Sorry for the lull

My day job has kept me working long hours and as a result I have not had much time other than eating and sleeping. I don't want to speak too soon, but it appears that should be easing off soon (a week or so).
Once my schedule is back to normal, then I will get back to posting again.

On a side note, I met Bruce Schneier this evening.

Posted by Eric at 11:51 PM | Comments (0) | TrackBack

Are spammers using P2P to get address lists?

Blue Security has a report up showing a test they ran which proves there are people out there collecting email addresses via P2P programs, and then those email addresses are being sent spam. It doesn't mean the people collecting the emails are the spammers, they could be reselling the data - but in the end it doesn't really matter either.

The general idea isn't a new one, and as usual it plays off of people either being careless or ignorant about the programs they are installing. When you install a P2P program, you have the option of what drive/folders you will share out to the outside world (other people using a P2P program compatible with your program). All of the programs I have seen these days default to a single folder which you have to put the content into (which is usually the same folder that you download P2P content into), but it is definitely possible to override that and share out your whole computer.

If you do share out the whole computer, then the P2P program will index all of the files and allow people to see the results in their searches, and then allow them to download the content. So they can search for files known to store email data, like those of Outlook Express, or certain installs of Outlook (and also backup files).

The best way to stop this from happening to you is to not use P2P programs at all if you want to avoid such things. Other options range from stopping all traffic on the ports which that type of program uses (via a firewall - a common step in a corporate setting), or stopping the movement of certain types of files through the firewall.

But in the end it boils down to whether or not you know the software you are running and how well you know it. In the case of something like P2P, the potential is there for abuse if the initial settings are changed.
What I am curious to know is how many of the installs out there are not at their default settings. Then once you see those who have changed those settings, are they more along the "Power User" side which is less likely to share out their whole drive anyway.

The most interesting point of the article is that Blue Security actually put a system out there with files exposed and showed that people are in fact exploiting available files (taking them, and then sending the addresses in there spam). This wouldn't be getting exploited if there were too few cases for it to matter. So however large the number is - it is large enough at this point to merit the spammers energy to be spent on it.

Posted by Eric at 10:14 PM | Comments (0) | TrackBack

Pair Networks users get an upgrade to block spam

While I probably can't keep up with every web-host out there and what they offer their customers, I can point out that Pair Networks is upgrading their servers for their customers so that they have better anti-spam and anti-virus capabilities. This directly impacts me in that I use Pair and am very pleased with them. Up until now I have been rolling my own spam solutions, but once they upgrade my server for this, I might be able to drop my custom solution for this server and instead use their setup. Since they say this is off-server, this theoretically would reduce my server CPU load as well. Very cool.

Posted by Eric at 09:48 PM | Comments (0) | TrackBack

SpamLookup: The Blacklist Killer

I had a week during which I was working to midnight every day, and then I was on vacation in Whistler and am just now getting through my hundreds of emails. But now that I am back, the first thing I have noticed is that there is a "Blacklist Killer" out which sounds enticing. (the reference is to MT-Blacklist and comes from the author of that himself)
There is a new MT plug-in, SpamLookup, that he feels is better in every way from what I gather from what he has written here.

I am hoping to get this installed on all of my blogs this evening and then have an update as to how well it works. I will then report more once I have had that chance.

Posted by Eric at 12:44 PM | Comments (0) | TrackBack

A vote for MTModerate from a defective yeti

Now there's a subject you don't see everyday.

Over at defective yeti there is a post up about issues with spam in Gmail and in blogs.

Unfortunately, I can't be of much (okay, any) help in regards to the Gmail issue since it is a closed system and I don't really know what went wrong there for him. But I figured it would be good to note that he is pleased with MTModerate.
I installed that on my blogs, but removed the comments section and just kept using MTBlacklist for that. But I left the Trackback part of MTModerate and according to the instructions that should have still worked.
Now trackbacks don't automatically go in for my spam and instead they wait for approval. So I can then check them off and feed them into MTBlacklist - hopefully it will eventually evolved to take care of trackbacks too in a way that it used to back in the days of MT 2.x - but the developer has noted that he is very busy (I believe he works for MT now).

So there you have it, another vote for MTModerate for comment/trackback spam issues. No word on how MTConservative feels about this.

Posted by Eric at 01:29 PM | Comments (0) | TrackBack

Human nature makes it easier to scam?

Our last post about Optin Global pointed to this Spam Kings post noting that there are several aliases used by the members of that company (actually several companies). The names of the people involved are all of Chinese decent - even the lawyer (Chen, Yang, Ho, Ting, etc).

This immediately reminded me of one time I spoke to a man who was making money through illicit activities conducted over the web (not spam related, but when you are outside the bounds of legal business, it might as well be the same). He happened to be of Chinese decent and still had family back in China. When he was explaining to me how he moved money around and hid it, it became clear that he had a distinct advantage being of Chinese decent.

He lived in an area where there weren't many other people of Asian decent - largely "white bread" America. The process for getting a bank account involved talking to an account manager and showing the proper ID to them. He would create a fake driver's license (no matter how good each state makes their cards, there is always a point when someone else can copy them) and then go into a branch and ask to setup an account.
Even though he could speak English as well or better than the average man on the street (this guy went to one of the top universities in America), he would feign a thick Chinese accent (which, since his family was from China, he could actually do quite accurately). During the account sign-up process, if they ever gave him any trouble for not having enough ID (frequently a SS card was the hold up), he would simply push the act a little harder and he would "not understand" what they were talking about and not be able to come up with the English words to help that transaction move forward.

Now banks are simply businesses, and they want to make money. In order to do this, they want more customers - so they are very glad to bring in new customers and will work to try to make that happen. So if they have someone in front of them that looks innocent enough (whatever that means) and is making an effort, but there is a language barrier - nearly always the account manager would ease up the requirements and massage things to allow the account to be created.
So this person would now have a bank account with a legit bank, created with a false identity which had no tax id. With a bank account, he could now go on to do more as that fake entity - including renting/buying houses, which then gave him multiple legitimate addresses through which to conduct business.
Those businesses could then conduct their trade with other companies to further complicate things (and even conduct business with "themselves" through the various entities), as well as contacts in China which were made through the family.

With several layers of this sort of obsfucation, it should be fairly obvious that it makes it hard to track down who it is that you should be trying to take to court when the entities don't technically even really exist.
It should also be fairly obvious that if you follow it further along this path, fake companies could then be setup against these fake entities as well - which could be how these Optin Global people were operating.

When I spoke with this person, at the time he was serving time under house arrest for one activity that he was caught for, but as of that time they didn't even know he was related to any number of other activities under those other names/accounts.

So simply due to human nature, you can see that we have cultural biases and ignorances which can be (and clearly are) exploited for devious gains.

I am in no way implying that this is what the Optin Global people did, and would even venture that they probably did it all on the "up and up" so to speak (other than the spamming part). But I am merely raising a hypothetical scenario in which this sort of activity could be done and might explain how/why some of the spammers out there are able to hide their money and cover their trails (and tails) when they are clearly doing illegal activities.

Posted by Eric at 09:40 AM | Comments (0) | TrackBack

Do not pass Go, do not collect $200

Optin Global has had their bank accounts frozen while the FTC investigates whether or not their past profits have come from illegal activities. Specifically sending spam which used deceptive practices to increase click-through rates (false content, such as claiming that the person already signed-up for a mortgage through them).

Spam Kings notes that the people involved are even considered shady in the already sleazy world of spammers - other spammers don't even like these guys. That's pretty low.

This is exactly what I would like to see more of - actual freezing of the accounts since that prevents profits from being made by these guys, and without any incentive to make money, they won't spam. Of course unless they are using PayPal (unless something has changed recently and I missed it, PayPal doesn't legally have to behave in the same way as a bank since it isn't registered as that sort of entity, and therefore can do things a bank can't - like arbitrarily freeze your account while it investigates how you are making your money), it is a non-trivial task to just go in and freeze an entity's account - and that is a very good thing in many ways.
But in the case of spammers, there is usually a massive trail which points to them doing illegal activities and that can be used in the process. From what we have been seeing in the press though, much like in the drug war - they are going after the big guys as their priority (and again, for good reason). Optin Global caused the FTC to get nearly 2 million complaints forwarded to them before action finally took place - maybe I'm intolerant, but I think a mere few hundred thousand may have been enough in my mind to merit investigation. (I am aware that they are going to go after those who are the most prolific, and I am aware that due to the slow nature of our courts this all takes time)

Posted by Eric at 09:26 AM | Comments (0) | TrackBack

Eight new Microsoft security updates

This week has just been crazy at work for a few reasons. I haven't had much time to do anything as leisurely as install Microsoft updates. But I did notice when I got in this morning that I had a few emails letting me know that there are eight new Microsoft security updates.

The reason this applies to the spam world is that spam is now frequently sent from compromised Windows boxes, and they get compromised due to not being patched for these sorts of known issues. So if you run Windows, get those updates to download and install.

Posted by Eric at 04:02 PM | Comments (0) | TrackBack

Why one incorporates in the first place

Spam Kings points out that the self proclaimed Spam King, Scott Richter, paid himself a $1M salary in 2004. This is relevant in that his company is currently filing for bankruptcy to avoid creditors... in this case the major creditor being in the form of Microsoft and their legal team, who are seeking $40M.

As you can see, this is exactly why corporations are setup in the first place. Were Scott Richter to have acted as a sole proprietor, that lawsuit would then seek the money directly from him and would drain him of his assets - and he would have to declare bankruptcy himself. But since his company is a legal and tax entity in itself, he is removed from it and simply an employee (although also part owner I would assume).
So while the company can tank and the assets are all torn away, he can retain his own assets and be isolated from these legal cases. The company is at fault and not him, in theory.

It will be interesting to see if the lawyers try to show faults in the corporation setup and if Richter is really that isolated.

Posted by Eric at 11:22 AM | Comments (1) | TrackBack

Telstra BigPond is disconnecting customers with malware

It isn't quite as bad as it sounds, but Australian ISP Telstra BigPond is alerting its customers of temporary breaks in their service if it suspects that their large bandwidth draws are due to malware on the end-user machines (the issue is that they are flooding DNS servers with bogus requests).

It sounds like in some cases the issue can be rectified without disconnecting the system, but if they don't do it in a timely fashion, then they lose the connection, giving them an incentive to address the problem. This makes sense since many users are loathe to bother with it unless given a reason to... which in this case would be the loss of service. But the issue there is that in many cases, the way to fix the problem requires an internet connection.

I wonder if these DNS issues are related to the DNS spoofing that was seen recently supposedly caused by spammers? It does sound like it could be related (flood a legit server so that it is too busy to answer requests and then spoof responses from another machine). That is really just a guess though.

Posted by Eric at 10:55 AM | Comments (0) | TrackBack

Proof that spammers are real class acts

Wasting no time in the days following the death of Pope John Paul II, spammers have started using his name/image in a bait and switch tactic.

They send spam which offers you free books, and then when you follow the link the site says that the books are no longer available and then it redirects you to a site about "free moneymaking secrets".

Posted by Eric at 09:01 AM | Comments (0) | TrackBack

WebMed-Rx spammer and Microsoft

Spam Kings writes of the WebMed-Rx spammer and how Microsoft is going after him.

What is interesting in that article is that this guy has made so much money, and yet nobody has heard of him.

I have to admit that while I have a firm grasp on the technology involved, the major thing about spam that I just can't wrap my head around is how they are accepting payments for what they do and not settings off flags all over the place. If they really are making the millions that these articles claim, that is something that payment processing places would register immediately.
Banks and other businesses who are in the industry relating to processing payments have many safeguards in place to check on what people are doing in order to make the money which is being run through these systems. This is largely to track drug dealers and terrorists and to avoid money laundering (and tax evasion to some extent).

So perhaps I am an idiot, but I am just not understanding how these companies are getting past that due diligence done by the banks and payment processing centers, how they continue to be allowed to process, and why?
Especially in the case of something like this where they are essentially selling drugs online.

Posted by Eric at 09:55 AM | Comments (0) | TrackBack

Great general article on spam

Slashdot points to a great article in Scientific American. Nothing in it is groundbreaking, but it is an easy read and is informative. This is the sort of thing that we need more of to educate more of the general public.
One major beef I have with it, and maybe I didn't read closely enough - but where is the mention of the best way to stop spam: "don't buy things from spam."

The Slashdot article points to this recent note on SplitFit used to get around Yahoo's mail filters.

Posted by Eric at 09:34 AM | Comments (1) | TrackBack

Embedded images in HTML

Here is a page which discusses how embedded images can be put into a webpage.

Many email programs, newsreaders, RSS feeds, and web browsers have the ability to "disable images". This feature exists for a variety of reasons. Perhaps you are on a slow connection and don't want to download the images. Maybe you are at work and don't want to accidentally download something against company policy. Or perhaps you don't want to load web/email bugs which spammers tend to use in their mailings.

I thought it interesting that even when you have images turned off in most of these systems, all that does is disable the parsing and subsequent rending of "img" tags. So theoretically even with that turned off, these embedded images get through.

Note that in the comments of that link above, there is an interesting discussion of the variety of different ways spammers are using techniques similar to this to get images through to you (it is hard for a Bayesian filter to parse text if it is in an image, so they like to send images to users in the spam - but many mail programs are now disabling image content via the "img" tags, so they have to find other ways around that).

Posted by Eric at 09:08 AM | Comments (0) | TrackBack

Blog spam referred id's might account for IE usage stats

Many people have commented on the relatively high number of IE users in their log data for their sites and for those sufficiently nerdy to care, they despair over the fact that IE remains so high. The person who runs "the Jer zone" tried another way to look at the stats.

Their data shows that in the raw logs, IE is way ahead, but in the logs of this other technique (a transparent image "web bug") IE is way down. The theory is that blog spamming bots send in a faked browser id showing that they are an IE browser. The regular logs for the site pick this up, and the web bug method bypasses it (the bots don't render the page, they simply force data directly into the submission pages - therefore they don't download web bug images or execute any on-screen javascript code).
With this taken into account, on that particular site, IE drops dramatically and Safari (Mac users) and Firefox (Mac/PC/*nix users) usage rises relatively.

That of course is that person's site. We use our own tracking system here as well as on our sister sites and we still see a majority of users on IE.

Personally, I use Safari and will continue to do so until FireFox can do some of the things Safari can - but on the PC, I always use FireFox unless the site is stubbornly insisting that I use IE (and then I tend to just stop going to that site).

Posted by Eric at 04:02 PM | Comments (0) | TrackBack

Jeremy Jaynes gets 9 years in prison

A judge had found Jeremy Jaynes guilty, but then there was an appeal process which extended the trial to this point, but finally he has been sentenced to nine years in prison.

Some of the comments on that page are amusing, thinking he should have been given a 90 year sentence and not just 9. I'm personally not particularly of the mindset that spammers are the same as killers, but maybe I'm not being harsh enough.

Posted by Eric at 01:04 PM | Comments (0) | TrackBack

Users are more accepting of spam

Slashdot points to an article stating that users are currently more accepting to email in their inbox.

Curious if that is due to the desensitization of something you are exposed to over and over, or if it is due to the fact that mail filters are getting better about dealing with spam, so people are less bothered by it. Or simply a factor of people are more aware of it due to "education" through the media outlets?

Posted by Eric at 10:02 AM | Comments (0) | TrackBack

Spam raid in Australia

There was a raid on a "spam house" (sounds like the terminology in the "war on drugs") in Australia, but the article is woefully short on information.

The company in question is suspected of sending spam and has had their computers seized for forensic analysis to determine if that is indeed the case. Sounds scary.

*UPDATE*
Note that the Spam Kings blog has the identity of the person investigated as Wayne Mansfield and his company T3 Direct.
Nice job on that find.

Posted by Eric at 02:41 PM | Comments (0) | TrackBack

Dubious distinction

America continues to be number one in terms of sending the most spam. According to the article, the US is responsible for about a third of all of the spam sent. While this number is down from higher figures in the past, America still leads the race which nobody should want to win.

Most obese people, most handgun deaths, most spam sent... home of the free. If you live in the States, take a moment out of filling up your SUV today and high-five someone, for you are all winners.

Posted by Eric at 09:39 AM | Comments (1) | TrackBack

Australian website fined under Aussie Spam Act

More and more countries are putting in official laws to combat spam and allow legal action to be taken against people who spam. Australia has a recent incident which is being enforced which shows that it even applies to SMS spam.

It looks as if a website collected phone numbers from ads and then sent SMS messages to them. This was "smart" from their perspective in that it was targeted advertising (the ads were car related, so they know the person on the other end of the number is likely to be interested in car related ads sent to them - which is more helpful than just randomly spamming numbers).
This was not smart though in that the Spam Act covers SMS as well as email, and so they are now going to be fined for their actions.

Posted by Eric at 01:45 PM | Comments (0) | TrackBack

Microsoft continues to help in the anti-spam world, via their legion of lawyers

Florida has announced that it is filing a civil lawsuit against two spammers - and Microsoft is helping out since the messages went through Microsoft services.

This is another case of spammers being chased because they were scammers. The spam was just how they drew people in, but the truly illegal things were what they did in the business (essentially lie to get people in, and then steal their money and disappear).
What I don't get, which is perhaps due to me being too stupid (so please fill me in if you know) - how did they collect the money? I don't know if you have ever started an online company, but it is incredibly hard these days to collect money online - even if you are totally legit. PayPal is one way, but they would never allow this sort of thing - they are always freezing accounts for anything remotely suspicious. And true credit card processing outlets like World Pay wouldn't get near such a thing.
So how were they collecting the money in order to execute their scams? Direct wire transfers?

Posted by Eric at 01:37 PM | Comments (0) | TrackBack

Microsoft is going after 117 phishers

Microsoft has filed 117 John Does cases in order to move forward in finding out who is phishing on their MSN/Hotmail networks. The next step would then be suing the actual people once the identities are determined.
From the Washington Post:

John Doe lawsuits have been a favorite tool of the motion picture and recording industries in their ongoing war against illegal Internet file-sharing. In many cases, ISPs have resisted turning over the identities of their subscribers, arguing that they have a duty to protect personal information. But some analysts say the Microsoft cases are different because ISPs -- specifically, their customers -- are some of the biggest targets of phishing scams.

Posted by Eric at 12:24 PM | Comments (0) | TrackBack

Gmail is now up to 2GB

Gmail now allows 2GB of storage, and it is for real, not an April Fool's joke.

It still appears to be invite only since I don't see a way to register otherwise. If for some reason you haven't signed-up yet, I have 50 invites to give out - just speak up (I think at this point most everyone that wants one already has signed up).

Posted by Eric at 06:00 PM | Comments (0) | TrackBack

Taxing Spam

I am on the road for this April Fool's day, so here's something that isn't a joke, but equally worthless:
There is a proposed tax on Spam - but not the email kind - the canned meat kind.

Best quote from the article:

"I'm torn between my love for Vienna sausages and my love for state services," confessed Olympia lobbyist Lauren Moughon, who called the canned meat product a "guilty, guilty pleasure."

That is the sort of forbidden love about which movies were meant to be created - are you listening Hollywood?

Posted by Eric at 04:18 PM | Comments (0) | TrackBack