Coming soon, we’ll have guides on stopping spam in a small business and another on stopping spam in a midsized environment.  (50-200 users)  We’ll also compare the server based solutions availible.

Amos is accused of an elaborate scheme starting in September when Citibank received forged documents authorizing fax transactions from an account held by the National Bank of Ethiopia. The documents also listed contact information for people who could give voice approval for the fax transactions.

In October, Amos is accused of initiating dozens of transactions totaling $27 million from the National Bonk of Ethiopia’s account to accounts controlled by his co-conspirators. The telephone numbers listed for authorization were cell phones in Nigeria.

The scam was discovered when some of the receiving banks returned the money because they could not contact the owner of the accounts. The amount actually transferred to the scammers is unknown, although Citibank is covering any losses.

Over the past few months we have noticed attacker efforts to maximize blackhat SEO tactics and increase infection rates at the same time by abusing the popular social news aggregate site Digg.com. Digg allows users to create, vote, and comment on news stories.

Malware distributors have been creating false stories with catchy subject lines as an attempt to bait users into clicking links which lead to Malware. In some cases the attackers do not create the news story themselves, rather linking to others relevant content.

The idea was to lure users to a site to see controversial video then tell them they needed a video codec to see it…  Of course it wasn’t a codec it was malware.

Dancho Danchev has the complete list of domains used and the number of bogus comments pointing to each.

But they are not just stopping there this year. They are also using Valentine’s Day to push more malware for their botnets.

The Waledec spammers are pushing a fake Valentine’s day e-card hoping you install they’re botnet software for them. (beware) They also did this for Christmas.

Cutwail, Pushdo, Donbot are pushing p0rn and the usual trash. Donbot say “someone thinks you are very special and has sent you a kiss” I believe this is botnet bait also.

With every passing month it shows how much spam and malware are joined at the hip. Remember, be careful what you download.

This month marks the five year anniversary of a bold prediction by Microsoft co-founder Bill Gates, who prophesized at the World Economic Forum in 2004 the spam problem would be solved in two years. Turns out, it was not a Nostradamus moment for IT security.

Predicting security trends is not an exact science.

A prime case in point is Microsoft co-founder Bill Gates, who predicted  at the World Economic Forum in Davos, Switzerland, in January of 2004 that spam would be “solved” within two years. Fast forward to 2009 – spam remains a nuisance to corporate networks and consumers alike.

A key part of Gates’ prediction was that it we would have the option to charge people to send us e-mails. If a relative sent you an e-mail, for example, you could let it in for free. However, if the e-mail came from an unknown address, you could charge them money.

Of course this would never work. I blogged at the time (on a different blog) that the only reason he said it was because he was hoping Microsoft would handle the payment processing.

The whole thing was absolutely ridiculous. Bill Gates must be the dumbest billionaire on record. It’s ironic somebody who knows so little about technology became the richest man in the world because of it.

At any rate, we’re back, just have to upload some images to the server.

Barack Obama, Meet Spam Button

Since October 2008, I’ve received an average of one email every two to three days from Barack and/or Michelle Obama. That’s about 35 emails that I have no use for. All of them have the word “Change” in them. 99 percent also have a link beginning with the word “Donate.”

This has to fucking stop.

OK, I love you, I voted for you and bought the personality cult T-shirt. I even sent you money. A lot more money than a freelance writer should have spent on anything, especially a millionaire Chicago lawyer. And I was promised a limited edition “change” fleece that never came, and now I’m freezing my ass off in the cold because now I can’t afford an actual fleece as I wanted you to be president.

Supposedly Obama has 28 million people on his mailing list.  If every one gets 35 emails we’re talking 630,000,000 emails. Opt in or not, seems like spam to me.

Overloaded Spam Filters Dropped Some Gmail E-mails Sent to MIT

If your friend swears he invited you to that party, but you never got the e-mail, he might just be telling the truth.

For more than three weeks, e-mail sent by users of Google’s popular Gmail service to MIT has been delayed or left undelivered, confounding the common belief that e-mail is a fast, reliable way of sending a message. The problem was simple: Gmail was getting too popular.

The Barracuda Networks machines that filter spam out of MIT’s incoming mail are configured to accept only about a hundred connections an hour from any one server. But Google’s servers were sending mail much faster than that, and MIT told Gmail that “too many connections” were received.

Another way the cure can sometimes be worse than the disease.  One hundred email connections per hour is not that much traffic.  But even with that low a number the spammers get around it. By using thousands of drones in botnets, they can bypass the firewall by distributing the connections.  We had a client getting thousands of emails a day (to only about 40 users) from a botnet and his hardware firewall didn’t even slow them down.

Spamhaus: Google Now 4th Most Spam-Friendly Provider

Google’s free services are being heavily exploited by spammers to redirect visitors to sites touting knockoff designer drugs and scams, according to the latest rankings from Spamhaus.org, a group that tracks unsolicited commercial e-mail. …

According to Spamhaus, spammers are using Google Documents to host pages that redirect to rogue pharmacy sites. The anti-spam group also documents a number of Google e-mail accounts being used to further so called “advance fee” or Nigerian 419 confidence scams.

A spokesman for Google said the the relevant accounts indicated in the Spamhaus report as sources for 419 scams had already been disabled. The spokesman said Google also is aware of the Google Docs spam issue, and that is has begun “implementing improvements to minimize the impact of the issue.”

According to the latest stats, Google is no longer in the top 10. Kudos to Google for addressing the problem. (The PR team must have the programmers working over time.)

• How to Prevent Spam on Your Home PCs. (1-3 computer)
• How to Prevent Spam in Your Small Business (4-40 computers)
• How to Prevent Spam in a Mid-Sized Business (40-100 computers)

Rather than break things down by technology, spam filters, hardware firewalls etc., we decided to write them from a user perspective.  Some people might not know what a Spam Appliance is… but they all know how many computers the are trying to protect.

Because of the increasing push of spammers trying to distribute all sorts of malware, we’ll also be covering different ways to prevent that as well as what to do if you’re infected.

We’re also (now that the holidays are over) going to upgrade the look of the website. At present we have some problems with the “Recent Posts” getting messed up if the subject is more than about 4 words.  We know about the problem, we just put it back till after the holidays.

Here’s to spam free new year!

Update: Well we upgraded the look of the website a bit…. Back to writing our spam prevention guides.