Spam / News Briefs

Plentyoffish Media Inc. Fined $48,000 for Alleged Violation of Canada's Anti-Spam Law

The Canadian Radio-television and Telecommunications Commission (CRTC) today announced that Plentyoffish Media Inc. has paid $48,000 as part of an undertaking for an alleged violation of Canada's anti-spam legislation. more»

M3AAWG Releases Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

Jointly published by the Internet Infrastructure Coalition (i2C) and the Messaging, Malware and Mobile Anti-Abuse Working Group, the new document outlines proven activities that can help Web hosting services improve their operations and better protect end-users. more»

Canadian Regulator CRTC Issues $1.1 Million Penalty to Compu-Finder for Spamming

Neil Schwartzman writes: "The Canadian Radio-television and Telecommunications Commission's (CRTC's) Chief Compliance and Enforcement Officer today issued a Notice of Violation to Compu-Finder, which includes a penalty of $1.1 million, for breaking Canada's anti-spam law. Compu-Finder has 30 days to submit written representations to the CRTC or pay the penalty. It also has the option of requesting an undertaking with the CRTC on this matter." more»

Spam-Friendly Registrar 'Dynamic Dolphin' Shuttered by ICANN

Neil Schwartzman writes: Brian Krebs is reporting in KrebsOnSecurity that ICANN last week revoked the charter of Dynamic Dolphin, a registrar that has long been closely associated with spam and cybercrime. "The move came almost five years after this reporter asked the Internet Corporation for Assigned Names and Numbers (ICANN) to investigate whether the man at the helm of this registrar was none other than Scottie Richter, an avowed spammer who has settled multi-million-dollar spam lawsuits with Facebook, Microsoft and MySpace over the past decade..." more»

Arrest Made in Connection to Spamhaus DDoS Case

According to a press release by the Openbaar Ministerie (the Public Prosecution Office), a dutch man with the initials SK has been arrested in Spain for the DDoS attacks on Spamhaus. more»

Massive Spam and Malware Campaign Following Boston Tragedy

On April 16th at 11:00pm GMT, the first of two botnets began a massive spam campaign to take advantage of the recent Boston tragedy. The spam messages claim to contain news concerning the Boston Marathon bombing, reports Craig Williams from Cisco. The spam messages contain a link to a site that claims to have videos of explosions from the attack. Simultaneously, links to these sites were posted as comments to various blogs. more»

Largest DDoS Attack To Date Aimed at Spamhaus Effects Global Internet Traffic

The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history. A row between a spam-fighting group and hosting firm has sparked retaliation attacks affecting the wider internet. It is having an impact on popular services like Netflix -- and experts worry it could escalate to affect banking and email systems. more»

Google Removes All Sites Under .CO.CC Over Security Concerns

Dennis Fisher in ThreatPost reports: "In a rare and sweeping move, Google has removed all of the sites hosted on domains from its search results, saying that because such a large percentage of the sites on that freehosting provider are low-quality or spammy, they decided to de-index all of them. The domain is well-known in security and anti-spam circles for being a favorite spot for phishing and spam domains, but there also are legitimate domains hosted there." more»

Happy Canada Day from the CRTC

Neil Schwartzman writes to report: "CAUCE reports that the CRTC published long-awaited regulations (a big step towards Canada's Anti-spam Law (AKA C28) coming into force), late June 30, the day before Canada Day. The regulations are, as anticipated, very terse and do little to water down the strong nature of the law; they move to clarify certain aspects of express vs. implied consent, among other things." more»

Researchers Use Social Graphs to Detect Spammers, Attackers

A project named S-GPS or Spammer Global Positioning System, by Microsoft researchers uses spammer identification rather than spam identification to identify zombie-based spammers. more»

CAUCE Director Neil Schwartzman Wins Prestigious MAAWG Award

CAUCE Executive Director Neil Schwartzman won the prestigious Mary Litynski award on June 08, 2011 for his contributions to Internet anti-abuse efforts, including the passage of Canada's Anti-Spam Law. more»

Research Detects Spammers Using Fake URL-Shortening Services

New research has uncovered evidence of spammers establishing their own fake URL-shortening services for the first time. According to the latest MessageLabs Intelligence report, shortened links created on these fake URL-shortening sites are not included directly in spam messages; instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. "Rather than leading directly to the spammer's final Web site, these links actually point to a shortened URL on the spammer's fake URL-shortening Web site, which in turn redirects to the spammer's final Web site." more»

Garth Bruen Discussing Whois, DNSSEC and Domain Security

NameSmash has interviewed Garth Bruen, Internet security expert and creator of Knujon, on some key issues under discussion during the recent ICANN meetings in San Francisco. Topics include Whois, DNS Security Extensions (DNSSEC) and generic Top-Level Domains (gTLDs) -- issues of critical importance particularly with ICANN's expected roll-out of thousands of new gTLDs in the coming years. more»

More Targeted Phishing, Spam and Mobile Attacks; IBM Reports 150K Security Events Per Second

IBM today released the results from its annual X-Force 2010 Trend and Risk Report, identifying more targeted phishing, spam and mobile attacks. The report also finds cloud security continuing to evolve. "From Stuxnet to Zeus Botnets to mobile exploits, a widening variety of attack methodologies is popping up each day," says Tom Cross, threat intelligence manager, IBM X-Force. "The numerous, high profile targeted attacks in 2010 shed light on a crop of highly sophisticated cyber criminals, who may be well-funded and operating with knowledge of security vulnerabilities that no one else has. Staying ahead of these growing threats and designing software and services that are secure from the start has never been more critical." more»

New Anti-phishing Initiative Introduced by Yahoo!

Neil Schwartzman writes to report: "The company announced the Yahoo! Mail Anti-Phishing Platform (YMAP) yesterday. The technology is predicated upon the use of both DKIM and Sender Policy Framework (SPF) to identify authentic messages. As part of the initiative, Yahoo! has partnered with email authenticators Authentication Metrics, eCert, Return Path, and Truedomain to provide broad-band coverage of well-known brands." more»