From a site that is hacked and serving phishes: What’s mildly interesting is the types of phishes — “speciality phishes” that are not your typical banking/finance scam. These are phishes that are highly targeted, in this case at email systems of tiny Hamiltom College (not the first time I’ve seen this), the religious site cfaith.com, Saginaw Valley State University, and Villanova. ...
I recently had an interesting message arrive in my system; after viewing the message, 100% of those polled agreed on what it was. What do you think? What do YOU see? If you answered spam, you’re on your way to having the mentality of a spam analyst. This message has many hallmarks of classic unsolicited commercial email: the middle of the message says “Click Here” in big prominent text there’s an “opt-out” banner, announcing that this is an ad the ad contains a “unique ID” despite the (intentionally obscured) address, the message does not say who it is actually from the “call to action” link is http :/fefcbdacggbfg.[redacted].info/alphaville/4754-1b416/ — random sub-domain, published in the .info top level domain, with a directory name comprised of two random words, and a sub-directory that looks like yet another unique identifier. everything in this message except for the “unique ID” under the opt-out banner is actually an image. Those of you who are actually interested in psychology will also note that the inkblot is not actually part of either the Rorsach or the Holtzman Inkblot Test. It seems to me that this message is more designed to take advantage of those who are willing to try anything to get a job. In the long run, an accredited educational institution will likely be much more beneficial. ...
Activities associated with Koobface have increased during the month of December. Often it is for the sending of traffic to compromised servers in order to obtain more servers. Other times the activity centers around using those same compromised servers to proxy users to malicious domains that are then used for further distribution of malware or command and control of the infected machines. I noticed a trend with some of the domain-based locations making use of the holiday theme. This has included everything from “presents for your pets” to “festive holiday trees” – these are domains that appear legitimate but are not. In fact, many of the domains that are being used were legitimate at one point and now are serving a different, more questionable purpose. ...
Atif Mushtaq, a researcher at FireEye security company, has coordinated a global effort to take down of one of the top 10 botnets – Mega-D. PC world said the botnet controlled 250,000 machines in a massive network that was responsible for nearly 12 percent of world spam according to Message Labs statistics. Mushtaq and those working with him coordinated their efforts with Internet service providers to isolate the Mega-D command-and-control servers in Israel, Turkey and the U.S. ...
For those of you that are having to put up with looking after your parents over Christmas: Would you much rather selfishly indulge yourselves with partying? A kindly spammer has a very seasonal Christmas Eve message offering to make this the last year that you will have to “put up” with the burdens of family elders. But be careful that your own children don’t read this. Free Help Finding Senior Care for Mom or Dad ...
Crime traditionally increases during the holiday season, and cybercrime is no different. The malware writers, spammers and scammers are out in force. They’ve recently hit “Odnoklassniki” with this message: “Hi! I’ve got a New year surprise for you [emoticon] send 2133 279 (must be with a space) to 4460 and you’ll be pleasantly surprised! If you don’t take a look, I’ll be very grouchy with you [emoticon]” ...
Well, it didn’t take long for the Christmas E-Card scams to start. Recently we have seen email messages pretending to be from Hallmark, suggesting that you have received an E-card from a friend. The complete email message looks like this:You have recieved a Hallmark E-Card from your friend. To see it, check the link below: http://www.hallmark.com/webapp/wcs/stores/Occasion/ChristmasE-CardsThere’s something special about that E-Card feeling. We invite you to make a friend’s day and send one.Hope to see you soon, Your friends at Hallmark ...
Almost the entire year 2009, the battle for the first place on phishing targets took place between Ebay and Chase Bank. Most of the time, the Chase Bank was on top of the most phished brands. In December, the situation was changed: Now PayPal is the most phished brand (32205 unique URLs) followed from far away by the Chase Bank (25901 unique URLs) and Ebay (18738 unique URLs). ...
As was announced on Dec 11th, CNNIC (China Internet Network Information Center) now requires a “formal paper based application material when making the online application to the registrar.” The motivation behind this seems more related to cracking down on porn sites, but since .cn domains have been the call-to-action in 35-50% of all spam being sent for well over a year, we were wondering what effect this policy change may have on the prevalence of this TLD in spam. The graph below illustrates the percentage of spam messages sent each day that contain a .cn domain (vast majority are Canadian Pharmacy type spam) as well as the percentage of pharmacy spam messages sent that contain a link to a free webhosting service (blue). I decided to measure the .cn abuse, against free webhosting abuse, as the same Canadian Pharmacy spam that contained links to .cn domains for the past few months, now contain links to a number of free webhosting services instead. The CNNIC changes started to be applied on December 14th. ...
Starting at ~3:20pm GMT today, Canadian Pharmacy spammers began using attached MP3 files as the call-to-action for their latest campaign. The message had no subject, no “text” body content, just an attached “audio/mpeg” file with a random lower case file name. Upon playing the attached mp3 file, you find out why I called it the “call-to-action”. A robotic sounding woman’s voice reads off the URL they would like recipients to browse to (letter by letter), with porn-like moaning as background noise. I guess they are going for the often used spam tactic of tying ED pills (Viagra, Cialis, etc..) to porn star-like performance in bed. ...