Karlonia.com

As I was going through my email this morning, I noticed that John Graham-Cumming had just sent out the latest edition of his anti-spam newsletter. Upon reading it, I was intrigued by a somewhat unrelated reference to a blog post in the third paragraph. Apparently a security researcher at the University of Cambridge had his site’s account hacked, and upon investigating exactly what had happened, wanted to figure out what password the hacker had used to create a new account as “Administrator”.

He was able to access the MD5 hash (an encoded version of the password) from the system’s database, but normally it is not feasible to determine the actual password from this. After trying some standard cracking techniques such as dictionary and “brute force” attacks, he decided to simply paste the whole hash string into Google. This returned several results that curiously mentioned the word “Anthony”, which turned out to be the hacker’s password.

The important takeaway lesson here is that for sensitive account information, one should never choose a password that is likely to be used by another person. This especially includes common words or names, and anything that can be deduced from your profile such as date of birth, the name of your school, and the like. You also need to make sure that it is reasonably long; anything less than eight characters or so will easily fall to a brute force attack if the cracker has a reasonable amount of computing power.

Meanwhile, you can peruse the rest of the anti-spam newsletter below:

Read the rest of this entry »

Recently I have been reading about the appearance of a new batch of black hat tactics involving the topics of domain hijacking and cybersquatting. While not all of these methods are strictly “black hat” in the sense of being illegal or malicious, they are all pretty sneaky and can be detrimental to webmasters whose domains or brand names are targeted. People who are owners of high traffic sites or relatively famous names are especially vulnerable. Here is a list of things to watch out for if you have a potentially popular domain name:

1. Geographical cybersquatting: In this scheme, the name of a certain geographical area, usually a city, is purchased as a domain name by the scammer. This “squatter” then points the domain to a site which displays material that many city officials would find objectionable, such as pornography, gambling, or certain pharmaceutical products. Since most officials do not want the name of their town to be associated with such material, the domain owner can offer to sell the domain to the city at a significantly high price. Often this tactic is successful because the area’s residents want to avoid any potential damage to their town’s reputation.

2. Hijacking a famous name: Similar to squatting on the name of a city, some scammers will seek out the names of famous people (or very similar variants of these) and purchase them as domain names. The new domain owner then uses extortion (otherwise known as good old-fashioned blackmail) on the target in the hopes that the affected person will trade some money in exchange for protecting his or her reputation.

Read the rest of this entry »

Spammers often take advantage of holidays so that they can try to sell more products to people who may already be in a buying mood, and it seems that Halloween is no exception. This year, gift card spam has been getting more popular, and as this article from Sophos.com points out, some spammers have combined these two ideas and set up a phishing site that attempts to collect personal information from email recipients in exchange for the promise of getting a Halloween gift card.

The spam mail employs various Halloween-related puns and clichés and promises visitors that they can receive a free $250 MasterCard gift card if they click on one of the links in the email and fill out the questionnaire that follows. The site then asks for a significant amount of information such as email addresses, phone numbers, date of birth, and the like, after which visitors are taken through a series of other questionnaires pertaining to topics such as student loans, cigarette smoking, and other unrelated issues.

It is not clear whether the intent of the spam is to collect information for identity theft purposes or is simply another instance of overzealous marketing. In either case, if you happen to receive an email like this, it is not advisable to click through on the link or input any of your personal information. If you do, the most likely outcome will be an increase in your “spam to ham” ratio; in other words, you will have to deal with more unsolicited junk mail.

Meanwhile, John Graham-Cumming has released the next issue of his anti-spam newsletter, which includes some useful information about recent trends in spam-related trickery. Spammers are now beginning to use animated image files that display the names of their products or keywords as a way of slipping their messages through most spam filters. Pump-and-dump stock scams are now being spread by MP3 attachments, while a worm called Storm that began spreading last year still has antivirus experts befuddled as to how to contain or eliminate it. Finally, Chris Drake shares his ideas on ways to separate spam from ham. More details are posted below:

Read the rest of this entry »

USAA Federal Savings Bank is warning its members about a new email phishing scam that tries to collect sensitive account information.

The email has the USAA logo at the top and contains the subject “Unauthorized Activity!”. The rest of the text attempts to trick users into thinking that their accounts have been compromised and tells them to click on a link in the email in order to “confirm their records”:

Read the rest of this entry »

Although I have not commented on any ridiculous HYIP spam for a while, you probably haven’t missed much. I have been simply deleting most of the emails for these “investment opportunities” because they are not really saying anything that I have not already covered in previous posts. Today, however, I got spammed with a program that seems to take the idea of ridiculous HYIP to a whole new level of dumb: IGProfit.com.

Read the rest of this entry »

John Graham-Cumming, developer of the famous anti-spam tool POPFile and founder of the software company Electric Cloud, Inc., has released the latest edition of his newsletter. It is normally published twice per month and contains informative news items and technical descriptions about the latest spamming techniques and the methods that are being employed to combat them. If you subscribe to the newsletter from the link at jgc.org, you can access the archived issues from previous months. This is the 62nd edition.

Regular readers will know that I’ve been predicting the death of the MIT Spam Conference for some time. How wrong I was. The MIT Spam Conference is back and has been expanded to two days (March 27 and 28, 2008).

The deadline for submissions is March 1, 2008, but the conference is operating an unusual sliding submissions process. You are invited to submit any time from now until the deadline and you’ll get a yes/no answer within two weeks.

Details are here: http://spamconference.org/

Last week I spent a day at the Virus Bulletin 2007 conference in Vienna giving a talk about The Spammers’ Compendium (see www.jgc.org for slides).

My overall impression was that the spam talks were weak. Of all the talks only one made me go ‘a ha!’: Vipul Sharma’s talk:

* Continual feature selection: a cost effective method for enhancing the capabilities of enterprise spam solutions

Vipul Sharma, John Gardiner Myers, Steve Lewis, Proofpoint
http://www.virusbtn.com/conference/vb2007/
abstracts/SharmaMyersLewis.xml

Read the rest of this entry »

Approximately one month ago Professor Ross Anderson, one of the world’s top researchers in the field of computer security, gave a very informative lecture for the University of Cambridge on the topics of spamming, scamming, phishing, and other Internet-based activities that he places under the category of “wickedness”. This video of his lecture delves into some of the details of how spammers and scammers operate, with a focus on how we can accurately detect their activities.

The topics covered range from the usual phishing spam-and-scams to fake escrow and banking sites to what he calls “postmodern Ponzi schemes”, known to most of us in the Internet marketing world as HYIP. Professor Anderson describes the ongoing struggle between the various types of scammers and the (mostly futile) attempts by governments, financial institutions, and computer security professionals to thwart their operations.

The video is one hour long and is presented in a fairly academic style, so if you are normally an impatient or easily bored type of person, you may not find it particularly entertaining. However, if you have any interest in the rapidly converging fields of economics, computer security, and good old-fashioned spam, you might want to watch this one whenever you have enough time.

Besides Ross Anderson who was cited above, other contributors to this video include Richard Clayton, Tyler Moore, Stephen Murdoch, and Shishir Nagaraja.

The next installment in my Adventures in Spam series features a fairly common type of scam email that has been getting more popular lately as increasing numbers of people are figuring out that they can actually make money online. It involves what is essentially a fake work-at-home employment offer- the scammer pretends to be a representative of a legitimate (usually offline) company, then offers to hire you as some type of payment processor or clerical worker.

In most cases, the true purpose of the email is simply to solicit a reply from you. If you actually reply with any indications of interest, the spammer-scammers will send another letter requesting some type of “processing fee” so that they can cover the cost of sending the relevant paperwork and materials to you. Usually this fee is a fairly small amount, like $10 or $20. The scammers are hoping that if they can advertise to enough “suckers” by spamming, they will achieve a high enough sales volume for the small amounts to add up to a significant amount of money for them. And of course, if the old cliché about a sucker being born every minute holds true, the same spam mail can be sent out again at regular intervals and provide the scammers with a steady income from “processing fees”. Here is a typical example of such an email that I received a few days ago:
Read the rest of this entry »

Today I received an email from TD Ameritrade, an investment brokerage company that allows its clients to buy and sell stocks and other securities online. Apparently a recent investigation uncovered some “unauthorized code” in their computer systems that was used for harvesting email addresses. This might explain some of the investment-related spam that I have been getting over the past few years, including those infamous stock pumping scam letters. Although I haven’t used it for years, I had opened an account with Ameritrade back in 2000, so my email address probably found its way onto the spam lists.

Meanwhile, the executives at Ameritrade (much to their chagrin, I can imagine) are in full damage control mode, attempting to reassure us that our identities will not be stolen…or, well, at least there is no evidence that they have been stolen, although our social security numbers were probably in there somewhere. And of course, our assets are secure even though their computer systems are, umm… somewhat less secure since they just got hacked by spammers!

Dear Karl Erfurt,

Let me tell you why I am sending you this email. While investigating client reports about the industry-wide issue of investment-related SPAM, we recently discovered and eliminated unauthorized code from our systems. This code allowed certain client information stored in one of our databases, including email addresses, to be retrieved by an external source.

Please be assured that UserIDs and passwords are not included in this database, and we can confirm that your assets remain secure at TD AMERITRADE.

What we want you to know:
Read the rest of this entry »

One form of spam that has been on the rise over the past two weeks is stock spam, which is most commonly used to promote a type of scam known as stock pumping. This is a technique in which spammers attempt to manipulate the price of a company’s stock, usually in the upward direction, in order to make a quick profit. The most common tactic used to accomplish this is known as the “pump-and-dump” scheme. With this method, a spammer chooses a stock that is relatively unknown, has a low price per share, and has low trading volume. Most such stocks are traditionally called “penny stocks” because they usually trade for less than one dollar per share and are listed only on the over-the-counter bulletin board (OTCBB) or Pink Sheets exchanges. With this type of stock, the spammer can usually raise the share price relatively easily by disseminating lots of positive (and sometimes fraudulent) information about the chosen company and lure naive investors into quickly buying shares, thus temporarily driving up the price. The spammer, having bought fairly large blocks of shares in advance, then quickly sells the stock by “dumping” it back onto the market before most investors realize that the information being disseminated is exaggerated or inaccurate.

Another tactic that is sometimes used by stock spammers is called the “short and distort” method. This is essentially the reverse of the more popular pump-and-dump; instead of hyping up a stock, negative information is sent out in an attempt to drive the share price downward. Rather than buying shares, the spammer short sells them- that is, the shares are borrowed from a broker and immediately sold for whatever they are worth at the current price. In a short sale transaction such as this, the investor hopes that the stock price declines because if it does, the shares can be bought back at a lower price than what they were originally sold for, leaving the difference as profit. However, there is also significant risk involved in this proposition because if the price of the stock actually goes up, the investor can lose money when the shares are eventually bought back in order to settle the short position. For this reason, plus the fact that the possibility of short selling is usually not offered for penny stocks, the short and distort method is not as popular with veteran spammers. However, it is sometimes still used by unscrupulous investors who have inside knowledge of the companies involved and want to manipulate the markets for quick profits.

Read the rest of this entry »

Yes, those infamous HYIP spammers are at it again. The latest site that has come up for ridicule is called zoom-invest.net, a HYIP that promises to triple your money within 15 hours while serving up a generous helping of broken English and inept marketing skills. Fortunately, its promoters were nice enough to send me this spam so that we all have the chance to laugh at them before their official launch:
Read the rest of this entry »