Malware / Most Viewed

Trench Warfare in the Age of The Laser-Guided Missile

The historical development of spam fighting is allowing computer-aware criminals to take the upper hand in the fight against what has now evolved into a completely technologically and organizationally merged threat to public safety. If we do not change our strategic approach immediately, the battle, indeed even the war may be all but lost... Of late, much has been said in the popular and computer press about a vector that is annoying, but hardly critical in nature: 'Image spam'. Spammers have jumped on the new technology of 'image-only' payloads, which morph one pixel per message, rendering them unique, and traditional check-sum blocking strategies ineffective... Fortunately this fraudulent stock-touting scheme leaves a paper trail that has allowed for some successful prosecutions in the latter half of the year. Stock spamming, while popular at present time is likely to decline as legal actions increase... more»

Internet Security Marketing: Buyer Beware

As security breaches increasingly make headlines, thousands of Internet security companies are chasing tens of billions of dollars in potential revenue. While we, the authors, are employees of Internet security companies and are happy for the opportunity to sell more products and services, we are alarmed at the kind of subversive untruths that vendor "spin doctors" are using to draw well-intentioned customers to their doors. Constructive criticism is sometimes necessarily harsh, and some might find the following just that, harsh. But we think it's important that organizations take a "buyers beware" approach to securing their business. more»

Microsoft's Takedown of - A Gigantic Self Goal?

I will first begin this post by emphasizing that this article is entirely my personal viewpoint and not to be considered as endorsed by or a viewpoint of my employer or any other organization that I am affiliated with. Neither is this to be considered an indictment of the sterling work (which I personally value very highly) that several people in Microsoft are doing against cybercrime. Microsoft's takedown of to disrupt the Nitol botnet is partial and will, at best, have a temporary effect on the botnet itself... more»

What's Wrong With Spam Prosecutions

Spam these days is more than an annoyance -- it increasingly carries malware payloads that can do serious damage to your PC, steal your identity, or turn your PC into a zombie that carries out denial of service attacks. So anything that law enforcement can do to fight spam should be a good thing, right? Well, not quite, as I'll explain. more»

When Registrars Look the Other Way, Drug-Dealers Get Paid

Since November of last year we have been discussing the problem of illicit and illegal online pharmacy support by ICANN-accredited Registrars. In several articles and direct contact with the Registrars we have tirelessly tried to convey the seriousness of this problem, many listened, some did not... With the background information already known, the case presented here is much more specific and concerns EvaPharmacy, which was until recently, the world's largest online criminal pharmacy network. more»

Internet Drug Traffic, Service Providers and Intellectual Property

You could call this Part Three in our series on Illicit Internet Pharmacy. Part One being What's Driving Spam and Domain Fraud? Illicit Drug Traffic, Part Two being Online Drug Traffic and Registrar Policy. There are a few facts I'd like to list briefly so everyone is up to speed. The largest chunk of online abuse at this time is related to illicit international drug traffic, mostly counterfeit and diverted pharmaceuticals. more»

Comcast is Right, the FCC is Wrong

A fellow named Paul Korzeniowski has written a very good, concise piece on the Comcast action at the FCC for Forbes, Feds And Internet Service Providers Don't Mix. He manages to describe the controversy in clear and unemotional language, which contrasts sharply with the neutralists who constantly use emotionally-charged terms such as "blocking," "Deep Packet Inspection," "forgery," and "monopoly" to describe their discomfort. more»

Blacklisting Under Wrong Assumptions

If you analyze the relay of spam- and malware-containing email circulating on the Internet purely through your mail server logs (running the Unix command "tail"), a large proportion seem to come from Asia Pacific hosts, especially those from mainland China. Therefore, many less-experienced systems administrators have simply blocked the access from subnets of Chinese or Asian origin, effectively destroying the fabric of the Internet -- messaging. If administrators took pains to analyze these supposedly Asian spam messages by analyzing the full Internet headers, they would have realized that the Asian servers were merely used by the real spammers as open relays, or perhaps as zombie hosts previously infected with the mass mailing worms through the exploitation of operating system vulnerabilities.  more»

Most Abusive Domain Registrations are Preventable

As the WHOIS debate rages and the Top-Level Domain (TLD) space prepares to scale up the problem of rogue domain registration persists. These are set to be topics of discussion in Costa Rica. While the ICANN contract requires verification, in practice this has been dismissed as impossible. However, in reviewing nearly one million spammed domain registrations from 2011 KnujOn has found upwards of 90% of the purely abusive registrations could have been blocked. more»

Cyber Crime: An Economic Problem

During ISOI 4 (hosted by Yahoo! in Sunnyvale, California) whenever someone made mention of RBN (the notoriously malicious and illegal bulletproof hosting operation, the Russian Business Network) folks would immediately point out that an operation just as bad was just "next door" (40 miles down the road?), working undisturbed for years. They spoke of Atrivo (also known as Intercage). The American RBN, if you like... more»

80% of Spam Originating from Home PCs

The majority of spam -- as much as 80 per cent of all unsolicited marketing messages sent -- now emanates from residential ISP networks and home user PCs. This is due to the proliferation of spam trojans, bits of surreptitious malware code embedded in residential subscriber PCs by worms and spyware programs. Worm attacks are growing in frequency because they provide a fast means of infecting a vast number of computers with spam trojans in a very short period of time. It's no surprise that many service providers report an upsurge in spam traffic immediately following a worm attack. more»

.MS: Alternate Root and Monoculture as Good Things

Why shouldn't there be a .gadi TLD? Why not one for Microsoft? This post is not about alternate roots or why they are bad, this post is about something else. We do need to go over some background (from my perspective) very quickly though. ICANN has a steel-fist control over what happens in the DNS realm. They decide what is allowed, and who gets money from it. Whether it's VeriSign for .com or any registrar for the domains they sell. They decide if .gadi should exist or not. ...What I am here to discuss is why Microsoft, as a non-arbitrary choice this time, indeed, of all the world, should kick it aside, creating an alternate root while at the same time not disturbing the world's DNS. more»

ClamAV and the Case of the Missing Mail

Some email discussion lists were all atwitter yesterday, as Sourcefire's open-source anti-virus engine ClamAV version 0.94.x reached its end-of-life. Rather than simply phase this geriatric version out the development team put to halt instances of V0.94 in production yesterday, April 15, 2010. In other words, the ClamAV developers caused version .94 to stop working entirely, and, depending upon the implementation, that meant email to systems using ClamAV also stopped flowing. more»

An Open Letter to Yahoo!'s Postmaster

In June 2004, Yahoo! and a number of other companies got together to announce the Anti-Spam Technical Alliance or ASTA. While it appears to have been largely silent since then, ASTA did at least publish an initial set of best practices the widespread adoption of which could possibly have had some impact on spam... The majority of these are clearly aimed at ISPs and end users, but some are either generally or specifically relevant to email providers such as Yahoo!, Google or Microsoft... The problem: Since February this year, we have been receiving a significant quantity of spam emails from Yahoo!'s servers. In addition to their transport via the Yahoo! network, all originate from email addresses in, and one or two other Yahoo! domains. Every such message bears a Yahoo! DomainKeys signature... more»

The New Hong Kong Anti-Spam Law, and a Small Fly in the Ointment

Well, it has been quite a while since first the Hong Kong OFTA (in 2004) and then CITB (in 2006) issued requests for public comment about a proposed UEM (Unsolicited Electronic Messaging) bill to be introduced in Hong Kong, for the purpose of regulating unsolicited email, telephone and fax solicitations. We're a large (worldwide) provider of email and spam filtering - but we're based in Hong Kong, and any regulation there naturally gets tracked by us rather more actively than laws elsewhere. We sent in our responses to both these agencies... The bill is becoming law now - and most of it looks good... There's one major fly in the ointment though... more»