Tuesday, September 14, 2010

50 Billion Spam a Day

Regardless of whether this is FUD or not, there is growing talk in the IT/email world over whether or not a US court blocking Spamhaus (via removal of ownership rights to their domain name through ICANN).
This all stemming from Spamhaus marking a company (e360insight) as a spammer in their blacklist database that is published for the world to see and use for their own blacklist purposes. e360insight then sued Spamhaus for over $17M in damages, claiming that they are not spammers and due to this improper listing they have lost legitimate revenue, and a US court has sided with e360insight. Spamhaus then essentially said that since they are not a US group, they see no reason to pay. This is where the concern that instead the US court will step in and block their domain via the ICANN.

Opinions range on the outcome of this, as you can imagine a lot of them varying in severity by how much the person/group giving the opinion stands to benefit from the spam problem getting significantly worse due to this.

MySpace Scam Emails

A company who makes money offering technology services to avoid spam and email scams, Espion International Inc., has announced that they have found a MySpace Scam Email circulating and they say it is the first of that particular type.
From the press release:

The trapped email looked like a legitimate message from MySpace with the subject reading - "New message from Richard on MySpace sent on Oct 05 15:40:00 -4 2006". The spoofed message even contained real MySpace addressing, copyright and privacy information taken from legitimate MySpace "New message" notifications.

"When someone sends you a message on MySpace, your registered email account is sent a notification email containing a link to your new message. In this case, the link is malicious and tries to steal your personal information," said MySpace user Kurt Thayer. The MySpace Scam Site was taken offline soon after the email was trapped due to an overwhelming amount of traffic."

As it says there, the original site was taken offline, but there are potentially more on the way like this. This is not really anything new - there are always new scams coming out based on whatever is popular at the moment since that is what is likely to get people to read the email and act on it.
Also note that this is a press release from a company who makes money off of you paying them to help you prevent seeing emails like this.

Earthlink wins case against spammers

ZDNet reports that the two men charged in a lawsuit Earthlink filed have pleaded guilty. They now face up to three years in jail and up to $250,000 in fines.

The two were identified in an investigation last year by EarthLink's fraud and abuse team into activity at its PeoplePC subsidiary. The team discovered more than 25,000 junk e-mails had been sent through 10 PeoplePC accounts that originated from Miami. The e-mails contained such subject headers as "I'm finally back home" and "I just got back in town," and contained messages that marketed herbal supplements.

The fines in this instance are interesting since they are pretty high considering the article states 25,000 messages were sent. Normally they are catching people sending out millions, so it would seem these two guys were small time. I didn't read the actual case, so perhaps their herbal supplement spams broke other laws themselves - being actual scams instead of "just" unsolicited email.

Hormel just can't catch a break

The company who produces SPAM, the spiced ham food product, tried to enforce trademark law so that the current negative connotation of junk email will not be correlated to their name.
But that isn't really working out so well for them, at least in the legal sense. I really don't think their sales have changed specifically due to changes in unsolicited email trends.

Gmail tip

Speaking of Gmail, one tip that I ran across recently (apologies to whoever pointed it out, I am not recalling off the top of my head where I saw this) was that if you want secure access to Gmail, use this url: https://mail.gmail.com/mail. The Gmail link from Google puts you on a secure login, but then redirects to a non-secure Gmail page - going to the above link encrypts the login and the main page. This is nice if you are on a connection that you don't trust, like an open wi-fi hotspot.

As far as I know, this does not yet apply to the mobile interface for Gmail.

Google's Gmail is good at blocking spam

Not only is Google's Gmail service great at blocking spam - it is also good at not blocking opt-in emails. This is one of the worries of companies who make their money from legitimate email services, and Gmail seems to be the best of the free email services at still getting those messages into your inbox.
Read the full report at Lyris for more in depth discussion.

Subliminal ads in spam

This actually was news a few weeks ago, but I wasn't posting here again at that point. The issue is that some spammers have latched on to the concept of flashing content at you in the hopes that your conscious mind might not see it, but your subconscious will and then act on that without you realizing why you are doing it.
The idea of seeing a frame in a movie where it shows some product just for a flash and then you have a craving to buy that product - supposedly they did this with Coke and popcorn during movies.

Studies have shown that it doesn't really work any better than regular ads and that people tend to buy the products that they were inclined to buy in the first place, so the "trick" ad isn't changing their minds.

AdRants has a post up about this that also has a shot of the animated GIF used in the stock spam that was sent out.

Complexity in the spam world

The BBC News website has an article up about how spammers are getting more complex in how they send out spam, try and hide from anti-spam efforts, and actually sell their product. It is certainly a global effort.

The sheer scale of the spamming operation became clearer when Mr Peterson started tracking where the spam was being sent from.

Analysis of the net addresses where the e-mail messages originated showed that more than 100,000 hijacked home computers spread across 119 nations had been used to dispatch the junk mail.

On interesting thing noted in the article was that, in this case the spam was for pharmaceutical products, the orders made on the websites were actually fulfilled and a product was shipped. Something that in the past was a rarity and instead you were just scammed out of money.
That said, the article does note that the drugs received were sent off for testing and the article didn't have any updates on those results.

Rogers Wireless wants voicecasting banned

The Toronto Sun has an article up discussing the growing problem of voicecasting, and how Rogers Wireless wants a law passed banning it.

"It's basically spam on your voicemail," said PIAC counsel John Lawford. "Why should we have to put up with that?"

Besides the obvious irritant of paying to listen to an unwanted ad, Lawford says some people find it "creepy" to get messages on an unlisted number, particularly since the phone doesn't ring.

I don't really care about the "creep" factor, it would just make me angry to have to pay to be spammed, and then the time wasted to figure it out as well.

While I have a lot of interaction with internet based spam, I am fortunate that I don't have much phone spam (yet), so I don't know too much about this particular technique yet.

China has passed a new anti-spam law

China has passed a new anti-spam law that is very restrictive towards new email servers. While on the surface it is supposed to be an anti-spam law, it is really more of a limit on free speech on the internet and designed to gain control over their connection to the net.

Under the new law, businesses and Internet service providers must inform the government at least 20 days before an email server is built and must make provisions for keeping all email for a minimum of 60 days. The law also makes it illegal to discuss information security via email, along with any other subject outlawed in China.

Mail.app and image spam

If you are using a Mac and check your mail with their built in Mail.app, then you might want to check out this blog entry over at Hawk Wings. It discusses a filter that will help get rid of that type of spam.

(that site in general is pretty good if you are on a Mac and using Mail.app - it has a lot of good tips on there)

Investing based on spam, bad idea

In what should be one of the more obvious concepts to be presented to you,MarketWatch reminds us that if you invest in a stock based on something touted in a spam email, then you are very likely to lose money.
This is known as a pump and dump, where someone buys a stock and holds it, and then goes out and tells everyone they know (or in this case, many people they don't know at all via spam) that it is a great stock and they should buy it. Some number of those people buy it, the price goes up, and the original person sells out their position, having made their money, after that, leaving the other people holding on to a stock that may or not be any good (usually not, especially in the case of a pump and dump when many people are going to dump out since it is a scam that got you in there).

This goes back to the idea of maybe not doing whatever someone says to do in an email since you know, they might have their own interests at heart and not your interests.

Video Tribute Sites

Apparently some of the video tribute sites that are cropping up around recent events like the anniversary of 9/11, or the death of the Crocodile Hunter areharvesting emails collected on the site to then spam the users.

This is hardly a new concept and an easy way to avoid this sort of thing is assume that everything on the web that asks for an email address is going to spam you. It might not (for example, we take email addresses here when you leave comments, but don't spam you - one way to be sure of that, just put in something fake), but if you at least assume that they will spam you, then you are at least starting to think about what you are doing instead of blindly handing it over and then later wondering where all of your spam is coming from.

Sounds like they need better filters

Management Issues (sounds like a counseling service) has an article up on their site citing a study done by web security group Panda GateDefender Performa. In it, they say porn and spam are the biggest time wasters in the workplace:

Spam is another major time-water, making up an estimated 21 per cent of email reaching companies, Panda said. Some five per cent of all traffic is also infected by some type of malware.

In addition, almost 40 per cent of internet use in companies was non-work related – with most visits to pornographic web pages occurring during working hours.

If that is the case for a company, then they really need to look at firewall solutions that allow them to control what websites the employees are going to, and to manage the incoming flow of spam. There are plenty of solutions out there these days that would dramatically reduce those figures, and they are reasonable in cost (considering the savings that this study would indicate is achieved by blocking that content).
Mind you, the people who did the study stand to benefit from the results - if more time is wasted, then more money should be spent on their services to help stop the waste, right?

New Spammer Forum

There used to be an online forum/bulletin board where spammers would meet and discuss spam related issues - from the side of the spammers. As with many online discussions, there was a lot of drama and it eventually went the way of the dodo for a variety of reasons.

But as nature abhors a vacuum, so does the business world, even in the spam world - so a new forum has popped up to try and take its place. Bulkerforum.bizsent out an email to all of the previous members of that old board and invited them to join.

They chat about spam and post ads for content delivery, fairly straightforward stuff, but based in the world of spam.

It has been up less than a week and there are already a few fights over who is a real spammer and who the "antis" are on the board. Who knows, maybe the person/people running the site are antis themselves. Who needs soap operas when you have things like this to read.

I imagine that at some point they will make it so that only members can read, but as it is now, it is open to the public.