Joseph Alexiou is a little nonplussed over the Obamaspam.
Barack Obama, Meet Spam Button
Since October 2008, I’ve received an average of one email every two to three days from Barack and/or Michelle Obama. That’s about 35 emails that I have no use for. All of them have the word “Change” in them. 99 percent also have a link beginning with the word “Donate.”
This has to fucking stop.
OK, I love you, I voted for you and bought the personality cult T-shirt. I even sent you money. A lot more money than a freelance writer should have spent on anything, especially a millionaire Chicago lawyer. And I was promised a limited edition “change” fleece that never came, and now I’m freezing my ass off in the cold because now I can’t afford an actual fleece as I wanted you to be president.
Supposedly Obama has 28 million people on his mailing list. If every one gets 35 emails we’re talking 630,000,000 emails. Opt in or not, seems like spam to me.
That many mails must be spam… right?
If your friend swears he invited you to that party, but you never got the e-mail, he might just be telling the truth.
For more than three weeks, e-mail sent by users of Google’s popular Gmail service to MIT has been delayed or left undelivered, confounding the common belief that e-mail is a fast, reliable way of sending a message. The problem was simple: Gmail was getting too popular.
The Barracuda Networks machines that filter spam out of MIT’s incoming mail are configured to accept only about a hundred connections an hour from any one server. But Google’s servers were sending mail much faster than that, and MIT told Gmail that “too many connections” were received.
Another way the cure can sometimes be worse than the disease. One hundred email connections per hour is not that much traffic. But even with that low a number the spammers get around it. By using thousands of drones in botnets, they can bypass the firewall by distributing the connections. We had a client getting thousands of emails a day (to only about 40 users) from a botnet and his hardware firewall didn’t even slow them down.
New outlets all over are running with the story that Google has been named the 4th largest spam provider by Spamhaus. But Google moved quick to fix the problem. The WaPo Security Fix blog has the details.
Spamhaus: Google Now 4th Most Spam-Friendly Provider
Google’s free services are being heavily exploited by spammers to redirect visitors to sites touting knockoff designer drugs and scams, according to the latest rankings from Spamhaus.org, a group that tracks unsolicited commercial e-mail. …
According to Spamhaus, spammers are using Google Documents to host pages that redirect to rogue pharmacy sites. The anti-spam group also documents a number of Google e-mail accounts being used to further so called “advance fee” or Nigerian 419 confidence scams.
A spokesman for Google said the the relevant accounts indicated in the Spamhaus report as sources for 419 scams had already been disabled. The spokesman said Google also is aware of the Google Docs spam issue, and that is has begun “implementing improvements to minimize the impact of the issue.”
According to the latest stats, Google is no longer in the top 10. Kudos to Google for addressing the problem. (The PR team must have the programmers working over time.)
The primary purpose of this site is to distribute a number of comprehensive guides on how to prevent spam in various environments. Here are the working titles we hope to be publishing in the next week or so:
- How to Prevent Spam on Your Home PCs. (1-3 computer)
- How to Prevent Spam in Your Small Business (4-40 computers)
- How to Prevent Spam in a Mid-Sized Business (40-100 computers)
Rather than break things down by technology, spam filters, hardware firewalls etc., we decided to write them from a user perspective. Some people might not know what a Spam Appliance is… but they all know how many computers the are trying to protect.
Because of the increasing push of spammers trying to distribute all sorts of malware, we’ll also be covering different ways to prevent that as well as what to do if you’re infected.
We’re also (now that the holidays are over) going to upgrade the look of the website. At present we have some problems with the “Recent Posts” getting messed up if the subject is more than about 4 words. We know about the problem, we just put it back till after the holidays.
Here’s to spam free new year!
Update: Well we upgraded the look of the website a bit…. Back to writing our spam prevention guides.
It looks like the brief slowdown in spam from the shutdown of McColo, is officially over. The spammers are retooling and changing tactics. IT World Canada has the scoop.
Get ready, IT managers: the spammers are coming for you.
It’s been a “rough year for computing,” according to one Cisco Systems Inc. executive, and it could get a lot worse before it gets better. Cisco released on Monday the results its Annual Security Report, which covers the spam and security attack trends of 2008, and what IT managers should be on the lookout for in the year ahead.
“The overall number of disclosed vulnerabilities grew by 11.5 per cent over 2007,” according to the report. Virtualization vulnerabilities almost tripled from 35 to 103 over the year.
Legitimate domains are rapidly becoming one of the worst threats. According to the report, “Cisco researchers saw a 90 per cent growth in threats originating from legitimate domains, nearly double what was seen in 2007.”
Canada is no slouch when it comes to spam, either—the report found that our country accounts for 4.7 per cent of the world’s spam. Reputation hijacking is also becoming more common; this is where cybercriminals hack into someone’s account and use it to spam others.
When it comes to spam trends, botnets continue to be one of the primary menaces. For 2009, it’s all about the more tailored approach: targeted phishing (“spear-phishing”), such as the timely Obama-based lures, and social engineering (which aims to personally entice victims into opening malicious links).
Every major antispam company and service is seeing the same trends. 2009 will be the biggest year yet for the spammers. And they are getting increasingly more bold. Not only do they want to spam you but they want control of your PC and access to your accounts.
We just consulted with a small business owner who had a single piece of spyware on her PC. Somebody got her banking information and tried to pay off a mortage to the tune of $50,000.00. Luckily she did not have the money in the account at the time (she often does especially before payroll) so the bank rejected it.
The kicker was we called the local police and they yawned. Since the transaction was cancelled, they didn’t care. — Now let me remind you they tried to pay off a mortage, so we know where the money was headed. It should not be too hard to track these folks down. Yet law enforcement provided no threat to the spammers.
The annual Cisco security report has been released. You’re supposed to register to download it but here’s the pdf. (shhhh)
Key Findings
This year’s report reveals that online and data security threats continue to increase in number and sophistication. They propagate faster and are more difficult to detect.
Key report findings include:
- Spam accounts for nearly 200 billion messages each day, which is approximately 90 percent of email sent worldwide
- The overall number of disclosed vulnerabilities grew by 11.5 percent over 2007
- Vulnerabilities in virtualization products tripled to 103 in 2008 from 35 in 2007, as more organizations embraced virtualization technologies to increase cost-efficiency and productivity
- Over the course of 2008, Cisco saw a 90 percent growth rate in threats originating from legitimate domains; nearly double what the company saw in 2007
- Spam due to email reputation hijacking from the top three webmail providers accounted for just under 1 percent of all spam worldwide, but constituted 7.6 percent of all these providers’ mail
Fortunately, responses to these threats and trends are improving. Advances in attack response stem from the increased collaboration between vendors and security researchers to review, identify, and combat vulnerabilities.
Here is an interesting chart from the report.
Originating Country Percentage of Global Spam
- USA 17.2%
- Turkey 9.2%
- Russia 8.0%
- Canada 4.7%
- Brazil 4.1%
- India 3.5%
- Poland 3.4%
- Korea 3.3%
- Germany 2.9%
- United Kingdom 2.9%
- Thailand 2.8%
- Spain 2.8%
- Italy 2.4%
- Argentina 2.1%
- Columbia 2.1%
- France 2.0%
- Other 26.7%
I guess the moral to the story is that spammers are everywhere. It’s a 52 page report but easy to skim.