MX News

Malware Infected Pfizer Computers Sending Viagra Spam

2007-09-07T18:45:00Z

One of the most ironic spam stories we have seen to date was reported yesterday at Wired. For at least six months, botnet infected computers at Pfizer have spewed out a steady stream of Viagra spam. The infection has taken it's toll on Pfizers internet reputation, as researchers are reporting that approximately 138 Pfizer IP Addresses have been blacklisted so far.

Hackers Steal $450,000 From Carson City, Ca...Almost

2007-06-01T17:43:00Z

A keylogger program on the Carson City, California City Treasurer's laptop recorded city fincial account passwords and allowed hackers to transfer $450,000 in funds to bank accounts in North Carolina and Michigan. City officials quiclkly noticed the missing monies and were able to freeze all by $45,000 of the funds.

RTF Trojan Targets Executive Data

2007-06-01T16:13:00Z

An email disguised as a message from the IRS is targeting corporate executive's information. The email contains a Rich Text File (RTF) titled complaint.rtf, which, if opened, downloads a trojan to the executive's computer. The trojan steals login passwords and sends them to a remote server.

Phishing URLs at All Time High

2007-06-01T16:08:00Z

The Anti-Phising Working Group (APWG) reports that the number Phising URLs detected in April was 55,643, almost double the previous record total.

April also saw a departure from Phishing URLs targeted almost exclusively at stealing login information for Financial Institutions to a more broad focus, including Financial Institutions, Social Netowrking, VOIP, and Email.

So-Called Spam King Arrested - What Does that Mean for Spam?

2007-06-01T15:56:00Z

Robert Alan Soloway was arrested in Seattle on Wednesday. Dubbed "The Spam King" by authorities, Soloway allegedly spammed tens of millions of messages. Most of these contained links to websites where his company, Newport Internet Marketing, sold products and services.

Soloway was once listed in SpamHuas's Top 10 list of spammers and is still in the groups list of 135 internationally known spammers. If convicted, Soloway will face a maximum sentence of 65 years with fines up to $250K.

Upon his arrest, writers at publications across the globe suggested that the level of spam would fall dramatically. However, in reality, Soloway was only responsible for a very small percentage of global spam. His place as an uber-spammer has long been filled by Eastern Europoean spam gangs. In fact, spam levels have not decreased at all in the two days following his arrest.

The most positive effect of his arrest is the message it sends to any spammers or would be spammers operating in the US. Now if we could just get the Russins and Ukranians to follow suit...

France Launches Anti-Spam Platform "Signal Spam"

2007-05-16T17:46:00Z

France has launched a central platform for French internet users to report spam, which will be used to generate a blacklist, notify ISPs and prosecute spammers.

French speaking Internet users can copy and paste a spam message (and presumably the message headers) into a form on the signal spam website, or they can install a plugin that is compatible with most mail clients that will allow them to report a spam message by simply clicking a button icon in their mail client.

It will be interesting to see if a) this catches on, b) has any effect on spam levels in France, and, c) has an effect on spam levels elsewhere.

Google Says 10% of Websites Infected with Malware

2007-05-16T17:26:00Z

Google reports that an in-depth survey it conducted of 4.5 Million websites shows that 10% of websites are infected with "drive by" malware. The average user's computer is simply not equipped to defend agaist these kind of threats, where simply visiting a compromised website can result in infection. Once infected, a user is vulnerable to data theft, finiancial loss, etc.

The study also showqed that an additional 15% of websites have malware that is capable of compromising a PC, but is less effective at infecting a machine than websites with the more sophisiticated drive by malware.

In the report, titled "The Ghost in the Browser," Google Researcher Niels Provos writes:

"To entice users to install malware, adversaries employ social engineering. The user is presented with links that promise access to ‘interesting' pages with explicit pornographic content, copyrighted software or media. Common examples are sites that display thumbnails to adult videos."

This highlights a very real trend where spammers and hackers (spackers) are complimenting email with the web as a vehicle for payload delivery. Businesses and individuals must reposnd by combining indsutrial strenght email spam and virus filtering with industrial strength web virus filtering. In essence, email security alone is not enough. The paradigm has shifted to total messaging security.

Update: Bots Inside Fortune 1000 Companies

2007-05-02T15:42:00Z

We first reported on bots inside Fortune 1000 companies in late March. Since then, the Support Intellegence Project has identified more large corporations with botnet infections. The list has grown to include AIG, AFLAC, Bank of America, Conseco, Thomsen Finacial and 3M. Most of the companies ideitifeid have repordtedly found anf removed the bot infections. They also claim that no data has been compromised. But, how can they be sure?

If a bot can infect and send spam from a network, what is to stop it from logging keystrokes or stealing corporate data?

House Judiciary Subcommittee Approves Anti-Spyware Bill

2007-05-02T15:37:00Z

The House Subcommittee on Crime, Terrorism and Homeland Security approved house bill HR 1525 by voice vote. The bill will now go before Congress for a vote. If voted into law, HR 1525 will make it a crime to install software to alter security settings, damage a computer or commit fraud. Violaters could face fines and/or prisson sentences of two to five years, depending on the offense.

$1 Billion Lawsuit Filed Against Spammers

2007-05-02T15:27:00Z

On April 26, 2007, Project Honey Pot filed a $1 Billion Dollar Plus lawsuit against spammers in a court in the Eastern District of Virginia. The suit seeks damages on behalf of its members and targets a "large swath" of known spammers and email address harvesters, and is the biggest anti-spam lawsuit ever filed. There is an unspecified number of John Doe defendants represented by more than 2.5 million IP Addresses. You can read a copy of the complaint here.

Virus Authors Use Google Ads to Spread Malware

2007-04-30T16:38:00Z

Maware authors have employed Google's paid advertisements to direct surfers to virus infected websites. Hackers are buying paid advertisments for keywords such as Better Business Bereau, BBB, and Cars.com. When surfers click on a hacker's advertisment that shows for a given search, they are routed through an intermidiary website, where malware is downloaded to vulnerable machines, before being redirected to the website they intended to visit. The tactic was first reported last week.

Google began removing known bad links as of late last week. However, experts are doubtful that there is a permanent solution to the problem given the size and automated nature of Google's advertiser platform.

Web Based Malware Increases

2007-04-30T16:18:00Z

There were 23,000 new cases of Web Based Malware in the first quarter of 2007, compared with 9,000 in the first quarter of 2006. This represents an increase of approximately 150%. 70% of infected web pages were legitimate sites that had been hacked (recent, high profile examples are the Circuit City, Dolphins Stadium web sites). The increase coincides with a shift in tactics used by malware propogators to infect unsuspecting surfers. In addition to hacking/infecting popular, heavily visited sites, Bot herders are inserting links to malware infected sites in spam email. Another tactic used by malware authors is the use of Google PPC ads to lure surfers to malware infected web sites.

Malware Spam Offers Camera Phone Footage of VT Shootings

2007-04-20T14:33:00Z

A twisted social engineering ploy offering camera phone footage of the Virginia Tech shootings is being used by malware spammers to get viewers to open spam messages containing a picture of the shooter and click on a link that installs a malicious screensaver file (TERROR_EM_VIRGINIA.SCR). The file is a banking spyware Trojan horse, known as Mal/Packer. The trojan seeks to steal passwords and usernames for online banking sites, opening up the possibility of identity theft and financial loss to any user infected with the program.

Using spam-mails with subject lines and pictures related to current/recent news events has become an ever more common tactic of spammers/malware distributors. This is how the storm worm, which resurfaced last week got its name. As a matter of policy, IT managers/administrators should strongly emphsize to users that any inbound email referring to current news evetns should be treated with extreme sketacism. If it is a topic they are interested in, direct them to visit a reputable news source at an appropriate time.

Spam to Exceed Legitimate Emails in 2007

2007-04-13T16:26:00Z

According to research results released by IDC, the volume of spam will exceed the volume of legitimate email in 2007. IDC projects that Spam will account for 40 billion messages in 2007, out of a predicted total of 97 billion (not including automated messages such as delivery confimations).

Paris Hilton and Jenna Jameson Image Spam Campaign

2007-04-13T16:14:00Z

A new wave of image spam, much like the Britney Spears Spam campaign last week, promising nude picture of Paris Hilton is spreading through the net today. The subject line promise nude pictures of Paris Hilton. The actual image is a graphic nude photo of Jenna Jamison. Like the Internet Explorer Update Spam and Malware and Britney Spam/Malware, the images contain links to various websites infecting users with worms and other malware.