“Google Custom Search, is the wonderful product from Google which many webmasters have been looking and dream for”

Readers of Google Inc.’s Custom Search Blog were handed a bit of a surprise Tuesday when the Web site was temporarily removed from the blogosphere and hijacked by someone unaffiliated with the company. via ITworld
Read More… (From Email Spam News)

“These infected computers are now being used to distribute the pump and dump spam”

So-called pump and dump spam scams happen when spammers send out massive amounts of unsolicited e-mail with a purported hot stock tip on a given company in an attempt to drive up its stock value. via E-Commerce Times
Read More… (From Email Spam News)

How much is that doggy?Email con-men are targeting animal lovers in new variants of advance fee fraud scams.Original post by Dougal and software by Elliott Back
Read More… (From The War on Spam)

Storm worm’s a brewin’Security researchers are reporting a sharp increase in the number of machines infected by the Storm Worm, prompting speculation that its authors, who so far have limited their activities to spam, intend to use it for more destructive purposes, such as launching massive denial of service attacks.Original post by Dougal and plugin […]
Read More… (From The War on Spam)

How much is that doggy?

Email con-men are targeting animal lovers in new variants of advance fee fraud scams.
Read More… (From The Register - Security: Spam)

The August State of Spam Report highlights the continuing decline of image spam, which reached a low in July from its peak in January. In addition, we observed the emergence of a new focus - greeting card spam, PDF and other file attachments spam, and the rise in URLs with Chinese top-level domains (TLDs) marketing spam. This month”s spotlight includes regional spam trends in EMEA.Though still steadily declining, what we”ve come to think of as image spam” has not gone away. The preferred delivery method of this spam type is now PDF, which emerged in June of 2007 and was discussed in a previous post. Symantec is seeing PDF spam ranging between two to eight percent of all spam. July also saw the emergence of yet more tactics focused on spamming images. These tactics include the use of XLS and ZIP files. At this time, the volume of these spam types is low but Symantec is closely monitoring this new technique.Greeting card spam containing links to viruses was seen in higher than usual numbers in July. More than 250 million Symantec customers were targeted with these message types. Around the Fourth of July a particularly large outbreak was seen and blogged on. The content of the greeting cards consists of an exposed IP address in most cases, which is a very good indicator that the card is not genuinely good. These exposed IP address links were downloading Trojans onto computers. A sample of this message type can be seen in the August State of Spam Report.Also observed in July was the rise in the number of spammy URLs utilizing the cn” TLD. While historically the most commonly seen TLDs in spammy URLs were net” and com,” in July Symantec estimates that over 74 million spam messages contained a spammy URL with a cn” TLD. Several possible reasons for this rise are included in the August State of Spam Report.The spotlight on Regional spam trends EMEA” this month showcases casino spam, Italian medication spam and an iPhone scam. European casino spam was first mentioned in the April State of Spam Report. Current observations show this spam type covered by at least three different languages. Samples can be seen in August State of Spam Report. One common attack in the US market is male enhancement” medication spam. The European market, and in particular the Italian market, is now seeing this spam type as well. What is different about this version is that the subject lines of the messages observed were all designed to make it look like the email was from a friend.Another interesting spam seen in the European market was purporting to sell the new Apple iPhone from a UK warehouse. This is interesting because the iPhone is not available in Europe yet and the price listed for the phone was far below retail.

Read More… (From Security Response Weblog)

(This is the text of my weekly Loose Wire Service column, written mostly for newcomers to personal technology, and syndicated to newspapers like The Jakarta Post. Editors interested in carrying the service please free to email me.) I’m always horrified…
Read More… (From loose wire blog)

“Damn Spam: The losing war on junk e-mail”

Bayesian filters try to catch spam by looking at properties of previous spam: looking for the word Viagra , for instance. via Language Log
Read More… (From Email Spam News)

“I don’t care if they’ve triple opted-in and gave you their credit card number”

I’m going to let you guys in on a little secret. There’s a difference between how an email sender sees their inbox and how an email recipient sees theirs. via Campaign Monitor Blog
Read More… (From Email Spam News)

Spartacus was a slave who escaped from the gladiator school at Capua with a few fellow gladiators in 73 B.C.. Commanding a growing army of slaves, he kept Rome busy for two years — in part because some of his … via About.com
Read More… (From Email Spam News)

“You potentially can identify companies that are attractive investments”

Pink Sheets site labels risky ones Nell Henderson , The Washington Post Riding the stock of Vision Airships over the past few months would have made any investor airsick. via News Observer
Read More… (From Email Spam News)

“The Court finds that Plaintiffs’ instant lawsuit is an excellent example of the ill-motivated, unreasonable, and frivolous type of lawsuit that justifies an award of attorneys’ fees to Defendants”

Gordon v. Virtumundo , 06-0204-JCC I believe this ruling represents the first time that a CAN-SPAM plaintiff has been ordered to pay attorneys’ fees and costs to a defendant. via Technology & Marketing Law Blog
Read More… (From Email Spam News)

“On some days over the last month, it’s been 10 times more. This is a very difficult problem to contain and so far, whoever is behind it is way ahead of those trying to stop them.”

To judge by the amount of e-mail circulating through cyberspace claiming to be greeting cards sent by secret admirers, long-lost school chums or colleagues sending you their best wishes, it’s like the Internet … via Detroit Free Press
Read More… (From Email Spam News)

“You need to do much more due diligence than just clicking on a Web site”

Now that everyday savers know that real estate isn’t always a sure bet — and yes, stocks can sizzle — it’s smart to spotlight a deluge of bogus deals that could lead you to lose a buck fast.For the gullible investor, we have spam e-mails that tout no-name stocks that are trading for 20 cents a share. The stocks are so hot, these e-mails say, that the price could hit $2 in days.We’ve also got scam Web sites, scam lunches and even serial scams.Jack McCreery, senior counsel for the Office of Investor Education & Assistance for the U.S. Securities and Exchange Commission in Washington, has been traveling around the country warning investor groups of scams. This spring, a friend heard him speak at the Great Lakes Coalition Better Investing Regional Conference in Ypsilanti, Mich. And she told me he had some great advice, so I gave him a call. Read more
Read More… (From Email Spam News)

Ok, you can substitute whatever agency name you want, but the story is nearly always the same. A little while ago I blogged about Advanced TDS, another Mpack-type clone and mentioned how professional some of the malware creators are becoming.At the other end of the spectrum, we still have a large number of amateurs in the game. The attempts that some of them make in their social engineering trickery is abysmal, to say the least. Take this example of a spam email:

Dear Mr./Mrs. D####### P#######This email was sent to inform you that your complaint case #278250765 filled with the FTC was successfully registered and posted in our Business Sentinel, a business complaint database maintained by the U. S. Federal Trade Commission. The complaint that you have filled is now accessible to certified government law enforcement and regulatory agencies in ICPEN-member countries. Government agencies may use this information to investigate suspect companies and individuals, uncover new scams, and spot other such illegal activities.Because the Internet marketplace is a borderless one, sharing your complaint with government agencies in different countries will help keep the Internet safe. It will also help prevent others from experiencing the problem you have.Information submitted through the online complaint form may also be used in aggregate form to analyze and create statistics, that may be released to the public. This aggregate data will not contain any personal information.Attached you will find a copy of your complaint. Please print a hard copy of the complaint for your records in the upcoming investigation.Thank you for your cooperation and we will keep you informed on the status of our investigation.Federal Trade Commission

It”s not a bad attempt at story writing; the message and wording sound reasonably convincing. The usual story is about a complaint received by the government agency mentioned. Also as usual, attached to the email is a document name along the lines of Complaint_[several random digits].doc. If the receiver falls for the trick and opens the document, they will see the following in the document.
View of opened Word docIf, at this point, alarm bells have not started to go off, then I”m afraid to say you have missed some very clear telltale signs that something is amissFirst there is the schoolboy error in the first word, which would suggest that the author is not from a professional organization. I doubt the scam email crafter meant to say, SBellow is a copy of your original complaint. So, null points for the scammers on the language skills test.Aside from the incorrect choice of words, what about the rest of the document? You”ve got to ask yourself, is a government agency likely to send something of this nature and quality? I would like to think that our taxpayer dollars would give us civil servants able to produce better quality output than this example. So this scam also fails the quality test.Then there is the strange method of embedding a PDF inside a Word document. Now why would anybody want to do that? Why not just send the PDF on its own? Because, as it turns out, what appears to be a PDF file is actually an executable file.Should you try to open the embedded file, you are still given one more chance to avoid being infected.
Prompt after attempt to open PDFWindows warns you that a program called C_Adobe.exe is about to be run. Once again there are clues to be picked up here. Why would a program called C_Adobe.exe run when you attempt to open a PDF file? Plus, C_Adobe.exe does not look like a legitimate application. And, of course, it”s not. It is actually a downloader program that attempts to download other files. The downloaded file drops another file which is an information stealing Trojan horse. Had you clicked on the Run button, I”m afraid you would have just invited a number of threats onto your computer. For most of us, common sense will have saved us from making this mistake. Even better though, a Symantec security product would have caught the whole thing at the very beginning.

Read More… (From Security Response Weblog)

“This is almost certainly being automated by bots”

PDF spammers have started varying attachments to fool spam filters, security vendor MessageLabs has warned. via PC World
Read More… (From Email Spam News)

Australian Federal Police agent Nigel Phair is one of Australia’s most experienced online crime fighters. via The Age
Read More… (From Email Spam News)