Coming soon, or already here?

This article talks about how spam is, within a year, going to start being more focused on the user, more personalized towards the target. Based on where it found your email address, it will use different tactics to get through your filters.

This is already happening to some extent, and I already wrote about contexual spam here and this is already in place. I can only assume that the "within a year" reference implies that the techniques will get better and more widespread. As it is now, it seems there is a small group of spammers doing this, and if it is working, more will pick it up soon.

Posted by Eric at 11:44 AM | Comments (0) | TrackBack

How to have a popular blog

There is apparently an Australian site out there that tracks popular blogs under its umbrella. One of its users didn't flip a switch to block spam comments, and so he is getting a lot of... well, spam comments. The issue is that the site to rank blogs looks at how many comments a site has (likely within a timeframe I imagine) and uses that to show how popular it is - but that doesn't account for comments that are all spam.
From an article about it:

A BigPond spokesman said it was now reviewing the use of comments as a measure of a blog's popularity with some changes planned in a revamp of BigBlog later this year.

"The popularity of a BigBlog will be based upon page views, not comments, so this is a lesson we've learnt from phase one of what is an ongoing project for us," he said.

Another lesson they are going to have to learn? Tracking "real" pageviews under whatever this new system they roll out. With the comment issue, spammers could flood the comments of a blog and get a high ranking. If it is just a matter of pageviews, there are ways around that as well.

Gaming the system is certainly something that spammers, by default, tend to be good at.

Posted by Eric at 02:31 PM | Comments (0) | TrackBack

Users aren't as savvy as they think

McAfee has a press release out discussing some study they did in which they tested people to see how good they were at deciding which sites were likely/unlikely to send them spam once they obtained a user's email address.

The quiz, launched August 15 by the McAfee® SiteAdvisor(TM) team, presented consumers with the homepages and privacy policy links of eight pairs of Web sites, and asked them to judge which site from each pair would likely guard their e-mail address. With more than 7,000 responses tabulated, the average score was only 55%, indicating that consumers are poor judges of which Web sites share e-mail addresses with third-party advertisers.

Of course, since this was seen in a press release and since McAfee sells products that supposedly helps stop spam/spyware, this would clearly have to call into question how accurate this information is, since McAfee stands to directly benefit from a "the sky is falling" scenario where users clearly must buy their software to protect themselves from... themselves.
That said, I'm pretty sure I agree that the average user has no clue.

Posted by Eric at 11:08 AM | Comments (0) | TrackBack

Subliminal ads in spam

This actually was news a few weeks ago, but I wasn't posting here again at that point. The issue is that some spammers have latched on to the concept of flashing content at you in the hopes that your conscious mind might not see it, but your subconscious will and then act on that without you realizing why you are doing it.
The idea of seeing a frame in a movie where it shows some product just for a flash and then you have a craving to buy that product - supposedly they did this with Coke and popcorn during movies.

Studies have shown that it doesn't really work any better than regular ads and that people tend to buy the products that they were inclined to buy in the first place, so the "trick" ad isn't changing their minds.

AdRants has a post up about this that also has a shot of the animated GIF used in the stock spam that was sent out.

Posted by Eric at 02:33 PM | Comments (0) | TrackBack

MS Exchange anti-spam review

Much of the traffic that this blog gets is from people searching for anti-spam solutions on Exchange. I have had years of experience with this, so I thought I would occasionally try and post up some reviews and thoughts on various solutions available to Microsoft Exchange 2000/2003.
Please note that these are my own opinions and your own opinion may differ, as may your experience with any given suggested product. Also note that this is the short list of major tools I have seen used on Exchange most frequently - I am quite positive there are more, but I just do not have much experience with them and therefore can't say much about them good or bad.

Spamassassin on Exchange
I had been using Spamassassin an a FreeBSD system for a few years when I set out to try and get it working on an Exchange 2000 box. I wrote a hack that allowed that to work, and have documented that before on this site (here and here for example).
For a small amount of mail (certainly say within a thousand messages a day, each, for 20 users) this solution works pretty well, especially once you get it tweaked and have your white/black lists worked out and the Bayesian filters trained.
As noted by this person who tried it, it takes less than a second per email, so the better your hardware, the more you could theoretically handle. Also as that same person notes though, there are better solutions - they ended up switching over to SpamStopsHere (something I will try and cover at a later date since I don't have any personal experience with it, yet).
Do note that the best part of this option is that it is totally free and allows the admin to tinker with it and have as much control as they like. This is admittedly not always a good thing.

Built-in Features for MS Exchange 2003
Exchange 2003, especially post Service Pack 2 and 3, has some pretty nice tools built into it for blocking spam. It can query real time black lists, has an intelligent message filter (which is MS's variation on Bayesian filtering), and it makes use of Sender ID as well.
As with any of the solutions, once you get the tweaks in place and modify your white/black lists, it works pretty well.

Symantec
I must note that I haven't used Symantec's antispam solution(s). So this is not a review of their product(s) in any way in terms of that - but it is a review in the broad sense of that I refuse to let any company for which I have purchasing authority buy any Symantec product. I have had years of nothing but awful experiences with them, and I refuse to further bother with them.
So while perhaps in the past year or two they have dramatically changed, become wonderful people, and have the best product in the world - I suspect that the reality is that they are still awful.
Again, note that this is dripping with personal opinion, feel free to ignore it.

Trend Micro
Similar to Symantec above, but with a variation - I love these guys. We used their anti-virus product on Exchange and it was absolutely beautiful. Easy to install, easy to maintain, great features, and it worked perfectly. I loved it.
But... (there is always a but) we decided we wanted to upgrade to their more complex solution and get their anti-spam features in there as well. Essentially meaning that we wanted to give them more money and they would then in turn take it and do whatever it is they do with money. Presumably roll around in it and squealing with glee, I don't know.
But no, their customer service and sales department is awful and they were so rude and condescending that I cut off the transaction and am done with them. I still use them for personal computing needs, the PC-cillin Internet Security product is a good product for the price - but I won't be using them for Enterprise level applications since I don't want to reward their poor service.

McAfee
On the flipside of the other two, I don't really like McAfee in general and have heard of many issues with them. But one client of mine wanted to use the GroupShield product because that is what another consulting group for them recommended. They weren't going to be interested in anything else, so this is the route we went. The customer service wasn't relevant since I dealt with this other consulting group, and then off we went, installing it on Exchange 2003.
The install was "easy" although it took about 7 tries. I couldn't tell if this was a difficult install process, if this server was special, if the person installing it was clueless (I was on site, but not doing the install), or if the product was faulty. After looking back on it - I am going with the fact that the user was clueless (she messed up several other installs that week and so I think she hadn't done them before).
Once installed, configured, the white/black lists are setup correctly, etc - then the product works great. BUT (always the but) the UI is absolutely awful. It runs in Java and is extremely slow (on an 8 processor 3Ghz machine with 8GB of RAM, nothing should be slow) and it is not at all intuitive. It also will toss your settings and other times will warn you that you will lose changes made, but then it won't show you the changes you made - the easiest way around this is to make changes, save, and then exit the app, and then go back in. Suffice it to say, the interface is just extremely painful. On the good side, once you have it setup to your liking, you don't need to go in there that often - especially if you keep your white/black lists in separate text files and as you update them, you can occasionally just go in and reimport those instead of having to use their interface for adding.
I am torn on this product - it works really well in some respects, but it is literally painful to use in other respects.

This is enough for now - this is a long entry and has a lot of pure opinion content in it. I would rather have a few posts of factual references before I veer off on another opinion based rant... for now.

Posted by Eric at 09:46 AM | Comments (2) | TrackBack

Complexity in the spam world

The BBC News website has an article up about how spammers are getting more complex in how they send out spam, try and hide from anti-spam efforts, and actually sell their product. It is certainly a global effort.
From the article:

The sheer scale of the spamming operation became clearer when Mr Peterson started tracking where the spam was being sent from.

Analysis of the net addresses where the e-mail messages originated showed that more than 100,000 hijacked home computers spread across 119 nations had been used to dispatch the junk mail.

On interesting thing noted in the article was that, in this case the spam was for pharmaceutical products, the orders made on the websites were actually fulfilled and a product was shipped. Something that in the past was a rarity and instead you were just scammed out of money.
That said, the article does note that the drugs received were sent off for testing and the article didn't have any updates on those results.

Posted by Eric at 09:39 AM | Comments (0) | TrackBack

Rogers Wireless wants voicecasting banned

The Toronto Sun has an article up discussing the growing problem of voicecasting, and how Rogers Wireless wants a law passed banning it.
From the article:

"It's basically spam on your voicemail," said PIAC counsel John Lawford. "Why should we have to put up with that?"

Besides the obvious irritant of paying to listen to an unwanted ad, Lawford says some people find it "creepy" to get messages on an unlisted number, particularly since the phone doesn't ring.

I don't really care about the "creep" factor, it would just make me angry to have to pay to be spammed, and then the time wasted to figure it out as well.

While I have a lot of interaction with internet based spam, I am fortunate that I don't have much phone spam (yet), so I don't know too much about this particular technique yet.

Posted by Eric at 12:26 PM | Comments (0) | TrackBack

China has passed a new anti-spam law

China has passed a new anti-spam law that is very restrictive towards new email servers. While on the surface it is supposed to be an anti-spam law, it is really more of a limit on free speech on the internet and designed to gain control over their connection to the net.
As seen at WHIR:

Under the new law, businesses and Internet service providers must inform the government at least 20 days before an email server is built and must make provisions for keeping all email for a minimum of 60 days. The law also makes it illegal to discuss information security via email, along with any other subject outlawed in China.

Posted by Eric at 10:29 PM | Comments (0) | TrackBack

Mail.app and image spam

If you are using a Mac and check your mail with their built in Mail.app, then you might want to check out this blog entry over at Hawk Wings. It discusses a filter that will help get rid of that type of spam.

(that site in general is pretty good if you are on a Mac and using Mail.app - it has a lot of good tips on there)

Posted by Eric at 04:08 PM | Comments (0) | TrackBack

Investing based on spam, bad idea

In what should be one of the more obvious concepts to be presented to you, MarketWatch reminds us that if you invest in a stock based on something touted in a spam email, then you are very likely to lose money.
This is known as a pump and dump, where someone buys a stock and holds it, and then goes out and tells everyone they know (or in this case, many people they don't know at all via spam) that it is a great stock and they should buy it. Some number of those people buy it, the price goes up, and the original person sells out their position, having made their money, after that, leaving the other people holding on to a stock that may or not be any good (usually not, especially in the case of a pump and dump when many people are going to dump out since it is a scam that got you in there).

This goes back to the idea of maybe not doing whatever someone says to do in an email since you know, they might have their own interests at heart and not your interests.

Posted by Eric at 03:29 PM | Comments (0) | TrackBack

Contextual Spam

While I was posting regularly to this site, I had wondered to myself why more spammers weren't trying out contextual spam. After all, they already had bots out there scanning web pages for email addresses, and they already had bots that were trying to manipulate their SpamAssassin scores down by using Bayesian theory in reverse (well, really more of a Markov Chain I guess)...

So it seemed to me the next step was that they would scan in the text from sites where they get the email address, and then use that text to build up a Markov Chain of text for the email.

Theoretically, that should then mean that whatever was generated would click more with the end recipient of the spam. Think about it, if you see an email come in from an address that you never deal with, and it says "Hey Friend!" in the subject, you are likely going to think "Hey Spam!" and delete it (I know I do).
But if it were to have a name of someone you talk to on a discussion board where your email was, or a subject that you were just talking about in a blog, etc - then you might be more drawn to the email.

So time passed and then within the last 6 months I have seen an absolutely huge increase in my spam that is doing exactly this. At first I thought I was just seeing things, but then I started to see enough links to things that I had publicly on the web that it was becoming clear this is what at least one bot system is doing out there.

On the good side, they are doing it very poorly - perhaps partially due to poor programming, or perhaps due to the limits of the data - if it doesn't have much text to build a database on, then it is going to output some fairly garbage data.

I won't go into the nitty gritty details of what is involved since it is boring and I don't really want to tell spammers what they are doing wrong, but the general idea is that you build a Markov Matrix in which you track some level of granularity of the text you are looking at. I'm guessing that these people are doing it at the word level. You then essentially just count how many times that word shows up in the text following the word before it.
Then you reverse your way out of it when generating text, based on the statistically probability of the next word, with a random weighting thrown in there.
And out comes something that looks somewhat like what it learned on (there are ways to greatly improve on that, but that is the general idea).

What is interesting is that even though it tends to get by the Bayesian based spam filters, it will also get by the human many times, at least to the level where they open the email.
Of course, then once they open it and see that it is junk, it will get tossed by the bulk of all users. But then spammers survive on that tiny percentage of people who apparently open that email and then actually do click through and buy whatever is on the other side.

Posted by Eric at 03:23 PM | Comments (0) | TrackBack

Video Tribute Sites

Apparently some of the video tribute sites that are cropping up around recent events like the anniversary of 9/11, or the death of the Crocodile Hunter are harvesting emails collected on the site to then spam the users.

This is hardly a new concept and an easy way to avoid this sort of thing is assume that everything on the web that asks for an email address is going to spam you. It might not (for example, we take email addresses here when you leave comments, but don't spam you - one way to be sure of that, just put in something fake), but if you at least assume that they will spam you, then you are at least starting to think about what you are doing instead of blindly handing it over and then later wondering where all of your spam is coming from.

Posted by Eric at 11:18 AM | Comments (0) | TrackBack

Sounds like they need better filters

Management Issues (sounds like a counseling service) has an article up on their site citing a study done by web security group Panda GateDefender Performa. In it, they say porn and spam are the biggest time wasters in the workplace:

Spam is another major time-water, making up an estimated 21 per cent of email reaching companies, Panda said. Some five per cent of all traffic is also infected by some type of malware.

In addition, almost 40 per cent of internet use in companies was non-work related – with most visits to pornographic web pages occurring during working hours.

If that is the case for a company, then they really need to look at firewall solutions that allow them to control what websites the employees are going to, and to manage the incoming flow of spam. There are plenty of solutions out there these days that would dramatically reduce those figures, and they are reasonable in cost (considering the savings that this study would indicate is achieved by blocking that content).
Mind you, the people who did the study stand to benefit from the results - if more time is wasted, then more money should be spent on their services to help stop the waste, right?

Posted by Eric at 10:35 AM | Comments (0) | TrackBack

New Spammer Forum

There used to be an online forum/bulletin board where spammers would meet and discuss spam related issues - from the side of the spammers. As with many online discussions, there was a lot of drama and it eventually went the way of the dodo for a variety of reasons.

But as nature abhors a vacuum, so does the business world, even in the spam world - so a new forum has popped up to try and take its place. Bulkerforum.biz sent out an email to all of the previous members of that old board and invited them to join.

They chat about spam and post ads for content delivery, fairly straightforward stuff, but based in the world of spam.

It has been up less than a week and there are already a few fights over who is a real spammer and who the "antis" are on the board. Who knows, maybe the person/people running the site are antis themselves. Who needs soap operas when you have things like this to read.

I imagine that at some point they will make it so that only members can read, but as it is now, it is open to the public.

Posted by Eric at 10:20 AM | Comments (0) | TrackBack

Coming Back

I have had a few extended stays away from this blog, usually because of things coming up in my personal life. I am now living back in the United States, and running my own tech company. As a result, I have been following more of the anti-spam news again and have had requests from enough people for information that it makes me think that this blog still has value.

So here we go again.

Posted by Eric at 10:17 AM | Comments (0) | TrackBack