taken a leading role in promoting cyber-security and trying to combat the growing tidal wave of cyber threats. On the occasion of the World Telecommunication and Information Society Day 2007, ITU launched the Global Cyber-security Agenda. A High-Level Experts Group (HLEG) has spent the last year reviewing the issues and developing proposals for long-term strategies to promote cyber-security, an achievement honored with the award of the ITU Silver Medal to the chair of the HLEG, Chief Judge Stein Schjolberg.
4 hours ago
Spam Success: A 1 In 12.5 Million Shot
A frequent refrain in our forums whenever spam is mentioned is: "well, who clicks on this garbage, anyway?" According to a new spam study, e-mail spam generally gets 1 response per 12,500,000 emails. The study was conducted by a team of seven computer scientists from University of California, Berkeley and UC, San Diego (UCSD) who infiltrated the Storm botnet network. Using 'proxy bots' the researchers used 75,869 zombie machines to conduct a fake spam campaign. "After 26 days, and almost 350 million email messages, only 28 sales resulted," says the research paper -- a response rate of just 0.00001 per cent - but still hugely profitable.
4 hours ago
Spam Drop Could Boost Trojan Attacks
The dramatic fall in spam traffic reported last week after alleged rogue ISP McColo was taken offline will only be a temporary reprieve and could actually generate a new wave of Trojans, experts have warned. ISPs disagree on the global percentage drop caused by the shuttering of California-based McColo last week, with estimates given by those contacted by Techworld ranging from 50 to 80 percent, but even the lower figure is still an unprecedented fall in such a short space of time. It appears that even those who were aware of its use as a hosting port had not guessed that a single ISP could be behind such a huge chunk of the world's spam. "Our servers haven't been so relaxed for months," said Richard Cox, CIO of respected spam-fighting organisation, Spamhaus, ruefully. "This proves how important it is for the law to get at this sort of criminality." Nevertheless, Cox doubted that the improvement would last long, and could actually lead to a rise in Trojan attacks as spammers using McColo to host botnet control infrastructure, attempted to reconstitute their networks elsewhere in the coming weeks.
3 days ago
Spam Botnet Earns Estimated $3.5 Million Annually
A study on spam from Berkeley and UCSD came back with some pretty intriguing results. The most publicized one was that 1 in 12.5 million conversions is all it may take for spam to be profitable. Other findings show Hotmail may have the best spam filters, and that it’s likely that spambot operations are not third-party services. Perhaps the most incredible detail of the study (PDF) is that the researchers, led by UCSD associate professor Stefan Savage, hijacked the Storm worm botnet, which accounts for an estimated 20 percent of all spam. Dummy pharmaceutical sites were set up in place of intended destinations, complete with drug inventory and shopping cart, with an error resulting when a would-be customer hit the checkout button. This set up allowed the researchers to observe spam interaction in the wild. Over 26 days, 350 million email messages went out, resulting in 28 sales, for a conversion rate of 0.00001%. All but one sale were for male-enhancement products, with duped (and apparently insecure) respondents averaging $100 worth of fake product. Interposing only 1.5 percent of the Storm network, that would push daily revenue to between $7,000 and $9,500, or $3.5 million annually.
3 days ago
Are Tagged Photos on Facebook a New Source of Marketing Spam?
Has this happened to you? You receive a message on Facebook that you've been tagged in a photo, but when you go to look at the photo you discover that it wasn't you at all, but some sort of product, service, or cause that a marketer is trying to promote. According to news from AdAge, this is the latest in guerrilla marketing efforts making its way through Facebook right now. It's so slimy, we hesitate to even mention it here, lest we give anyone ideas. So, how does this work? Basically, a marketer looking to promote something tags a photo with several of their most influential friends' names. Those "friends" aren't necessarily supporting the given cause, they've just had their name hijacked for this purpose. That tagged photo ends up in the news feeds of the friends of those influentials as if it was a photo of them. After people click through to view it, they discover that it's not actually a picture of their friend at all, but a message in support of some cause, product, or service.
3 days ago
Profitability of spam finally measured
Researchers at UCSD have determined the return on investment for spam generated by the Storm botnet. While the per-message response rate is astonishingly low, it is sufficient for a spammer to generate a profit. At this year’s ACM Conference on Computer and Communication Security, Stefan Savage, Vern Paxson and crew presented a paper that measures the conversion rate, or the rate at which an advertising impression results in a product sale, for spam. The team used somewhat aggressive tactics to collect their data; namely, they hijacked a portion of the Storm botnet to inject spam that contained links to domains and storefronts they controlled. The team’s data and analysis has shown that that generating 28 sales, averaging around $100 each, of various “male-enhancement” products required 350 million separate spams. This provides a yearly revenue rate of the Storm botnet for the sale of pharmaceuticals of around $3.5 million dollars.
3 days ago
Economy, Election Inspire Spam
The economy and the U.S. presidential election played a big role in spam messages last month, according to the State of Spam report from security software company Symantec. The recent economic bailout package and interest rate cuts in the United States have opened the door for spammers to step up their attacks. In October, Symantec observed a spam attack that contained a message claiming to come from US treasury secretary, Henry Paulson. The message suggested that Paulson had been instructed by the United Nations to "wire a sum of $1m into your bank account in a legal way." However, in order to claim the money the recipient was asked to provide personal details.
2 weeks ago
CAN-Spam-a-Friend? The Case Against Reunion.com
In July 2008, Violetta Hoang filed a class action lawsuit under California's state anti-spam laws against Reunion.com, a Los Angeles-based social network site. On October 6th, the court ruled for Reunion.com, granting its motion to dismiss, but allowing Hoang leave to re-file an amended complaint. While a less-than-3-months turnaround is admirable, this case stands as an apt reminder that haste makes waste. What was sent? A series of May 2008 solicitations from plaintiffs' acquaintances were the origin of this suit. More precisely, the series of emails were sent from Reunion.com mail servers but bore the names (and in some cases, addresses) of plaintiff's acquaintances in the 'From' line of the email. The emails also contained subject lines like "[Acquaintance] Wants to Connect with You." The emails were sent by Reunion.com servers because plaintiffs' acquaintances had registered with Reunion.com and at some point agreed to, or failed to opt out of, Reunion.com's address scraping practices. In the lawsuit, plaintiffs alleged that these emails were sent to plaintiffs not by plaintiff's acquaintances, as the email 'From' line and subject suggested, but by Reunion.com after Reunion.com had scraped the plaintiffs' addresses from acquaintances' address books when acquaintances became Reunion.com members. In short, pursuant to a possibly agreed-to Terms of Service, Reunion.com scraped its members' address books and then sent solicitations to the resulting addresses, but also took several steps to make it appear that the solicitation was from the member.
