Postini reports a drop in directory harvest attacks

The anti-spam service Postini has reported that there has been a drop of 8% in directory harvest attacks for the month of March. This is the first drop in seven months.

Unless they have changed their methods and I didn't hear/read about it yet, the way to run a directory harvest attack against a company is to do a bute force/dictionary attack on them with usernames (it helps - the spammer that is - if they already have a few usernames from that domain so that they can see the format). These can be gathered from existing spam databases, or from viruses which pull addresses from machines they infect.

So if the spammer has a few addresses at Company ABC which shows their email format appears to follow FIRST_INITIAL NO_SPACE LAST_NAME @companydomain.com, then they can run a long list of first and last names against it and send them spam (doesn't have to be real spam in that there is a message, but instead just junk or even blanks).
If the machine responds with a non-delivery report, than you know that user doesn't exist on that server. If you get nothing back, or better yet an unsubscribe or a read-receipt, or an out of office, then you know that there is a live email there.

Actually, if you get nothing back, that technically doesn't mean that there is a live email on the other side. It could mean that they have turned off their NDRs (non-delivery reports) on their mailserver. This is generally a good thing and can reduce load on the server as well as bandwidth wasted.
Unfortunately, there are many scenarios for which a company can't turn those off. Our company is one of those. I turned them off when we were seeing extremely high spam loads and it was flooding our net connection. But there are several old addresses in our system that have been cleaned out lately and some of our less net savvy clients need to know that the user is not going to reply to them - so getting an NDR at least forces them to follow up with us. Otherwise they think the person got it, but just isn't responding - and that results in an angry client.

My first two thoughts upon seeing that DHAs are down is that either 1) more servers are turning off the features which make DHAs work (NDR, out of office, read receipts), or 2) spammers have found something more effective at making money and/or generating real live email addresses.

Posted by Eric at 08:14 PM | Comments (0) | TrackBack

Another (anti) spam blog starts up

Slashdot has a recent post (book review) pointing to a new spam blog out there.

In the Slashdot post, it appears that the author of the new blog wrote the review of the book, which is Spam Kings - but didn't post a link to the blog created by the author of that book. Maybe he didn't know it was out there.
Regardless, it appears to be a positive review of the book.

I could make some comment about wondering why we need another spam blog to rehash it all - but that would really be the pot calling the kettle black now wouldn't it?

Posted by Eric at 08:02 PM | Comments (2) | TrackBack

WordPress raises the ire of more than a few bloggers

WordPress is a free open source content management system. Like MovableType (what we use), but free.

There is currently a row amongst some high profile bloggers becuase WordPress has been hosting blog entries by a company which uses the high Google page ranking of the WordPress domain to get hits and ad revenue. They pay WordPress a fixed rate for this service and then give them the content.

Many are saying that this is blog spam, but as much as I like to jump on the "kill the spammers" bandwagon as the next guy - I am not sure this is really all that spammy in nature.

I think the larger issue that people are having with this is that WordPress is supposedly a free and open project that isn't out to make money. You can donate money to it and assume that the money goes to the person toiling away on the project. But if the person is making money on the side from the popularity of the project - this irks some people - especially those who are into the whole free software way of life.

Personally, while I don't know that I would say it is great that this guy is doing it, I don't really think it is that big a deal. And I am not sure that I would categorize it as spam at all. It is clearly labeled as "sponsored articles" and I couldn't find a way to get there from the site without going through Google first.

The main issue here which makes this an issue is that WordPress has nothing to do at all with the text that is written - the text is only there because it relates to text which generates high click rates from Google (not "rate" as in frequency, but as in the money paid out per click). That is what is spammy about it.
But since it isn't being shoved on you without your control, and it is clearly labeled as to what it is - I think I have a hard time calling it spam. More just "lightly sleazy".

Posted by Eric at 04:54 PM | Comments (4) | TrackBack

Tivo popups on their way?

There has been much talk lately of Tivo showing popup ads while you are fast forwarding through commercials. That of course would defeat the reason you are fast forwarding through commercials. There is also talk of popup ads during regular television.

PVRBlog has a post with screenshots (literally photos of the TV) describing the issue as well as possible workarounds which would improve the experience (as it is now, they are very invasive).

Keep in mind not everyone is seeing these ads - I have a Tivo, I love it, and don't see the ads. And I hope I never do.
So they are in some sort of "random" beta stage at this point.

Posted by Eric at 01:12 PM | Comments (0) | TrackBack

Want a list of Terri supporters?

The NYTimes reports that a list of email (and regular mail) addresses for Terri Schiavo supporters is up for sale, presumably to people who want to market items to the type of people who would donate to such a thing.

I am going to try hard to not say anything one way or the other about that, since the Terri Schiavo case is outside of the spam world and therefore it would merely be an opinion, but I will say that this does put a smirk on my face to hear that the supporters might have someone taking advantage of them... again.

Posted by Eric at 12:08 PM | Comments (0) | TrackBack

Spam King Scott Richter Files for Bankruptcy

More specifically, the OptInRealBig company has filed for Chapter 11 to protect itself from creditors - the big one of course being Microsoft in the form of a $40M lawsuit (currently this lawsuit is currently unsettled, so that is up in the air).

I am not sure what this means in terms of the $500K settlement he agreed to pay out in the case against him (they were seeking $20M a the time) via NY's Elliot Spitzer.

Richter had previously claimed massive monthly earnings by his company, so it would be interesting to see the justification for filing Chapter 11. Either he is hiding that money well, or he was simply lying in order to boost his image in the past. Considering the topic under discussion, it is probably some combination of both.

Posted by Eric at 11:45 AM | Comments (0) | TrackBack

Overzealous anti-spyware programs and incompetent users

I was helping out a user in my office today who called me into his office because "the internet was slow today". This isn't a particularly useful or helpful IT query, so it requires a bit more questioning to really get to the root of the problem. The "internet" is a big and broad area, not just web pages - but the average user sees "the internet" as "web pages" and they see email as totally outside of that. And they are totally oblivious to anything other than that*.

IT professionals can never expect average users to know everything that an IT person knows, just in the same way it is unreasonable for an accountant to expect me to know all about accounting. But I should know how to balance my checkbook and pay my bills - that is basic functioning of financial life.
In the same vein, people who are using computers to conduct their daily home/business activities should probably know enough about how it works to stay out of trouble. I have seen hundreds of users who most certainly are nowhere near knowing anything about their machine other than "I press this button to turn it on, and banging on these buttons gets me to Yahoo!"**

It is key to know how the system works so that you can avoid people who are taking advantage of the system to scam you. Likewise, it is also key to know what things are harmless so ... again, you will know when you are being scammed.
When I was in this user's office today, even though I had shown him that "the internet" wasn't slow today and instead it was just the PalmOne page he was visiting at the time which was slow. He then decided it was probably spyware that was making it slow and made me run an anti-spyware program on his machine to clean it out.
Sure enough, after the program updated with the newest definitions, it ran and found "thousands of spyware files". Well, technically it scanned thousands of files and found 52 "spyware files" - the user just couldn't grasp the difference between scanned files and actual files which had problems. But I can't really blame him since even the files which it was marking as "spyware" were actually just cookies, largely for ad services.

I am all for blocking spam, and I don't think there is anyone out there that doesn't hate spyware. But it irks me when these anti-spyware companies will register everything that they can as something to freak out about for the end-user. Depending on which software program you are using, it is frequently the worst reason of all - they are trying to scare the user into upgrading to the paid version of the product to remove all of these scary files that it found (trust me, cookies aren't that scary).
The user I was working with wanted me to get rid of the cookies since he was positive they were evil and also "slowing down the internet" so I showed him how to get rid of the cookies and then moved on my way.

It got me to thinking about how that sort of thing bugs me though. The reason the cookies are marked (in this case, they were marked as "low", but that was apparently beyond this user) is because they fall more under the "adware" category and technically companies can glean more information from you if you store a cookie.
This isn't always a bad thing - for example here at Spamblogging we use a service offered by StatCounter (I highly recommend them - although they were briefly down near the time I was writing this). This allows me to watch some stats on the people who come to the site so I can see what pages are popular and what search terms bring people to the site (for those of you that care, it appears that the bulk of our search visitors are interested in "ChatSlapper" and the bulk of the people coming here from linked sites are coming in regards to the CSS fun I have posted about in the past).
If you look on the forums over at StatCounter, you can see that they are concerned that they are being marked as spyware/adware.
If the software companies genuinely feel that these cookies are a bad thing (remember you can just turn off cookies in your browser, and block them for individual pages depending on your settings), then that is perhaps something I can go with if they gave a good explanation.
But more and more I am seeing things in the anti-spam/spyware/virus/etc programs which are simply using FUD to sell more product and that really makes me sick. That is, in my opinion, just as bad as the people they are supposedly trying to block. (in this case, the FUD reference being the scare tactic of making people think that their machine is full of spyware and they will be safe if they give you money for your product in order to save them)

*As a side story, this same user once asked me to set him up to download music to listen to on his machine, he had heard about that on the news - I explained to him that our net connection couldn't really handle that and "real work" at the same time - and he said "Oh! The music would come from the internet?" I honestly have no idea how he thought it was going to work - perhaps in his mind all computers are filled with all current and future music when they are built.

**As another side story, I have had multiple users over the years ask me to "get rid of this box under my desk" and when I tell them that I can't, they demand to know why. I try to explain to them that it is their computer and that they can't get much done without it. They then point to their monitors and say "then what is this?"
The first few times it happened, I just sort of laughed. But it has happened so many times now that I currently have lost all hope for the human race. I hear kids these days are good with computers - hopefully that is the case.

Posted by Eric at 12:29 AM | Comments (0) | TrackBack

Defectieve Yeti Ponders Comment Spam

Sorry, with potential headline material like that, it was hard not to write about this sort of thing. There is a great blog known by "Defective Yeti" - the author is a former Amazon employee, recent dad, and very funny guy.

He has a recent post up discussing a glitch in his site he was noticing which turned out to be related in a roundabout way to comment spammers.

In the process of talking about how he had wanted to close his site to limit bandwidth, and how the front page kept popping up (due to the indexes being rebuilt after comment spammers snuck in through the open mt-comments script), the author stumbles onto the idea of the hidden field to avoid comment spam.

This is not a new idea, and is a very good idea. The concept of course being that if they (comment spammers) are just spewing data at a script on your site, they aren't actually populating any forms and submitting them the way humans do. So if you add in a hidden field which must be passed in from the UI for the comments to work, then the spammers won't know about this and therefore their scripts will get rejected.

The obvious way around this of course is that the spammers can easily start submitting the data for that hidden input as well - that is easy. But they key is that spammers are trying to reach as wide an audience as possible, with as little work as possible - so they don't bother customizing their scripts for sites unless the site really offers them enough potential gain to merit the extra work. (not to mention that spammers tend to be rather dumb and are just using a script that they found to do it - script-kiddies really - so many of them likely wouldn't even know how to adjust the script to take it into account anyway)

So while this isn't a foolproof plan, it is a very good one which would certainly reduce the spam as long as you had a unique hidden field from everyone else and no spammers wanted to target you specifically.

If it is such a good idea, then why haven't we implemented it on Spamblogging and other sisters sites of ours? Good question. And the answer to that is a perverse combination of laziness and being fantastically busy.

(On a side note, we did try installing MT-Keystrokes - it works by tracking keystrokes in the fields, which is a similar way of thinking to the hidden field - and didn't have much luck with it. It was blocking certain browsers and generally not playing nice due to browser incompatibilities with its Javascript requirements - so if you are going to go the plug-in route, that is along those lines, but not the best idea)

Posted by Eric at 09:58 PM | Comments (0) | TrackBack

Probably why phishing is so successful

Slashdot has a post up which is pretty much the reason phishing is so successful and continues to be an increasing problem on the net (and has been in real life for decades).

The reason? A combination of greed and stupidity on both sides.

Posted by Eric at 06:49 PM | Comments (0) | TrackBack

Gizmodo's Sugar Cube Spam

Not that Gizmodo is spamming anyone, but they posted some spam which they received.

Maybe it is just me, but I find it hilarious in only the way that random incoherent spam can bring you ad pitches for things you don't want, as if described by a NYC street peddler from another country, high on paint fumes and rancid Thunderbird.

My apologies to those of you really are interested in "owning a Capital Good" or being able to process 4 tons of sugar in 24 hours. My intentions are not to mock your hopes and dreams. Belittle yes - but never mock.

Posted by Eric at 01:38 PM | Comments (0) | TrackBack

Emailed malware has peaked?

The person who caught the first malware mass mailed program "Melissa" has recently made the announcement that from what he sees, he thinks that emailed malware has peaked.

Unfortunately, that doesn't really mean much for us. Even though it may have peaked, it is still out there in massive numbers. On top of that, there is still a massive audience it will reach who still don't understand how it works even on the most basic level, and so they still routinely fall for it (I have to tell my users over and over how spam and mass mailed worms like this work, and they never get it - I've largely given up at this point).
So as long as you have a very large, and extremely uneducated (not in the schooling sense, but in the fact that they don't bother to learn even vaguely how a system works, and therefore how to avoid these problems), then you are going to have a subset of people who will exploit flaws in the system to try to make money off of these people.

So while that type of malware delivery may have peaked, it does not mean that spam or malware has peaked at all - and surely there is something just around the corner being thought up right now.

Posted by Eric at 01:08 PM | Comments (0) | TrackBack

ZDNet bug still there

We have written a few times now about the ZDNet web page bug which can easily be abused by spammers (more likely phishers in this case). It looks like a ZDNet page, but it then redirects to any URL you put in.

According to Spam Kings the problem still exists, even though they have selectively blocked it for some sites.

Posted by Eric at 02:44 AM | Comments (0) | TrackBack

Contest... no contest

For a bit there was a contest up to see who could successfully infect net-connected Macs and win money. But apparently now the contest is already canceled after the person running came to his senses (generally speaking, encouraging people to hack at something isn't always the best idea).

Posted by Eric at 02:38 AM | Comments (0) | TrackBack

Incompetent spam

I always get a kick out of spam attempts which make you wonder what exactly they were thinking (well, phishing in this case).

Posted by Eric at 02:29 AM | Comments (0) | TrackBack

Spam blogs are clogging the blog world

At first I thought there might be a new article out there about our own site, but instead it is an article pointing out how many new fake blogs are being created, just to post spam (for trackbacks and then higher search engine rankings).

It questions if blogs in general are threatened by this decrease in signal to noise, but it also points out that any new technology will be exploited by people wanting to make money. They reference that idea on the side of the spammer types - saying that they will overuse it until it is no longer making them money. But the same of the legitimate site rings true as well - it will evolve to block the spammers' efforts and also will eventually grow beyond the point where it will be as interesting as it is now. Around then some new technology will come out which people will start to use - and the spamming type won't be long behind, figuring out a way to make money off of it.

Posted by Eric at 04:08 PM | Comments (1) | TrackBack

Bad email habits allow spam to survive

Another study has been done which says spam survives due to "bad email habits". In this case they mean "bad habits" such as clicking on links in your emails.

But the article also states that 10% of email users are buying things from spam. This numbers seems high to me since spammers tend to look for a fractional percentage response to what they send out. But regardless of the number's accuracy, it is correct to point out that were people to stop buying from spam, then spam would stop to exist.
The best way to reduce the number of people buying from spam is to educate people about the problem, and that takes time. So take some time out to tell the people you know about why they shouldn't buy from spam - and if you are doing it yourself... that's easy - just stop.

Posted by Eric at 04:01 PM | Comments (0) | TrackBack

What's that say? Oh right, "V1@gRa" - got it.

SophosLabs has out a report they ran which shows the words used in spam which are mangled in order to disguise them and get them by the spam filters. It looks like even though Viagra was at the top of the list in previous studies done over the years, Cialis has now taken top "honors".

Before giving you the list of the top 25 words which are disguised in spam emails, the report adds "NOTE: Information contained in this report may be considered offensive by some customers." The reason for that of course is that sex sells - pretty much all of the words on that list are either directly related to sex, or are drugs related to sex.

I'm curious how the pharmaceutical companies see this. Sure, their public facing comments have to be that they are against spam and they likely very much are against it since they don't want to taint their image (or rather have it tainted by others in the case of spam). But I imagine it also serves as a large indicator of popular opinion as well - whatever spam words are hot are words which will make money. That means Cialis is currently more likely to make money than Viagra.

Posted by Eric at 09:17 AM | Comments (2) | TrackBack

This just in: Users to blame for spam

Frequently we see news articles out there which go for the low hanging fruit and point out the obvious. After literally several decades of spam out there, Information Week decided it was high time to weigh in with the hard hitting report "Users to blame for spam".

Actually, they are saying that user ignorance is to blame - which is fairly different. The big one they point out is that people are using the unsubscribe links. The article states that this makes a spammer realize you are a "live one" and then spam you more. Technically with the various bits of legislation passed over the years, those links are supposed to be mandatory in commercial email, and they are supposed to be hooked up to a system which works. That said, I would still see it highly likely that the unsubscribe link very much does, for many of the spammers out there, actually unsubscribe you from that list. But, just as the article says, it shows the spammers that you read their spam (or at least clicked on a link in it), so you are more attractive to them than someone who just throw out the message. So while they take you off of that list, they might add you to a database of users for another spammer or another spam mailing they do.

On a side note, in terms of user ignorance, I have spoken with users in the past who thought that clicking "unsubscribe" would make them stop getting all spam. Clicking it on one message, and then it just stops for them entirely.
I believe they thought that they accidentally turned on the spam, and that was the way to undo it.

Note that at the bottom of that article, they say 10% of the people interviewed for the study done had purchased items from spam. That is a huge percentage considering spammers usually look for only a fraction of that - but I have a feeling that study didn't involve millions of people the way spam runs do.

Posted by Eric at 09:07 AM | Comments (0) | TrackBack

Is Mac OS X a sitting duck?

Here at Spamblogging, we constantly see mention of Windows malware, but comment on the relative lack of that sort of thing on Mac OS X. Symantec has recently stated that OS X is increasingly being targeted for malware and that surely the most important thing a Mac user can do is buy their Norton tools to prevent such a thing. This Slashdot article states it in a skeptical manner that I have to agree with - Symantec stands to gain from generating fear about this sort of thing.

Personally I really can't stand when companies resort to FUD in order to sell their products. I hope in this case that they are genuinely interested in the well being of Mac users, but as a Mac user - I am not seeing much malware out there for OS X, so at this point I'm leaning towards thinking that this is a sales tactic on their part, and a sleazy one at that.

Posted by Eric at 09:45 AM | Comments (1) | TrackBack

Clearswift's Spam Index, sex sells

Not a big surprise here, but Clearswift's Spam Index tracks what the current trends in spam are showing and it appears that there is a surge in "lonely housewife" spam.
I have noticed an increase in spam which is actually getting through my filters and it looks very much like a human written note in a personal ad sort of way - but then the links are all to porn sites.

I think by now the readers of this blog know that if something is showing up more in spam - that means it is working. Spammers have seen that they can make more money with this technique, hence its new popularity.
Now that begs the question - is it working because people are more likely to pay for what it is selling, or is it working because it is more likely to get through the spam filters?

Either way, it doesn't really matter since spam filters will adapt to this in a short period of time and something new will come out - but for the next few weeks, expect even more of this spam as more spammers get on the bandwagon.

Posted by Eric at 09:40 AM | Comments (0) | TrackBack

IBM enters the world of anti-spam

IBM has created something called "FairUCE" (Fair use of Unsolicited Commercial Email). According to this article, the technique sounds similar to Domain Keys and Sender ID techniques - although different in that it is analyzing the IP of the sender and then the IP of the domain it claims to be from to look for discrepancies. Then on top of that it adds in a challenge/response system if the lookup on the headers fails the tests run on it.
That last part is causing a lot of confusion and anger - people tend not to like the challenge/response systems, and there is currently a misconception about FairUCE in that it is setup to flood the spammers back if they fail the test - but IBM is saying this is not true and that it is just part of the challenge/response system.
FairUCE also has whitelists and blacklists, as do most spam systems, so that mail can bypass the processing stage if it is known to be a good/bad sender.

Posted by Eric at 09:19 AM | Comments (0) | TrackBack

ZDNet webpage used by spammers

Much like the eBay webpage "bug" which we mentioned previously, there is now a similar issue at ZDNet.

The spammers make it look like a ZDNet link, but redirect to their own pages instead, making the uneducated user think that they are going to a more legitimate site than where they are actually sent. (not to mention possibly get through some spam filters)

I haven't seen this used in getting around blog spam filters yet. But theoretically MT-Blacklist, which is so common on blogs for blocking spam, keeps a list of URLs which it won't allow in comments. ZDNet might be allowed in most blogs, so it might be a way to get by those filters.
That said, there is still a human admin on the other side who can erase those messages.

Posted by Eric at 07:26 PM | Comments (0) | TrackBack

Spammer site shut down

In our recent post talking about exposing those who buy from spam, I linked to an article over at Spam Kings. There is an update there on a site at the end of that article which was pointed to.

The issue was a spammer was showing thousands of users' data for free, but this update tells us that the hosting service for the spammer has shut them down. It is probably underway right now that the spammer is looking for (and will find) a new host.

*EDIT*
Sorry, I should clarify that while the site shut down may have been of a spammer, a better description was that of someone who sells lists to spammers. In terms of the distinction between who is a bigger jerk, the line is a fine one I guess.

Posted by Eric at 07:21 PM | Comments (0) | TrackBack

Testing a spam filter

This article discusses "Why spam-filter testing is largely a disaster."

It raises some good points, but I have two main issues with it:
1) It reads more like a press release than anything else - but they are clearly trying to make it look informational. Not which it is supposed to be, but I am guessing that it is a press release.

2) It isn't "testing" of a spam filter they are talking about - but "training" of one as it learns and the settings are tweaked.

One of the key points it mentions which I 100% agree with though are that when testing or training, forwarding spam through the server to an address is not a smarter idea for either concept. When forwarded, it will change the headers and therefore come from an address which you might have whitelisted as a trusted domain/user, but then the content is full of spam.
In terms of testing, that is then useless to you since it is coming from a good user and shouldn't be marked as spam.
In terms of training, it is again useless because the data which should be seen as spam is then going to be associated with a "good" person and therefore lesson the severity of it on future hits for that spam. (note that is only if it is a learning system using Bayesian methods or something along those lines - if it isn't one of those, then you don't have to worry as much - although I don't see much of a point of using it if it isn't one of those)

Posted by Eric at 02:30 PM | Comments (0) | TrackBack

Exposing those who buy spam

Another suggestion on how to stop spam over at Spam Kings. In this case, the idea is when a spammer is successfully sued, they have to relinquish a list of those who purchased from them and this is made public. That way we can see exactly who is buying from these spammers.

This goes back to the idea that a lot of the business which spammers do is in the grey area of sales and people use them because other places won't sell it, or they just want to be more discrete about it. If that second option is taken away, perhaps people will buy less from spammers.
And if people stop buying from spammers, then they have less incentive (money) to spam.

Posted by Eric at 12:36 PM | Comments (0) | TrackBack

A (theoretical) FireFox plugin to ensure click-fraud on popups

This blog entry comes up with a theoretical idea of how to get rid of popups. There have long been pop-up blockers which stop it from loading - but as we have mentioned before, the advertisers are finding ways around that.

The idea this person has is that a FireFox plugin (he is saying FireFox because it is the browser he is using, but theoretically it could be a plugin for any/all browsers) would see that there is a popup, block it from being visible, but send clicks to it to load the site it is an ad for, and then randomly click around that site - mimicking a "sticky" user and showing user agent data which would look like a real user. But none of this would actually display in your browser, it would be going on in the background.

The idea is stems from the concept that 90% of pop-up ad clicks are accidental anyway. So this makes 100% of the clicks that way, so that the site would be getting traffic and usage, but the traffic would not be getting them any sales. Therefore not worth the payout of setting up the ad (technically not only not worth it, but actively increasing their costs with no return).

The good part - if you could create this plugin and many people used it (and I think they would), it would drastically change the pop-up style ad market and likely kill it (or at least cause them to work out a way to get around it).

The bad part(s):
1) A pop-up is in a small window. When you click on it, it opens a new window - sometimes done through a "_blank" HTML reference in the "A" link tag, but far more frequently via JavaScript. This spawns a new window and routes that browser to the ad company who is hosting that popup ad. This allows them to track that the ad was clicked on. From there, it forwards you on to the site who is paying for that ad and it is tracked that a click has happened and a charge is incurred for the ad. (I haven't purchased pop-up ads ever before, but I am guessing that there is a setup fee, and then a fee for each click - I could be wrong)
In order for this plugin to work, it would either have to work graphically and hit the links that way - which is a really bad/stupid idea, or it will have to pass know/find the URLs to follow and pass them properly through. The graphical approach would be easy to get around by the ad people by moving links and active areas around so that they are not always in the same place. It would also have to rely on the windowing system of the browser/OS to be able to "see" items without them actually being rendered to the screen.
The other approach could be bypassed by changing what data needs to get passed along each time (including a Javascript watch on events so that actual clicks take place). This would require updates to the code so frequently that either only certain ad types could be blocked, or it would need constant supervision for a developer to feed in changes.

2) You can't just tell a site "hey, this was clicked", it actually tracks what is downloaded. Plus, for this to really be a problem, you want them to see wasted bandwidth which isn't getting them more sales. So that means the pages actually have to be downloaded in the background and that means anyone using this plugin would have greater bandwidth usage themselves. That is fine if you are not footing the bill and have a large pipe. It is not so good if you are paying for your bandwidth yourself and/or have a very small pipe (slow connection).

I think it is a very clever idea and exactly the sort of innovation that the internet is perfect for - mass idea collectives and people to organize and build it.

Although I hate to be a nay-sayer - but I really don't think that this could work in practice for a broad scale or time period - there are just too many easy ways for the ad companies to get around it with simple changes on their ends.

Posted by Eric at 11:42 AM | Comments (0) | TrackBack

Use an appliance to reduce server load due to spam

This article states the obvious in that it says if you use a network appliance to reduce the amount of spam on your network, your mailserver won't have to work as hard.

Posted by Eric at 11:21 AM | Comments (0) | TrackBack

New collaborative filtering tool for sharing networks to reduce spam

ZDNet has an article up on a new process for cleaning spam from file sharing networks via collaborative filtering.

The project aims at the heart of peer-to-peer networks' biggest weakness today. Allowing people to search each other's hard drives has made hundreds of millions of files potentially available at a mouse-click, but search results remain spotty and badly organized, much like the early days of Web search.

What would ordinarily be a straightforward computer science question has been complicated by the fact that so many of the files on peer-to-peer networks are songs or videos under copyright. In this case, improving search results could also contribute to making copyright infringement more efficient.

Peer-to-peer networks have been polluted with junk files and spam almost since their inception. It took spammers only a few months to realize that the popular networks presented a new opportunity for unsolicited advertising, and to adapt their technologies accordingly.

I recall seeing that someone wrote a paper showing how social networks can be destroyed (in terms of their usefulness) by adding bad data to the system. Say you have a network of shared music files. There is a threshold after which the system is no longer useful - that threshold is dependent on honest naming of the files. Something as easy as me uploading audio of me belching the alphabet and naming it the same as some new hot song disturbs the system. Doing this on a larger scale can actual defeat the system.
This paper was very good news for the music industry and they actually pay people to purposely do this to muck up the P2P systems which share music files.

Additionally, images, movies, text files, as well as the music, will be added by spammers and they will have names of items which would be popular on the network - but when opened are either just ads, or in worst case scenario - are viruses/trojans/malware.

This new approach hopes to address this problem. It does seem that it still has the flaw of relying on the fact that users will be honest in their rating - so in order to get around it, the spammers will just need to rate their own items as legit and get other spammers to do that as well.
That way it throws off the signal to noise ratio of the system and we are back where we started.

Posted by Eric at 10:46 AM | Comments (0) | TrackBack

New anti-spam law in the Philippines

A recent law was passed in the Philippines which goes into effect this week. Created to prevent spammers from targetting mobile devices unless expressly told that the end recipient desires to be contacted. And by "prevent" that is meant in a legal sense - in that you can still do it, but there is now a legal recourse available to the recipients.
According to the article:

The Philippines uses text or short messaging heavily, with each subscriber sending an average of 252 messages per month, according to Taylor Nelson Sofres, an international marketing information group.

WOW! That is a huge amount of text messages. Perhaps I am in the minority in that my text message usage averages around zero per month - but it appears that the Philippines would be towards the higher end of text message usage. Which of course is why the spam was such a problem - the spammers felt it was a great way to reach a lot of people easily.

We'll have to keep our eyes open to see if this new law actually helps reduce the amount of spam sent that way.

Posted by Eric at 02:01 PM | Comments (0) | TrackBack

German Telco Company Fined for Spamming

A German mobile phone company spammed a Danish company's (competitor?) customers and is now being fined for its actions.

Posted by Eric at 10:53 AM | Comments (0) | TrackBack

Anti-spammer is sued

Spam Kings has an article up which points out that an anti-spammer is getting sued.

It looks as if the guy received what he felt was spam from a travel company. He then tried to sue the company under Oklahoma law (where he resides) and offered to settle for about $6K. He also created a page slamming the company which in turn led to... him getting sued for $4M in damages by the company.

I am very curious to see how they justify $4M.

Posted by Eric at 03:58 PM | Comments (1) | TrackBack

Dealing with annoyances

This article on the NYTimes website hits home with me in two spots.

The first being that when I lived in the States, I derived extreme enjoyment from tearing up all of my junk mail which didn't have the pre-paid envelopes enclosed and then stuffed that junk mail into the mail which did have those envelopes. I knew that the more I put in there, the more annoying it was on the other end (although I suspect by now they have a way of weeding that out). More importantly the heavier it was, the more the other side had to pay for it.

The other of course is the spam reference, in this case to something which happened some time back (I don't recall the exact date, but it was over a year ago) when Slashdot put up the address of a spammer (well, Slashdot themselves didn't, but a user on the site) and said spammer was flooded with junk mail:

Some Web sites specialize in arming people against online annoyances. The site www.slashdot.org posted the name and the mailing address of one of the worst known spammers, encouraging people to sign the spammer up for catalogs and other junk mail to be sent to the spammer's home. Mr. McKiernan of the Postal Service said that this tactic also appeared to be legal, but might constitute harassment.

I don't know if I am exposed to more annoying things than some people, or if I am just more easily annoyed. Currently leaning towards the latter. Deep breaths. Count to ten. Drink heavily. That's my motto.

Posted by Eric at 03:11 PM | Comments (0) | TrackBack

There have been a few signs lately that Gmail is opening to the public

I have seen mention in a few places that Gmail looks to be opening to the public. That said, it still appears to be part of a slow roll out and current users still have invites available to them to hand out.

Speaking of which, I have 50 invites if anyone still wants one.

Posted by Eric at 05:41 PM | Comments (0) | TrackBack

AOL AIM TOS

AOL has apparently rewritten their Terms of Service for AIM to make it more clear as to what is and is not monitored. BoingBoing has a congratulatory note here.

Posted by Eric at 04:23 PM | Comments (0) | TrackBack

Spam Hijacker

We posted before about the spammer who was in a legal tie-up with Bell South (and lost) because he hijacked user accounts and then used them to send out spam.

Now on the surface this may look skilled - after all they say "hijack" and most people have visions of cyber terrorists wearing masks and doing things we see in movies with modified hardware and skills which look like magic.
But in reality, all this guy did was use a program which brute forces its way into user accounts which are web accessible. You run the program and it tries frequently used passwords, then moves to a dictionary attack (trying every word in a dictionary), and then it moves to a brute force attack of combining all possible keystrokes. That takes no more skill than downloading a program, running it, and pointing it at a site.
That is usually referred to as a "script kiddie" hack in that it required no skill or intelligence and simply just requires someone dumb enough to run it.

Some things that we should keep in mind knowing that was how the hack occurred:
1) It is possible that Bell South should be blamed more in this than they are. This program tries passwords over and over again - if their server allowed more than 3-5 failures on the password and then more tries after that, they are at fault for extremely poor design. It is generally accepted that if a legit user doesn't get their password in 3 to 5 tries, you lock them out and either require them to phone in, or wait a day to try again. This should account for any legitimate use of the password failures, but prevent hacks like this from getting in.
2) Having said that, it is possible that Bell South *did* have such a system in place and with so many user accounts, it still worked just fine even with the stop. If it saw the stop, then he moved on to another account. The key in that case then would be poor password selection on the part of the users. If your password is in the dictionary, then it will be "broken" very easily (technically nothing gets broken in this case, really more of a guess).
3) Both of those points aside, it is still 100% retarded to do such a thing since in order to get those accounts, you have to use an IP address to get there. Even if you frequently change them and go through proxies, the logs are going to be full of data showing that it isn't the intended user of that account and that it is experiencing odd behavior from another location. That means it will draw attention to the account and there will be a long trail pointing to the exploit and the person using it. Just another example that it is a script kiddie approach. While all hacking/cracking like this is frowned upon by skilled programmers, the worst kind of all is the script kiddie approach since it doesn't show off any skill. At least if someone does something with flair and intelligence, you might hate them for what they did, but you have that glimmer of respect for how they did it - not so in this case.

Posted by Eric at 09:38 AM | Comments (0) | TrackBack

Google 302 Exploit

Always keeping us on their toes, it looks as if some devious folks are making use of redirects to steal Google traffic from other sites.
That link is from Slashdot, so I think the best way to sum it up is with a bit of the intelligent discourse which goes on over there everyday:

Hey look! Someone forgot to RTFA!

You use 302 to hijack someone else's page in Google's search results. Your bogus ad infested page shows up instead of the actual content the user was searching for (and thought they were going to see), while the real website that you hijacked doesn't get any more Google traffic. That's the exploit.

Dumbass.

Posted by Eric at 09:33 AM | Comments (0) | TrackBack

Online Poker

There is currently a movement afoot in many blogs to point to Wikipedia's page for online poker.

The idea being if so many fake blogs are being started up just to raise the page rank of gambling sites, then bloggers can overcome that and by linking to that Wikipedia page, hope to make it the first link.
While this isn't exactly revolutionary or something which will change the world, it is fun to see innovative thinking like this. (although you could argue that there are now people who want to find online poker sites and are going to be frustrated by this effort)
This technique by the way is called "Googlebombing".

Posted by Eric at 09:06 AM | Comments (0) | TrackBack

VoIP, more spam coming your way

Over on Slashdot there is something up about how telemarketers can dodge the few things which may prevent them from phoning you these days by going VoIP and outsourcing. No longer having to worry about the legal restraints (since they aren't technically phoning you by the methods those laws apply to), or the monetary hinderances of long distance, telemarketers can no phone from overseas in cheap locales and do what they do best - annoying the hell out of everyone.
Keep in mind that sadly the worst part of this is that it will work, just the same way that spam does. People actually buy from them, so they make money, so they keep doing it and worse yet, it draws in competition - meaning even more annoyances. And where there are people trying to sell you something, there are people trying to scam you out of your money as well.
Same techniques, just different technology - whether it be instant messages, voicemail, person to person, regular mail, email, or anything else that comes up over time - the key is making it cheap and easy for them to do (reminds me of a Jamie Kennedy joke about how the days of carrier pigeons likely made for more thought out and necessary letters than today's email age).

Posted by Eric at 12:41 AM | Comments (0) | TrackBack

Spyware and... spyware

Over at Spam Kings there is a post mentioning that Spyware Assassin is a scam. Note that "Spam Assassin" is a very good spam filter and is legit - "Spyware Assassin" on the other hand is just a scam riding on the name and success of Spam Assassin.

Slashdot has a post mentioning that there is currently spyware which infects IE via FireFox (and that this is only on Windows systems running Sun's Java Runtime Environment). So frustratingly, even if you have switched to FireFox, you can't uninstall IE from the system, and in this case still get hit. (technically I do recall seeing someone post details to their website about how they removed IE from a Win98 system, but that was some time ago and it is not necessarily feasible now - also it was a non-trivial process)

Posted by Eric at 12:32 AM | Comments (0) | TrackBack

Interesting read on bot nets

Security expert Bruce Schneier points to a very interesting read about bot nets and the threats they present to the internet, as well as what we can learn from them.

I have a hard time reading these things and not thinking of movies like The Terminator. Even though in this case, it is referring to organized groups which use the bots to take down networks via distributed denial of service attacks if they don't give them money.

Posted by Eric at 06:37 PM | Comments (0) | TrackBack

New Zealand to see an increase in permission based email

Somewhat like our recent note here, New Zealand is going to see an increase in permission based email because of a recent deal between companies there which specialize in such things. The main difference in these is a "dual opt-in" process which involves the person signing up and then also responding to a confirmation email.
The theory is that this will mean your userbase is only composed of people who actually want you to email them, and with that you can collect more data from them since they are opting to give it to you.

Previous single opt-in methods would result in larger lists of users, but they might not all want to be on there, with only a smaller subset actually wanting your email. So this new dual opt-in process hopes to avoid that and stick to only that subset of interested people.

Posted by Eric at 02:18 PM | Comments (0) | TrackBack

When is spamming really spamming?

Silicon.com discusses the slippery areas around the differences between bulk mail and spam. There are many who would argue that all bulk mail is spam, and there are those who would fight against that (usually the bulk mailers).

A broader concept which is frequently used is that spam is any mail you are getting but don't want. This isn't a technically valid definition since it could be that I don't want bills emailed to me since I hate having to pay them, but they are still legitimate emails. Or I could not like some of the emails I get from staff at work and don't want them either, but they aren't spam.

Along the same lines, if you signed up for a service and either agreed to get mail or asked to get mail, but later changed your mind - unless you told them to stop sending you that mail, it too is not spam.

And it is that last point where things get sticky in the legal sense. There are currently plenty of loopholes which allow spammers to claim that they thought you actively wanted to be on their list and were misinformed by someone else, or they say that you didn't understand some agreement - and frequently their unsubscribe system conveniently is broken. The CAN-SPAM Act actually allows for this as long as it is fixed in a "reasonable period of time" which isn't defined and likely only starts once reported.

So when is spamming really spamming, and when it is just annoying mail? As with most things in life, it is not always a cut and dry answer.

Posted by Eric at 02:12 PM | Comments (0) | TrackBack

Forget phishing, now its pharming

Just in case you thought you could rest easy and assume you had all of those zany spam/spim/scam/phish/virus/maleware/etc names down, you have a new one to worry about - pharming.

First came phishing scams, in which con artists hooked unwary internet users one by one into compromising their personal data. Now the latest cyberswindle, pharming, threatens to reel in entire schools of victims.

Pharmers simply redirect as many users as possible from the legitimate commercial websites they'd intended to visit and lead them to malicious ones. The bogus sites, to which victims are redirected without their knowledge or consent, will likely look the same as a genuine site. But when users enter their login name and password, the information is captured by criminals.

The best way to avoid these sorts of things is to stay educated about how the internet works and how to avoid these types of things. While making it easier for everyone to get online is a great thing in concept, it also means you get a bunch of clueless and gullible people in there as well, who aren't yet versed in how things should look/act/work.
This is what phishers/pharmers/scammers prey on and your best defense is to simply learn more about it all so you know what to avoid.

Posted by Eric at 02:06 PM | Comments (0) | TrackBack

Blogs, the new spam

Well, hopefully this doesn't speak poorly about this site, but apparently blogs are the new spam. AdRants points to a few public statements made by a few people who feel blogs are the new spam. In this case meaning the newest avenue for putting up garbage to get more traffic, to sell more product. The blogs are full of links to either get a higher page rank themselves, or more importantly raise the page rank of the sites which they are pointing to (which are sites selling things).

The main difference is that it is easy to not read a blog, you have to go and seek it out - as opposed to email which gets delivered right to your inbox. So the key difference here is in terms of search engine noise. Doing a search for "mortgages" 4 years ago might have rewarded you with the top sites for mortgages. Now the same search will think it is doing just that, but it is returning all spammer/scammer sites.

Posted by Eric at 02:01 PM | Comments (0) | TrackBack

AOL clarifies statement on AIM

Slashdot has up a clarification from AOL on the AIM Terms of Service. According to AOL, they only meant for those to apply to "posts in public forums" and that they don't store AIM conversations on disk.

On one hand it wouldn't make sense to store all of the data that is transmitted everyday over the AIM network - it would just be a huge storage task. On the other hand, they easily could store anything they wanted to, just monitor the feed for keywords or certain users, and then selectively log that.

Using an encrypted chat program makes that much harder. I'm currently just avoiding using chat programs at all right now since I don't get much out of them in terms of benefit which couldn't be derived from email, and I don't really chat with people too often.

Posted by Eric at 11:46 AM | Comments (0) | TrackBack

Are tougher laws in Canada making for less spam?

Slashdot has a discussion of whether or not spam volume is actually down in Canada or not - and if it is down, is it because of very strict laws in place to deter spammers?

While personally I am all for anything that will lower the amount of spam sent out, I am not particularly impressed by spam laws. They work very well for allowing prosecution of spammers in your region, but spam is a global problem. You can get spam from someone in another country just as easily as you could from someone who lives next door to you. But that person who lives in another country isn't likely to face the same legal hammer that your neighbor would were he spamming.

As we have pointed out on here before, some feel that better spam filters and technology are what should be attributed for the lower numbers. If that is the case, why aren't the numbers down on a global scale? Is Canada using something better than the rest of us? Or were they simply late adopters of the filters and so are just delayed in experiencing their benefits?

Posted by Eric at 08:54 PM | Comments (0) | TrackBack

Email archiving woes

Slashdot has two articles up about email archiving woes. One which is more of a question posed by an individual who wants to keep all of their email over the years (over multiple platforms and IM logs as well). The other raises the opposite side of the issue in that it appears Microsoft is claiming to have lost email from a period of time which would be crucial in a current lawsuit against them (from Burst.com over alleged patent infringement within Windows Media Player). They have the data on either of side of the time period, but not the 35 days in question.

The first one is more of an amusement to me since I personally am not sure I would *want* that much back-history of data since it wouldn't be particularly useful and just a hassle. But it is very possible, and probably likely, that this person has far more interesting and/or important data than I have had so far.
My recommendation to him and those like him, would be to use several media types since a failure of one type would not necessarily mean failure to all of them. USB flash drives are large enough now that you can hold a huge amount of data - 1GB is very likely enough to hold all of one person's email over the years and IM logs (text is small) - that is assuming you aren't also keeping large attachments. (one of the executives where I work has nearly a 2GB mailbox and it is because he read that Bill Gates never deletes anything - just for the record, that is a bad reason to not delete anything from your inbox)
Between CDs, DVDs, USB flash drives, and portable hard drives, you could back-up most any home email archive with a bit of overkill. You could put a tape drive in there too if you were really paranoid of media failure - but if you are that paranoid, then you should probably also distribute the media in different secure physical locations and perhaps also upload it to a networked server too.
(a lot of that is tongue in cheek since it is extreme overkill for pretty much any home use - but actually probably not enough for some corporate environments, so it isn't quite as ridiculous as it sounds)

Microsoft's problem on the other hand is entirely different. Now there are plenty of small companies that have lost backups and archived data. But in this case, Microsoft has the data on either side of the loss and the window of loss just happens to be during the period which the lawsuit wants.
There are a few ways to look at this, each equally valid depending on which side you are viewing it from. One side sees it that Microsoft is clearly covering their butts in this case and know that they have the money and legal team to tie this up in the courts until the other side gives up or runs out of money. Another side is that Microsoft is claiming that they didn't find the emails interesting enough to merit keeping and deleted them, but did find everything else interesting and so kept it. Finding something "interesting" is a subjective thing, so it is hard to claim legally that they are lying - even though they very likely are.
I have seen a few lawsuits where they pull out the email archives and use that to determine who screwed-up and where. The firms which have dealt with this before know to avoid paper/digital trails and they will handle questionable conversations in person - plausible deniability. If they say it didn't happen, there is nothing to prove otherwise. In these types of lawsuits, I have even seen companies claim that they lost their backups or had faulty equipment. Since that actually does happen, unless the law for their industry holds them accountable for such things, they aren't in the wrong (there have been changes in the fund world so that they have to keep massively detailed backups, but not every industry has specific laws for that).

Personally, I'm fairly laid back about my personal backups and I put data I must have onto CD, removable hard drives, and USB flash drives. At work we have backups to a server, redundant alternating removable hard drives, multiple USB flash drives (not large backups, just certain small but vital databases and programs), Ultrium tapes (with a relatively short rotation of a single week, since backup is more of our interest over that of archival purposes - but we are moving that up to a month with a year's worth of archival points), and a remote location backup site as well (still in progress). We rotate the removable media offsite on a weekly basis.
Those strategies, both at home and at work, are more for the purpose of getting things up and working again, less on going back to see the status of something on day X of year Y - because the nature of our business doesn't require it.
Your mileage may vary.

Feel free to post up your backup and/or archiving process and why it is at the level of scrutiny it is.

Posted by Eric at 10:00 PM | Comments (0) | TrackBack

AOL changes AIM's terms of service

We just posted something about spam over AIM, now there is this about AOL changing the terms of service on its usage so that they have rights to anything you send through it... that seems a bit much.

...by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy

Hmm, I use iChat, I'm going to have to start looking into methods of encrypted chat. I don't talk about anything terribly fascinating or juicy over chats, but I also value my privacy.
I think the main issue with encrypted chat is that it is useless unless the person on the other side is also encrypting it - and some (*cough*all*cough*) of my contacts are likely not going to bother.

If you have any suggestions for better chat platforms, which are OS agnostic, and allow encrypted chat - please post them in the comments or email me.

Posted by Eric at 02:34 PM | Comments (1) | TrackBack

If you use P2P, go open source

We recently posted a link which discussed which P2P programs don't install spyware on your system. The page recommended using LimeWire.

Now here is something which explains why you want to use LimeWire, it is open source.

Posted by Eric at 02:19 PM | Comments (0) | TrackBack

ChatSlapper

I use AIM theoretically (I am on a Mac and use iChat), and Yahoo's instant messenger, but it is only usually to talk to friends and/or ask them programming/IT/design questions. I have never joined a chat room per se, so I don't know if this is something I will ever see - but over at Spam Kings the author is explaining a new AIM spamming tool called "ChatSlapper" and he posts screenshots (apparently not all of them are work safe) and a description of roughly how it works.

Posted by Eric at 02:14 PM | Comments (0) | TrackBack

Can legal precedent against warez traders impact spammers?

Slashdot has something up noting that a warez group in Australia, never left Australia during the time of their alleged crimes, yet is being extradited to the US.

I'm no lawyer, but I am curious if the outcome of this will have an impact on the prosecution of spammers in other countries who spam the US.

Posted by Eric at 02:09 PM | Comments (0) | TrackBack

Email overload

Jeremy Zawodny talks about email overload, something own of the owners at the company here was talking to me about over dinner recently, and something we have posted about before recently.

For "very important people", email is getting to be a less and less reliable way of reaching someone. In terms of Bill Gates (and countless other top execs I'm sure), they have their own staff to manage their email for them.
If you feel that you are getting too much email to get through in a timely fashion, it is worthwhile to sit down and do some napkin calculations to estimate how long you spend dealing with each email (time to read, time to make a decision, time to act on that decision, time to reply, etc). Then multiply the average time spent on each email times how many new messages you get everyday. If that exceeds the amount of time which you can afford to spend on email, then you might want to reevaluate the importance of email in your life.
In the case of Bill Gates - he effectively makes so much per minute that it is cheaper for him to have a staff of people to work on it for him instead.
You might not be able to afford the staff, so it might make more sense for you to just spend less time on email and miss a few (or a bunch).

In the case of Bill Gates, he is likely getting people who want to ask him questions or get face time with him. In the case of others, like my wife, they get flooded with newsletters. In my own case I find that email is less of the issue and RSS feeds are my downfall.
If newletters are the case for you, then perhaps you need to reduce the number of them which you get (or at least the number which you actually read).

If you have your own suggestions for dealing with the information overload, post them up - we are all ears.

Posted by Eric at 01:27 PM | Comments (0) | TrackBack

I believe the term for that is "irony"

Over 30K people signed up for an email based mailing list to hear more about the Monty Python musical "Spamalot" (and other shows as well). But a security hole in the setup made all of those addresses visible to the public.

hen told by e-mail message about the breach, several people who had signed up for the "Spamalot" list said they were unsurprised, given the state of Internet security and the aggressiveness of spammers. Several noted that there was something appropriately Pythonesque about the incident. After all, Internet historians say that the use of the word spam to refer to junk e-mail messages has its roots in a 1970 Monty Python sketch, in which all conversation in a cafe is drowned out by a group of Vikings chanting the word over and over. The sketch and its song about Spam, the meat product, were adapted for the new musical.

"Are you sure they didn't do it on purpose?" joked one list subscriber, Matthew J. H. Baya of Ellsworth, Me. "Talk about guerrilla marketing."

Posted by Eric at 11:19 AM | Comments (0) | TrackBack

A brief interview with the director of the Spam Museum

Not the spam which clogs your inbox, but the Spam which clogs your arteries. Shawn Radford, the director of the Spam Museum in Austin Minnesota is interviewed at Newsday.com.
They discuss the canned meat product and the Monty Python musical, but no mention of any penis enlargement scams.

Posted by Eric at 11:16 AM | Comments (0) | TrackBack

An evaluation of blacklists

Here is a short blurb on blacklists. Not sure that it looks like anything new, just stating that yes they are good, but there is more out there than just those. But it does look to be good for someone who has never heard of an RBL before.
I think it is more of a press release than any sort of news item.

Posted by Eric at 11:13 AM | Comments (0) | TrackBack

MT-Keystrokes... no good for FireFox?

I had recently posted about having installed MT-Keystrokes on my blogs. Unfortunately, it doesn't appear to work with FireFox on Linux. I removed it from one of my blogs, another one I am less concerned about getting all comments on anyway, and this one I have left it enabled.

If you are on Linux and using FireFox - try commenting on here. If it doesn't work, email me please and report what happens (stenz@spamblogging.com).

Posted by Eric at 03:17 PM | Comments (0) | TrackBack

Canadians are getting less spam

According to this article, Canadians are getting less spam now and because of that are more likely to sign up for permission based mailing lists and generally use email more.

So what are the Canadians doing differently than the rest of the world? Maybe they just don't buy the stuff advertised in the spam, so spammers are giving up on sending to them?
The articles claims it is due to a large increase in users with spam filtering software on their systems.

Posted by Eric at 11:01 AM | Comments (0) | TrackBack

How to send email that gets responses

In today's day and age of spam and every increasing workloads, BoingBoing points to a little blurb on how to send email that gets responses.

I have definitely sent out emails far too long and wordy for the person to get into and instead they just skip over them. That is just one of the mistakes to be made when communicating via email so that you actually get your message read and responded to (if that is what it needs).

Posted by Eric at 03:46 PM | Comments (0) | TrackBack

Burned by Email Snoops

Here is a quick note on Fast Company talking about being careful in the workplace and assuming that your mail is being read.

One of the first things that happens in many corporate lawsuits is that the email records are demanded to be brought up from the past few years. There are laws as to how many years you must have depending on what industry you are in.
So there are many who now will deal with things only face-to-face since the phone lines can be monitored (and usually are), and the email leaves an audit trail.

So if you have something questionable to relate to someone else, either don't say it at all, or say it in person.

Posted by Eric at 03:16 PM | Comments (0) | TrackBack

Political figures, above the spam laws

This has happened before, for example recently in Australia and America, but it seems that certain government officials feel that they can send out spam and it is okay. In this case it was in Scotland, the Prime Minister sent out election related spam.

The Prime Minister was today accused of sending out “spam” – unsolicited and unwanted emails – in a bid to win votes in the run-up to the general election campaign.

Tory MP Michael Fabricant (Lichfield) claimed that although the messages began with the words “Dear Labour supporter” and are signed by the Prime Minister, he knew of recipients who belonged to other parties.

Mr Fabricant, shadow industry and technology minister, said: “DTI Ministers have publicly condemned spam, which now accounts for over 75% of all emails world-wide and could clog the internet by 2006. Now Blair is contributing to this, too.

“Interestingly, I have not yet received one of these emails. It has probably been automatically junked by the House of Commons spam filter alongside adverts for American drugs and products to improve my sex life.”

I suppose it is only wrong when someone else is doing it to you then?

Posted by Eric at 03:11 PM | Comments (0) | TrackBack

Sooner rather than later

Well, I couldn't wait, so I installed MT-Keystrokes and tested it out. I thought I might be able to test it by just pasting in text into the form, but on the MT-Keystrokes page it does allude to the fact that it might allow this to count. So I suppose the real test is holding out and looking for comment spam to show up.
I have actually been having a dearth of it on this blog as it was and nearly all of it has been Trackback spam.

So now moving on to the next one to resolve that...

I started looking at MT-Moderate and noticed this bit here:

If you ever decide that you don't want to moderate either your comments or trackbacks, simply remove the corresponding module. Let's say that you want to moderate trackbacks, but don't care about comments, then you would remove comments.pm from your server. Other way around? Get rid of the other file (trackbacks.pm) instead.

Which is especially relevant since on the blog which I referenced in the last post the author noted that it would be nice to be able to turn off the comment checking so as to avoid issues with MT-Blacklist which otherwise occur.

I will be installing that shortly.
I decided to give the numeric one a miss for now since I don't immediately see the need for that on any of my blogs at this point, especially if these other two work out.

Posted by Eric at 02:42 PM | Comments (3) | TrackBack

Movable Type anti-spam plugins

The creator of MT-Blacklist has a post up in his blog discussing new anti-spam tools for Movable Type blogs.

One I had mentioned before, which looks at the keypresses for a comment, which I remarked might be an issue for people who want to post something that they cut and pasted into your form. Apparently this also adds in the hidden field once the keypress action happens. That is better than having a fixed hidden form there, but I can still think of at least one way around that.
But it will still likely help a lot.

Another plugin is one which helps block Trackback spam - which MT-Blacklist doesn't currently do. Apparently there are issues of it not completely playing nicely with MT-Blacklist, but not so badly that it doesn't merit its use.

And then another one which blocks numeric addresses in comments. denies comment posts that use HTML numeric entities to disguise spam words.

I haven't installed these yet, but will be looking into it over the next few days. If they are particularly amazing (as MT-Blacklist was when it first came out), then I will post more of my thoughts regarding the plugins.

Posted by Eric at 01:51 PM | Comments (0) | TrackBack

419 scams impact on legit Nigerian email

BoingBoing has an entry up relating the story of a software developer from Nigeria who was having a hard time getting his email taken seriously.

It seems possible that Nigerian Internet cafes are full of emailers with names like Mr. John Richard who use yahoo email addresses and who come from a culture where it is common to write subjects in ALLCAPS. When they write to people they don't know, they -- quite sensibly -- start mails apologizing for the fact that they may have surprised their readers with an unannounced missive. Spammers and scammers put all these more upstanding folks at a real disadvantage when it comes to getting their message out.

I wonder what net behavior that I follow might be considered rude or spam-like in other countries?

Posted by Eric at 01:04 PM | Comments (0) | TrackBack

Spyware bill moves forward

Wired has an update on the (anti) spyware bill and what it may mean for us.

While the bill received unanimous approval from the Commerce Committee (and is expected to garner wide support in the full House), there remained lingering concerns about certain provisions that could lead to more tinkering before the bill hits the House floor.

Ranking committee member Rep. John Dingell (D-Michigan) said he's worried the bill's cookie exemption might be too broad.

"At least with respect to cookies, we need to make sure that we are not creating dangerous loopholes that are inconsistent with the purposes of this legislation," he said.

Despite such concerns, however, HR29 appears on the fast track for passage this year. One potential hurdle is the Senate, which failed to enact its own anti-spyware legislation in the last session even after the House passed last year's version of Bono's bill by an overwhelming 399-1 vote.

Although the House bill still has no companion legislation in the Senate, Sen. Conrad Burns (R-Montana), who introduced the companion bill that failed to pass last year, plans to reintroduce anti-spyware legislation "in the next one or two months," his spokeswoman said Wednesday.

Posted by Eric at 12:15 PM | Comments (1) | TrackBack

What is in your P2P program?

I have rambled on about spyware on people's machines here many times in the past, most recently with my discussion of how to remove spyware from your machine.

One of the very best ways to get a lot of spyware on your machine is to install a P2P program. Not only do they generally immediately install all kinds of spyware on your machine, the things download may also include spyware or other malware like viruses and trojans. Great fun.
Whenever I go to someone's machine who has been complaining about spyware, the three most common things I will find are either:
1) Casino software. If you use a good/reputable place, then this isn't an issue. But if you use a place which is slightly shadier, then they might look to make an extra buck off of you with spyware.
2) WeatherBug or similar things. Items you install to check the weather for you - I suppose for people who don't have access to doors, windows, or a web browser, that might be useful. But how often do you really need to know the temperature and weather outside immediately and you can't wait for a page to load and tell you, or just walk to the window/door and check? Apparently many people can't handle that and they install the monitor into the taskbar (to be fair, there are other applications which when you install them, they install this as well).
3) P2P programs. On the surface these are great. There is the noble file sharing effort of legitimate and legal files and that is something that most anyone can respect. Then there is the grey area of music sharing which greatly angers the music industry, but has its share of proponents (not to mention anyone loves free music). And then there is the "warez", illegal copies of software which you would normally have to pay for, but you can find for free on P2P shares. The problem is that now many of the warez copies have trojans in there of various levels of naughtiness.
Often a wonderful combination of the above.

Nearly all of the P2P programs will install extra spyware with it so that the people who make the software to handle the P2P system, and in some cases maintain a network related to it, can make money.

ZeroPaid lists all of the P2P programs for various OSes and rates them as to their popularity. And here is a page which details how much extra crap is put on your system with each P2P client.
Generally, the amount is "an absolute ton" except apparently for LimeWire.

If you really want to avoid spyware, one of the best things you can do is never install a P2P client. Second best, if you really must have one, install LimeWire.

I have told this to countless clients regarding their home systems, and inevitably they always go and install it all back in again, have problems again, and come to me. These days I now turn them away and tell them that if they aren't willing to change their ways, I am not willing to help them. Not even for money.
(To be fair, 99% of the time it is a son/daughter living at home that is installing the software on the machine, and it is the parents coming to me about the problems. I can remember being in high school and college. Someone asking me to stop doing something was akin to them conversing with a wall - a wasted effort.)

Posted by Eric at 11:41 AM | Comments (0) | TrackBack

Missouri To Tackle Spam

State legislators in Missouri are looking to pass a bill to make spam of a certain type (that which has a misleading subject) a felony, allowing prosecution of those sending from out of state.

"We would have the ability to go out of state and bring someone in,” Klahr said. “Obviously, until we pass this law, it will be hard to know if what they are doing is illegal or not, but we have some targets that we would like to follow through on.

”The only opposition to the bill in the hearing came from Michael Grote of the Missouri Chamber of Commerce. He urged the panel to examine what constitutes a deceptive e-mail. His department, for example, sends out a weekly e-mail newsletter that does not contain the chamber’s name in its header.

“Even though it says Missouri Chamber of Commerce all over the body of the e-mail, we would be in violation because of that header information,” Grote said, “If those situations are resolved, which I think the sponsor is willing to do, that would change our position on the legislation.”

Ohio, Virginia and Maryland have passed similar legislation.

Three points come to mind:
1) The opposition raises an excellent point. While it is fantastic to try to stop spam, I am not sure how they are going to be able to word this so that it only focuses on spam and doesn't limit freedoms of people who are doing nothing wrong. While I doubt it would really limit freedoms, I think that it would be feasible to use any uncertainty to get spammers out of trouble when charges are brought forward. Which is pretty much where we stand as it is now.

2) The article mentions "AOL Lobbyists" and how they are saying the spam is out of control. While I completely agree that we should do all we can to limit/stop spam, I always cringe a bit when I see something is coming about due to lobbyists. That should always set off a flag to see how this would benefit the group lobbying in a monetary sense. If AOL wants this through, is it for the good of its members? For the reduced cost less spam would allow them? Or is there a way they would actively make more money because of this?

3) If spam is being sent from outside of the US, does this law help in any way? If someone spams you from China, does a law in Missouri make any difference to that person? Reverse the scenario - if someone in China gets spam from someone in Missouri, does the fact that China has a law which says they have the right to torture and kill that spammer mean that they can do that to the person? Granted they don't really have that sort of law that I know of, this is just an example, and also granted we would probably love to see that done to some spammers it seems - it is a sketchy area to have to be forced to follow the laws of other countries. I suppose it largely depends on our relations with that country and what extradition treaties we have signed.

Posted by Eric at 11:23 AM | Comments (0) | TrackBack

Great Minds Think Alike

Great minds think alike... or maybe in this case, "jaded souls agree". AdRants has a post up on the "news" that ADBUMb is going to stop posting ads for spam/spyware. AdRants then makes a comment both on how much they had posted before regarding that, and also how that is how they make their money (ADBUMb that is).

I had seen the press release this morning that ADBUMb put out and my reaction was the same, added in with a bit of "who the hell is ADBUMb?" I thought I had read that they claimed to be #1 in online advertising - but really they are saying they are the number one advertising online newsletter... which is probably a fairly small field. Perhaps of size "one".

Posted by Eric at 11:13 AM | Comments (1) | TrackBack

Who buys from spam?

One thing is certain in the spam world: if people would stop buying from the spam they got (or falling for phishing scams), then there wouldn't be money in the spam-world and it would come to a grinding halt.
So who are these people that buy from spam? That is exactly what this article is asking. They review some of the figures and are appropriately skeptical of how high some of the figures are. But also keep in mind that the site the article is on is one for direct marketers, so they are very interested in how to get people to buy from email.

One thing that I don't think they mentioned, and isn't frequently mentioned in part of the reason that spam is successful - a lot of what is sold is on the fringe and for good reason. Whether it is illegal, irrefutable, or just embarrassing, a lot of what is sold via spam gets clicks because it is not available elsewhere for those reasons.
If Amazon sold penis enlargement pills, then people likely wouldn't buy from the spam selling it. After all, Amazon can go lower on prices due to the quantity with which they can work with at any given time and they are a reputable company, so people would prefer to buy from them over some guy in Florida.
But Amazon won't sell that sort of thing because it is in the grey area of the market. Questionably legal and questionably effective. So the fringe market steps in and sells via mass marketing over spam.
That is rarely discussed as to why spam sadly does so well.

Another thing to note, the article says that there hasn't been an initiate to approach stopping spam from the other side - not worrying about who is sending it, but instead educating the buyer to stop buying from there.
But there is an effort to do just that - notice in our sidebar - we have a link to "Spam, Don't buy it" which is part of that education process.
So while I am at it - let me ask you again to spread that link around - let's educate those who are buying from spam.

Posted by Eric at 10:53 AM | Comments (1) | TrackBack

The woes of direct marketing

One of the issues with anti-spam measures is that it tends to block companies who deal in direct to mail (email in this case) marketing. There are still newsletters and other legitimate enterprises which are having issues of getting blocked by spam filters.
That article seems to indicate that the problem is that too many of those businesses don't format their emails properly and/or take further steps to ensure the mail gets through by avoiding sending email which looks like spam.

That said, keep in mind that the site it is on probably stands to gain by helping you shape your email so that it gets through - or at least telling you that it will help.

Posted by Eric at 10:45 AM | Comments (0) | TrackBack

The cost of spam

About once a week there is a news article up about how much spam costs businesses. They each have a different figure, of course due to a different way of calculating the costs. But the one constant seems they all stand to benefit from the figure being as large and as scary as possible - that way businesses will then authorize more money to be spent to trap spam, and that is good for those involved in stopping spam.

Incidentally, that link we provided claims that "spam costs UK businesses £1.3bn a year".

Posted by Eric at 10:27 AM | Comments (0) | TrackBack

Spim, Spim, Spim

The news sites are all over spim these days (mobile messaging spam). They love those new buzzwords. Nothing terribly new in this article, but this is interesting:

Rochelle Cohen, senior director of media relations for Cingular Wireless, was reluctant to comment on the legality of domestic cell phone spam. In order to evaluate the lawfulness of such wireless advertisements, she said a detailed definition of what spam is and precisely where it is sent from must be established per case.

Posted by Eric at 10:03 AM | Comments (0) | TrackBack

Spam stats

Bigfoot Interactive released the results of a study which they ran and according to them, spam is on a decline, but spyware is up.
Only about 500 people were used in this study, so I am not sure how realistic it is. Also note that from the way it is worded, it appears that it was based on opinion as opposed to actually studying content.

So we are now seeing multiple reports from different groups which are reporting similar things. That is good to see that it wasn't just one poorly run study. That said, it is entirely feasible it was several poorly run ones so far.

Posted by Eric at 09:58 AM | Comments (0) | TrackBack

More on SMS.ac

Russell Beattie talks more about SMS.ac and how they are a scam.

Posted by Eric at 12:01 AM | Comments (0) | TrackBack

More on comment spam and Movable Type

Recently we had a post here about avoiding comment spam. In there I mentioned that I liked the idea of checking how many keystrokes were typed for a comment. If none, then assume it is a bot and don't allow it to submit.
Now there is a Movable Type plugin to do this.

While I do like the idea, there are still plenty of reasons to be careful with it. If a user doesn't have JavaScript turned on in their browser or if they only use their mouse to submit a comment (copy and paste, then press the submit button).

Posted by Eric at 11:47 PM | Comments (0) | TrackBack

Matt Haughey comment on blogs and spam

Matt Haughey (creator of MetaFilter among other things) has a comment up on his personal blog saying that Blogspot is broken - it is part of how spammers operate and it is a hole that needs to be plugged.

A friend recently returned from a anti-spam conference and said someone gave a demo of a spamming tool. They showed how it grabbed a zillion email addresses from a database, started churning out the email while hopping from one free open proxy server to another, and one curious last step was to automatically create a new blogger account, create a new site on blogspot, and load the email text from the spam as an entry. The last step was to raise the search engine position for the spammer's site and message and was completely automated.

He closes saying that there should be a Turing test (captcha) of some sort to reduce the automated bot usage of Blogspot, which is certainly a good starting point.

Posted by Eric at 10:06 AM | Comments (0) | TrackBack

More phishing woes

Clearing phishing is working because the increase in volume and change in tactics/techniques in order to keep it alive is evolving. Were phishing no longer an effective process, these things would die off and we wouldn't keep seeing things like this disturbing news via Slashdot:

In the continuing evolution of the phisher, the latest scams are crafting deceptive email links that include a bank's URL, but send victims to a phishing spoof site. The phishers are combining wildcard DNS, URL encoding and redirection services to construct the URLs. Netcraft has examples of emails that presented barclays.co.uk in the URL but sent clicks to a spoofed page at a server in Moscow. A DNS cache poisoning attack over the weekend also highlights the potential use of DNS tricks in 'pharming' (phishing using redirection rather than bait emails).

While this is a bit unnerving, there is still an easy way to protect yourself: don't click on these links in emails. If you get an email from PayPal, your bank, your credit card, etc and they are asking/telling you XYZ needs to happen just follow the supplied link - don't click on it. Instead open up a new browser window (ideally not IE) and then manually enter in the base business URL and login from there.
If whatever it is that they are telling you is legit and truly important, then the information will show up there once you login. If it does not and you still are wondering - call them.

It is key that you just put in the base URL which is actually theirs. If the email tells you to go to "http://www.paypalservices.com/userlogin/whatever.html" that DOES NOT mean go to "http://www.paypalservices" - instead I mean go to PayPal's actual base site which you know (https://www.paypal.com) and login there.
Assume that any URL given to you in the email is trying to scam you until you can prove otherwise.

Of course, it also helps if you know how to read the headers and see if it really came from the servers/network from which it claims - but even then you can't trust it 100% (it could be due to a compromised machine in that network).

But the short and easy thing to remember is "do not click on any links sent to you via email".

Posted by Eric at 09:46 AM | Comments (0) | TrackBack

China to accelerate anti-spam law process

According to this article, China's anti-spam legislation is being pushed to accelerate the process of being put to law in the hopes that when it is in place more spammers will be caught.

A key point in the article being at the end:

hough spam seems to have slightly declined according to those figures, the biggest difficulty is still finding the original senders of spam. In China, it has been difficult to find the owners of certain IP (Internet Protocol) addresses because often the IPs are registered using proxy services, or are registered with false contact information. Li Yuxiao says the newly enacted "Internet IP Address Record Management Measures" are one way to solve the problem. These new measures will require better contact details from owners of Internet-based services.

If they currently can't even find who is sending the spam, then the spammers are set. This is bad for all countries since spammers will continue to operate out of China if this is the case. But according to this, once the in place, these changes should make it easier to track who registered what IP address and then go after them to find the spammer(s).

Posted by Eric at 09:17 AM | Comments (0) | TrackBack

Pop-up/under Trickiness

Recently we were discussing that there are a series of new pop-ups/unders which are beating the software which is designed to block them. Safari, FireFox, and even updated versions of IE will block pop-ups, as well additional toolbars including the one from Google.

Not all of them work this way, but the good ones do. They employ an effective strategy which consists of looking at all events which ask for a new window to be generated, and they look to see if they either come from the browser (if you went into the File menu and created a new window), keyboard (Ctrl-N in Windows), or from an on-click event (you clicked on a link designed to pop-up).

What the new variations of these are doing is that when you click on any of the links on the page, they are also executing JavaScript code which opens a window (whether it is in front of behind depends on their preferences, but generally speaking the ones going behind are showing to be more favored since they are less immediately noticeable, and therefore it is harder to know which site spawned it off on you - therefore you can't rage at them and might even click on the ad).

There are a few ways around this, but it is yet another example of how the spammers and annoying advertisers are playing the never ending cat and mouse game with the people who want to block what they do.

Posted by Eric at 01:10 AM | Comments (0) | TrackBack

Spam is up, zombies are down

MessageLabs is telling us that spam as a whole is up, but zombies are on their way out... or at least down.

According to the brief blurb at that link, spam use is up due to innovation on the part of the spammers. No word on what that innovation is, but apparently it doesn't involve zombies.

If I had to guess, I would imagine that it does involve zombies, but they are sending out through the ISP mailservers instead of directly from their host machine - just like we discussed recently.

Posted by Eric at 03:29 PM | Comments (0) | TrackBack

Windows hole from 8 years ago... still there

Slashdot has a post up discussing how a security vulnerability which was first discovered 8 years ago... still exists in Windows Server 2003 and Windows XP.

The issue is one similar to many in Windows where an open port is sent data which then causes the machine to react in a way that it should not. The machine is sent data which causes it to crash - "freeze up" in this case, which is actually worse than rebooting since presumably a reboot would allow services back online once they came back up.

The "fix" for this, aside from actually not having the problem in the OS at all, is to make sure your firewall is up and working. You do have a firewall right? I believe even the built in firewall for Windows should work in this case (just make sure it doesn't get turned off by the many software products out there which do just that).

Posted by Eric at 02:42 PM | Comments (0) | TrackBack

New Mobile Device Virus?

Gizmodo has an appropriately skeptical view on what is thought to be a new MMS/Bluetooth virus, and a company which happens to come out at the same time with a solution for it.

Posted by Eric at 02:22 PM | Comments (0) | TrackBack

Malware with huge download potential

Slashdot has a post which points out malware that will see if your machine has what it needs (.Net in this case) and if not will download it to your machine... which is a 65-100MB download.

Posted by Eric at 03:00 AM | Comments (0) | TrackBack

N.C. Government anti-tax spam

Government lawmakers in North Carolina were recently hit by a massive volume of anti-tax spam:

An e-mail message to members of the General Assembly designed to publicize an anti-tax sentiment and promote cuts in government spending seems to have missed its mark.

Instead, the e-mail ignited protests from North Carolina legislators and staffers as the unsolicited e-mail was repeatedly duplicated through internal settings and automatically forwarded to other staffers and aides.

The volume of about 450,000 messages nearly overloaded the General Assembly's e-mail system.

The North Carolina branch of Americans for Prosperity, a Washington-based special interest group, set up a Web site that generates e-mail messages to state legislators automatically with the push of a button.

A legislature spokesman said officials are working with the group to find a way to deal with the problem.

Sounds like a bug in the software there somewhere (or what someone is claiming), but even after reading that a few times, I am not entirely clear what happened there.

Posted by Eric at 01:12 AM | Comments (0) | TrackBack

Hardware solutions

I had just mentioned that a hardware solution may be the way to go for ISPs in this post here. One of the hardware options for that sort of thing might be something from IronPort - here is a review of one of their bits here, the IronPort C60.

The review looks to be overall favorable, but when reading through it a bit, I cringe a little since it uses Symantec's Brightmail. At one time Symantec was a great company and it has built up that name to have fantastic recognition and penetration into the computing market.
The problem is, every single IT person I know these days hates Symantec and their products have really slipped over time. So I would be very hesitant to go with this particular product personally, but do keep in mind that the reviews look good on it - so perhaps this is quite good. I haven't used it, so I can't say.

We do use Symantec's Norton Anti-Virus Corporate Edition in the office and it works well enough for us. It isn't great, but it isn't bad either. The main issues that I have with it are that it is missing a few of the stats that I would like to see on the data it processes (not a big deal as long as the anti-virus part actually works), and the fact that its exclusion lists routinely ignore whatever you tell them to look at - especially if you are using another company's anti-virus to scan a e-mail.
The biggest issue that I have seen with Symantec is that while their website has a support section, they are hiding more and more of it in a section for which you have to pay in order to get access. And then frequently the "support" will note a problem and then have a "solution" which does nothing more than acknowledge that some people have that problem and some don't - no fixes though.
On a side note, generally the absolute worst Symantec product, by far, is WinFax. As long as this IronPort hardware doesn't ever have WinFax on it, it may just be okay after all.

Note that IronPort is its own entity and not Symantec - I am only pointing out that it contains an anti-spam solution from Symantec and warning as to previous experiences I (and the IT groups that I deal with) have had with Symantec over the years.

Posted by Eric at 01:58 PM | Comments (0) | TrackBack

ABC News suggestions on spam

ABC News suggests that outsourcing your email might be the best way to stop spam.

They look to be mainly talking about Postini:

When the company's Exchange server crashed one morning, things finally came to a head. Unable to get XWall back up and running—and with spam piling up—Markohon decided it was time to outsource the job. He phoned Postini, an antispam service based in Redwood, California, and in less than an afternoon, without installing a single piece of hardware or software, he'd replaced XWall with a new spam filter. This one not only blocks more than 90 percent of the company's spam, it requires next to no upkeep from his staff.

Instead of relying on an antispam appliance or local software application, Leupold simply redirects its incoming e-mail to one of Postini's data centers. Postini then filters the e-mail, keeping spam quarantined on its servers and sending legitimate correspondence on to Leupold. If employees wish to look through their quarantined e-mail or Markohon wants to monitor or adjust the service in any way, they can do so simply by opening a Web browser.

To set up the Postini service, all Markohon was required to do was change Leupold's MX records (the mail exchange records held by domain servers across the Internet that specify where messages should be delivered), create user accounts for all the company's employees, and specify how aggressive he'd like the spam blocking to be. "I had assistance from their support team," says Markohon, "but setup was done in little more than an hour."

Now this "article" looks a bit like a shill to me. Maybe I'm just showing my jaded side. Or maybe every single business that I have dealt with in the past year and a half that has been having crazy mailserver issues has been using Postini, so I am having a hard time seeing them as a viable solution.

Please take that with a grain of salt though. We don't use it in my office, so I can't speak from first hand experience. The article here sure makes it sound effective and easy, so perhaps it is and the companies that I have been dealing with just have an incompetent IT staff and can't figure out how to get any of it to work?
All I know is that they all have since switched away after constant problems with it - not exactly a glowing review if you ask me.

Posted by Eric at 01:51 PM | Comments (0) | TrackBack

Spamhaus commends Global Crossing

The anti-spam group Spamhaus recently publicly commended Global Crossing for the efforts at stopping spam on their networks.

Spamhaus, the United Kingdom-based non-profit organization, tracks the Internet's "spam gangs" in order to provide real-time, anti-spam protection for Internet networks. The organization works with worldwide law enforcement agencies to identify and pursue spammers across the globe. The volunteer team of investigators also lobby governments for effective anti-spam legislation.

"If all major networks tackled their spam issues with the determination and spirit of Global Crossing, spammers would have no havens from which to operate. Spam would be beaten back to a minor manageable nuisance, and the Internet would be a better and safer place for all," Linford said.

Global Crossing said all prospective customers are screened, and those who fail the screening are refused service. The AUP also recommends that customers take proactive security measures of their own, and is applicable to second-generation customers.

Posted by Eric at 01:45 PM | Comments (0) | TrackBack

Spammers are using ISP mailservers

Not entirely new news, but this article tells of spammers sending spam through ISP mailservers via zombied machines on that ISPs customer network. The article does note that "it is official". Perhaps before it was merely speculation?

In the past, through malware, a spammer would get control of a machine on the net and then send out spam emails directly from that machine. ISPs caught on to this and started throttling using different ports for email and blocking the standard ones which the zombied machines used.
So now this new step, nothing terribly advanced, is the malware grabs the ISP mailserver settings from the machine and uses those to send out mail like a regular email client on the machine. Except that it is sending much more email out than most normal users would do.

The obvious solution for this is for ISPs to throttle the bandwidth allowed for mail from each account. But they can only do that so much before they are limiting their customers who are doing completely legitimate things and have no reason to be punished.
Another option would be to look for mail duplicates and after N number of times through for the same message, it starts to get blocked. Again, this is tough to actually implement because what about mailing lists, and also the spammers can add in random data into each message to make it slightly different than the last.

There is a good side to this, although not for the ISPs. The best ways to stop spammers is of course to prevent them from sending spam in the first place. One of the best ways to do just that is to put in hardware which tracks the mail for spam (there are hardware devices that have SpamAssassin on them, or variations of that sort of software) and then stops letting it through if it is spam. Both in AND out of the network - which is exactly what would help here.
The problem is that this hardware is not free, so ISPs have been slow in adopting it since they are like any company and want to maximize profits.

This newer development by the spammers potentially could cause more ISPs to install this type of hardware and hopefully slow spam (at least until the next innovation on the spammer's side).

Posted by Eric at 01:25 PM | Comments (0) | TrackBack

Tax software affiliate spam

I have no clue if TaxAct really does get users to spam or not, but this guy is claiming they do.

On the frequent occasions when TurboTax comes under fire here, TaxAct from 2nd Story Software is one of the tax programs readers often recommend as an alternative. So it's rather disappointing to hear a few readers sound a very different note about TaxAct -- namely, that 2nd Story seems to be using spammers to promote it.

I own a company on the side and am currently torn over the affiliate issues right now. I would very much like to have an affiliate system in place for all of the obvious positive reasons, but I am nervous that people would then spam with it (even if I ban their accounts because of it, plenty of people are still dumb enough to do it anyway).

If anyone has any suggestions on how to have an affiliate system that is spam proof, I'm all ears.

Posted by Eric at 04:03 PM | Comments (0) | TrackBack

Speaking of phishing... EBay

We just posted something about phishing and sure enough there are more articles out there telling us that EBay has a redirect in their system which is helping phishers collect data. It allows them to create links that look legitimate (or more legitimate than just pointing someone straight to another site) and therefore get people to click through and get scammed.

Posted by Eric at 02:28 PM | Comments (0) | TrackBack

Optimmism over phishing

Forbes has an article up with a ridiculous title (Feds Feebily Fight Phising) but it raises some good points.

It first starts off with the idea that Senator Patrick J. Leahy's proposal to make specific laws against phishing might have good intentions but aren't necessarily the way to go. It then goes on to talk about ways that one might look to make money from the surge in data privacy issues, and then closes with the optimistic view that someone will soon invent a way to make data more secure (why not instead make a way that prevents users from easily giving up their information to random people... that's probably much harder).
Forbes of course comes at it from the perspective of where to invest - thinking that certain public companies may be the ones to create this new idea and therefore are good places to invest. That remains to be seen at this point.

Posted by Eric at 02:23 PM | Comments (0) | TrackBack

Feedburner

For those of you that are aware of RSS feeds, you may have subscribed to our site and been enjoying the full text feed that we offer. For those of you that haven't - now is your chance.

One of the upsides of an RSS feed is that you can provide a "light" path for your users who want to get your posts, but don't necessarily want to visit the site everyday.

One of the downsides is that the person/people running the site offering said feed doesn't get a good idea of how many people are reading the feed if they aren't visiting the site (as you may or may not have noticed, we have a few counter/tracker things in place to see what sort of traffic we get).

Well, thanks to the very cool Feedburner service, we can now track the RSS readership. What this means for you is really nothing - you don't have to worry about changing your links or RSS feed - I handled that on the server side with a mod_rewrite reference which points all RSS feeds towards Feedburner. It is also smart enough to format all RSS and Atom versions appropriately for your browser, and it even fancies it up a bit so that if you view the XML in a browser, it should be human readable.
I have also updated the ping service for Spamblogging updates to notify Feedburner when there are new updates, so it should always have the proper and updated feed.

All in all, a great service.

If Feedburner stops behaving properly, I can simply remove the feed redirects and instantly you (assuming you are pointing to our local feeds), will go back to getting the feed we publish locally.

Also, as you can see at the top of this post, and also in the sidebar, there is a counter for the feed. As more people use it and refresh their feeds, then we can get a more accurate assessment of how many people are hitting the feed. (still not entirely clear how often that updates)

The nerd in me rejoices.

Posted by Eric at 01:55 PM | Comments (0) | TrackBack

Spam and blogs, "enrich" the net

Matt Diamond has an amusing and sarcastic view on how spam and blogs are "enriching" the net net.

Posted by Eric at 11:01 AM | Comments (0) | TrackBack

An interview with one of the writers of SpamAssassin

OSDir has up an interview with one of the writers of SpamAssassin.

Posted by Eric at 10:55 AM | Comments (0) | TrackBack

Anti-spam software is working

If you can assume that what AOL sees can be extended to apply to the internet as a whole, anti-spam software is working at slowing the deluge of spam.

The article lists software and legal changes that have provided for the reduction from 2003 until now.

Hopefully with that we can also add the idea of users becoming more educated about what to do to reduce being exposed to spam as well. Forever the optimist here at Spamblogging.

Posted by Eric at 12:52 AM | Comments (0) | TrackBack

South Korea sees a drop in email usage

According to this article, there is a drop off in the usage of email in South Korea.

The article says that people are using alternative ways to communicate with each other, especially text messages over mobile devices.

Note that the article appears to be talking about personal use and specifically younger people. It says nothing about business practices. I find it hard to imagine that businesses are moving away from email anytime soon.

Posted by Eric at 12:48 AM | Comments (0) | TrackBack

GFI Screws-Up

GFI has an email security product called BitDefender. There was recently an update for it which was released and... it deleted old mail. Brilliant screw-up GFI.

"We were pretty surprised this morning to find that all of the email which arrived overnight had been deleted," wrote Jeremy Whiteley, chief executive officer at Promarketing Gear. "Even more troubling was the fact that, according to GFI's US sales manager, they released this update without testing it! I guess they expect me and my IT staff to play the role of tester, regardless of the cost to my business…We're reconsidering our reliance on GFI going forward."

I have been home from work while sick the past two days, but still checking in over remote mail and saw that at least one of our clients was having an issue with GFI that somehow propagated down to us. I have a feeling that this is going to take a few days to work out all of the issues that came out of it.
Fortunately at work we don't use that product. Maybe it is a great product, but that is certainly a huge mistake on their part - let's hope that everyone has good backups.

Posted by Eric at 12:38 AM | Comments (0) | TrackBack

Wired article on pop-up ads (with pop-ups)

This Wired article about pop-up ads being found annoying by consumers and how sites are slowly catching on is not necessarily new news.

What is new though is the update at the bottom where the author apologies for the ironic tone the article strikes (unintentionally) by having pop-up ads on the site. I didn't see any, but then I use Safari which blocks them. There is also the possibility that the people complaining have spyware which is feeding it to them.
I suspect that Wired, if they don't have their heads up their asses, are at least going to turn off pop-ups for that particular page.
Please comment if you are getting pop-ups going there. And like I said before, we will never have pop-ups here, if you are getting them on this site, it is most definitely spyware (that goes for annoying banner ads filling the top of the screen which I have seen on user machines before too).
The only ads that you will see on this site are those in the right-hand column because I have seen that they are seen as useful by enough of the audience to merit them, and are the least offensive way for me to try to make some money to cover bandwidth/server fees (trust me, not much comes in on those).

Posted by Eric at 08:40 PM | Comments (0) | TrackBack

More ways to block comment spam

I had just posted the SimonG post and then in the comments on his thread, I saw reference to this page at candygenius.

They seem to indicate that most all (95%) of comment spam comes from a single proxy, and they show a way to block it (using .htaccess taking advantage of Apache's mod_rewrite I believe). Additionally they mention a few plugins for various blog types (which it notes don't resolve the bandwidth issues the way the .htaccess version does).

**Note that as this gets around, it won't work due to spammers changing to other methods/proxies. After reading around a bit more, it looks as if it is already changing.

Posted by Eric at 07:28 PM | Comments (2) | TrackBack

Thorough review of anti-spam techniques for blog spam

This is really excellent and I wish I had thought some of these up myself. Over at SimonG.org, there is a fantastic write-up on various ways to try to block comment spam.

I definitely might be trying a few of these out here and on my other blogs. Even with MT-Blacklist, there are still a few ways that spam comments get annoying since MT-Blacklist has not enabled all of the same features in the new version that they had in the old version.

Most of the are either nothing new or overkill on top of an existing idea, but some of them are just excellent - particularly this one:

Logged the number of keypresses made when entering comments. Any comments where it’s less than two are rejected.

Now for the most part, if the spammer custom writes the bot to spam your page, then they could get around any of these. But generally speaking the spammer is just using the same bot on all sites and frequently are not even smart enough to write the code and is just using something someone else wrote.

Feel free to post up more ideas of your own if you have better suggestions.

Posted by Eric at 07:16 PM | Comments (0) | TrackBack

Georgia Senate Approves Silly Act Name

The Georgia Senate has approved "The Slam Spam Act". I can just picture some guys sitting around a table in their suits, high-fiving each other - GREAT NAME FOR THAT ACT JOE!

At least one person raised some coherent thoughts in regards to it:

"This is just for show," said Sen. David Adelman, D-Decatur, who argued most spam comes from outside the state and, often, outside the country. "I hate spam, but let's make it clear to the people of Georgia than when we pass this spam law, it's not going to reduce spam in Georgia one iota."

Also, please note that the Ledger-Enquirer is clearly playing a game with its readers, much akin to "Where's Waldo", as evidenced by lines like this:

Most the proposed law covers spam that originates in Georgia, but there are some provisions for working with authorities in other states.

Posted by Eric at 05:42 PM | Comments (0) | TrackBack

More on that Bagle

Here are more details on the new Bagle malware going around.

(**new version that is - Bagle itself has been around for some time now)

Posted by Eric at 07:14 PM | Comments (0) | TrackBack

Europe spam tide on the rise

The US has long been in the lead, and still is, when it comes to amount of spam in the email. But according to a new Commtouch report, Europe is seeing a big surge in spam.

Way to go Europe!

Note that the US held fairly steady, so the increase in Europe points to a general increase on the global level. This is bad for us end users, and fantastic for all of those companies who are "blocking" spam (the spam still gets sent, it is just a matter of how much of it you need to manually go through in your inbox) since they make money from this increase.

Posted by Eric at 07:08 PM | Comments (0) | TrackBack

Judge dismisses spam conviction

Forbes has a brief mention of a judge in Virginia dismissing a woman's spam conviction.

Ruling Tuesday, Judge Thomas D. Horne also said jurors may have gotten "lost" when navigating Virginia's new anti-spam law in the case of Jessica DeGroot. But Horne upheld the conviction of her brother, Jeremy Jaynes, who prosecutors said led the operation from his Raleigh, N.C., area home.

Posted by Eric at 02:51 PM | Comments (0) | TrackBack

Note to self, don't send death threats

Most of us have probably had a bad customer service experience with any number of companies. Hopefully this can be a reminder that you shouldn't take it to the level of spamming them with death threats, no matter how bad your experience is.

Posted by Eric at 01:16 PM | Comments (0) | TrackBack

Spam in online communities at SXSW

If you are interested in the SXSW Festival and its conferences, then you might want to look into this one:

Spam, Trolls, Stalkers: The Pandora's Box of Community

Room 17AB
Tuesday, March 15th
3:30 pm - 4:30 pm

One of the most powerful gifts of the Internet is the ease with which people from all over the world can come together and create a virtual community. Sites that facilitate community-from Slashdot and Metafilter to the single-author blog with comments enabled-do so first by making communication easy. Unfortunately, this also opens the gates to undesirable parasites who, at best, do not care about your creation or, at worst, want to destroy it. Must all good things come to an end due to the network effect and the shadow of anonymity? This panel discusses all of the things that exposure and user-submitted content might bring and how to mitigate its effect on your site's health and growth.

Jay Allen  Prod Mgr of Movable Type  Six Apart
Elizabeth Lawley  Professor  RIT
Cameron Barrett    BlogLabs Inc
Jason Kottke  Writer/Editor  kottke.org
Steven Champeon  CTO  hesketh.com/Inc

Posted by Eric at 04:00 PM | Comments (0) | TrackBack

Redundant firewalls

I was just talking to someone at a company which we occasionally deal with and they hadn't heard of this before, but they liked the sound of it:

Don't have just one firewall, but have two. Make sure they are from two different companies/manufacturers.

The thinking being that you set it up something like this:
Internet - Firewall A - Firewall B - Intranet

That way if Firewall A turns out to have a security hole in it and it gets compromised, then Firewall B is still in place and theoretically shouldn't have the same security hole in it. Of course if Firewall B has the hole, then the reverse applies and Firewall A would block people out and they couldn't even get to Firewall B to test it out.
With that, it should be obvious that it will take twice the configuration hassle and you are passing ports through between the two. Also note that you don't want your login/pass to be the same on both - if one gets compromised, you have to assume that everything on it is known. If they can get the user/pass, then if the other firewall also had that... what is the point of having two then?

The discussion I was having with the other tech person was whether or not we have hit the point where home use merits this, and also if Windows Firewall which is built in counts as a second one while on the inside.
My argument was that the Windows Firewall was useless and that for regular Joe home users, they don't need two firewalls - just one hardware home level one should do.

As should be obvious on this blog - I frequently discuss all IT things since they all interrelate - better security measures keeps out the threat of people abusing your network for a variety of reasons. From getting users lists to spam you, to getting in and spamming using your system going out.

Posted by Eric at 02:49 PM | Comments (0) | TrackBack

Florida Spammer Goes to Jail

BellSouth has worked with authorities and the legal case is now closed with the spammer going to jail for a year.

He hijacked BellSouth users' accounts and then used those to send out spam. Not to try to say spamming is okay, but I think the larger offense here is that he hacked the accounts of multiple BellSouth customers.

Here's to hoping that more spammers will be stopped and the more egregious instances like this continue to be jailed.

Posted by Eric at 02:33 PM | Comments (0) | TrackBack

I give up: T-Mobile sales actually up

When a company shows gross negligence and generally screws up on multiple levels and puts your personal information at risk... generally speaking I would argue you shouldn't go and buy their products (I could see an argument being made as to buying their stock if you think it has crashed and will come back up as they fix things).

But, defying all reason that I can think of, T-Mobile sales have actually gone up on the news of the Hilton Hacks.

I continually need to readjust my contempt for the general public - just when I think it can't get lower...

Posted by Eric at 12:17 PM | Comments (0) | TrackBack

Fox News tells us to look out for drug spam

Fox News, a true bastion knowledge, has decided that it is finally time to warn its users about the scourge of spam selling drugs like Viagra.

While it seems a bit late since this sort of spam has been going around for years now, it is still good to see more coverage of this because I have a sneaking suspicion that Fox News gets far more website views than Spamblogging does. An educated public is one of the steps we will need in order to fix the spam problem. They do some good things in that write-up - namely telling people not to buy anything from the spam mail and not to click on links.

Posted by Eric at 11:40 AM | Comments (0) | TrackBack

MCI has booted the Send Safe crew

As nice as it was for MCI's UK branch to make some money hosting the Send Safe group, they have booted them after pressure to do so came on them from many directions (and for good reason).

Send Safe is a spamming tool which allows spammers to send out spam over compromised PC networks. Even though they were kicked out by MCI, they are still bouncing around to other hosts.

If those who are doing illegal things can't find a host, then it is hard for them to make any money from it. If they can't make money from it, then they aren't going to bother going through the trouble and will find something else to do.

Posted by Eric at 11:34 AM | Comments (0) | TrackBack

Bagle variants coming in spam

The Register is reporting that new Bagle variants are coming in spam. It comes attached as a Zip file, and in there is an exe file with some random looking name. If you extract that exe file from the zip file and then run it, not only are you an idiot, you will install a trojan which will then download more bad things and infect your machine.

This is a very common tactic these days to get a large starting point for the virus to spread from. They used to seed them to a few computers and let it grow from there - but spamming out to millions (or even many thousands) gets them a much larger starting point, so the growth can happen much more quickly.

Ways around this of course are to keep an updated anti-virus program, a good anti-spam system, and don't open every attachment that comes to you and arbitrarily run whatever programs happen to be in them. Unless you are expecting an attachment and it is of a type which can't do harm easily (images, PDF, Word/Excel with no Macros, etc), then you probably have no reason to look into it further than just tossing it.
Also note that your anti-virus tool should be able to drill down into Zip files for several levels and check the content in there.

Posted by Eric at 11:28 AM | Comments (0) | TrackBack

How to get rid of spyware and use the web correctly

Unfortunately, I spend most of my time (in terms of a real job) as a sys admin. I prefer to think of myself as a programmer by nature, but my current job life has evolved into more sys admin than anything else.
With this related work, it has come to my attention from watching users, both here and in homes, interact with their web browsers (here at work most everyone uses IE even though I have repeatedly told them to use FireFox when possible).
I have also watched the stats on this and other sites to see how people come in to the sites.

Things I have noticed:
1) people tend to have multiple toolbars installed on their browser, and when asked they usually don't know how they got them, nor how to get rid of them
2) people tend to use these toolbars to get to a page instead of typing in a URL into the address bar

From what I can tell, these two things go hand-in-hand. There are various spyware programs out there that people install without knowing (in IE) and these things override anything you type into the address bar. I could type in "http://www.spamblogging.com" into the address bar on their systems and it would sputter and jerk about, eventually going to another site which is showing them all ads and a search page. The truly clueless will then type "www.spamblogging.com" into the search page there and get to this page that way - usually after clicking around on the links first before getting to that point. This cluelessness makes money for the person running that page.
Eventually that user may notice that one of their toolbars has a search dropdown as well and if they type "spamblogging" into that first, it takes them to a search page and one of the options in there will probably be the page they want to get to. Then they click on that and they get to the page.

It blows me away that people put up with this. But after removing spyware from so many machines, I have simply gotten burnt out and I no longer care. I shake my head and give up on the person. If it is the first time I see this happen, then I will probably try to educate them on how to remove the spyware and then more importantly how to avoid getting it again. This is a crucial thing to know and remember, yet they never do - I have not once in the 300+ people that I have worked with (just in dealing with spyware and spam over the years) - ever seen anyone actually catch on and not get spyware again.
What they do learn is that no matter what they do, they can just ask me to fix it again for them and they can get back to banging on the keyboard and clicking "Yes/OK" to absolutely anything that pops up on their, regardless of what I had tried to teach them.
So I have simply burnt out and given up. Unless they are in the office, I refuse all outside work now and will not help people after having already helped/educated them.

They will say to me that their machine is slower than it was when they bought it and they think they need to buy a new machine. I look at them and have to remind myself that they are successful in their life and jobs and can't possibly be mentally retarded, yet everything they are doing sure seems to point that way. I then chide myself for being such a jerk and I tell them the following things, the same things that I will tell you here and hopefully eventually people will catch on.
Either that or I will be killed in a tragic bus accident and not have to do this anymore.
1) Computers don't just go bad over time. Sure, hardware fails - usually either the monitor after 5 years (with a wonderful BANG! and some smoke, or a less dramatic discoloration of the screen), or with a spectacular "sproing!" the hard drive may fail. But the computer doesn't just slow down dramatically with age like some retired football player thinking back to the glory days.
If your machine is slower than when you bought it and your net connection drags, it is nearly 100% likely due to you having viruses/spyware/trojans/etc (malware) on your system. They are taking up RAM on your machine, occupying the CPU, and flooding your network connection as they do all sorts of bad things.
2) Buying a new computer will not solve your problem. It will briefly allow you a break from the awful drag that your other computer had become, but since you have not changed your computing ways you are going to soon enough have all of the exact same problems again - and much sooner this time since you don't have the luxury of the lead time of spyware to be developed. It is all out there, it fooled you once, and it will fill your new computer in a month or less if you haven't changed your ways.
3) Be honest with computer people. If you lie to them, they are going to know it when they work on your system, and if they are as jaded as me it will just piss them off. Don't tell them that you never click on pop-ups and that you have never installed anything other than boxed software which you bought in a store. Don't tell them that you don't use file sharing programs when you clearly have Kazaa on your machine - and not even the Light version. (to be fair, if the system is used by a family, frequently the parents really haven't done this, but there is a child in the family that has - make them aware of that - although that too will be denied 9 times out of 10 - trust me - "Our Johnny would not install that on here, I have told him not to." Right)
4) Don't use Windows. The easiest and fastest way to a virus and spyware free life is to buy a Mac. It costs more, but you don't have to worry about this crap. If everyone does that, then spyware and virus writers will go after the Macs and it won't be as nice - but it is a long way off at this point. Buy a Mac and shut up.
5) If you do use Windows, the built in Firewall is a funny joke that Microsoft put in there so that back at their headquarters they can high five each other and occasionally say "remember that firewall thing we put in Windows XP" and then all start laughing. It is crap, don't rely on it. Get a hardware device - due to mass production and competition in the market, they are cheap now - especially considering how much it helps you once it is in. Read the manual and follow the instructions, you CAN do it. They aren't trying to hide it from you, and you went to school - you can read. Read the manual, click on the buttons, it isn't that hard. This also will allow you to have multiple machines on the network - you don't need a separate DSL connection for each machine. Don't ask me to help you set that up when you can put in a router/switch/firewall device that does this for you. Hell - go nuts, get a wireless one.
6) To get the spyware off, install well known and trusted anti-spyware programs. Don't pay for anything or install anything until you have read around about it FIRST. I have a user here at work who did a search (in one of his toolbars which he didn't install) for "no spyware". The first hit that came up, he clicked on, found a link to download the product and did just that. The download finished, he installed it and there was a popup telling him he needed to pay for it. So he did - here's my credit card now get to work. THEN he started reading reviews about this bit of software, and THEN he found out it was a scam and didn't work and continually charged him fees, and THEN he came to me frantic and wanted me to fix all of this. (the worst part is that when I confirmed that it was in fact a scam and that he needed to cancel that credit card, he was in denial and told me that he thinks he can still trust it - and was charged a lot of money that month - and then blamed me for it - THANKS!) AdAware is one you can trust.
But much much much MUCH better is to actually learn about the damn things and get rid of it yourself. Right click on the taskbar (don't know what that is? LEARN and then bask in the chorus of angels singing when you are that much smarter about this device you put your credit card info into on a regular basis but have no clue how to use) and select "Task Manager". Go in there and find the process listings and make sure you check the box to see all of the processes. Oooo, exciting - look at them all. In there, you will see the names of processes running on your system. Look up on Google every single process in there and read around to see what that process does. If it is spyware or a virus, it will turn up in those searches, and you should make note "process XYZ is virus ABC - I should remove that". Go through them all that way.
Now, go to Start and then Run. In there type "msconfig" - that will bring up a program called (hold on to your seats) "msconfig". It is the System Configuration Utility. In there, go to the "Startup" tab.
This will show a listing of everything that will be run when your machine is started up. Go through every single listing there and do a Google search on it. If it is anything even remotely bad or something you don't use - uncheck the box next to it.
Then when you have gone through them all and done this as necessary, click OK to get out - agree to whatever it warns you (it is going to let you know that you made some changes and warn you that this might change things... no way! - this is fine and what you want agree to it and move on with life - hell, blindly agreeing to popups in the past is what got you here in the first place, you should be used to it). Now restart your machine.
Because you turned off those programs, they aren't going to startup in memory and therefore your resources should be freed up to use the machine without it being as slow. They are still on your machine, but they are dormant - without a startup call to them, they are crippled.
When you restart, you will probably see some message warning you that you changed your config - click that yes it is fine and don't warn you about that again.
Now run a virus scan on your machine (don't use your built in one since it can be compromised by trojans which you probably have - go to http://housecall.trendmicro.com and use their free virus scan there. Then restart. Then run your anti-spyware software, then restart.
Then go to Start and then Config Panel. In there go into "Add Remove Programs" and do a Google search on every single program in there - if it is anything remotely bad or something you don't use - remove it.
Then restart.
Then go to Start and then Programs and then "Windows Update". Run that and restart as it requests until it no longer finds any updates for you to do.
Right click on "My Computer" on your Desktop and choose "Properties". In there, select Automatic Updates and make sure that it is on "Automatic" and with a schedule of "Everyday".

After all of that, you should be okay (or at least better). You then just need to remember that you probably don't need a thing in your taskbar that tells you what the weather is outside. And if something pops up and asks you if you want to trust something from some company - make sure you really know what that is - default to writing down what it is asking you, clicking cancel - doing a Google search on it - and then if it turns out to be okay - then go back to that page, reload it and then allow it to install - but still be skeptical of it.
And use FireFox instead - if a page just won't work at all - then use IE.

OR

Or you can just keep hiring someone like me to come over every week and fix your machine until they snap and can't take it any more and then they post some bitter, jaded, cynical, malcontent, misanthropic rant like this on their website and stop taking your calls.

Posted by Eric at 09:54 AM | Comments (2) | TrackBack

Mozilla/FireFox are popular, so now they get ads

Wired writes about the fact that Mozilla/FireFox are each gaining in popularity (to the detriment of IE) so much so that finally pop-up ad writers, as well as eventually spyware and the like are changing their tactics so as to include these browsers as well.

Before it was okay to only go after IE because they had the huge market share and therefore going after that would get the largest userbase. But now that userbase is spread out, Mozilla and FireFox have a legitimately large userbase that it requires people (both good and bad) to sit up and take notice.

Do note that there is still a significant advantage in going with FireFox or Mozilla - and that is speed of fixes for holes discovered in the product. IE is notoriously full of holes and notoriously slow to get patched - part of why there is so much spyware for it (not to discount the fact that it is even more due to its sheer popularity and userbase up until now).
But that is going to happen with FireFox and Mozilla too now that they are popular (and we talked about this being the case months ago). But they can and will respond faster to the exposed holes and patches are put out within days instead of weeks or months.

Now, if only FireFox:
1) was as fast loading/window switching as Safari
2) allowed Emacs-like keyboard controls in the textboxes like Safari
3) allowed arrow key niceties like Safari in the URL bar (in Safari, if I click in the URL bar with the mouse, or go there with Command-L, I can then press the down arrow and end up at the end of the string, or the up arrow and end up at the start of the string - makes it great for editing the URL quickly and without the mouse - FireFox doesn't have this)
4) Had iSpell in the textboxes without a plugin that you have to manually run... like Safari

If FireFox had all of that, and didn't crash as much as Safari, then I would gladly use it on my Powerbook. For now I use Safari for most everything, and FireFox mostly for Gmail.

On the PC I use FireFox for nearly everything and IE for sites that have to have it (ActiveX controls for work related issues).

Posted by Eric at 09:43 AM | Comments (0) | TrackBack

Mobile Text Message Spam Doubles

InformationWeek reports that Mobile Text Message Spam Doubles. Incidentally being told that something doubles isn't very helpful unless you know the time period over which it happened so you can establish the rate... and this was over the course of 2004.

The most interesting thing in the article which caught my eye was the mention that people won't stand for this on mobile messaging since they have to pay for the messages (in and out). This is interesting to me since technically all e-mail that we send/receive, we have to pay for too. But it is a much broader and abstract of the term since it is part of the bandwidth and hardware allowances people see as part of being online.

But a charge for the actual messages directly and it showing up on your bill causes even those that are the least technically savvy to sit up and take notice.

The article notes that specifically because of these fees, people won't tolerate the spam the same way that they might via email... then why the huge surge? Because it has to reach a breaking point (or a Tipping Point if you are a Malcolm Gladwell fan) before finally it reaches a level after which the demands on everyone (network resources, individual wallets, annoyance levels, etc) have been maxed out and then action will be taken.

If you really want to get a headache though, you have to remember that the ones who can best reduce the spam are the phone companies. And who gets paid for each of those messages sent AND received? Yeah, that would be the phone companies.

So it is going to become an issue of when the money is no longer made due to the amount of customer service issues they have to deal with around it, and with that there are companies who will evolve to fill the niche (and already are) to block/filter the spam at various points in the chain.

As far as I know, it remains to be seen at this point which point along the way or which company is the breakout leader for mobile anti-spam tech.

Posted by Eric at 01:18 AM | Comments (0) | TrackBack