“YOU (andrew.m) have joined #martian_ ‘=-=’Mode #martian_ +nt by localhost.localdomain ‘=-=’Topic for #martian_ is ‘.bot.remove”

Internet service provider Cox Communications’is reportedly diverting attempts to reach certain online chat channels and redirecting them to a server that attempts to remove spyware from the computer.”By doing … via Privacy Digest
Read More… (From Email Spam News)

Cat-and-mouse

Foiled by increasingly accurate corporate spam filters, spammers have dumped pictures for PDFs in their bulk emailings, according to the latest data from security firms.
Read More… (From The Register - Security: Spam)

That might not be an online greeting card from a secret admirer in your e-mail in-box, but rather the latest attempt by spammers to victimize Web surfers. via RedOrbit
Read More… (From Email Spam News)

Who sends greeting cards for the Fourth of July? Apparently spammers. Beware of emails with Fourth of July subject lines such as:Subject: Celebrate Your Independence
Subject: America the Beautiful
Subject: July 4th Fireworks Show
Subject: July 4th Family Day
Subject: 4th Of July Celebration
Subject: American Pride, On The 4th
Each message contains a link to the “greeting card”. The link in these cases is an exposed IP address, which is a pretty good indicator that it isn”t a greeting card from an established and reputable Ecard service . When clicked, the link delivers a downloader that accesses the Internet and downloads a Trojan onto the computer. We’ve been seeing a lot of generic Ecard spam over the past month and have noted it in previous blogs. What makes this one different is that it specifically targets the July 4th Holiday. We have observed over 15 million of these messages since the attack first appeared.

Read More… (From Security Response Weblog)

“If a hub was going down for maintenance it would tell people to connect to another one”

Windows PCs are favoured by hi-tech criminals Hi-tech criminals have found novel ways to carry out web-based attacks that are much harder to spot and stop, warn security experts. via BBC News
Read More… (From Email Spam News)

“We’re going to start seeing some of the exploits happening on the PDF where they’re going to start changing the size of the PDF, and the size of the image inside.”

The scoop on Oracle Database 11g With the launch of Oracle Database 11g today, many are keen to know more about its key features and capabilities. via ITWorld Canada
Read More… (From Email Spam News)

“Botnets are quickly becoming one of the most pervasive, dangerous, and aggravating classes of malware”

Symantec Corp. released today its Norton AntiBot, which is designed to provide consumers with bot detection and removal. via InformationWeek
Read More… (From Email Spam News)

Earlier this year, I saw some screenshots of the Zunker bot and its controlling interface. I became curious about the existence of other similar interfaces and began paying a bit more attention to the spam coming into my inbox on a personal account. After a few weeks of wandering through IP blocks referenced by the spam, I ran across an open directory containing a few screen shots of what looked like another interface actively spamming multiple products.The following screen shot shows a statistics screen for a botnet they are currently using. Similar to the Zunker interface, this interface also has the ability to group by country. It looks like the feature is broken though, as you can only see one bot, which is originating from Poland. Given that, it is tempting to presume the owner is Polish; however, the interface’s text is entirely in English and the screen shot was found on a Russian server. It could, however, mean that the person leasing this interface is controlling it from a machine in Poland, but this is just an assumption. orlando_pic4_sm.JPGEfficient Spamming?
The following screen shot displays the different types of configurations currently active on this interface. It clearly shows how the spam Sinstances are managed. As the picture indicates, they are actively spamming pharmaceuticals, watches, and OEM in parallel. It’s amusing how they try to capitalize on their investment.orlando_pic2_sm.JPGCreating a spam instance
The following screenshot indicates how they configure their spam instances. (If only they had a larger resolution!) In short, the options found on the picture indicate the following:license.server, port and key are issued to the person leasing the framework;
log_file and the subsequent five lines are debugging options;
mysql.* is obviously the sql server they use;
listen.ip and port is where data gets pushed from the license server regarding their statistics; and,
access.list is presumably a list of IP addresses that are allowed to connect to the Web interface.Options found in File 2 look incomplete, but presumably feed options to the utility used to create the email they will ultimately spam. There is not enough information on the other two boxes to deduce any meaningful information.orlanda_pic1_sm.JPGSo, do we currently underestimate the development efforts put forth by malware authors? I’d say so, it takes quite a bit of time to develop a framework from scratch for this specific purpose and the funding has to be coming from somewhere. The number of active bots is relatively low, but a total of a quarter million inactive bots is still a worrisome number of compromised machines. I find this type of information fascinating and hope to find more to keep posting cool images of the control interfaces malware authors use for their large-scale networks.

Read More… (From Security Response Weblog)

Beijing is the most prolific source of spam and viruses, according to Network Box. During June, the company blocked more than four million viruses, worms and Trojans daily, with Beijing accounting for 40 per cent of all viruses released and more than five per cent of all spam.
Read More… (From Spam News)

Earlier this year, I saw some screenshots of the Zunker bot and its controlling interface. I became curious about the existence of other similar interfaces and began paying a bit more attention to the spam coming into my inbox on a personal account. After a few weeks of wandering through IP blocks referenced by the spam, I ran across an open directory containing a few screen shots of what looked like another interface actively spamming multiple products.The following screen shot shows a statistics screen for a botnet they are currently using. Similar to the Zunker interface, this interface also has the ability to group by country. It looks like the feature is broken though, as you can only see one bot, which is originating from Poland. Given that, it is tempting to presume the owner is Polish; however, the interface’s text is entirely in English and the screen shot was found on a Russian server. It could, however, mean that the person leasing this interface is controlling it from a machine in Poland, but this is just an assumption. orlando_pic4_sm.JPGEfficient Spamming?
The following screen shot displays the different types of configurations currently active on this interface. It clearly shows how the spam Sinstances are managed. As the picture indicates, they are actively spamming pharmaceuticals, watches, and OEM in parallel. It’s amusing how they try to capitalize on their investment.orlando_pic2_sm.JPGCreating a spam instance
The following screenshot indicates how they configure their spam instances. (If only they had a larger resolution!) In short, the options found on the picture indicate the following:license.server, port and key are issued to the person leasing the framework;
log_file and the subsequent five lines are debugging options;
mysql.* is obviously the sql server they use;
listen.ip and port is where data gets pushed from the license server regarding their statistics; and,
access.list is presumably a list of IP addresses that are allowed to connect to the Web interface.Options found in File 2 look incomplete, but presumably feed options to the utility used to create the email they will ultimately spam. There is not enough information on the other two boxes to deduce any meaningful information.orlanda_pic1_sm.JPGSo, do we currently underestimate the development efforts put forth by malware authors? I’d say so, it takes quite a bit of time to develop a framework from scratch for this specific purpose and the funding has to be coming from somewhere. The number of active bots is relatively low, but a quarter million total of inactive bots is still a worrisome number of compromised machines. I find this type of information fascinating and hope to find more to keep posting cool images of the control interfaces malware authors use for their large-scale networks.

Read More… (From Security Response Weblog)

Security vendors and users agree that image spam is finally on the decline, but at the same time a new kind of spam is emerging that uses an attached PDF file to trick recipients into buying stock in a company.
Read More… (From Spam News)

The SSG 140 Firewall/IPSec VPN Security Appliance from Juniper Networks offers an ideal mix of performance, security and LAN/WAN connectivity for your network. via Digital Pro Sound
Read More… (From Email Spam News)

“You have to educate people about what the threats are”

Via Thomson Dialog NewsEdge) Jul. 14–When completed in the next couple of years, the city’s wireless network will give Houstonians better access to the Internet, but it will also require users to take steps to … via Customer Interaction Solutions
Read More… (From Email Spam News)

“This software contains backdoor functionality to allow a remote attacker to fully control a system. … Currently, this malware is not well detected by many anti-virus vendors. AusCERT has observed more than 50 sites hosting this malware.”

If you receive an e-mail warning you that a virus or spyware has been detected on your system, just delete it. via InformationWeek
Read More… (From Email Spam News)

“It’s an extra layer to scan and also an extra performance drop at the filtering system because it is very performance prohibitive to parse a PDF file, especially since PDF files can be very large in size”

Xeon Processors Packed with Latest Server Technologies By adding more servers, the datacenter can quickly grow out of control, and bring power and cooling costs with it. via Internet News
Read More… (From Email Spam News)

This week’s column in the Journal (subscription only, I’m afraid) is about something called theYoggie: This small computer is called the Yoggie Pico, launched May 29 by an Israeli company called Yoggie Security Systems. The idea is that you should…
Read More… (From loose wire blog)

This year’s edition of the World Information Society Report 2007 notes that growth in the globalInformation Society is not without risks and the Report examines the potential pitfalls of growth in the rise of online […]
Read More… (From The War on Spam)

« Previous Entries Next Entries »