Archive for Spam/Phishing
Author: Dave Lewis
May 11, 2008 at 9:19 pm · Filed under Spam/Phishing
Uh boy. The spammers are at it again.
From CNET:
A “serious security flaw” in Gmail turns Google’s e-mail service into a spamming machine, according to a recent security report.
INSERT, the Information Security Research Team, has created a proof of concept that exploits the “trust hierarchy” that exists between mail service providers. By exploiting a flaw in the way Google forwards messages, a spammer can send thousands of bulk e-mails through Google’s SMTP service, bypassing Google’s 500-address bulk e-mail limit and identity fraud protections.
The report notes that with the rising volume of spam, e-mail providers have turned to whitelists and blacklists to help root out IP addresses of known spammers. Because, Gmail falls into the trusted whitelist category, messages are allowed “carte blanche” to bypass spam filtering.
So, that’s why I’ve won so many lotteries that I never entered 
Article Link
Author: Dave Lewis
April 24, 2008 at 8:15 pm · Filed under Dumbass, News, Spam/Phishing
Wow, how stupid do they think I am?
It’s a rhetorical question wise guy.
Here’s a phishing email that I received this evening.
——————–
From: Chianelli, Russell R.
Date: Thu, Apr 24, 2008 at 8:05 PM
Subject: UNICEF ORGANISATION DONATION AWARDED PIN NUMBERS U-777-1815, D-01-47 CONTACT INFOS (**********@yahoo.com.hk)
To: undisclosed-recipients
UNICEF ORGANISATION DONATION.
Unicef Organisation
Concern.
The Unicef Orgnasation, Would like to notify you that you have been chosen by the board of trustees as one of the final recipients of a cash Grant/Donation for your own personal, educational, and business development. The Unicef Orgnasation was formed in 1947 after WWII to help children displaced by the war. It was then called the United Nations International Children’s Emergency Fund. The United Nations Organization (UNO) and the European Union (EU) was conceived with the objective of human growth, educational, and community development.
To celebrate the 27th anniversary program, The Unicef Organisation is giving out a yearly donation of One Million Four Hundred and Seventy Thousand United States Dollars. These specific Donations/Grants will be awarded to 70 lucky international recipients worldwide; in different categories for their personal business development and enhancement of their educational plans. At least 17% of the awarded funds should be used by you to develop a part of your environment. This is a yearly program, which is a measure of universal development strategy.
Based on the Continental selection exercise of internet,data base websites and millions of supermarket cash invoices worldwide, you were selected among the lucky recipients to receive the award sum of US$1,470,000.00 (One Million Four Hundred and Seventy Thousand United States Dollars) as charity donations/aid from the Unicef Orgnasation and the UNO in accordance with the enabling act of Parliament. (Note that all beneficiaries email addresses were selected randomly from Various internet Job websites or a shop’s cash invoice around your area in which you might have purchased something from).
You are required to contact the Permanent Secetary below for qualification documentation (ed. note: emphasis added) and processing of your claims. After contacting our office, you will be given your pin number, which you will used in claiming the funds. Please endeavor to quote your Awarded pin numbers (U-777-1815, D-01-47) in all discussions.
Permanent Secetary- Mr. Peter Geroge
Email: *********@yahoo.com.hk
Finally, all funds should be claimed by their respective beneficiaries, no later than14 days after notification. Failure to do so will mean cancellation of that beneficiary and its donation will then be reserved for next year’s recipients. On behalf of the Board kindly, accept our warmest congratulations.
Happy New Year.
Regards.
Sir. williams Charlton
(Online Coordinator)
Happy New Year…riiiight.
Now, call me crazy but, I’m fairly certain that Unicef doesn’t use Yahoo for their email. In all seriousness if you receive an email like the aforementioned, delete it.
Now, where’s did I leave that whack-a-mole mallet?
Author: Dave Lewis
February 26, 2008 at 8:04 am · Filed under Spam/Phishing
Ah the old standby the “captcha”. Designed to ensure a human is inputting the information into a web app. That is, until someone got the bright idea to hash all of the possible captcha images.
From the Reg:
Spammers, fresh from the success of cracking the Windows Live captcha used by Hotmail, have broken the equivalent system at Gmail.
Internet security firm Websense reports that miscreants have created bots which are capable of signing up and creating random Gmail accounts for spamming purposes, defeating Captcha-based defences in the process. It reckons the same group of spammers are behind both attacks.
Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) challenge-response systems, which are used to prevent accounts being created until a user correctly identifies letters in an image, are designed to ensure requests are made by a human rather than an automated program. The technique has been used to defeat automatic sign-ups to email accounts by services including Yahoo! Mail and Gmail for years, and hackers are increasingly successful in defeating the approach. For example, the HotLan Trojan has created more than 500,000 spam email accounts with Hotmail, Yahoo! and Gmail since its arrival back in July 2007.
Read on.
Article Link
Tags: Spam, Captcha, Spammers, Gmail Captcha
Author: Dave Lewis
February 22, 2008 at 9:51 am · Filed under Data Security, Spam/Phishing
I’m actually a little surprised that it took as long as this before the phishers jumped on this particular opportunity.
From the Reg:
A phishing attack targeting victims of the HMRC data loss debacle has been spotted on the net. The bogus emails offering recipient the false opportunity to claim a tax refund of £215 from the UK Government over the potential exposure of confidential data. The email contains a web link to a suspect site, reports security firm McAfee, which spotted the ruse.
The ploy takes advantage of the loss of computer discs by HM Revenue and Customs containing the confidential details of 25 million child benefit recipients, including bank and building society details, NI numbers, addresses and child records. The attack follows more than two months after UK Chancellor Alistair Darling announced the loss, so arguably fraudsters have been slow off the mark.
Well, I see that I’m not the only one with that perspective. For our non-security readers, always be wary of emails like this. Anything that asks you to submit your password or tells you that you have received a refund or prize is likely a fraud. Be aware and surf with care.
Article Link
Tags: HMRC Data Loss, Phishing, HMRC Phishing Fraud
Author: Dave Lewis
February 11, 2008 at 10:11 am · Filed under Email, Spam/Phishing
Things are set to get a little harder for the spammers and phishers out there. The question remains though. For how long?
From Network World:
The new weapon is called DKIM, an emerging e-mail authentication standard developed by the Internet Engineering Task Force. DKIM, which stands for DomainKeys Identified Mail, allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message.
DKIM addresses one of the Internet’s biggest threats: e-mail fraud. As much as 80% of e-mail from leading brands, banks and ISPs is spoofed, according to a report released in late January by the Authentication and Online Trust Alliance (AOTA). AOTA analyzed more than 100 million e-mails from Fortune 500 brands sent over a five-month period.
Article Link
Tags: DKIM, Spam, Phishing, Anti Phishing
Author: Dave Lewis
January 28, 2008 at 4:38 pm · Filed under Crime, Spam/Phishing
The good folks over at Net-Security.org have an interesting interview with Nitesh Dhanjani and Billy Rios. These two intrepid adventurers managed to ingratiate themselves into the phishing underground and in the process expose the goings on of this illicit economy.
From Net-Security:
Both Nitesh and Billy are well-known security researchers that have recently managed to infiltrate the phishing underground. What started as a simple examination of phishing sites, turned into an extraordinary view of the ecosystem that supports the phishing effort that plagues modern day financial institutions and their customers.
They saw an extraordinary amount of sensitive customer account information, obtained the latest phishing kits, located and examined the tools used by phishers, trolled sites buying and selling identities, and even social engineered a few scammers.
Read on for the full interview.
Article Link
Tags: Phishing, Scam, ID Theft, Phishing Underground
Author: Dave Lewis
December 28, 2007 at 8:26 am · Filed under Search, Spam/Phishing
Well, that didn’t take the spammers long at all. No shock there. On the heels of the Bhutto tragedy Websense as issued an alert for malicious sites trying to infect computers. They are by using the attack as a lure for less than cautious web surfers.
From Websense:
Websense Security Labs has discovered malicious Web sites attempting to capitalize on the breaking news of the assassination of Benazir Bhutto. These sites attempt to infect users seeking more information about the event. This activity is similar to past news events, where attackers used malicious sites containing information about the event to infect visitors.
In this case, the first infected site found by Websense Security Labs was the second result in a Google search using a generic and simple keyword. Therefore, the site likely to receive large amounts of traffic. Clicking on the link in the search results did not trigger a warning from Google that the site may be malicious.
Article Link
Tags: Bhutto, Benazir Bhutto, Bhutto Scripting Attacks, Bhutto Phishing Lure
Author: Dave Lewis
December 28, 2007 at 7:50 am · Filed under Spam/Phishing
If at first the pdf spam doesn’t work. Try, try again.
From securitypronews:
It must be legitimate if it’s on video, right? Criminals would like you to think so when touting stocks they have bought for pennies, and hope you will buy and make them a profit.
Security vendor Symantec said these scam artists have embraced video file formats to promote stock symbols. Security researcher Jitender Sarda showed two examples, one shilling for a uranium stock, another for an oil and gas opportunity.
The only opportunity, of course, is to part with your money for a stock that will plummet when the criminals take their profits.
Read on.
Article Link
Tags: Spam, Video Spam, Stock Scams
Author: Dave Lewis
December 9, 2007 at 9:44 pm · Filed under Crime, Data Security, Spam/Phishing
More on this attack from last week.
From the Reg UK:
One of the most sensitive science and technology labs in the US has been hacked as part of what it called “a sophisticated cyber attack that now appears to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country.”
The unknown attackers managed to access a non-classified computer maintained by the Oak Ridge National Laboratory by sending employees hoax emails that contained malicious attachments. That allowed them to access a database containing the personal information of people who visited the lab over a 14-year period starting in 1990. The institution, which has a staff of about 3,800, conducts top-secret research that is used for homeland security and military purposes.
“At this point we have determined that the thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven ‘phishing’ emails, all of which at first glance appeared legitimate,” Thom Mason, the lab’s director, wrote in an email sent to employees on Monday.
Read on.
Article Link
Tags: Phishers, Data Theft, Oak Ridge
Author: Dave Lewis
December 6, 2007 at 7:52 am · Filed under Politics, Spam/Phishing
So, who exactly is Ron Paul and why was spam touting him flying around the internet? Well, this presidential candidate was apparently inadvertently getting a helping hand from a Ukrainian based botnet to get the word out.
No, he isn’t a botmaster.
From InfoWorld:
“It probably wasn’t even set up by a Ron Paul supporter,” he said. “This whole system has been around since 2004. This [spam] somehow just landed in this underground spam economy.”
When spam first surfaced, trumpeting Paul as the winner of a recent Republican presidential debate, the fact that it was being sent via illegally infected machines raised eyebrows. The spam messages have never been directly linked to the Ron Paul campaign, which has denied any involvement in the incident.
The Texas congressman is considered a long-shot contender for the Republican presidential nomination, but he has a strong Internet presence. His videos are popular on YouTube, and Ron Paul fundraisers recently were able to raise more than $4 million in a 24-hour period.
Stewart published an analysis of the botnet on Tuesday, connecting it to an Eastern European spammer known as “spm,” whose company, Elphisoft, sends unsolicited e-mail using a network of about 3,000 infected “botnet” PCs. Stewart believes that spm, and many of the people involved in his operation, are located in the Ukraine.
The botnet server used to manage the Ron Paul spam was located in the United States and shut down in mid-November, giving researchers a chance to examine the software on the machine, Stewart explained.
Article Link
Tags: Ron Paul, Ron Paul Spam, Spammers, Botnet
Next entries »
Explore
Security Bloggers Network
