Postini reports a drop in directory harvest attacks

The anti-spam service Postini has reported that there has been a drop of 8% in directory harvest attacks for the month of March. This is the first drop in seven months.

Unless they have changed their methods and I didn't hear/read about it yet, the way to run a directory harvest attack against a company is to do a bute force/dictionary attack on them with usernames (it helps - the spammer that is - if they already have a few usernames from that domain so that they can see the format). These can be gathered from existing spam databases, or from viruses which pull addresses from machines they infect.

So if the spammer has a few addresses at Company ABC which shows their email format appears to follow FIRST_INITIAL NO_SPACE LAST_NAME @companydomain.com, then they can run a long list of first and last names against it and send them spam (doesn't have to be real spam in that there is a message, but instead just junk or even blanks).
If the machine responds with a non-delivery report, than you know that user doesn't exist on that server. If you get nothing back, or better yet an unsubscribe or a read-receipt, or an out of office, then you know that there is a live email there.

Actually, if you get nothing back, that technically doesn't mean that there is a live email on the other side. It could mean that they have turned off their NDRs (non-delivery reports) on their mailserver. This is generally a good thing and can reduce load on the server as well as bandwidth wasted.
Unfortunately, there are many scenarios for which a company can't turn those off. Our company is one of those. I turned them off when we were seeing extremely high spam loads and it was flooding our net connection. But there are several old addresses in our system that have been cleaned out lately and some of our less net savvy clients need to know that the user is not going to reply to them - so getting an NDR at least forces them to follow up with us. Otherwise they think the person got it, but just isn't responding - and that results in an angry client.

My first two thoughts upon seeing that DHAs are down is that either 1) more servers are turning off the features which make DHAs work (NDR, out of office, read receipts), or 2) spammers have found something more effective at making money and/or generating real live email addresses.

Posted by Eric at 08:14 PM | Comments (0) | TrackBack

Another (anti) spam blog starts up

Slashdot has a recent post (book review) pointing to a new spam blog out there.

In the Slashdot post, it appears that the author of the new blog wrote the review of the book, which is Spam Kings - but didn't post a link to the blog created by the author of that book. Maybe he didn't know it was out there.
Regardless, it appears to be a positive review of the book.

I could make some comment about wondering why we need another spam blog to rehash it all - but that would really be the pot calling the kettle black now wouldn't it?

Posted by Eric at 08:02 PM | Comments (2) | TrackBack

WordPress raises the ire of more than a few bloggers

WordPress is a free open source content management system. Like MovableType (what we use), but free.

There is currently a row amongst some high profile bloggers becuase WordPress has been hosting blog entries by a company which uses the high Google page ranking of the WordPress domain to get hits and ad revenue. They pay WordPress a fixed rate for this service and then give them the content.

Many are saying that this is blog spam, but as much as I like to jump on the "kill the spammers" bandwagon as the next guy - I am not sure this is really all that spammy in nature.

I think the larger issue that people are having with this is that WordPress is supposedly a free and open project that isn't out to make money. You can donate money to it and assume that the money goes to the person toiling away on the project. But if the person is making money on the side from the popularity of the project - this irks some people - especially those who are into the whole free software way of life.

Personally, while I don't know that I would say it is great that this guy is doing it, I don't really think it is that big a deal. And I am not sure that I would categorize it as spam at all. It is clearly labeled as "sponsored articles" and I couldn't find a way to get there from the site without going through Google first.

The main issue here which makes this an issue is that WordPress has nothing to do at all with the text that is written - the text is only there because it relates to text which generates high click rates from Google (not "rate" as in frequency, but as in the money paid out per click). That is what is spammy about it.
But since it isn't being shoved on you without your control, and it is clearly labeled as to what it is - I think I have a hard time calling it spam. More just "lightly sleazy".

Posted by Eric at 04:54 PM | Comments (4) | TrackBack

Tivo popups on their way?

There has been much talk lately of Tivo showing popup ads while you are fast forwarding through commercials. That of course would defeat the reason you are fast forwarding through commercials. There is also talk of popup ads during regular television.

PVRBlog has a post with screenshots (literally photos of the TV) describing the issue as well as possible workarounds which would improve the experience (as it is now, they are very invasive).

Keep in mind not everyone is seeing these ads - I have a Tivo, I love it, and don't see the ads. And I hope I never do.
So they are in some sort of "random" beta stage at this point.

Posted by Eric at 01:12 PM | Comments (0) | TrackBack

Want a list of Terri supporters?

The NYTimes reports that a list of email (and regular mail) addresses for Terri Schiavo supporters is up for sale, presumably to people who want to market items to the type of people who would donate to such a thing.

I am going to try hard to not say anything one way or the other about that, since the Terri Schiavo case is outside of the spam world and therefore it would merely be an opinion, but I will say that this does put a smirk on my face to hear that the supporters might have someone taking advantage of them... again.

Posted by Eric at 12:08 PM | Comments (0) | TrackBack

Spam King Scott Richter Files for Bankruptcy

More specifically, the OptInRealBig company has filed for Chapter 11 to protect itself from creditors - the big one of course being Microsoft in the form of a $40M lawsuit (currently this lawsuit is currently unsettled, so that is up in the air).

I am not sure what this means in terms of the $500K settlement he agreed to pay out in the case against him (they were seeking $20M a the time) via NY's Elliot Spitzer.

Richter had previously claimed massive monthly earnings by his company, so it would be interesting to see the justification for filing Chapter 11. Either he is hiding that money well, or he was simply lying in order to boost his image in the past. Considering the topic under discussion, it is probably some combination of both.

Posted by Eric at 11:45 AM | Comments (0) | TrackBack

Overzealous anti-spyware programs and incompetent users

I was helping out a user in my office today who called me into his office because "the internet was slow today". This isn't a particularly useful or helpful IT query, so it requires a bit more questioning to really get to the root of the problem. The "internet" is a big and broad area, not just web pages - but the average user sees "the internet" as "web pages" and they see email as totally outside of that. And they are totally oblivious to anything other than that*.

IT professionals can never expect average users to know everything that an IT person knows, just in the same way it is unreasonable for an accountant to expect me to know all about accounting. But I should know how to balance my checkbook and pay my bills - that is basic functioning of financial life.
In the same vein, people who are using computers to conduct their daily home/business activities should probably know enough about how it works to stay out of trouble. I have seen hundreds of users who most certainly are nowhere near knowing anything about their machine other than "I press this button to turn it on, and banging on these buttons gets me to Yahoo!"**

It is key to know how the system works so that you can avoid people who are taking advantage of the system to scam you. Likewise, it is also key to know what things are harmless so ... again, you will know when you are being scammed.
When I was in this user's office today, even though I had shown him that "the internet" wasn't slow today and instead it was just the PalmOne page he was visiting at the time which was slow. He then decided it was probably spyware that was making it slow and made me run an anti-spyware program on his machine to clean it out.
Sure enough, after the program updated with the newest definitions, it ran and found "thousands of spyware files". Well, technically it scanned thousands of files and found 52 "spyware files" - the user just couldn't grasp the difference between scanned files and actual files which had problems. But I can't really blame him since even the files which it was marking as "spyware" were actually just cookies, largely for ad services.

I am all for blocking spam, and I don't think there is anyone out there that doesn't hate spyware. But it irks me when these anti-spyware companies will register everything that they can as something to freak out about for the end-user. Depending on which software program you are using, it is frequently the worst reason of all - they are trying to scare the user into upgrading to the paid version of the product to remove all of these scary files that it found (trust me, cookies aren't that scary).
The user I was working with wanted me to get rid of the cookies since he was positive they were evil and also "slowing down the internet" so I showed him how to get rid of the cookies and then moved on my way.

It got me to thinking about how that sort of thing bugs me though. The reason the cookies are marked (in this case, they were marked as "low", but that was apparently beyond this user) is because they fall more under the "adware" category and technically companies can glean more information from you if you store a cookie.
This isn't always a bad thing - for example here at Spamblogging we use a service offered by StatCounter (I highly recommend them - although they were briefly down near the time I was writing this). This allows me to watch some stats on the people who come to the site so I can see what pages are popular and what search terms bring people to the site (for those of you that care, it appears that the bulk of our search visitors are interested in "ChatSlapper" and the bulk of the people coming here from linked sites are coming in regards to the CSS fun I have posted about in the past).
If you look on the forums over at StatCounter, you can see that they are concerned that they are being marked as spyware/adware.
If the software companies genuinely feel that these cookies are a bad thing (remember you can just turn off cookies in your browser, and block them for individual pages depending on your settings), then that is perhaps something I can go with if they gave a good explanation.
But more and more I am seeing things in the anti-spam/spyware/virus/etc programs which are simply using FUD to sell more product and that really makes me sick. That is, in my opinion, just as bad as the people they are supposedly trying to block. (in this case, the FUD reference being the scare tactic of making people think that their machine is full of spyware and they will be safe if they give you money for your product in order to save them)

*As a side story, this same user once asked me to set him up to download music to listen to on his machine, he had heard about that on the news - I explained to him that our net connection couldn't really handle that and "real work" at the same time - and he said "Oh! The music would come from the internet?" I honestly have no idea how he thought it was going to work - perhaps in his mind all computers are filled with all current and future music when they are built.

**As another side story, I have had multiple users over the years ask me to "get rid of this box under my desk" and when I tell them that I can't, they demand to know why. I try to explain to them that it is their computer and that they can't get much done without it. They then point to their monitors and say "then what is this?"
The first few times it happened, I just sort of laughed. But it has happened so many times now that I currently have lost all hope for the human race. I hear kids these days are good with computers - hopefully that is the case.

Posted by Eric at 12:29 AM | Comments (0) | TrackBack

Defectieve Yeti Ponders Comment Spam

Sorry, with potential headline material like that, it was hard not to write about this sort of thing. There is a great blog known by "Defective Yeti" - the author is a former Amazon employee, recent dad, and very funny guy.

He has a recent post up discussing a glitch in his site he was noticing which turned out to be related in a roundabout way to comment spammers.

In the process of talking about how he had wanted to close his site to limit bandwidth, and how the front page kept popping up (due to the indexes being rebuilt after comment spammers snuck in through the open mt-comments script), the author stumbles onto the idea of the hidden field to avoid comment spam.

This is not a new idea, and is a very good idea. The concept of course being that if they (comment spammers) are just spewing data at a script on your site, they aren't actually populating any forms and submitting them the way humans do. So if you add in a hidden field which must be passed in from the UI for the comments to work, then the spammers won't know about this and therefore their scripts will get rejected.

The obvious way around this of course is that the spammers can easily start submitting the data for that hidden input as well - that is easy. But they key is that spammers are trying to reach as wide an audience as possible, with as little work as possible - so they don't bother customizing their scripts for sites unless the site really offers them enough potential gain to merit the extra work. (not to mention that spammers tend to be rather dumb and are just using a script that they found to do it - script-kiddies really - so many of them likely wouldn't even know how to adjust the script to take it into account anyway)

So while this isn't a foolproof plan, it is a very good one which would certainly reduce the spam as long as you had a unique hidden field from everyone else and no spammers wanted to target you specifically.

If it is such a good idea, then why haven't we implemented it on Spamblogging and other sisters sites of ours? Good question. And the answer to that is a perverse combination of laziness and being fantastically busy.

(On a side note, we did try installing MT-Keystrokes - it works by tracking keystrokes in the fields, which is a similar way of thinking to the hidden field - and didn't have much luck with it. It was blocking certain browsers and generally not playing nice due to browser incompatibilities with its Javascript requirements - so if you are going to go the plug-in route, that is along those lines, but not the best idea)

Posted by Eric at 09:58 PM | Comments (0) | TrackBack

Probably why phishing is so successful

Slashdot has a post up which is pretty much the reason phishing is so successful and continues to be an increasing problem on the net (and has been in real life for decades).

The reason? A combination of greed and stupidity on both sides.

Posted by Eric at 06:49 PM | Comments (0) | TrackBack

Gizmodo's Sugar Cube Spam

Not that Gizmodo is spamming anyone, but they posted some spam which they received.

Maybe it is just me, but I find it hilarious in only the way that random incoherent spam can bring you ad pitches for things you don't want, as if described by a NYC street peddler from another country, high on paint fumes and rancid Thunderbird.

My apologies to those of you really are interested in "owning a Capital Good" or being able to process 4 tons of sugar in 24 hours. My intentions are not to mock your hopes and dreams. Belittle yes - but never mock.

Posted by Eric at 01:38 PM | Comments (0) | TrackBack

Emailed malware has peaked?

The person who caught the first malware mass mailed program "Melissa" has recently made the announcement that from what he sees, he thinks that emailed malware has peaked.

Unfortunately, that doesn't really mean much for us. Even though it may have peaked, it is still out there in massive numbers. On top of that, there is still a massive audience it will reach who still don't understand how it works even on the most basic level, and so they still routinely fall for it (I have to tell my users over and over how spam and mass mailed worms like this work, and they never get it - I've largely given up at this point).
So as long as you have a very large, and extremely uneducated (not in the schooling sense, but in the fact that they don't bother to learn even vaguely how a system works, and therefore how to avoid these problems), then you are going to have a subset of people who will exploit flaws in the system to try to make money off of these people.

So while that type of malware delivery may have peaked, it does not mean that spam or malware has peaked at all - and surely there is something just around the corner being thought up right now.

Posted by Eric at 01:08 PM | Comments (0) | TrackBack

ZDNet bug still there

We have written a few times now about the ZDNet web page bug which can easily be abused by spammers (more likely phishers in this case). It looks like a ZDNet page, but it then redirects to any URL you put in.

According to Spam Kings the problem still exists, even though they have selectively blocked it for some sites.

Posted by Eric at 02:44 AM | Comments (0) | TrackBack

Contest... no contest

For a bit there was a contest up to see who could successfully infect net-connected Macs and win money. But apparently now the contest is already canceled after the person running came to his senses (generally speaking, encouraging people to hack at something isn't always the best idea).

Posted by Eric at 02:38 AM | Comments (0) | TrackBack

Incompetent spam

I always get a kick out of spam attempts which make you wonder what exactly they were thinking (well, phishing in this case).

Posted by Eric at 02:29 AM | Comments (0) | TrackBack

Spam blogs are clogging the blog world

At first I thought there might be a new article out there about our own site, but instead it is an article pointing out how many new fake blogs are being created, just to post spam (for trackbacks and then higher search engine rankings).

It questions if blogs in general are threatened by this decrease in signal to noise, but it also points out that any new technology will be exploited by people wanting to make money. They reference that idea on the side of the spammer types - saying that they will overuse it until it is no longer making them money. But the same of the legitimate site rings true as well - it will evolve to block the spammers' efforts and also will eventually grow beyond the point where it will be as interesting as it is now. Around then some new technology will come out which people will start to use - and the spamming type won't be long behind, figuring out a way to make money off of it.

Posted by Eric at 04:08 PM | Comments (1) | TrackBack

Bad email habits allow spam to survive

Another study has been done which says spam survives due to "bad email habits". In this case they mean "bad habits" such as clicking on links in your emails.

But the article also states that 10% of email users are buying things from spam. This numbers seems high to me since spammers tend to look for a fractional percentage response to what they send out. But regardless of the number's accuracy, it is correct to point out that were people to stop buying from spam, then spam would stop to exist.
The best way to reduce the number of people buying from spam is to educate people about the problem, and that takes time. So take some time out to tell the people you know about why they shouldn't buy from spam - and if you are doing it yourself... that's easy - just stop.

Posted by Eric at 04:01 PM | Comments (0) | TrackBack

What's that say? Oh right, "V1@gRa" - got it.

SophosLabs has out a report they ran which shows the words used in spam which are mangled in order to disguise them and get them by the spam filters. It looks like even though Viagra was at the top of the list in previous studies done over the years, Cialis has now taken top "honors".

Before giving you the list of the top 25 words which are disguised in spam emails, the report adds "NOTE: Information contained in this report may be considered offensive by some customers." The reason for that of course is that sex sells - pretty much all of the words on that list are either directly related to sex, or are drugs related to sex.

I'm curious how the pharmaceutical companies see this. Sure, their public facing comments have to be that they are against spam and they likely very much are against it since they don't want to taint their image (or rather have it tainted by others in the case of spam). But I imagine it also serves as a large indicator of popular opinion as well - whatever spam words are hot are words which will make money. That means Cialis is currently more likely to make money than Viagra.

Posted by Eric at 09:17 AM | Comments (2) | TrackBack

This just in: Users to blame for spam

Frequently we see news articles out there which go for the low hanging fruit and point out the obvious. After literally several decades of spam out there, Information Week decided it was high time to weigh in with the hard hitting report "Users to blame for spam".

Actually, they are saying that user ignorance is to blame - which is fairly different. The big one they point out is that people are using the unsubscribe links. The article states that this makes a spammer realize you are a "live one" and then spam you more. Technically with the various bits of legislation passed over the years, those links are supposed to be mandatory in commercial email, and they are supposed to be hooked up to a system which works. That said, I would still see it highly likely that the unsubscribe link very much does, for many of the spammers out there, actually unsubscribe you from that list. But, just as the article says, it shows the spammers that you read their spam (or at least clicked on a link in it), so you are more attractive to them than someone who just throw out the message. So while they take you off of that list, they might add you to a database of users for another spammer or another spam mailing they do.

On a side note, in terms of user ignorance, I have spoken with users in the past who thought that clicking "unsubscribe" would make them stop getting all spam. Clicking it on one message, and then it just stops for them entirely.
I believe they thought that they accidentally turned on the spam, and that was the way to undo it.

Note that at the bottom of that article, they say 10% of the people interviewed for the study done had purchased items from spam. That is a huge percentage considering spammers usually look for only a fraction of that - but I have a feeling that study didn't involve millions of people the way spam runs do.

Posted by Eric at 09:07 AM | Comments (0) | TrackBack

Is Mac OS X a sitting duck?

Here at Spamblogging, we constantly see mention of Windows malware, but comment on the relative lack of that sort of thing on Mac OS X. Symantec has recently stated that OS X is increasingly being targeted for malware and that surely the most important thing a Mac user can do is buy their Norton tools to prevent such a thing. This Slashdot article states it in a skeptical manner that I have to agree with - Symantec stands to gain from generating fear about this sort of thing.

Personally I really can't stand when companies resort to FUD in order to sell their products. I hope in this case that they are genuinely interested in the well being of Mac users, but as a Mac user - I am not seeing much malware out there for OS X, so at this point I'm leaning towards thinking that this is a sales tactic on their part, and a sleazy one at that.

Posted by Eric at 09:45 AM | Comments (1) | TrackBack

Clearswift's Spam Index, sex sells

Not a big surprise here, but Clearswift's Spam Index tracks what the current trends in spam are showing and it appears that there is a surge in "lonely housewife" spam.
I have noticed an increase in spam which is actually getting through my filters and it looks very much like a human written note in a personal ad sort of way - but then the links are all to porn sites.

I think by now the readers of this blog know that if something is showing up more in spam - that means it is working. Spammers have seen that they can make more money with this technique, hence its new popularity.
Now that begs the question - is it working because people are more likely to pay for what it is selling, or is it working because it is more likely to get through the spam filters?

Either way, it doesn't really matter since spam filters will adapt to this in a short period of time and something new will come out - but for the next few weeks, expect even more of this spam as more spammers get on the bandwagon.

Posted by Eric at 09:40 AM | Comments (0) | TrackBack

IBM enters the world of anti-spam

IBM has created something called "FairUCE" (Fair use of Unsolicited Commercial Email). According to this article, the technique sounds similar to Domain Keys and Sender ID techniques - although different in that it is analyzing the IP of the sender and then the IP of the domain it claims to be from to look for discrepancies. Then on top of that it adds in a challenge/response system if the lookup on the headers fails the tests run on it.
That last part is causing a lot of confusion and anger - people tend not to like the challenge/response systems, and there is currently a misconception about FairUCE in that it is setup to flood the spammers back if they fail the test - but IBM is saying this is not true and that it is just part of the challenge/response system.
FairUCE also has whitelists and blacklists, as do most spam systems, so that mail can bypass the processing stage if it is known to be a good/bad sender.

Posted by Eric at 09:19 AM | Comments (0) | TrackBack

ZDNet webpage used by spammers

Much like the eBay webpage "bug" which we mentioned previously, there is now a similar issue at ZDNet.

The spammers make it look like a ZDNet link, but redirect to their own pages instead, making the uneducated user think that they are going to a more legitimate site than where they are actually sent. (not to mention possibly get through some spam filters)

I haven't seen this used in getting around blog spam filters yet. But theoretically MT-Blacklist, which is so common on blogs for blocking spam, keeps a list of URLs which it won't allow in comments. ZDNet might be allowed in most blogs, so it might be a way to get by those filters.
That said, there is still a human admin on the other side who can erase those messages.

Posted by Eric at 07:26 PM | Comments (0) | TrackBack

Spammer site shut down

In our recent post talking about exposing those who buy from spam, I linked to an article over at Spam Kings. There is an update there on a site at the end of that article which was pointed to.

The issue was a spammer was showing thousands of users' data for free, but this update tells us that the hosting service for the spammer has shut them down. It is probably underway right now that the spammer is looking for (and will find) a new host.

*EDIT*
Sorry, I should clarify that while the site shut down may have been of a spammer, a better description was that of someone who sells lists to spammers. In terms of the distinction between who is a bigger jerk, the line is a fine one I guess.

Posted by Eric at 07:21 PM | Comments (0) | TrackBack

Testing a spam filter

This article discusses "Why spam-filter testing is largely a disaster."

It raises some good points, but I have two main issues with it:
1) It reads more like a press release than anything else - but they are clearly trying to make it look informational. Not which it is supposed to be, but I am guessing that it is a press release.

2) It isn't "testing" of a spam filter they are talking about - but "training" of one as it learns and the settings are tweaked.

One of the key points it mentions which I 100% agree with though are that when testing or training, forwarding spam through the server to an address is not a smarter idea for either concept. When forwarded, it will change the headers and therefore come from an address which you might have whitelisted as a trusted domain/user, but then the content is full of spam.
In terms of testing, that is then useless to you since it is coming from a good user and shouldn't be marked as spam.
In terms of training, it is again useless because the data which should be seen as spam is then going to be associated with a "good" person and therefore lesson the severity of it on future hits for that spam. (note that is only if it is a learning system using Bayesian methods or something along those lines - if it isn't one of those, then you don't have to worry as much - although I don't see much of a point of using it if it isn't one of those)

Posted by Eric at 02:30 PM | Comments (0) | TrackBack

Exposing those who buy spam

Another suggestion on how to stop spam over at Spam Kings. In this case, the idea is when a spammer is successfully sued, they have to relinquish a list of those who purchased from them and this is made public. That way we can see exactly who is buying from these spammers.

This goes back to the idea that a lot of the business which spammers do is in the grey area of sales and people use them because other places won't sell it, or they just want to be more discrete about it. If that second option is taken away, perhaps people will buy less from spammers.
And if people stop buying from spammers, then they have less incentive (money) to spam.

Posted by Eric at 12:36 PM | Comments (0) | TrackBack

A (theoretical) FireFox plugin to ensure click-fraud on popups

This blog entry comes up with a theoretical idea of how to get rid of popups. There have long been pop-up blockers which stop it from loading - but as we have mentioned before, the advertisers are finding ways around that.

The idea this person has is that a FireFox plugin (he is saying FireFox because it is the browser he is using, but theoretically it could be a plugin for any/all browsers) would see that there is a popup, block it from being visible, but send clicks to it to load the site it is an ad for, and then randomly click around that site - mimicking a "sticky" user and showing user agent data which would look like a real user. But none of this would actually display in your browser, it would be going on in the background.

The idea is stems from the concept that 90% of pop-up ad clicks are accidental anyway. So this makes 100% of the clicks that way, so that the site would be getting traffic and usage, but the traffic would not be getting them any sales. Therefore not worth the payout of setting up the ad (technically not only not worth it, but actively increasing their costs with no return).

The good part - if you could create this plugin and many people used it (and I think they would), it would drastically change the pop-up style ad market and likely kill it (or at least cause them to work out a way to get around it).

The bad part(s):
1) A pop-up is in a small window. When you click on it, it opens a new window - sometimes done through a "_blank" HTML reference in the "A" link tag, but far more frequently via JavaScript. This spawns a new window and routes that browser to the ad company who is hosting that popup ad. This allows them to track that the ad was clicked on. From there, it forwards you on to the site who is paying for that ad and it is tracked that a click has happened and a charge is incurred for the ad. (I haven't purchased pop-up ads ever before, but I am guessing that there is a setup fee, and then a fee for each click - I could be wrong)
In order for this plugin to work, it would either have to work graphically and hit the links that way - which is a really bad/stupid idea, or it will have to pass know/find the URLs to follow and pass them properly through. The graphical approach would be easy to get around by the ad people by moving links and active areas around so that they are not always in the same place. It would also have to rely on the windowing system of the browser/OS to be able to "see" items without them actually being rendered to the screen.
The other approach could be bypassed by changing what data needs to get passed along each time (including a Javascript watch on events so that actual clicks take place). This would require updates to the code so frequently that either only certain ad types could be blocked, or it would need constant supervision for a developer to feed in changes.

2) You can't just tell a site "hey, this was clicked", it actually tracks what is downloaded. Plus, for this to really be a problem, you want them to see wasted bandwidth which isn't getting them more sales. So that means the pages actually have to be downloaded in the background and that means anyone using this plugin would have greater bandwidth usage themselves. That is fine if you are not footing the bill and have a large pipe. It is not so good if you are paying for your bandwidth yourself and/or have a very small pipe (slow connection).

I think it is a very clever idea and exactly the sort of innovation that the internet is perfect for - mass idea collectives and people to organize and build it.

Although I hate to be a nay-sayer - but I really don't think that this could work in practice for a broad scale or time period - there are just too many easy ways for the ad companies to get around it with simple changes on their ends.

Posted by Eric at 11:42 AM | Comments (0) | TrackBack

Use an appliance to reduce server load due to spam

This article states the obvious in that it says if you use a network appliance to reduce the amount of spam on your network, your mailserver won't have to work as hard.

Posted by Eric at 11:21 AM | Comments (0) | TrackBack

New collaborative filtering tool for sharing networks to reduce spam

ZDNet has an article up on a new process for cleaning spam from file sharing networks via collaborative filtering.

The project aims at the heart of peer-to-peer networks' biggest weakness today. Allowing people to search each other's hard drives has made hundreds of millions of files potentially available at a mouse-click, but search results remain spotty and badly organized, much like the early days of Web search.

What would ordinarily be a straightforward computer science question has been complicated by the fact that so many of the files on peer-to-peer networks are songs or videos under copyright. In this case, improving search results could also contribute to making copyright infringement more efficient.

Peer-to-peer networks have been polluted with junk files and spam almost since their inception. It took spammers only a few months to realize that the popular networks presented a new opportunity for unsolicited advertising, and to adapt their technologies accordingly.

I recall seeing that someone wrote a paper showing how social networks can be destroyed (in terms of their usefulness) by adding bad data to the system. Say you have a network of shared music files. There is a threshold after which the system is no longer useful - that threshold is dependent on honest naming of the files. Something as easy as me uploading audio of me belching the alphabet and naming it the same as some new hot song disturbs the system. Doing this on a larger scale can actual defeat the system.
This paper was very good news for the music industry and they actually pay people to purposely do this to muck up the P2P systems which share music files.

Additionally, images, movies, text files, as well as the music, will be added by spammers and they will have names of items which would be popular on the network - but when opened are either just ads, or in worst case scenario - are viruses/trojans/malware.

This new approach hopes to address this problem. It does seem that it still has the flaw of relying on the fact that users will be honest in their rating - so in order to get around it, the spammers will just need to rate their own items as legit and get other spammers to do that as well.
That way it throws off the signal to noise ratio of the system and we are back where we started.

Posted by Eric at 10:46 AM | Comments (0) | TrackBack

New anti-spam law in the Philippines

A recent law was passed in the Philippines which goes into effect this week. Created to prevent spammers from targetting mobile devices unless expressly told that the end recipient desires to be contacted. And by "prevent" that is meant in a legal sense - in that you can still do it, but there is now a legal recourse available to the recipients.
According to the article:

The Philippines uses text or short messaging heavily, with each subscriber sending an average of 252 messages per month, according to Taylor Nelson Sofres, an international marketing information group.

WOW! That is a huge amount of text messages. Perhaps I am in the minority in that my text message usage averages around zero per month - but it appears that the Philippines would be towards the higher end of text message usage. Which of course is why the spam was such a problem - the spammers felt it was a great way to reach a lot of people easily.

We'll have to keep our eyes open to see if this new law actually helps reduce the amount of spam sent that way.

Posted by Eric at 02:01 PM | Comments (0) | TrackBack

German Telco Company Fined for Spamming

A German mobile phone company spammed a Danish company's (competitor?) customers and is now being fined for its actions.

Posted by Eric at 10:53 AM | Comments (0) | TrackBack

Anti-spammer is sued

Spam Kings has an article up which points out that an anti-spammer is getting sued.

It looks as if the guy received what he felt was spam from a travel company. He then tried to sue the company under Oklahoma law (where he resides) and offered to settle for about $6K. He also created a page slamming the company which in turn led to... him getting sued for $4M in damages by the company.

I am very curious to see how they justify $4M.

Posted by Eric at 03:58 PM | Comments (1) | TrackBack

Dealing with annoyances

This article on the NYTimes website hits home with me in two spots.

The first being that when I lived in the States, I derived extreme enjoyment from tearing up all of my junk mail which didn't have the pre-paid envelopes enclosed and then stuffed that junk mail into the mail which did have those envelopes. I knew that the more I put in there, the more annoying it was on the other end (although I suspect by now they have a way of weeding that out). More importantly the heavier it was, the more the other side had to pay for it.

The other of course is the spam reference, in this case to something which happened some time back (I don't recall the exact date, but it was over a year ago) when Slashdot put up the address of a spammer (well, Slashdot themselves didn't, but a user on the site) and said spammer was flooded with junk mail:

Some Web sites specialize in arming people against online annoyances. The site www.slashdot.org posted the name and the mailing address of one of the worst known spammers, encouraging people to sign the spammer up for catalogs and other junk mail to be sent to the spammer's home. Mr. McKiernan of the Postal Service said that this tactic also appeared to be legal, but might constitute harassment.

I don't know if I am exposed to more annoying things than some people, or if I am just more easily annoyed. Currently leaning towards the latter. Deep breaths. Count to ten. Drink heavily. That's my motto.

Posted by Eric at 03:11 PM | Comments (0) | TrackBack

There have been a few signs lately that Gmail is opening to the public

I have seen mention in a few places that Gmail looks to be opening to the public. That said, it still appears to be part of a slow roll out and current users still have invites available to them to hand out.

Speaking of which, I have 50 invites if anyone still wants one.

Posted by Eric at 05:41 PM | Comments (0) | TrackBack

AOL AIM TOS

AOL has apparently rewritten their Terms of Service for AIM to make it more clear as to what is and is not monitored. BoingBoing has a congratulatory note here.

Posted by Eric at 04:23 PM | Comments (0) | TrackBack

Spam Hijacker

We posted before about the spammer who was in a legal tie-up with Bell South (and lost) because he hijacked user accounts and then used them to send out spam.

Now on the surface this may look skilled - after all they say "hijack" and most people have visions of cyber terrorists wearing masks and doing things we see in movies with modified hardware and skills which look like magic.
But in reality, all this guy did was use a program which brute forces its way into user accounts which are web accessible. You run the program and it tries frequently used passwords, then moves to a dictionary attack (trying every word in a dictionary), and then it moves to a brute force attack of combining all possible keystrokes. That takes no more skill than downloading a program, running it, and pointing it at a site.
That is usually referred to as a "script kiddie" hack in that it required no skill or intelligence and simply just requires someone dumb enough to run it.

Some things that we should keep in mind knowing that was how the hack occurred:
1) It is possible that Bell South should be blamed more in this than they are. This program tries passwords over and over again - if their server allowed more than 3-5 failures on the password and then more tries after that, they are at fault for extremely poor design. It is generally accepted that if a legit user doesn't get their password in 3 to 5 tries, you lock them out and either require them to phone in, or wait a day to try again. This should account for any legitimate use of the password failures, but prevent hacks like this from getting in.
2) Having said that, it is possible that Bell South *did* have such a system in place and with so many user accounts, it still worked just fine even with the stop. If it saw the stop, then he moved on to another account. The key in that case then would be poor password selection on the part of the users. If your password is in the dictionary, then it will be "broken" very easily (technically nothing gets broken in this case, really more of a guess).
3) Both of those points aside, it is still 100% retarded to do such a thing since in order to get those accounts, you have to use an IP address to get there. Even if you frequently change them and go through proxies, the logs are going to be full of data showing that it isn't the intended user of that account and that it is experiencing odd behavior from another location. That means it will draw attention to the account and there will be a long trail pointing to the exploit and the person using it. Just another example that it is a script kiddie approach. While all hacking/cracking like this is frowned upon by skilled programmers, the worst kind of all is the script kiddie approach since it doesn't show off any skill. At least if someone does something with flair and intelligence, you might hate them for what they did, but you have that glimmer of respect for how they did it - not so in this case.

Posted by Eric at 09:38 AM | Comments (0) | TrackBack

Google 302 Exploit

Always keeping us on their toes, it looks as if some devious folks are making use of redirects to steal Google traffic from other sites.
That link is from Slashdot, so I think the best way to sum it up is with a bit of the intelligent discourse which goes on over there everyday:

Hey look! Someone forgot to RTFA!

You use 302 to hijack someone else's page in Google's search results. Your bogus ad infested page shows up instead of the actual content the user was searching for (and thought they were going to see), while the real website that you hijacked doesn't get any more Google traffic. That's the exploit.

Dumbass.

Posted by Eric at 09:33 AM | Comments (0) | TrackBack

Online Poker

There is currently a movement afoot in many blogs to point to Wikipedia's page for online poker.

The idea being if so many fake blogs are being started up just to raise the page rank of gambling sites, then bloggers can overcome that and by linking to that Wikipedia page, hope to make it the first link.
While this isn't exactly revolutionary or something which will change the world, it is fun to see innovative thinking like this. (although you could argue that there are now people who want to find online poker sites and are going to be frustrated by this effort)
This technique by the way is called "Googlebombing".

Posted by Eric at 09:06 AM | Comments (0) | TrackBack

VoIP, more spam coming your way

Over on Slashdot there is something up about how telemarketers can dodge the few things which may prevent them from phoning you these days by going VoIP and outsourcing. No longer having to worry about the legal restraints (since they aren't technically phoning you by the methods those laws apply to), or the monetary hinderances of long distance, telemarketers can no phone from overseas in cheap locales and do what they do best - annoying the hell out of everyone.
Keep in mind that sadly the worst part of this is that it will work, just the same way that spam does. People actually buy from them, so they make money, so they keep doing it and worse yet, it draws in competition - meaning even more annoyances. And where there are people trying to sell you something, there are people trying to scam you out of your money as well.
Same techniques, just different technology - whether it be instant messages, voicemail, person to person, regular mail, email, or anything else that comes up over time - the key is making it cheap and easy for them to do (reminds me of a Jamie Kennedy joke about how the days of carrier pigeons likely made for more thought out and necessary letters than today's email age).

Posted by Eric at 12:41 AM | Comments (0) | TrackBack

Spyware and... spyware

Over at Spam Kings there is a post mentioning that Spyware Assassin is a scam. Note that "Spam Assassin" is a very good spam filter and is legit - "Spyware Assassin" on the other hand is just a scam riding on the name and success of Spam Assassin.

Slashdot has a post mentioning that there is currently spyware which infects IE via FireFox (and that this is only on Windows systems running Sun's Java Runtime Environment). So frustratingly, even if you have switched to FireFox, you can't uninstall IE from the system, and in this case still get hit. (technically I do recall seeing someone post details to their website about how they removed IE from a Win98 system, but that was some time ago and it is not necessarily feasible now - also it was a non-trivial process)

Posted by Eric at 12:32 AM | Comments (0) | TrackBack

Interesting read on bot nets

Security expert Bruce Schneier points to a very interesting read about bot nets and the threats they present to the internet, as well as what we can learn from them.

I have a hard time reading these things and not thinking of movies like The Terminator. Even though in this case, it is referring to organized groups which use the bots to take down networks via distributed denial of service attacks if they don't give them money.

Posted by Eric at 06:37 PM | Comments (0) | TrackBack

New Zealand to see an increase in permission based email

Somewhat like our recent note here, New Zealand is going to see an increase in permission based email because of a recent deal between companies there which specialize in such things. The main difference in these is a "dual opt-in" process which involves the person signing up and then also responding to a confirmation email.
The theory is that this will mean your userbase is only composed of people who actually want you to email them, and with that you can collect more data from them since they are opting to give it to you.

Previous single opt-in methods would result in larger lists of users, but they might not all want to be on there, with only a smaller subset actually wanting your email. So this new dual opt-in process hopes to avoid that and stick to only that subset of interested people.

Posted by Eric at 02:18 PM | Comments (0) | TrackBack

When is spamming really spamming?

Silicon.com discusses the slippery areas around the differences between bulk mail and spam. There are many who would argue that all bulk mail is spam, and there are those who would fight against that (usually the bulk mailers).

A broader concept which is frequently used is that spam is any mail you are getting but don't want. This isn't a technically valid definition since it could be that I don't want bills emailed to me since I hate having to pay them, but they are still legitimate emails. Or I could not like some of the emails I get from staff at work and don't want them either, but they aren't spam.

Along the same lines, if you signed up for a service and either agreed to get mail or asked to get mail, but later changed your mind - unless you told them to stop sending you that mail, it too is not spam.

And it is that last point where things get sticky in the legal sense. There are currently plenty of loopholes which allow spammers to claim that they thought you actively wanted to be on their list and were misinformed by someone else, or they say that you didn't understand some agreement - and frequently their unsubscribe system conveniently is broken. The CAN-SPAM Act actually allows for this as long as it is fixed in a "reasonable period of time" which isn't defined and likely only starts once reported.

So when is spamming really spamming, and when it is just annoying mail? As with most things in life, it is not always a cut and dry answer.

Posted by Eric at 02:12 PM | Comments (0) | TrackBack

Forget phishing, now its pharming

Just in case you thought you could rest easy and assume you had all of those zany spam/spim/scam/phish/virus/maleware/etc names down, you have a new one to worry about - pharming.

First came phishing scams, in which con artists hooked unwary internet users one by one into compromising their personal data. Now the latest cyberswindle, pharming, threatens to reel in entire schools of victims.

Pharmers simply redirect as many users as possible from the legitimate commercial websites they'd intended to visit and lead them to malicious ones. The bogus sites, to which victims are redirected without their knowledge or consent, will likely look the same as a genuine site. But when users enter their login name and password, the information is captured by criminals.

The best way to avoid these sorts of things is to stay educated about how the internet works and how to avoid these types of things. While making it easier for everyone to get online is a great thing in concept, it also means you get a bunch of clueless and gullible people in there as well, who aren't yet versed in how things should look/act/work.
This is what phishers/pharmers/scammers prey on and your best defense is to simply learn more about it all so you know what to avoid.

Posted by Eric at 02:06 PM | Comments (0) | TrackBack

Blogs, the new spam

Well, hopefully this doesn't speak poorly about this site, but apparently blogs are the new spam. AdRants points to a few public statements made by a few people who feel blogs are the new spam. In this case meaning the newest avenue for putting up garbage to get more traffic, to sell more product. The blogs are full of links to either get a higher page rank themselves, or more importantly raise the page rank of the sites which they are pointing to (which are sites selling things).

The main difference is that it is easy to not read a blog, you have to go and seek it out - as opposed to email which gets delivered right to your inbox. So the key difference here is in terms of search engine noise. Doing a search for "mortgages" 4 years ago might have rewarded you with the top sites for mortgages. Now the same search will think it is doing just that, but it is returning all spammer/scammer sites.

Posted by Eric at 02:01 PM | Comments (0) | TrackBack

AOL clarifies statement on AIM

Slashdot has up a clarification from AOL on the AIM Terms of Service. According to AOL, they only meant for those to apply to "posts in public forums" and that they don't store AIM conversations on disk.

On one hand it wouldn't make sense to store all of the data that is transmitted everyday over the AIM network - it would just be a huge storage task. On the other hand, they easily could store anything they wanted to, just monitor the feed for keywords or certain users, and then selectively log that.

Using an encrypted chat program makes that much harder. I'm currently just avoiding using chat programs at all right now since I don't get much out of them in terms of benefit which couldn't be derived from email, and I don't really chat with people too often.

Posted by Eric at 11:46 AM | Comments (0) | TrackBack

Are tougher laws in Canada making for less spam?

Slashdot has a discussion of whether or not spam volume is actually down in Canada or not - and if it is down, is it because of very strict laws in place to deter spammers?

While personally I am all for anything that will lower the amount of spam sent out, I am not particularly impressed by spam laws. They work very well for allowing prosecution of spammers in your region, but spam is a global problem. You can get spam from someone in another country just as easily as you could from someone who lives next door to you. But that person who lives in another country isn't likely to face the same legal hammer that your neighbor would were he spamming.

As we have pointed out on here before, some feel that better spam filters and technology are what should be attributed for the lower numbers. If that is the case, why aren't the numbers down on a global scale? Is Canada using something better than the rest of us? Or were they simply late adopters of the filters and so are just delayed in experiencing their benefits?

Posted by Eric at 08:54 PM | Comments (0) | TrackBack

Email archiving woes

Slashdot has two articles up about email archiving woes. One which is more of a question posed by an individual who wants to keep all of their email over the years (over multiple platforms and IM logs as well). The other raises the opposite side of the issue in that it appears Microsoft is claiming to have lost email from a period of time which would be crucial in a current lawsuit against them (from Burst.com over alleged patent infringement within Windows Media Player). They have the data on either of side of the time period, but not the 35 days in question.

The first one is more of an amusement to me since I personally am not sure I would *want* that much back-history of data since it wouldn't be particularly useful and just a hassle. But it is very possible, and probably likely, that this person has far more interesting and/or important data than I have had so far.
My recommendation to him and those like him, would be to use several media types since a failure of one type would not necessarily mean failure to all of them. USB flash drives are large enough now that you can hold a huge amount of data - 1GB is very likely enough to hold all of one person's email over the years and IM logs (text is small) - that is assuming you aren't also keeping large attachments. (one of the executives where I work has nearly a 2GB mailbox and it is because he read that Bill Gates never deletes anything - just for the record, that is a bad reason to not delete anything from your inbox)
Between CDs, DVDs, USB flash drives, and portable hard drives, you could back-up most any home email archive with a bit of overkill. You could put a tape drive in there too if you were really paranoid of media failure - but if you are that paranoid, then you should probably also distribute the media in different secure physical locations and perhaps also upload it to a networked server too.
(a lot of that is tongue in cheek since it is extreme overkill for pretty much any home use - but actually probably not enough for some corporate environments, so it isn't quite as ridiculous as it sounds)

Microsoft's problem on the other hand is entirely different. Now there are plenty of small companies that have lost backups and archived data. But in this case, Microsoft has the data on either side of the loss and the window of loss just happens to be during the period which the lawsuit wants.
There are a few ways to look at this, each equally valid depending on which side you are viewing it from. One side sees it that Microsoft is clearly covering their butts in this case and know that they have the money and legal team to tie this up in the courts until the other side gives up or runs out of money. Another side is that Microsoft is claiming that they didn't find the emails interesting enough to merit keeping and deleted them, but did find everything else interesting and so kept it. Finding something "interesting" is a subjective thing, so it is hard to claim legally that they are lying - even though they very likely are.
I have seen a few lawsuits where they pull out the email archives and use that to determine who screwed-up and where. The firms which have dealt with this before know to avoid paper/digital trails and they will handle questionable conversations in person - plausible deniability. If they say it didn't happen, there is nothing to prove otherwise. In these types of lawsuits, I have even seen companies claim that they lost their backups or had faulty equipment. Since that actually does happen, unless the law for their industry holds them accountable for such things, they aren't in the wrong (there have been changes in the fund world so that they have to keep massively detailed backups, but not every industry has specific laws for that).

Personally, I'm fairly laid back about my personal backups and I put data I must have onto CD, removable hard drives, and USB flash drives. At work we have backups to a server, redundant alternating removable hard drives, multiple USB flash drives (not large backups, just certain small but vital databases and programs), Ultrium tapes (with a relatively short rotation of a single week, since backup is more of our interest over that of archival purposes - but we are moving that up to a month with a year's worth of archival points), and a remote location backup site as well (still in progress). We rotate the removable media offsite on a weekly basis.
Those strategies, both at home and at work, are more for the purpose of getting things up and working again, less on going back to see the status of something on day X of year Y - because the nature of our business doesn't require it.
Your mileage may vary.

Feel free to post up your backup and/or archiving process and why it is at the level of scrutiny it is.

Posted by Eric at 10:00 PM | Comments (0) | TrackBack