Spam Techniques

Spam is down, but malware is as hot as ever, Symantec finds

By

Security firm Symantec's latest "Internet Security Threat Report" found that malicious attacks and malware variants are more prevalent than ever, and are being delivered to their victims in mass and targeted ways.

Can you stamp out spambots? No, but you can help

Can you stamp out spambots? No, but you can help

Trying to solve the spam epidemic? It might be time for organizations to look inward, as machines that are unknowingly seeded with malware are the reason for the botnet scourge.

Spam drop, but targeted attack rise, is key 2011 takeaway

By

Spam volume dropped dramatically from 379 billion messages daily in August 2010 to 124 billion this November, according to Cisco, as crooks opted for more pinpointed attacks that could fly under the radar.

Cyber Monday scam emails hit inboxes

By

Spammers have begun trying to capitalize on the Cyber Monday buying frenzy.

Most spam subject lines contain fake order, ticket numbers

By

Most spam messages sent in recent days have been delivered with subject lines containing fake order or ticket numbers, delivery invoices, payment notices or tax information, according to researchers from security firm Websense.

Facebook identifies porn spam perpetrators

By

The social media giant is "pursuing the appropriate action" against those behind a wave of pornographic content that showed up on users' news feeds this week.

FTC settles with SMS marketer over spam allegations

By

A California man is barred from delivering unsolicited text messages after he sent "a mind-boggling" amount for many months, under a settlement with the Federal Trade Commission.

Phresh phish from the Keepnet

Rummaging through my spam folders, I found a pretty kettle of phish...

Experts warn of attacks as more Epsilon victims emerge

By

Fallout continues, and new corporate victims come to light after the massive breach of an email marketing services provider.

Texas ringleader of pump-and-dump scam arrested

By

Federal agents arrested the alleged ringleader of an international securities fraud racket that used hackers, botnet operators and email spam to drive up the value of stocks.

Waledac botnet operators amass 500,000 email credentials

By

After being effectively knocked out, the Waledac botnet has been rebuilt from scratch - and is on the attack again.

New Year's-themed bogus emails work of Storm or Waledac

By

Researchers at the nonprofit Shadowserver Foundation believe they have identified a new version of either the Storm or Waledac worm, thanks to a large-scale influx of New Year's-themed spam. The emails purport to be a New Year's greeting card but contain a link to a malicious domain, claiming to host a fake Flash Player that actually is an exploit. The evil domains use fast-flux techniques to hide the host server. "The whole point of this botnet is to install malware onto systems of unsuspected visitors," researcher Steven Adair wrote on the Shadowserver blog. Storm first appeared on the scene in 2007, capitalizing on current events and holidays, and was effectively replaced by Waledac in 2009. - DK

Accused Mega-D botnet operator arrested

By

A Russian man who is believed to be the operator of the Mega-D botnet, one of the largest spam senders in the world, has been arrested and is scheduled to be arraigned on Friday in federal court.

Google quickly shores up Gmail spam flaw

By

Google has fixed what is being described as a serious security flaw that allowed a hacker to harvest Gmail addresses and send spam from the search giant's servers.

Spammers inundate Apple's new social media service Ping

By

Apple's new social media service Ping already is being abused by spammers, security experts are warning.

Facebook "dislike" button scam spreading

By

The latest scam to hit Facebook is trying to trick users into spreading spam with the offer of a "dislike" button, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Monday. Many users have been clamoring for such a capability, as they could use the button to give a thumbs-down to other posts, links or uploads of which they are not fond. A "like" button already exists. The scam entices users to click on a link and install a rogue Facebook application, Cluley said. If the app is given permission to run, it posts spam messages from the user's account and prompts them to complete an online survey that makes money for the perpetrators. — AM

Amount of spam with shortened links nearly doubles

By

Spammers are increasingly abusing free online link shortening services, resulting in a significant increase in the amount of spam containing shortened links over the past year, according to a Symantec report, released Thursday.

Engineering, automotive sectors commonly spammed

By

Organizations in the engineering, automotive and accommodation sectors receive the most spam, according to a new Symantec report.

Kraken botnet re-emerges 318,000 nodes strong

By

Kraken, a large and difficult-to-detect botnet that peaked in 2008 and was dismantled by early 2009, is back, and anti-virus solutions are struggling to detect it, according to university researchers.

Malicious emails masquerading as Adobe warning

By

Researchers at anti-spam firm Red Condor are warning users of malicious emails crafted to look like a legitimate thread of forwarded messages discussing Adobe software vulnerabilities. The thread begins with an email supposedly coming from an employee in Adobe's Risk Management department that warns recipients of a denial-of service-vulnerability and urges them to apply a patch. Adding legitimacy to the campaign, the emails appear to have been forwarded by people of higher positions in the recipient's organization. The messages contain a link to an executable, which has been identified as a trojan. Adobe, in a Wednesday blog post, advised people to ignore the email. — AM

Trojan masquerades as Google Chrome extension

By

Cybercriminals are leveraging the growing popularity of Google Chrome to spread malware, according to researchers at anti-virus company BitDefender. Virus writers are sending unsolicited emails stating that a new extension of the browser is available. The messages contain a link, which, if followed, directs users to a spoofed Chrome Extensions page that offers a malicious executable. Researchers identified the malware, an ".exe" file instead of a legitimate ".crx" extension, as a trojan that attempts to block access to Google and Yahoo pages and redirect users to fake versions of those sites. — AM

Easter-related spam and malware targets the unwitting

By

Between now and Sunday, users should be careful not to fall for email ruses capitalizing on the Easter holiday, security firms are warning.

Bogus emails claim copyright infringement

By

US-CERT warned Friday of a new email scam using the threat of a lawsuit to dupe unsuspecting recipients into installing malware on their machines. First reported by the SANS Internet Storm Center, the phishing messages appear to come from legitimate law firms and are targeting colleges. The email contains a malicious link to a supposed lawsuit, which is being sent "due to a completely inadequate response from your company for copyright infringement." Users are encouraged to ignore the malware-laden email. — DK

Email recipients still falling for spam, finds survey

By

Despite awareness around spam, half of email recipients are responding to junk mail messages, according to a survey released this week by the nonprofit Messaging Anti-Abuse Working Group.

Crooks try to romance users with Valentine's Day spam

By

Spammers are on the Valentine's Day prowl already, and more ploys are expected, researchers at Trend Micro said Monday.

Spam magnate Ralsky sentenced to more than four years

By

Alan Ralsky, mastermind of a fraud campaign that delivered tens of thousands of junk mail messages designed to inflate stock prices, was sentenced Monday to 51 months in prison.

Festi botnet appears

By

There's a new botnet in town. Known as Festi, the network of zombie computers now is responsible for three to six percent of daily spam, or about 1.5 to three billion emails, according to the latest MessageLabs research released Thursday. The botnet, which was responsible for virtually no spam as recent as August, has managed to increase its output by recruiting new zombie computers and delivering significantly more spam from each compromised node. The junk mail typically pushes goods, such as male enhancement pills and jewelery. -- DK

Spam volume reaches new all-time high at 92 percent

By

During the third quarter of the year, spam accounted for 92 percent of all email on average, which breaks the previous record-high volume set during the second quarter of 2009.

Facebook wins $711 million in damages against spam king

By

Facebook has won a $711 million civil action against reputed spammer Sanford Wallace, who may now face prison time as a result.

Facebook spam has trojan

By

Researchers at web security firm Websense on Monday warned Facebook users to be on the lookout for a phishing email that attempts to trick them into believing their password was reset, which could lead to their PC being hit with a trojan. The bogus messages, which have been spoofed to make it look like they are coming from Facebook, falsely inform recipients that their password has been changed due to safety concerns. They are encouraged to click on a ZIP attachment to view their new password. However, that file actually contains a poorly detected executable that installs additional malware on the victim's computer and joins it as part of the Bredolab botnet. -- DK

Sign up to our newsletters

POLL