Spam

Want a place to check the legitimacy of a charity? “Founded in 2001, Charity Navigator has become the nation’s largest and most-utilized evaluator of charities. In our quest to help donors, our team of professional analysts has examined tens of thousands of non-profit financial documents. As a result, we know as much about the true fiscal operations of charities as anyone. We’ve used this knowledge to develop an unbiased, objective, numbers-based rating system to assess the financial health of over 5,000 of America’s best-known charities.” ...

According to latest State of Spam and Phishing report, scam and phishing messages accounted for 21 percent of all spam, which is the highest level recorded since the inception of the report. For comparison, these types of spam represented only 10 percent of total spam a year ago. Historically, the primary vector for spam attacks was to blast out as many messages as possible, hoping that someone would open a message and click on the call to action. The call to action could be anything from clicking on a link to purchase medications, to visiting an adult website. While we continue to see high volumes of spam originating from expansive botnets, spammers are also moving towards a sophisticated and more targeted approach to spam. Two primary examples of this trend are 419/Nigerian type scams and phishing messages. ...

A new KOOBFACE variant is again making the rounds in the social-networking scene. According to Trend Micro researcher, Norman Ingal, the malware employs Facebook’s Private Message feature to proliferate. The threat arrives as a Facebook private message that does not bear a subject but contains a supposed link to a YouTube video. Taking a closer look at the link, however, indicates that it is not an authentic YouTube link as in previous attacks. ...

It’s been ten years already; can you believe it? I’m talking about the U.S. Census. It’s been ten years since the last one. Time to do it again. No, it wasn’t on my calendar either. To remind all of us and to encourage us to participate, the U.S. Census Bureau is spending $340 million to get the word out. There was even a Super Bowl ad. The Census Bureau will not be the only ones trying to get our attention and encouraging us to help them collect data. Cybercriminals will be doing the same thing. But they’ll be trying to fool us into thinking they are the Census Bureau. And the data they’ll be collecting will be a little different. It will be personal information they can use to rip us off. ...

VirusTotal has been well known to most readers of the blog. It’s a free virus and malware online scan service which allows submitters to test a particular file against a multitude of malware scanners. So, it’s not highly surprising that malware authors would try to use that name to further their gain. Today we came across such a sample arriving at one of our spamtraps through a car-related forum. The message looks like this: ...

Since January we publish monthly reports about the categories of the spam messages which got sent around the last month. These categories are detected by Avira’s AntiSpam engine. Between January and February 2010 there didn’t change much in the spam landscape. The top 3 is still occupied by Pharmacy, Other (spams which don’t fit any category) and watches. However, this month the Malware category made its way on the 4th with 4.9% after it was only 0.5% in January. ...

A few days ago, I blogged saying that Old websites don’t die they just get infected the other scenario is that they become part of a spammers SEO campaign. Working today, I went to check to see if the local police authority had cleaned up their old web page. So I wgetted the file and scanned it. It was no longer infected (hooray!) but the file was quite big. Opening the file in lynx (a simple web browser) I saw: ...

I have received a message this morning from an ICQ account with the following text written in UTF-8 and plain text: The message from ICQ.com ****** Hello. _ICQ.com: we Remind you that all ICQ numbers which have not passed activation, 1.1.2010 will be removed from a server without restoration possibility. _ _The status of yours ICQ numbers: NOT activated. _ For activation send SMS on number 8353 with the text 144444 In the reciprocal message you receive acknowledgement on activation and your password from number. ICQ.com Together with AOL.com ...

Imagine that you’re sitting at home catching up on your email backlog. In comes an email from your ISP, FooBarBazCo (some creativity required here, I know). The email seems to be from Technical Support – ‘From: FooBarBazCo.com Team’ – and states that you need to update your email settings as a result of a recent security upgrade. Can you trust it? Today we observed an increase in spam messages containing links to a particular malicious URL. The messages masquerade as having come from mail administrators, with the ‘from’ address spoofed so that they appear to have come from the same network domain as the address to which the mails are sent (the ‘from’ and ‘to’ addresses are actually identical, although this will not be visible in most email programs). ...

In the month of January, we reported a drop in .cn spam. This was due to changes in the domain registration process introduced by CNNIC. In the first week of February, the .cn spam volume fell further and fluctuated between 0 and 4 percent of total URL spam. Another interesting trend was observed during this period. On January 21 the volume of spam containing the .ru top-level domain (TLD) spiked up to 9 percent, and rose further up to close to 40 percent on February 8. Upon closer analysis, it was observed that the .cn domains used in the health spam attacks had been replaced with .ru domains. ...