Nigerians Now Claim They Work for the FBI

December 10, 2008

fbilogoNigeria is world famous for its “advance-fee fraud” spam. (also called the 419 fraud, Nigerian scam, Nigerian bank scam etc) An advance-fee fraud is a confidence trick in which the victim is persuaded to advance sums of money in the hope of realizing a significantly larger gain later. - The old “We have 10 million in the bank but we need $20,000 to get it out” trick.

The number “419″ refers to the article of the Nigerian Criminal Code (part of Chapter 38: “Obtaining Property by false pretenses; Cheating”) dealing with fraud. The scam actually started in the early 1980’s but the perpetrators soon learned that email was the perfect venue to find new marks. These scammers have always been bold but now they ahve taken it to the next level. Actually claiming they are working with the FBI.

Nigerians include FBI in latest version of infamous spam

So, if you don’t believe that the BANK OF THE NORTH INTERNATIONAL,ABUJA or a relative of Ex-Nigerian Head of State Late Gen. Sanni Abacha who died on the 8th of June 1998 has $12 million in ill-gotten gains just waiting to share with you, perhaps you will believe the FBI does.

The latest version of Nigerian spam purports to be an “official order” from the FBI’s Anti-Terrorist and Monetary Crimes Division confirming an inheritance or lottery winnings, reports the Internet Crime Complaint Center, a DOJ entity. Turn over some personally identifying information to claim your share, or perhaps face criminal sanctions for failure to do so, the scam goes. #

What is Nigerian for chutzpah? lol

CAN SPAM 5 Years Later

December 9, 2008

eWeek reminds us that its been 5 years since the CAN SPAM act.

5 Years After CAN SPAM

The CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act of 2003 was controversial from the start. I think it’s fair to say that nobody thought it would solve the spam problem, but many thought it could help.

Has it solved the spam problem? No, of course not. Has it helped? Yes, marginally.

It has helped in two ways: First, there have been a few prosecutions under the law, basically of high-profile spammers who were also being prosecuted under other fraud-type offenses. CAN-SPAM is, in such cases, at least some leverage for prosecutors. But that’s a very small benefit.

The other big thing that CAN-SPAM did was to set rules for businesses to follow in order to do mass-mailings. These were the most controversial part of CAN-SPAM because they were opt-out instead of opt-in. This is why critics said, and continue to say, CAN-SPAM “legalized spam.” But it did also require that those businesses make opt-out provisions explicit in communications and to observe them, and this is an improvement over the past. #

I guess it is true that it helped marginally but I’d stress the word marginally. Most email users probably have no idea this law even exists.

McColo Back Online, Hands Off Botnet Control

November 19, 2008

Some spammers have 9 lives. From The Register

Dead network provider arms Rustock botnet from the hereafter
McColo dials Russia as world sleeps

McColo, a network provider that was yanked offline following reports it enabled more than half the world’s spam, briefly returned from the dead over the weekend so it could hand-off command and control channels to a new source, security researchers said.

The rogue network provider regained connectivity for about 12 hours on Saturday by making use of a backup arrangement it had with Swedish internet service provider TeliaSonera. During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia, according to Paul Ferguson, a security researcher for anti-virus software maker Trend Micro.

The brief resurrection allowed miscreants who rely on McColo to update a portion of the massive botnets they use to push spam and malware. Researchers from FireEye saw PCs infected by the Rustock botnet being updated so they’d report to a new server located at abilena.podolsk-mo.ru for instructions. That means the sharp drop in spam levels reported immediately after McColo’s demise isn’t likely to last.

The good news is that they where shut down in a few hours.  They started on Saturday afternoon, apparently hoping they would not be noticed.

Update: One of the more infamous McColo botnets is alive again

McColo taken down, 75 percent of Spam Stops

November 10, 2008

The Washington Post gets a big win. After 4 months of tracking the spammers on McColo, thier Security Fix blog took down the biggest spammer network in the world.

Major Source of Online Scams and Spams Knocked Offline

A U.S. based Web hosting firm that security experts say was responsible for facilitating more than 75 percent of the junk e-mail blasted out each day globally has been knocked offline following reports from Security Fix on evidence gathered about suspicious activity emanating from the network.

For the past four months, Security Fix has been gathering data from the security industry about McColo Corp., a San Jose, Calif., based Web hosting service whose client list experts say includes some of the most disreputable cyber-criminal gangs in business today.

On Monday, Security Fix contacted the Internet providers that manage more than 90 percent of the company’s connection to the larger Internet, sending them information about badness at McColo as documented by the security industry.

Various ISPs responded with varying amount of action, but in the end, the whole network came down.  It looks like no charges will be filed here either. The spammers were over-seas and the CAN-SPAM act does not allow for penalties against ISPs.

Exit question: Why did it take a WaPo blogger to do this?

Update:  To get a visual picture of how much spam they controlled see the update on the WaPo.

{ 1 comment }

Symantec to Classify Software Safety by ‘Reputation’

October 28, 2008

Symantec is really doing great things in the last year. This will help prevent spyware and other malware to be sure.

Symantec will soon introduce a “reputation-based” software-rating technology that it has claimed can accurately differentiate malicious malware from legitimate programs.

“Reputation-based security is the latest and greatest technology in malware detection,” said Basant Rajan, chief technology officer of the IT security vendor’s India office.

Essentially, this approach involves looking at where a program can be found across the database of Symantec users, categorizing the reputation of those machines and coming to a judgment on whether the application poses any security risks.

“When seeking good food, we’ll most likely go to the restaurant with the most customers. That’s an example of a reputation-based choice in selecting a restaurant,” Basant said in an interview with ZDNet Asia, during his visit to Symantec’s Kuala Lumpur office.

“You just look at the behavior of people and make a decision based on that behavior. We can do the same with programs,” he explained.

“You just look at the behavior of people and make a decision based on that behavior. We can do the same with programs,” he explained.

According to Basant, Symantec’s reputation-based approach assumes three distinct populations in its user base, which numbers in the millions. “You have one population that is ultra-safe, one that is adventurous and one that is completely unsafe,” he said.

“We identify these by looking at the history of infections on their machines,” said Basant, who plays a key role in driving innovation for Symantec’s next-generation technologies, architecture and standards.

The safe group encompasses “prim and proper” users who only download applications from reputable software companies, he explained, while the adventurous group is users who are generally safe, but are willing to try out online games or new programs.

Users in the unsafe crowd are those who frequent a class of websites where they can get infected easily, he added. For example, when a new program is detected, the reputation-based approach will entail looking at where the program is found among the machines of millions of Symantec users.

“If a large number of the ’safe’ machines have it, making an educated guess is to say that this is a safe program,” Basant said. “But, if you see this application only [installed] with the unsafe crowd and a few of the adventurous guys, it is almost certain that this is an unsafe program. You wouldn’t lose money betting that this is an unsafe program.”

This is a lot like TrustRank. If a known safety conscious user downloads the software it is probably OK.

So Apple Quicktime will make the cut but superpokercheattool.exe probably won’t.

USA Today Reports on ‘Backscatter Spam’

October 28, 2008

This has actually been around for years but the USA Today just learned about it.

‘Backscatter spam’ gums up many e-mail inboxes

SAN FRANCISCO — E-mail users worldwide are being buried in a blizzard of bounced messages caused by spammers.

Dubbed “backscatter spam,” this latest fad is clogging e-mail accounts and slowing victims’ inboxes to a crawl. Up to 3% of all e-mail today is backscatter, says Dmitry Samosseiko, manager of SophosLabs Canada. “It is a major problem, and it is getting worse,” he says.

How it works: Spammers collect real e-mail addresses, often through computer viruses that steal addresses from corporate databases. Then they fake — or “spoof” — those addresses to send spam that appears to come from an individual.

The trouble comes when spam sent from your spoofed address is aimed at e-mail addresses that don’t actually exist. (Spammers often blast messages to bulk e-mail lists that include e-mail addresses that are old or non-existent.) The bounced-back e-mail is returned to the e-mail address of the victimized user.

The unintended effect of backscatter is the equivalent of an inbox spam attack, says Jose Nazario, senior security researcher at Arbor Networks.

Matt Villano knows from personal travails.

For several days, strange e-mail stamped “undeliverable” poured into the inbox of Northern California freelance writer. Thousands of messages seemed to indicate that junk mail from Villano — hawking everything from designer watches to erectile-dysfunction pills — had been sent back to him after missing their targets.

“It was irritating but also debilitating in the sense that it made me wonder if legitimate clients would blacklist me because someone was using my e-mail to spam,” Villano says. He fears that as a freelancer, who frequently mentions his e-mail address on websites, he is likely to be spoofed again. #

And in some cases it can land them in court.

I’ve had a client for about 20 years who this happened to. The couple was divorcing and I told both of them I had no interest in getting in between them or taking sides in anyway.  After the backscatter spam happened the wife printed a bunch of the bounces and tried to convince the judge her future-ex was a spammer.

I took the stand.

← Previous Entries

Next Entries →