Russians close to prosecuting 'Pinch' Trojan authors

December 29, 2007

Russia may soon prosecute the authors of the "Pinch" Trojan, an easy-to-use malicious software program available on the Internet that steals a variety of data. Nikolay Patrushev, who heads Russia's Federal Security Services, said earlier this week that Pinch's authors had been identified and would be taken to court, according to ablog postingby Russian security vendor Kaspersky Lab. (washingtonpost.com)

Knujon on Whatis.com

December 28, 2007

In addition to developing technical tools to address spam, research at KnujOn explores the issues that drive its creation, studying the impact on individual victims as well as the burden on the economy. The challenge that KnujOn and other anti-spam software makers face is simple: Spam works. Currently more than 90% of all global email traffic is spam, with employees in the U.S. spending about 100 hours each year dealing with spam, for a daily loss of $130 million. The loss of productivity to companies is estimated at $712 per employee, or $71 billion annually to all U.S. businesses. (searchexchange.techtarget.com)

24 hours of spam

December 27, 2007

Have you ever heard of anyone who actually wants you to send them your spam and junk mail? I know, it's crazy, but the folks at Knujon do indeed want all your spam. Why? So they can crush the criminals at the end of the money trail. You've heard me preach that everyone should have a SpamCop account. Well, now I'm emphasizing you should NOW also have a Knujon account. (ugnn.com)

Spammers target Christmas Wii buyers

December 26, 2007

Spammers are looking to dupe desperate parents hoping to buy this year's must-have present, a Nintendo Wii. UK anti-spam company ClearMyMail said that unscrupulous spammers are deliberately targeting parents with messages purporting to offer last minute deals on the console. (vnunet.com)

Virus spreads on Google's Orkut network

December 25, 2007

About 400,000 members of Google's Orkut social network have been the victims of a spam barrage spreading the W32/KutWormor virus. The virus is hidden in a spam message containing a New Year's greeting in Portuguese. Once infected the virus spreads using hidden JavaScript and Flash code by sending the same message to connected Orkut members. It also adds the victim to an Orkut community group called "Infected by Orkut Virus." (searchsecurity.techtarget.com)

Spam, Spam, Spam: Every Day, Every Hour - How Can You Fight Back?

December 24, 2007

RESEARCH TRIANGLE PARK — Perhaps the real irritation is that handling mail has become cumbersome. Upper management is about to 'go postal' over mail management issues. Screening email has become as necessary as screening calls. Just as persistent salespeople keep calling; email solicitors keep spamming. Analyst research firm reports indicate that 50 percent of all corporate email traffic is spam. This 'unsolicited' bulk email is the newest form of junk mail. And with an average of 18 such messages a day for each e-mailbox in the world, it is clearly a problem that businesses cannot ignore. (localtechwire.com)

Free Velnet.co.uk e-mail shut down by spam abuse

December 23, 2007

THE UK based firm Velnet which offered pay-as-you-go Internet, web hosting and related services, decided to discontinue its free e-mail offering due to the abuse by spammers. (theinquirer.net)

Hoax nearly cripples Big Spring computers

December 22, 2007

The Big Spring School District — its digital half, anyway — was nearly brought to its knees on Monday by Internet users from around the world. All because one of its high school students received detention. An unnamed student from Big Spring High School incited an international protest after posting a letter online that appeared to document the student had received a two-hour detention for using an unauthorized Web browser at school. Problem was, the letter had been changed, according to district officials. It was a hoax. But before the district could announce the hoax, people from across the globe bombarded district and high school offices with e-mails and phone calls. (cumberlink.com)

Governments need to muscle up and send spammers a tough message

December 21, 2007

THERE seems to be no shortage of evidence as to the magnitude of the problems attributable to spam. While estimates vary, the National Office for the Information Economy cited data estimating that 50% of all inbound business email messages are spam. Productivity loss, technical support and infrastructure costs, monetary loss at the hands of fraudulent spammers and the exposure of children to offensive or inappropriate material are some of the consequences of spam. They add up to an estimated cost of $9.5 billion to Australian businesses annually. (business.theage.com.au)

The Botnet Ecosystem: Do Botnets Need Windows?

December 20, 2007

Botnets would not exist without software vulnerabilities; this we can all agree on. The true source of the problem, however, is far from decided. As mentioned in the first part of this series, the actual blame does not completely lie with a single company's products. This installment will cover botnet motivations, client infection and survival methods, and why this problem would exist without Windows. (enterprisenetworkingplanet.com)

Botnets silently control your PC

December 19, 2007

A major form of cyber-crime today, not always well understood by computer users, is the "botnet." The word is geek-speak for "robot network." A botnet consists of a large number of computers — in one case, more than a million — that have been enslaved by a hacker and operate under his command. (He is called a "botherder" or "botmaster," and the infected computer is a "zombie.") These are then used for various illegal purposes, such as sending huge amounts of spam. The misbehavior goes on in the background so that you probably won't notice it. (washingtontimes.com)

Phishers Pinch Billions From Consumers’ Pockets

December 18, 2007

More than 3.5 million U.S. adults lost money to phishing scams and online identity theft in the 12-month period that ended in August, a 57% increase over the previous year, a Gartner fraud analyst said today. (nytimes.com)

Phishers, Spammers, and Malware Authors Clearly Consolidating

December 17, 2007

In a recent article entitled "Popular Spammers Strategies and Tactics" I emphasized on the consolidation that's been going on between phishers, spammers and malware authors for a while (ddanchev.blogspot.com)

Gartner: Victims of online phishing up nearly 40 percent in 2007

December 16, 2007

An annual study by Gartner will report that the number of consumers who were taken in by bogus online offerings increased by nearly 40 percent in 2007 over the previous year. (scmagazineus.com)

Banks told to 'do their bit' to fight phishing attacks

December 15, 2007

New Zealand banks could protect customers from phishing attacks by making a simple change to their internet address protocols at little or no cost, says Thom Hooker, director of operations at SMX, an Auckland based anti-spam and anti-virus email service provider. (computerworld.co.nz)

Cracking open the cybercrime economy

December 14, 2007

"Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don't think we are really winning this war." (news.com)

Taking down spammers: Successful spam fighting via legalization, regulation and economics

December 13, 2007

Guest post: Gadi Evron is Security Architect for Afilias global registry services and recognized globally for his work and leadership in Internet security operations. He is the founder of the Zero-Day Emergency Response Team (ZERT), organizes and chairs worldwide conferences, working groups and task forces. He is considered an expert on corporate security and counterespionage, botnets, e-fraud and phishing. (blogs.zdnet.com)

Americans Ingested Too Much Holiday E-Mail Spam, Survey Finds

December 12, 2007

Symantec also sees spammers trying new techniques, such as spamming via bot-net, audio and video spam, and spamming using protocols for IM, SMS, and online games. (informationweek.com)

Filtering's ding-dong fight with malicious spam

December 11, 2007

Attempts by governments and police to stop spam at its source have proved futile. But as the threat has evolved, so have the filtering techniques that help ensure spam never reaches the user, as Anthony Plewes reports. (silicon.com)

A cure for spam: Attack the cause, not the symptoms

December 10, 2007

We have been filtering e-mail for years, and today, spam accounts for anywhere from 70 percent to 90 percent of all e-mail traffic, according to the best estimates. And although there have been some successful prosecutions, laws don’t seem to be helping much. (gcn.com)

Britain's MI5: Chinese Cyberattacks Target Top Companies

December 9, 2007

The British government has openly accused China of carrying out state-sponsored espionage against vital parts of Britain's economy, including the computer systems of big banks and financial-services firms. (foxnews.com)

Hackers Break Into Top Government Research Lab

December 8, 2007

KNOXVILLE, Tenn. — The Oak Ridge National Laboratory revealed on Thursday that a "sophisticated cyber attack" over the last few weeks may have allowed personal information about thousands of lab visitors to be stolen. (foxnews.com)

New wave of digital intelligence

December 7, 2007

FROM clothes riddled with sensors to name tags that detect our moods, computing's next wave could unleash small devices that increasingly augment everyday activities with digital intelligence. (news.com.au)

Fink on spammers to get better results

December 6, 2007

As we know all-to-well, mail filtering alone has not licked the spam problem. Hardly. (blogs.computerworld.com)

Facebook issues an apology

December 5, 2007

Facebook, the popular social networking site, has ridden the hype curve up and down in recent months, reaching a low Tuesday over claims that a month-old advertising system violates members' privacy. CEO Mark Zuckerberg took a big step Wednesday toward silencing naysayers - one of whom was my own colleague Josh Quittner - when he issued a contrite apology and made a key change to the new advertising feature, dubbed Beacon. (money.cnn.com)

20bn spam buckling inboxes

December 4, 2007

Internet users in Britain get 20billion spam e-mails every day double the amount of junk mail sent a year ago. Up to 120billion spam messages are sent daily worldwide that's 20 for each person on the planet and 49 out of 50 e-mails are junk. (metro.co.uk)

Despite filters, tidal wave of spam bears down on e-mailers

December 3, 2007

SAN FRANCISCO — Why, in 2007, is spam worse than ever? Let exasperated consumers count the ways: PDF spam. MP3 spam. Pump-and-dump spam. E-card spam. It may sound like a broken record, but spam continues to do just that — break records. This year marks the first time the total number of spam e-mail messages sent worldwide, 10.8 trillion, will surpass the number of person-to-person e-mails sent, 10.5 trillion, according to market researcher IDC. (usatoday.com)

PR - Study: Equipment Industry Users Recommend Better Mobility and Anti-Spam Solutions

December 2, 2007

Peter Brockmann, President of Brockmann & Company said, "Email is a very important communications application (87%) for organizational success in the computer, network and telecom equipment industries. Email is also identified as very important in the job performance of 89% of respondents from these industries. Yet, only 20% of users are very satisfied with their email experience. Improving mobility and spam-control in this market is recommended as the most desirable improvement." ()

New Zealand Questions Top Cyber Suspect

December 1, 2007

WELLINGTON, New Zealand -- Police questioned the suspected teenage kingpin of an international cyber crime network accused of infiltrating 1.3 million computers and skimming millions of dollars from victims' bank accounts, officials said. Working with the FBI and police in the Netherlands, New Zealand police raided the home of the 18-year-old in the North Island city of Hamilton and took him into custody along with several computers, said Martin Kleintjes, head of the police electronic crime center. (washingtonpost.com)

Teen questioned in computer hacking probe (cnn.com)

Crime follows foreclosures

November 30, 2007

CLEVELAND (CNNMoney.com) -- When homeowners moved away after a wave of foreclosures in Cleveland's working-class neighborhood of Slavic Village, crime took off. (cnn.com)

Spammers turn to seasonal sob stories

November 29, 2007

As the holiday season closes in, some cyber crooks are changing their tack - and trying old fashioned sob stories to milk money from their victims. (nzherald.co.nz)

Technology key to stopping piracy

November 28, 2007

(AP) -- If the experience of the world's largest software vendor is any guide, the industry's best hope for reducing piracy rests with anti-copying technologies rather than in policing the legalistic user agreements that restrict how software can be used. (cnn.com)

12 spam research projects that might make a difference

November 27, 2007

Those who commit cybercrime know they need to stay on the cutting edge of technology to come up with new and different ways to swindle people. Luckily, the good guys are also spending time in research labs developing ways to thwart the latest tricks employed by spammers, phishers and other criminals. (computerworld.com.au)

Illegal e-mail spam from the federal government?

November 26, 2007

Identity thieves have no boundaries, you better believe that. The latest scheme aimed at getting your private information is now arriving in the form of e-mail spam purportedly from the Federal Trade Commission. (spaminspector.org)

Spammers pose as private eyes to spread malware

November 25, 2007

Commtouch, an Israeli security firm that specializes in protecting e-mail integrity, says that it has detected a new malware outbreak that is spread through e-mails claiming to be from private investigators. According to Commtouch, the e-mails tell recipients that a private investigator has been recording the recipients' phone calls and that an audio file of one of the calls is attached to the message. When unwitting recipients download the "call" to their hard drives, their computers become infected with malware. (computerworld.com.au)

'Vishing' is newest card scam Consumers bilked into revealing data

November 24, 2007

Like e-mail phishing operations, vishing also works by tricking people into handing over confidential financial account information. But instead of directing people to bogus Web sites, vishing scams instruct victims to call a phony company phone number, where they are typically directed to enter their identification numbers to rectify some fictitious problem with their accounts. (cincypost.com)

The Global Illcit Trade in Trash

November 23, 2007

SAN FRANCISCO, California (AP) -- Most Americans think they're helping the earth when they recycle their old computers, televisions and cell phones. But chances are they're contributing to a global trade in electronic trash that endangers workers and pollutes the environment overseas. (cnn.com)

Denial of Service Attack Against 911?

November 22, 2007

WATERLOO, Iowa (AP) -- A rogue cell phone is not accepting calls, but it sure likes to dial 911 operators in eastern Iowa. Operators at the Black Hawk County Consolidated Communications Center said that they received about 400 calls from the same cell phone last week and that no one seems to be on the other line. "That's it right now," said Dispatcher Chuck Hosier, as a phone rang in the background. "It will ring in, and it's an open line. Sometimes it rings in and drops off." Officials can't locate the phone but have figured out that it is an old line not currently associated with a cell phone provider. Such phones, once charged up, can still place 911 calls under Federal Communications Commission rules set in 1994. (cnn.com)

KnujOn Records 50,000th Spam Website Suspension

November 21, 2007

The fight against spam and Internet crime is moving in a different direction as Project KnujOn expands operations and broadens its reach. (prweb.com)

419 Scams Endure

November 20, 2007

Website Owners - The Next Target of 419 Scammers? (cybertopcops.blogspot.com)

419 Scammers Using Google Search to Find New Victims (cybertopcops.blogspot.com)

New delivery methods and malware payloads strengthen impact of spam surge

November 19, 2007

ENGLEWOOD, Colo. -- MX Logic, Inc., a leading managed security service provider, today predicted that spam levels will spike an additional 50 percent over current levels by the end of 2007 due to the holiday retail rush. This will represent a 200 percent increase since January of 2007. Compounding the influx, MX Logic threat research expects the Storm Worm to resurrect in the coming months as spammers utilize botnets a collection of compromised computers to hide their tracks. (darkreading.com)

Knujon spam fighting made possible by open source

November 18, 2007

Using the economics of open source to fight spam in a new way. (blogs.zdnet.com)

Thinking Ahead to Prevent Laptop Theft

November 17, 2007

Marking your laptop helps with the recovery of a stolen (or lost) laptop. Either engrave your information onto your laptop or use a tamper-resistant asset tag...Don't use an obvious laptop carrying case...Be especially mindful of distractions! A commotion in front of you means that the thief about to take your laptop is behind you. A commotion behind you means the thief is in front of you. Thieves work in pairs or groups that way, using the commotion to distract you while they steal your stuff. (tech.yahoo.com)

Why Cops Can't Catch Cybercriminals

November 16, 2007

ARLINGTON, Va. -- Computer Security Institute 2007 -- The forensics labs you see on TV might seem pretty high-tech, but in real life, most law enforcement agencies don't have access to skills and equipment like that, a top federal law enforcement officer noted this morning. (darkreading.com)

Report: China spies threaten U.S. technology

November 15, 2007

WASHINGTON (AP) -- Chinese spying in America represents the greatest threat to U.S. technology, according to a congressional advisory panel report Thursday that recommended lawmakers consider financing counterintelligence efforts meant to stop China from stealing U.S. manufacturing expertise. (ap.google.com)

Tiffany and EBay Square Off in Court

November 14, 2007

NEW YORK (AP) — A lawyer for Tiffany & Co. accused eBay Inc. on Tuesday of allowing the sale of tens of thousands of pieces of counterfeit Tiffany jewelry on its Web site; an eBay lawyer responded that Tiffany wasn't doing its share to protect customers. The arguments in U.S. District Court in Manhattan came at the start of a trial to decide whether eBay can be blamed for the sales of silver Tiffany knockoffs on its Internet site since 2003. James B. Swire, Tiffany's lawyer, said eBay "simply turned a blind eye" to the sales. Bruce Rich, eBay's lawyer, said the site has suspended hundreds of thousands of sellers who broke its rules. He blamed Tiffany for failing to protect its own trademarks by notifying eBay when it spots sales that seem suspicious. Rich said that when companies do so, eBay often stops the sales even before it can check whether they are legitimate. (ap.google.com)

Tiffany and eBay Clash Over Sales of Fake Goods (law.com)

Behind the Alicia Keys MySpace Scam

November 13, 2007

It's easy to see how visitors to Alicia Keys' MySpace page could have accidentally clicked on the wrong spot last week and gotten whisked off to a Chinese website that tried to install malicious code onto their computers. The buttons to play Keys' songs were clearly marked — and clean — but almost every other image on the site, including the full-sized background photo of the diva herself, had been hacked in such a way that merely clicking on it could infect visitors' computers with malware. So if you happened to click on Keys' bare midriff on Nov. 8, you would have been siphoned to a murky corner of cyberspace: a site that attempted to install a program that could trick you into buying fake anti-virus software, record the credit card information you used to buy it, and secretly log every other user name and password you typed into your computer as well. (time.com)

KnujOn takes the spam fight to the enemy

November 12, 2007

Project Knujon, or no junk spelled backwards, does the work that many other organizations have shied away from -- collecting and sorting through millions of spam messages submitted by the public, and then shutting down the illicit Websites. Since 2005, Project Knujon has shut down more than 50,000 fraudulent Websites. (crn.com)

Major Russian crime hub suddenly dies

November 11, 2007

One of the Internet's most notorious malware and software exploit hubs, the Russian Business Network (RBN), has suddenly gone offline. Trend Micro reports that Internet domains associated with the network went down at 7 p.m. Pacific Standard Time on Tuesday, Nov. 6 (3 a.m. GMT Wednesday, Nov. 7), taking with it a network provider accused of hosting some of the worst criminal activities the Internet has to offer, including various high-profile software exploits, voracious Trojan malware, and even hosting sites used for child porn. (washingtonpost.com)

KnujOn takes the spam fight to the enemy

November 10, 2007

“Filtering and blocking tactics are failing...It’s actually making the problem worse. Even if 90 percent of the messages are being filtered, the small percentage that aren’t keeps them in business.” (security.blogs.techtarget.com)

Antispam group targets transactions, not messages

November 9, 2007

E-mail and the spammers are the least interesting part of the problem. We want to stop the transaction, to take down those platforms from which consumers are buying fake luxury items and phony drugs -- or worse yet, having their identity stolen, (networkworld.com)

The most powerful anti-spam filter isn’t used enough

November 8, 2007

If there were any questions that the current generation of spammers and hackers have dug in for the long haul, events in the past few weeks should eliminate them. Botnet operators and spammers are continuing the evolution of their networks and techniques to ensure that their messages continue to arrive in our inboxes. (gcn.com)

Report: Al Qaeda to Launch Cyber-Attack on Nov. 11

November 7, 2007

Al Qaeda plans to launch an electronic Jihad on Nov. 11, attacking "Western, Jewish, Israeli, Muslim apostate and Shiite Web sites," according to an unconfirmed report. (foxnews.com)

The Decline of CAPTCHA

November 6, 2007

The goal of a CAPTCHA, or Completely Automated Public Turing test to tell Computers and Humans Apart, is to present a challenge that only a human can answer properly. It took a few years, but it looks like computers are getting to the point of defeating CAPTCHAs often enough to make the tests a failure. (news.yahoo.com)

Spammer jailed for two years

November 5, 2007

A 28-YEAR-OLD man from the US state of New Jersey has been jailed for more than two years by a New York judge for his part in a spamming operation that sent out millions of unsolicited emails. (news.com.au)

Foreign drug makers face few inspections

November 4, 2007

The FDA this year listed 3,249 foreign pharmaceutical manufacturers subject to its inspection -- yet the agency cannot determine whether it has ever inspected 2,133 of them, according to a Government Accountability Office report released during a House subcommittee hearing. (boston.com)

How the Malware Marketplace Works

November 3, 2007

Today's aspiring Internet crooks don't need any programming skills. They just need to know where to shop. An entire shadow economy has arisen online, with suppliers, service providers, and other middlemen ready--for a fee--to help the unethical entrepreneur. Shown here is an example of how easy it is these days to become a bot herder, someone who sets up a vast network of remote-controlled, bot-infected computers and then rents the malicious services of that zombie army to spammers and other bad guys. (pcworld.com)

Spammers use porn to get unsuspecting users to break CAPTCHA codes

November 2, 2007

In the new scam, an icon of an alluring woman suddenly appears on a Windows computer infected by a virus. After clicking on the icon, the user sees a photo of an attractive woman who vows to take off an article of clothing each time the jumble of figures next to her is entered. (foxnews.com)

Over 100 Malwares Hosted on a Single RBN IP

November 1, 2007

The never ending Russian Business Network's saga on whether or not they host malware on behalf of their customers enters in an entirely new phrase with the discovery of over 100 malwares hosted on a single IP - 81.95.149.51/ms where the directory listing indicates that the earliest binary was uploaded on 19-Sep-2006 and the most recent one on the 28-May-2007. If only was the directory listing denied we would only be speculating on such a development, and as it's obvious that it isn't sooner or later they'll simple rename the directory as they apparently did in the past from 81.95.149.51/ms21 to 81.95.149.51/ms51 and to the current state. (ddanchev.blogspot.com)

Storm Worm now just a squall: The Storm Worm botnet has been shrinking steadily and is about 10 percent of its former size.

October 31, 2007

Brandon Enright, a network security analyst at UC San Diego, has been tracking Storm since July and said that, despite the intense publicity that the network of infected computers has received, it's actually been shrinking steadily and is presently a shadow of its former self. On Saturday, he presentedhis findingsat the Toorcon hacker conference in San Diego. (washingtonpost.com)

How Ticket Brokers and Scalpers Beat the System

October 30, 2007

Sporting and entertainment venues have employed various strategies to keep mass ticket buyers from taking seats away from ordinary customers, but powerful computing and dirty tricks make it easy for brokers to get around the impediments. The only true to way to stop this is to track the transactions after and punish the mass buyers.

RMG, which is based in Pittsburgh and has 10 employees, calls its software "stealth technology that lets you hide your IP address, so you never get blocked by Ticketmaster." Court papers indicate RMG was a ticket scalper's dream come true. On one day in July, Ticketmaster court filings indicate RMG clients attempted to reserve a seat through Ticketmaster every 10 seconds. Ticketmaster says RMG clients successfully reserved seats 8,661 times on that day.(boston.com)

Ticket Brokers Busted: The court held that RMG, of Pittsburgh, violated its terms-of-use agreement with Ticketmaster by helping brokers buy large blocks of tickets—and doing so more quickly than most consumers could—thereby blocking consumers from buying tickets at list prices. The brokers would then turn around and sell the tickets for the now sold-out event at much higher prices. (eweek.com)

Ticketmaster wins injunction against broker-software firm (news.com)

Brokers snatch joy from Hannah Montana fans: Ticket brokers swooped up thousands of tickets within minutes of them becoming available online and shut out legitimate Hannah followers. Desperate fans found they would have to pay brokers $350 to $2,000 for the $63 concert tickets. (cnn.com)

'Hannah Montana' ticket debacle spotlights unscrupulous brokers (monstersandcritics.com)

eBay’s Place in the Dirty World of Ticket Scalping (eBay’s acquisition of StubHub has just been announced.) (techcrunch.com)

Some fans cry foul over ticket plan: Scalpers will use Web wiles to snap up most, they fear (rockymountainnews.com)

Online Attack Halts Rockies' Ticket Sales (aol.com)

New England Patriots Obtain Names of Internet Ticket Resellers (boston.com)

Did you miss the tickets? Blame ‘bots' (missoulian.com)

AG Seeks Information from Banks Regarding Online Phishing Scams, Asks Companies to Provide Warnings, Advice to Internet Customers

October 29, 2007

TRENTON – Attorney General Anne Milgram today called on four banks to provide information on how they are protecting customers from identity theft and related loss resulting from “phishing” – an on-line fraud gambit in which authentic-looking e-mails are used to trick recipients into giving out sensitive personal information such as credit card, bank account and Social Security numbers. (nj.gov)

So, do you really think you should buy that fake pair of Gucci sunglasses?

October 28, 2007

Groups fighting counterfeiting in Canada say it's up to all of us to put an end to the problem (thestar.com)

Bay State Co. nailed with $10M fine in HGH scandal

October 27, 2007

A company that distributed human growth hormone to "well-known athletes and entertainers" has agreed to pay a $10.5 million penalty, change its business practices and cooperate with law enforcement in ongoing investigations, federal prosecutors said Tuesday. (bostonherald.com)

Internet Naming Agency Probes Possible Corruption

October 26, 2007

NEW YORK — The Internet's key oversight agency is investigating suspicions that insider information is being used to snatch desired domain names before an individual or business can register them. (foxnews.com)

Read the latest KnujOn White Paper

October 25, 2007

Project KnujOn - October 2007(PDF)

Other press information

Music piracy site closed after U.K., Dutch raids

October 24, 2007

British and Dutch police shut down one of the world's largest sources of illegal prerelease music on Tuesday and arrested a 24-year-old man. (boston.com)

Chinese recalls causing fear

October 23, 2007

WASHINGTON --Treasury Secretary Henry Paulson said Tuesday that the recalls of tainted Chinese products were causing fear among U.S. consumers. He called on China to take bold moves to address that and other economic problems facing the two countries. (boston.com)

World Series Ticket Sales Suspended After 'Malicious Attack' Crashes Computers(foxnews.com)

Phishing's Future Scapegoats

October 22, 2007

OCTOBER 17, 2007 | Recently I got a note from an attorney who argues that companies should be held accountable when their brand or name is used to illegally get access to personal information. While I initially argued that such attacks are outside the control of companies such as Yahoo and eBay, I’ve come around to his point of view. (darkreading.com)

Spammers turn to MP3s to deliver pitches(boston.com)

Comcast Hinders Customers' Internet Traffic

October 20, 2007

NEW YORK — Comcast Corp. actively interferes with attempts by some of its high-speed Internet subscribers to share files online, a move that runs counter to the tradition of treating all types of Net traffic equally. (foxnews.com)

New England Patriots Obtain Names of Internet Ticket Resellers

October 19, 2007

Seeking to enforce their policy prohibiting ticket resales, the New England Patriots have obtained the names of 13,000 people who sold or bought the team's tickets using the online site StubHub Inc. StubHub, which is owned by eBay Inc., yesterday began notifying the 13,000 customers that their names, addresses, and phone numbers had been turned over to the Patriots following a ruling by Superior Court Judge Allan van Gestel
...
The Patriots have said that they intend to use the identities of the purchasers and sellers not only for this case, but also for its own other allegedly legitimate uses, such as canceling season tickets of 'violators' or reporting to authorities those customers that they deem to be in violation of the Massachusetts antiscalping law," van Gestel wrote. The Patriots sued StubHub last November, alleging the company was encouraging fans to resell their tickets on the website in violation of the team's policy prohibiting resales and the state's antiscalping law. StubHub countersued, alleging the Patriots were attempting to monopolize the resale of the team's tickets. (boston.com)

Chinese interest in 3Com seen as part of larger threat

October 18, 2007

BEIJING -- Huawei Technologies Co.'s proposed deal to buy an initial 16.5% stake in 3Com Corp. also allows for the Chinese company to potentially raise its stake to a maximum of 21.5%, 3Com said in a filing to the U.S. Securities and Exchange ... (wsj.com)

A low-profile corporate approach and a reclusive founder with a military past have not stopped China's Huawei Technologies from building an international telecoms equipment business, but they could make it a bit more difficult to buy a piece of US rival 3Com. (msnbc.msn.com)

Chinese ownership of defense technology to be reviewed: 'They take into consideration any possible national security concerns' (worldnetdaily.com)
3Com Won't Share Sensitive Technology With China's Huawei (informationweek.com)

China's Cyber Attacks Signal New Battlefield Is Online (sciam.com)
Expert warns of Chinese cyber-terrorism (isria.info)
China To Use Computer Viruses As Cyberwarfare First Strike (informationweek.com)
Titan Rain - how Chinese hackers targeted Whitehall (guardian.co.uk)
China is suspected of hacking into Navy site (fcw.com)
China Faces Tough Battle Against Cyber Crimes (allheadlinenews.com)
China says it's a cyber-attack victim, not villain (reuters.com)
China denies hacking into Pentagon (cnn.com)
China prosecutes infamous computer virus makers (deccanherald.com)
Asia-Pacific cyber criminals refine tactics: report (earthtimes.org)

Unisys Blamed for China-Connected Homeland Security Hacks (dailytech.com)
FBI investigates Unisys over U.S. government hack (computerworld.com.my)

Exiled Burmese media groups report that cyber-warfare activities that hacked their sites in the past week originated in Moscow (hrw.org)
How Russia became a malware hornet's nest (searchsecurity.techtarget.com)

Yahoo accused of misleading Congress about Chinese journalist

October 17, 2007

(CNN) -- Yahoo misled Congress regarding information the Internet company gave to Chinese authorities about the journalist Shi Tao, Democratic Rep. Tom Lantos said Tuesday. Lantos, a California representative and chairman of the House Foreign Affairs Committee, asked Yahoo Inc. officials to testify about the company's role in a case that sent Chinese newspaper writer and editor Shi to prison on a 10-year sentence. (cnn.com)

Web dissent on the rise in China (bbc.co.uk)
Chinese Internet Censorship Machine Revealed (informationweek.com)
Daily reality of net censorship (bbc.co.uk)
China accused of 'locking down' the web (vnunet.com)
Big Brother is Watching China, Thanks to U.S. Tech. What Can We Do About It? (tnr.com)

Cops Solve Crimes Online

October 16, 2007

When authorities stormed Oleksiy Sharapka's Brighton home last year in search of several hundred thousand dollars in stolen merchandise, their investigation wasn't only the result of hours spent pounding the pavement. Much of the fraud case against Sharapka was built in cyberspace. As more criminals like Sharapka turn to the anonymity of the web to commit crimes, law enforcement is following - tracking their movements through cyberspace with a stealth-like precision that is winning convictions. The Internet is "like the Wild West right now," said Boston Police Detective Steve Blair, a cybercrime expert and a member of the joint task force that put Sharapka behind bars for more than 20 years. "Fraud is just rampant." (bostonnow.com)

Knujon wins Linksgiving.com Weekly Link Award

October 15, 2007

All Web sites of our user-submitted link collection are of unique interest and value. Being featured in it, that already means receiving an award from one's own visitors. In addition, in January 2002 we created the Weekly Link Award for listed Web sites that distinguish themselves for originality of concept, easiness of navigation, pleasant design, clarity and completeness of information, browser-independent accessibility, and that give visitors the sensation to really have found what they are looking for, make them feel at home and want to come back again, give a considerable contribution to the Internet community. Only a "giving" site that enphasizes those qualities, a "gemstone" in our precious collection, can win the Weekly Link Award. The prestige of the Weekly Link Award is increased by the fact that it is not possible to directly apply for it and that only a Web site a week may receive it. (linksgiving.com)

For virtual jobs, click with caution

October 14, 2007

There can be risks in posting your résumé online. And beware of listings that appear too good to be true. It's probably because they are. (startribune.com)

Shadowy Russian Firm Seen as Conduit for Cybercrime

October 13, 2007

An Internet business based in St. Petersburg has become a world hub for Web sites devoted to child pornography, spamming and identity theft, according to computer security experts. They say Russian authorities have provided little help in efforts to shut down the company. (washingtonpost.com)
Submitted by KnujOn Member

Image Only Spam - We Want It

October 12, 2007

Upload your image-only junk mail to KnujOn (knujon.com)

Lawsuits target iPhone, AT&T deal

October 11, 2007

SAN JOSE, California (AP) -- Complaints over Apple Inc.'s use restrictions and recent software update for the iPhone have erupted in two lawsuits alleging Apple and its carrier partner, AT&T Inc., engaged in illegal monopolistic behavior. (cnn.com)

NJ teen Unlocks iphone from ATT Network (boston.com)
IPhone Flaw Lets Hackers Take Over, Security Firm Says (nytimes.com)
Research trio claims the iPhone's data can be stolen and the device can even be turned into a remote surveillance tool (infoworld.com)

Online Videos Could Infect Computers With Viruses, Study Finds

October 10, 2007

ATLANTA — Online videos aren't just for bloopers and rants — some might also be conduits for malicious code that can infect your computer. As anti-spam technology improves, hackers are finding new vehicles to deliver their malicious code. And some could be embedded in online video players, according to a report on Internet threats released Tuesday by the Georgia Tech Information Security Center as it holds its annual summit. (foxnews.com)

Securities Fraud and Internet Service Providers go to Supreme Court

October 9, 2007

The justices were to hear arguments Tuesday in the securities fraud case investors brought against Motorola Inc. and Scientific-Atlanta Inc. over their deals with one of the largest cable TV providers in the country, Charter Communications, Inc. (ap.google.com)

Other News
AT&T to pay $2.5 billion for airwaves: Spectrum is in valuable 700 MHz range (marketwatch.com)

Woman Ordered to Pay for File-Sharing Will Appeal: A woman ordered to pay $222,000 for illegally downloading and sharing music files has decided to appeal the case.(pcworld.com)

Believe when you see it

October 8, 2007

Yahoo! Teams! With! eBay! And! PayPal! To! End! Phishing!(...if you use Yahoo!, eBay, and PayPal) (theregister.com)

Spammers Destroy Another On-Line Business

October 7, 2007

Spam from a galaxy far, far away...

October 6, 2007

Compared to a previous example of an over-performing image spammer whose efforts to bypass spam filters make it virtually impossible for someone to fall victim into the pharmaceutical scam, in this example of image spam we have something very interesting, namely a dynamic subdomain generating spamming host running a proxy server every time the central campaign URL gets refreshed via an obfuscated javascript. meds247.org (216.55.70.170) is the public face of abetterlevel.org (221.130.192.17). (ddanchev.blogspot.com)

Data for 450,000 mistakenly released

October 5, 2007

Data for 450,000 mistakenly released: Social Security numbers on disks. The Massachusetts Division of Professional Licensure has launched an internal probe and announced plans to review its protocols after the Social Security numbers of about 450,000 licensed professionals were inadvertently released. The information was mailed last month to agencies that submitted a public records request for the names and addresses of professionals licensed by the division, said Kofi Jones, a spokeswoman for the state Executive Office of Housing and Economic Development, which oversees the division. (boston.com)


Update on bot herder bust: Most detailed article on greg king and castlecops (theregister.com)
Botmasters Take Heed – You Are Being Put On Notice
CastleCops smeared in bizarre "attack"

Why are the (Canadian) feds so slow to battle the spam scourge?

October 4, 2007

Canada has meekly become an international haven for some of the worst spammers on Earth. And the Canadian government, say national and international watchdogs, seems unprepared to finally kick trash e-mailers to the curb or the courts. (winnipegsun.com)

Canadian and U.S. cops nab two alleged scammers accused of sending out hundreds of millions of junk e-mails -- each is a landmark case, but for very different reasons(winnipegsun.com)

77 arrests in international e-mail scams(businessweek.com)

Submitted by Knujon Members

PC Security DIY Part I: Malware - The Most Wanted Cyber Criminal

October 3, 2007

More or less 3 weeks ago, several anti-scammer websites fell victim to DDoS (Distributed Denial of Service) attacks by the Storm botnet. The comments made on blogs and news sites about these attacks, made it clear once again that cyber security experts are well aware of the dangers of malware infections, which are the backbone of any botnet, as well as the impact these infections have on the online industry. The fact that security experts realise these problems is all good and well, but it does not really help addressing the problem. Normal computer users need to understand the implications of malware infections as well, but more importantly, they have to carry the consequences of their actions if they refuse to take appropriate preventative measures against malware.(cybertopcops.blogspot.com or cybertopcops.com)

Coenraad De Beer

Botmasters Take Heed – You Are Being Put On Notice

October 2, 2007

Today the arrest and indictment of Greg King, 21, of Fairfield California was announced. In the Indictment, the US Attorneys Office is alleging Greg King aka SilenZ was responsible for the DDoS of CastleCops last February. According to the Press Release he faces a maximum sentence of ten years imprisonment and a $250,000 fine. (castlecops.com)

CastleCops smeared in bizarre "attack"

Telecoms' Censorship Policies Stir New Controversy

October 1, 2007

Disclosures over the weekend that AT&T and Verizon reserve the right to suspend or terminate the service of customers who are critical of their conduct have prompted a call for congressional hearings on the censorship practices of the nation's leading carriers. According to AT&T's and Verizon's nearly identical service agreements, the companies can cancel the subscription of anyone who damages "the name or reputation" of AT&T or Verizon, "its parents, affiliates and subsidiaries." The disclosures followed Verizon's Sept. 27 decision to reverse a decision to block text messages from the pro-abortion group NARAL Pro-Choice America. Verizon and AT&T are also both at the center of a swirling controversy for allegedly for turning over private customer phone records to the National Security Agency.
...
"The provision is meant to cover clearly illegal acts that would include things such as impersonating Verizon to conduct phishing scams or to sell services using our name, or the intentional spreading [of] inaccurate information that significantly harms Verizon," (eweek.com)



AT&T's new service agreement for its Internet offerings contains an unpleasant wrinkle for subscribers--the telecom giant has given itself the right to cancel customers' service for criticizing the company.(consumeraffairs.com)

Briton, Malaysian wife charged in Internet investment scam

September 30, 2007

(AP) - KUALA LUMPUR, Malaysia-A Briton and his Malaysian wife have become the first people in Malaysia to be charged with operating an Internet investment scam following a crackdown on online fraudsters, a prosecutor said Wednesday.(findlaw.com)

Regulators Shut Online Bank NetBank

September 29, 2007

WASHINGTON (AP) — NetBank Inc., an online bank with $2.5 billion in assets, was shut down by the government on Friday because of an excessive level of mortgage defaults. It was the largest savings and loan failure since the tail end of the industry's crisis more than 14 years ago. Federal regulators appointed the Federal Deposit Insurance Corp. as a receiver for Alpharetta, Ga.-based NetBank. Customers with less than $100,000 deposited with NetBank will be protected by FDIC insurance. While dozens of mortgage companies have closed due to soaring defaults of home loans made to borrowers with weak, or subprime, credit, those problems previously had occurred among non-bank lenders such as New Century Financial Corp. NetBank, in contrast, is federally regulated. (ap.google.com)

Myanmar Military Cuts Internet Access, Occupies Monasteries

September 28, 2007

The government's apparent decision to cut public Internet access — which has played a crucial role in getting news and images of the pro-democracy protests to the outside world — also raised concerns. (foxnews.com)

Burma cuts Internet after Japanese photographer killed (cpj.org)

Restrictions on Internet use imposed by the military's State Peace and Development Council sharply reduced the flow of information. As a result, Thailand-based exile groups and outside observers had only a sketchy picture of what was going on in Rangoon, Burma's main city, and the dozen other places where anti-government protesters led by Buddhist monks have mounted the strongest challenge to the junta since 1988. (washingtonpost.com)

Bloggers in Burma keep world informed during military crackdown: The bloggers rely on word-of-mouth, cell phones, online chat groups, instant messaging, and firsthand accounts of protesters facing barricaded streets, tear gas and gunfire from Burmese security forces. The best blogs provide photos, video and text updates purportedly by eyewitnesses, which are later confirmed by news organizations or, in some cases, can't be verified.(cnn.com)

Cyber attack could turn lights out in U.S.

September 27, 2007

WASHINGTON (CNN) -- Researchers who launched an experimental cyber attack caused a generator to self-destruct, alarming the government and electrical industry about what might happen if such an attack were carried out on a larger scale, CNN has learned. (cnn.com)



Video(cnn.com)

Anti-Spam Law Challenged

September 26, 2007

RICHMOND, Va. — Virginia's law banning the massive distribution of junk e-mail is an unconstitutional barrier to free speech, a lawyer for a former spammer told the state's highest court Wednesday.(foxnews.com)

Sabotaging Google

September 25, 2007

A reader, Courtney Cox (no relation to the actress), recently pointed out to me that the top results of recent complex Google searches turned out to be inane Chinese sites that were not even parking sites, just an assortment of keywords that somehow got indexed and brought to the top of the results list. After seeing a few of these sites, I have to wonder what's going on. Is it sabotage? (news.yahoo.com)

Brockmann & Co. Comments on Knujon

September 24, 2007

Gathering spam samples from a network of registered users... and unregistered users..., this project focuses on building the case against spammers and then presenting them to the ISPs who host the spam sites. With a claim of shutting down some 32,000 sites, [Knujon] is pretty keen to eliminate the oxygen for the spammers to thrive. (brockmann.com)

It's about compressing the time interval that a spam bot network has between starting their campaign with an email blast and ending it by taking the url out of service. If their actions cut the useful life of a spam campaign, it affects spammers in two ways:a. makes ISPs more capable of adopting policies that make it hard for spammer sites, perhaps slowing the frequency of spam campaigns; b. cuts revenue from the spam campaign since lots of clicks will not be satisfied with a working website. (networkworld.com)

The Spam Index is the first method for factoring a users' actual experience in assessing the effectiveness of various anti-spam technologies. Based on the experience of over 520 business users, the users of challenge-response technology have the lowest average Spam Index, the most consistent Spam Index and the highest user satisfaction with the email experience. (brockmann.com)

Over the past four years, [Knujon] has tried to move the fight to a new front..., which has helped shut down more than 30,000 spammer Web sites. The project asks volunteers to send in their spam, and it uses these submissions to ... take down more than 32,000 of these junk mail sites.(networkworld.com)

Fake Dunkin Donuts in New York

September 23, 2007

You really have to love the way good old American capitalism works. On the corner of 110 and Lexington used to be a very busy and successful Dunkin Donuts franchise. It closed for about 2 weeks and in its place was an imitation rip off named Dunkin Cafe & Coffee. Dunkin Cafe’s logo uses the same font face and color as the original Dunkin Donuts. (plateoftheday.com)

Extra Spam, Hold the Quechup

September 22, 2007

The blogsphere is abuzz this week about deceptive practices at social networking site Quechup. Apparently, the site is using customer's propensity to scan and the tendency to rely on similar experiences in order to create a massive spam campaign. Several dozen bloggers have posted apologies in the last couple of weeks after Quechup scammed them and spammed everyone in their address books. (wisebread.com)

UK IT managers waste 5.85 million hours a year sifting through spam

September 21, 2007

UK IT managers could be spending more than five million working hours, worth more than 140m [pounds] a year, searching for valid e-mails caught in spam filters, according to a survey commissioned by web-based email management service provider, Mimecast. (computerweekly.com)

CastleCops smeared in bizarre "attack"

September 20, 2007

CastleCops, a voluntary security community, has received money from victim's PayPal accounts, according to Robin Laudanski, who co-runs the organisation. She blogged that compromised credit-card details had been used to donate sums of money to CastleCops. She suggested that the idea is that, when victims find out their money has been taken, they will assume CastleCops is involved in the fraud. (news.zdnet.co.uk)

Report: Four Percent of E-Crime From Fortune 100

September 19, 2007

Roughly four percent of all spam, malicious software attacks, phishing Web sites and other cyber crime activities detected in the first half of 2007 emanated from the networks controlled by the world's 100 highest-grossing companies, according to a new report from anti-virus company Symantec. The finding, from Symantec's semi-annual Internet Security Threat Report, is significant because it indicates how much Fortune 100 organizations have been compromised and are being used by attackers as launching pads for malicious activity, the report notes. The report jives with data published by Security Fix in March, which found evidence of phishing Web sites, spam and malware coming from major corporations, including Best Buy, ExxonMobile, HP, and Oracle, among others. Wired.com's Ryan Singel recently documented similar findings. Symantec cautions, however, that this statistic is actually lower than one might expect, given that Fortune 100 companies collectively control more than seven percent of the world's Internet. (blog.washingtonpost.com/securityfix)

Symantec Threat Report - PDF (symantec.com)

The Economic Idiocy of Spam Filtering

September 18, 2007

Not only does filtering not work, but it makes no money sense. If we accept the overwhelming evidence that 90% or more of Internet traffic is junk, then the criminals have clearly hijacked the global network. What is the Internet? It is a collection private networks, commercial cable and public phone systems. Who pays for the maintenance of this network? We all do. Through taxes, access fees and overhead passed to the consumer. So the consumer is more or less supporting the spam network. How much does that end up being? In the United States it could be as high as $1.5 Billion per month or $18 Billion per year. This figure does not include the amount of money spent on filtering, or the lost work hours, or money spent on chasing e-crooks, only the estimated cost of transmitting the spam.

Report: Hackers make contracts for spam

September 17, 2007

SAN JOSE, Calif. - Online crooks are quickly enlarging an already vast sales and distribution network to propagate spam and send malicious software in hopes of infecting millions of computers worldwide, according to a new report. In a report to be released Monday, security software maker Symantec Corp. says sophisticated thieves sell code to criminal middlemen for as much as $1,000 per program. The middlemen then push the code to consumers, who may be duped into participating in a scam, or who may have their passwords, financial data and other personal data stolen and used by identity theft rings (news.yahoo.com)

Chris Hansen MSNBC: Face to face with spammers and scammers

September 16, 2007

The writers of these e-mails sometimes appear to be desperate characters in far-off lands, offering millions in reward money — if you’d only help them in their plight.(msnbc.msn.com)


THE PAPER TRAIL - pdf (msnbcmedia.msn.com)

More Dateline Online Investigations(msnbc.msn.com)

Consulate websites hacked and infected

September 15, 2007

Security vendors are warning that two US Department of State websites based in Russia could contain malware and should be avoided. (techworld.com)

Hope in the fight against net gangsters

September 14, 2007

The online world has more criminals than an episode of The Sopranos. But is there a way to make things safer?(guardian.co.uk)

Kim Komando Lists KnujOn as a "cool site"

September 13, 2007

Knujon has a solution that might prove fruitful, though. It focuses on the sites that spammers use to peddle their wares. So far, it has removed more than 30,000 sites affiliated with spammers. How will this stop spammers? If they can’t sell their products, there’s no point in spam. (komando.com)

Phantom Phone calls from (866)243-4357

September 12, 2007

"I keep getting phone calls atleast twice a day from 866-243-4357 which shows up as 866-243-4357 on Caller ID but when I answer, they don't say anything and don't hang up."(whocalled.us)

If you get more than one call from 866-243-4357 Call Vonage Customer Service 1-800-980-1455 and tell them to stop. If calls continue, send a letter to: Vonage Legal Department, Attn: General Attorney, 23 Main Street, Holmdel, NJ 07733 have them order the Sales Autodialer to stop calling your number.(800notes.com)

donotcall.gov

ISPs turn blind eye to million-machine malware monster

September 11, 2007

Cablevision and Comcast coddling criminals?(theregister.com)

Storm Worm botnet could be worlds most powerful supercomputer

September 10, 2007

By New Zealand computer scientist Peter Gutman’s calculations, the Storm Worm botnet “may be the first time that a top 10 supercomputer has been controlled not by a government or mega-corporation but by criminals.”(zdnet.com)

Man used file-sharing program to steal data, money

September 9, 2007

A man has been arrested in what the US Justice Department described as its first case against someone accused of using file-sharing digital data to commit identity theft. Gregory Thomas Kopiloff primarily used Limewire's file-sharing program to troll other people's computers for financial information, which he used to open credit cards for an online shopping spree, federal prosecutors said today. (smh.com.au)

Thousands of emails lost in spam attack

September 8, 2007

Thousands of emails have been stuck in virtual limbo for days after a massive “spam attack” on the telecoms firm Onetel. A large number of the firm’s 30,000 email customers have been unable to send or receive emails properly for more than a month and many say their complaints to Onetel appear to have fallen on deaf ears. Frustrated by the company’s apparent delay in responding to their complaints, many say they have decided to switch to alternative providers. (telegraph.co.uk)

UK CyberCrime Report

September 7, 2007

UK CyberCrime Report - PDF format(garlik.com)

Pfizer PCs hijacked to send Viagra spam

September 6, 2007

Spammers have set a new benchmark for mockery, hijacking PCs inside drug giant Pfizer to send out adverts for the company’s most famous product, Viagra, it has been claimed. (techworld.com)

Malware authors change tack

September 5, 2007

Email attachments are being used less, spam campaigns are being used more(computing.co.uk)

ID fraud costing 'billions'

September 4, 2007

IDENTITY fraud is costing Australia billions of dollars a year and nearly everyone is concerned about the theft and illegal use of their identity, federal Attorney-General Philip Ruddock says. (first.org)

CastleCops Under DDoS Attack

September 3, 2007

Suspect IPs

Denial of Service(searchsecurity.techtarget.com)

Update on DDoS – mid 2007(castlecops.com)

February 2007 Attack(knujon.com)

Back-to-School Internet Safety Tips

September 2, 2007

Since there can never be too many reminders for kids on how to stay safe online, here are seven from the Illinois Attorney General, Lisa Madigan. She joined with the National Center for Missing and Exploited Children, Microsoft, Best Buy and the Geek Squad, and an Illinois retail association to spread the word on safe online practices.(tech.yahoo.com)

Malicious YouTube spam flooding the Net

September 1, 2007

Malicious spam containing fake URLs pointing at assorted YouTube videos have started flooding t’Internet in recent days, according to Marshal, the email and Internet content security provider. According to the Marshal TRACE team, the latest Storm spam campaign uses humorous and/or familiar comments alongside fake YouTube links to lull recipients into believing they have been forwarded a link to a funny or outrageous video. (securityblog.itproportal.com)

PDF spam no more?

August 31, 2007

Over approximately the past 2 months, PDF spam has exploded from a little used technique to making up close to 30% of all spam being sent during its peak (averaged daily). Due to spammers adjusting their campaigns, the volume of these messages has fluctuated, however over the past week PDF spam has all but dried up.(sophos.com)

Cybercrime spreading like a virus

August 30, 2007

Despite stepped-up law enforcement and better security software, threats from cybercriminals remain potent, according to the 2007 Consumer Reports' State of the Net survey. The lone-wolf geek you imagine hunched over a computer in his basement isn't the only one out to steal your identity on the Internet. According to CR, cybercriminals increasingly operate in an elaborately networked underworld of Web sites and chat rooms, where they sell one another stolen account numbers, tools for making credit cards, scanners to pick up card numbers and PINs from ATMs and viruses and other malicious software. (mcall.com)

IRS warns taxpayers about e-mail scams

August 29, 2007

The Internal Revenue Service on Monday alerted taxpayers to the latest versions of an e-mail scam intended to fool people into believing they are under investigation by the agency's Criminal Investigation division.(rockymounttelegram.com)

MarkMonitor Brandjacking Index Exposes Online Scams That Threaten Top Pharmaceutical Brands and Hurt Consumers

August 28, 2007

SAN FRANCISCO, August 20, 2007 – MarkMonitor®, the global leader in enterprise brand protection, today released the Summer 2007 Brandjacking Index™, reporting that online scammers increasingly abuse the top-ranked brands and endanger consumers by selling questionable prescription drugs through dubious online pharmacies. In the case of prescription drug sites that sell the most popular brands, the report showed the majority operate without proper credentials and lack even the most basic e-commerce security features, risking customers’ health and putting their personal information at risk.(drugs.com)

Neue Taktik im Kampf gegen Spam

August 27, 2007

Im Kampf gegen Spam setzt sich eine neue Taktik durch. Anstatt nur auf bessere Filter und Blacklists zu setzen, gehen einige Gruppen direkt gegen die beworbenen Webseiten vor.(macwelt.de)

Spam fighters hit criminals' weak spot

August 24, 2007

Is the fight against spam horribly misguided?
For years, spam haters have relied on junk-mail filters and Internet blacklists, but lately, some are saying it's time for a change in tactics.

Over the past four years... KnujOn (that's No Junk backwards, for those who aren't into word games), which has helped shut down more than 30,000 spammer Web sites. The project asks volunteers to send in their spam, and it uses these submissions to build a large database linking sites to known spammers. To date, it has helped take down more than 32,000 of these junk mail sites. (techworld.nl)

Ny strategi mot spam

Spamfiltre og svartelister har ikke fjernet strømmen av søppelpost fra nettet. Nå endres taktikken.
Prosjektgruppen, som kalles Knujon (“no junk” baklengs), har de siste fire årene stengt ned over 30 000 nettsteder, og får stadig flere frivillige med på laget. Hvem som helst kan sende inn sin søppelpost, som inngår i en stadig større database som knytter nettsteder til spammere. (idg.no) (engelsk @ techworld.nl)

650,000 consumers ordered a product or service advertised in spam in one month

August 23, 2007

Still, the fight against spam is far from over. Nearly half of the survey respondents who said they get spam are getting a lot of it. More than half in our anti spam review reported receiving fraudulent solicitations, and 40 percent felt that spam had invaded their privacy. And based on our survey, we estimate that 650,000 consumers ordered a product or service advertised in spam in the month before the survey.(consumerreports.org)

The cyberwar against the United States

August 22, 2007

RECENT AL QAEDA recruitment videos and foiled terrorist plots in the United Kingdom remind us that the effectiveness of terrorism is an issue of winning the hearts and minds of those with the proper skills to do serious harm. It would logically follow that it is reckless to allow terrorists to combine the critical elements of ideology, skills, and the technical means of destruction.(boston.com)

"Carousel fraud" Through Fake VAT Registrations

August 21, 2007

Carousel fraud occurs where fraudsters obtain VAT registration to acquire goods such as computer chips and mobile phones VAT-free from other EU member states. They then sell the goods at VAT-inclusive prices and disappear without reimbursing the VAT costs paid to them.(activehome.co.uk)

Identity attack spreads; 1.6M records stolen from Monster.com

August 20, 2007

Convincing phishing mail seeds bank account-stealing Trojan horse and 'ransomware'
August 19, 2007 (Computerworld) -- The 46,000 people reportedly infected by ads on job sites may be only a fraction of the victims of an ambitious, multistage attack that has stolen data belonging to several hundred thousand people who posted resumes on Monster.com, a researcher said this weekend. (computerworld.com)

US job website Monster.com has suffered an online attack with the personal data of hundreds of thousands of users stolen, says a security firm. (bbc.co.uk)

The summer of spam. It just keeps coming.

August 19, 2007

There is 17 percent more spam heading for inboxes today than there was yesterday, and spam watchers say it could get even worse before the summer is over. (techworld.com)

Viagra spam edges out pump-and-dump

August 18, 2007

Pump-and-dump spam, which dominated inboxes in the first half of the year, has given way to image spam and messages pushing 'sexual enhancement' drugs, according to a report from security firm BitDefender. (vnunet.com)

More spam today made its way to inboxes touting a small Florida company first hit by a massive pump-and-dump spam scam last week.(pcworld.com)

US phish feeder jailed for seven years

August 17, 2007

Jacob Vincent Green-Bressler of Tucson, Arizona was sentenced by US District Judge David C. Burylast week after pleading guilty in March to aggravated identity theft and conspiracy offences. Green-Bressler operated as an American buyer for stolen credentials obtained through various phishing scams across the world.(theregister.com)

Facebook users share data with frog

August 16, 2007

Sophos, a Boston firm focused on information-technology security, decided to see how easy it was to get users of the social networking website facebook.com to divulge personal data; to conduct that experiment, Sophos said it fabricated a Facebook profile page for a small green plastic frog called Freddi Staur, the name being an anagram for "ID Fraudster."(boston.com)

Sophos.com: "Sophos is a world leader in IT security and control solutions purpose-built for business, education, government organizations and service providers. Our reliably engineered, easy-to-operate products protect over 100 million users in more than 150 countries from viruses, spyware, adware, Trojans, intrusion, spam, policy abuse, and uncontrolled network access."

Adobe Stops Taking Piracy Reports?

August 15, 2007

----- The following addresses had permanent fatal errors -----
piracy@adobe.com
(reason: 550 No such user - psmtp)
(expanded from: swpiracy@coldrain.net)

----- Transcript of session follows -----
... while talking to adobe.com.mail5.psmtp.com.:
>>> RCPT To:piracy@adobe.com
<<< 550 No such user - psmtp
550 5.1.1 piracy@adobe.com... User unknown

Final-Recipient: RFC822; swpiracy@coldrain.net
X-Actual-Recipient: RFC822; piracy@adobe.com
Action: failed
Status: 5.1.1
Remote-MTA: DNS; adobe.com.mail5.psmtp.com
Diagnostic-Code: SMTP; 550 No such user - psmtp
Last-Attempt-Date: Mon, 13 Aug 2007 17:43:24 -0400

Spam surge sways stock market

August 14, 2007

Last week saw the Internet's biggest-ever spam surge in a single day, and also offered a lesson on why "pump and dump" stock-market spam campaigns have become so prevalent, according to Postini. (techworld.com)

Unusual Pump-and-Dump Spam Run Continues (pcworld.com)

Send to stockjunk@coldrain.net

Toy maker in giant recall commits suicide

August 13, 2007

BEIJING, China (AP) -- The head of a Chinese manufacturing company accused of shipping hundreds of thousands of lead-tainted toys later recalled in the United States has committed suicide, a state-run newspaper said Monday. (cnn.com)

United Nations' website hacked(news.com.au)

Fake e-cards signal massive DDoS attack

August 12, 2007

Security researchers are reporting a sharp increase in the number of machines infected by the Storm Worm, prompting speculation that its authors, who so far have limited their activities to spam, intend to use it for more destructive purposes, such as launching massive denial of service attacks. (theregister.com)

Aussie loses $1.7m in Nigerian scam

August 11, 2007

SIX men have been arrested in the Netherlands over an internet scam that cost an Australian man $US1.5 million ($1.76m), police said today. The six, taken into custody last week, are believed to be part of a west African network, police said. Five of them are from West Africa, including two Nigerians. They are suspected of extorting the money from a 49-year-old Australian man after promising him, by email, a lucrative business contract worth $US90 million ($105.42 million), according to police (news.com.au)

Asa Aarons Recommends Everything But Reporting

August 10, 2007

In the posting With just a few wise moves, you can help ward off spam (nydailynews.com) Asa Aarons recommends every tactic for dealing with spam except reporting it. We contacted Mr. Aarons to suggest the addition of reporting to his list, he has not responded yet.

Don't bite: E-mail lottery setups strictly for losers (nydailynews.com) Lottery spam scams lure even the smartest people (nydailynews.com)

Anti-Spam Industry Recommendations Contradict Themselves, Offer no Hope

August 9, 2007

In addition to the headline that "Anti-Spam Software Doesn't Work" from yesterday, we have a more detailed commentary from McAfee to analyze. The article Are you back from vacation? Spam awaits, McAfee offers simple tips to help e-mail users fight back (spokanejournal.com) is full of contradictions and bad advice. For starters, the title implies that these are "simple tips", but there is nothing simple about completely reconfiguring your own filtering software after analyzing all the junk email you receive.

In the first paragraph we read:

Anti-Spam Software "Doesn't Work"

August 8, 2007

Microsoft Keeps Rejecting Piracy Reports for "spam-like characteristics"

August 7, 2007

----- The following addresses had permanent fatal errors -----
piracy@microsoft.com
(reason: 550 5.7.1 Your e-mail was rejected by an anti-spam
content filter on gateway (###.###.###.###). Rea...uage, graphics, or
spam-like characteristics. Removing these may let the e-mail through
the filter.)
(expanded from: swpiracy@coldrain.net)

Email Trail Links Al Qaeda Network

August 6, 2007

Commercial Filters no Obstacle for Text-only Stock Spam from Zacks.com

August 5, 2007

Send to stockjunk@coldrain.net

18 indicted in Internet pharmacy operation

August 4, 2007

DOWNTOWN SAN DIEGO – A federal grand jury in San Diego has indicted 18 people on racketeering, fraud and money-laundering charges stemming from a massive Internet pharmacy operation. It is the first time racketeering charges have been filed in connection with a fraudulent Internet pharmacy case, federal officials said. The business, called Affpower, sold pharmaceuticals to hundreds of thousands of customers using unlawful prescriptions, according to the indictments, which were unsealed yesterday. Advertisement In a two-year period ending in June 2006, the Costa Rica-based company generated $126 million in revenue, said Lorraine Concha, assistant special agent in charge of the Immigration and Customs Enforcement agency in San Diego. (signonsandiego.com)

New Yorker Has Comprehensive Article on Spam, But Still Misses the Mark

August 3, 2007

The recent article: Damn Spam - The losing war on junk e-mail, by Michael Specter (newyorker.com) is one of the most comprehensive and concise articles on spam to date. However, a few blanks need to be filled in, namely why people feel that we are in a “losing war on junk e-mail.” First of all, not everyone is losing. As with many other articles with this tone, we have contacted the author to challenge them on the current conventional wisdom of relying on filtering and to present evidence of success here and at CastleCops.

Spammer Tries to Hire Hit man to Kill Children of Witness

August 2, 2007

Internet users can count on a few less e-mails about cheap Viagra and Cialis showing up in their junk mail folders, as well-known spammer Christopher Smith has been sentenced to 30 years in jail by a federal judge. The judge referred to the 27-year-old online drugstore owner as a "drug kingpin" when issuing the sentence, according to the Star Tribune. The sentencing is among the longest convictions related to Internet pharmacies in recent history, said Smith's attorney...

Smith kept himself busy by attempting to put a hit on a witness' children. "We're going to give her the option of which one of her kids she's going to sacrifice for [testifying]," he said in a recorded phone conversation before asking about hiring a hitman. Smith also managed to talk his wife, father, mother, and stepfather into concealing wads of cash—to the tune of $1.1 million—in cereal boxes. (arstechnica.com)

It is clear this is the tipping point of violence entering the picture. We’ve been telling people this for two years, that the guns follow the money in any illegal activity and once you reach that point it is difficult to go back. People have dismissed spam as an “annoyance” and our research has consistently shown it to be much more than that.

The other point of interest is that this is the kind of story that gets attention these days in the spam world, someone being caught and prosecuted. While it warms the cockles of my heart to hear it, my brain knows it is a drop in the bucket. This problem will be solved by consistent and efficient policy enforcement, not specifically removing individuals from the monster maze.

PDF Stock Spam Flies Through Commercial Filters

August 1, 2007

On the trail of servers gone bad

July 31, 2007

LANDO, Fla. — Federal agencies increasingly are seeking out fledgling “honeyclient” technology to detect and analyze Web sites that contain and distribute malware, cybersecurity experts say. The honeyclient apps built by Mitre are virtual machines, trolling the Web to detect sites that reveal signs of malware when evaluated against the baseline performance of safe sites, said computer scientist Kathy Wang, lead infosec engineer/scientist at Mitre. (gcn.com)

HoneyClient User Guide (honeyclient.org)

"The MITRE Corporation is a not-for-profit organization chartered to work in the public interest. As a national resource, we apply our expertise in systems engineering, information technology, operational concepts, and enterprise modernization to address our sponsors' critical needs." (mitre.org)

Google, the FCC and the end of Analog TV

July 30, 2007

Network World looks at why Google wants open access provisions added to the rules for the FCC's upcoming 700MHz spectrum auction. (pcworld.com)

The U.S. Federal Communications Commission has approved a plan for auctions of wireless spectrum in the 700MHz band, taking the first step toward the multibillion-dollar sale of spectrum being abandoned by television stations. (networkworld.com)

Bus driver fired for 38,000 text messages

July 29, 2007

WARSAW, Poland --A Polish bus driver has been fired for sending 38,000 text messages on his company cell phone in a losing effort to win contest jackpot, a spokesman said Thursday. (boston.com)

Faulty Easy-Bake Ovens Burn Kids

July 28, 2007

(CBS) For the second time this year, toy-maker Hasbro is recalling Easy-Bake Ovens due to reports of kids getting their fingers caught in them, and sometimes suffering burns, some of them severe. Approximately 1 million ovens are affected. The toy has been among the nation's most popular for more than 40 years. But in February, after what it and the Consumer Product Safety Commission said were 29 reports of children getting their hands or fingers caught in the oven’s opening, including five reports of burns, Hasbro offered free retro-fit kits designed to eliminate the danger. (cbsnews.com)

NASA: Worker Tried to Sabotage Shuttle-Bound Computer By Cutting Wires

July 27, 2007

NASA's Inspector General Office has launched an investigation into intentionally cut wires in a data relay box slated to launch aboard Endeavour next month and be installed inside the space station's U.S.-built Destiny laboratory, NASA's associate administrator Bill Gerstenmaier told reporters Thursday. (space.com)

IPhone Flaw Lets Hackers Take Over, Security Firm Says

July 26, 2007

A team of computer security consultants say they have found a flaw in Apple’s wildly popular iPhone that allows them to take control of the device. The researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain. (nytimes.com)

Research trio claims the iPhone's data can be stolen and the device can even be turned into a remote surveillance tool (infoworld.com)
Is that iPhone security hole really so bad? (machinist.salon.com)
Vulns. in iPhone found from fuzzing (computerworld.com)
iPhone Security Flaws Are Hackers Dream (eontarionow.com)

Learn About InfraGard

July 25, 2007

"InfraGard is a Federal Bureau of Investigation (FBI) program that began in the Cleveland Field Office in 1996. It was a local effort to gain support from the information technology industry and academia for the FBI’s investigative efforts in the cyber arena. The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former National Infrastructure Protection Center (NIPC) and to the Cyber Division in 2003. InfraGard and the FBI have developed a relationship of trust and credibility in the exchange of information concerning various terrorism, intelligence, criminal, and security matters." More (infragard.net)

Chinese pirates busted with $500 million of software

July 24, 2007

Submitted by Knujon Member

US and Chinese officials announced today that they have busted two Chinese software piracy groups in possession of illegal software with an "estimated retail value" of close to $500 million. The groups operated out of Shanghai and Shenzhen, and sold much of the software through the Internet, according to the FBI. (arstechnica.com)

More... (news.google.com)

Excel Stock Spam

July 23, 2007

Submitted by Knujon Member


Don't open Excel spam files, they may contain macro viruses.

Forbes Details Spam Hunter Story

July 22, 2007

Article may require registration

Spam Hunter (forbes.com)

Inc. Reviews Spam "Fighters"

July 21, 2007

Inc. Magazine has little on-line slide show on what they call the "best spam fighters", however none of these products of services actually fight spam. They are all filtering and blocking systems. The concept of what "spam fighting" is has been completely diluted.

Slideshow