Friday, January 09, 2009

Spam Levels on the Rise, Again

With the shutdown of McColo by Internet Service Providers in November, global spam volumes dropped over 50 percent. Sadly, this appears to have been a short-term fix. According to a new Symantec report, the spammers have moved to new locations and the volumes are back up to 80 percent of pre-McColo levels.

While spam originates from a lot of places, the United States is still in the number one spot, with 27 percent of the spam observed originating from there. China and Brazil tied for second place with 7 percent of spam originating from these countries.

The report indicates that URLs in Canadian Pharmacy spam messages were noted as being top-level Chinese domains (.cn TLD). Could this mean that Chinese knock-off (counterfeit) prescriptions are trying to make it appear as if they are coming from Canada? Given the recent concerns of tainted and poisonous merchandise being exported from China, this might be a concern. Of course, I would think that buying prescription meds over the Internet should be a concern to most people, anyway.

In another variation of recently observed spam, a user is invited to join a social networking site. The link goes to a real group, which was created on the social networking site by the spammer. The group then links to a free blogging site, which redirects the victim to the ultimate destination URL. At the destination URL, personal information is requested, which is probably used to sell to marketing companies or used in other spam campaigns. Please note, although not mentioned in the report, that some of these campaigns might have malicious intent or be scams.

Also noted during the holiday season was a lot of e-Card spam. This spam sometimes comes with malware (malicious software) designed to steal personal and financial information or turn your machine in to a spam spewing zombie computer using your credentials.

A partcularly deceptive spam delivery method noted recently is spammers inserting their messages into legitimate newsletters. This method seems to get past spam filters pretty effectively. If the recipient clicks on the message, they are taken to a spammer site. Here again, it might be a site selling junk, but also could be a site with more malicious intent.

Another spam trend in vogue these days is to use the recession as a social engineering lure designed to get people to click on a spam link. Messages are being sent out in the millions touting easy bail-out money to be had and an assortment of the normal get-rich- quick schemes. If it's too good to be true and doesn't make sense, it's normally a scam, and I suspect that most of this type of spam is one.

Last but not least, the spammers are still using President-elect Barack Obama's name to market coin offers, a "Barackumentary DVD" and a free Visa card for helping the Obama clan pick their dog.

Shutting down McColo by reaching out to the ISPs — which was done largely through the work of Brian Krebs at Security Fix (Washington Post) -- showed that a significant impact can be made on spam when ISPs are held accountable. Given that Brian is one person and a journalist, this was an admirable piece of work. The fact that spam is approaching pre-McColo levels tells us that there are more ISPs that need to be held accountable. Maybe in the end, government and international agencies need to follow Brian's example and and make an impact on spam levels that will last a little longer.

Spam is a dangerous pain for everyone who uses e-mail. Most scams, questionable goods and services and cyber-attacks using malicious software start with a spam e-mail. Shutting down the spam operators can only make everyone's experience on the Internet a little more safe and sane.

Monday, January 05, 2009

Twitter Users (Including Barack and Britney) Hacked and Phished

The Phishermen (and probably a few women) are always looking for fresh waters to hook some unsuspecting phish — so it should be no surprise that Twitter is their latest target. After all, e-mail, cell phones, and Facebook have already been phished, along with countless desktops and laptops.

According to a Symantec blog post, Twitter users are receiving warning messages from Twitter command and control about this matter. The blog post by Marian Meritt, the Internet Safety Guru at Symantec, gives blogger Chris Pirillo credit for breaking the story on Saturday. According to the blog post at Symantec, the messages appear to come from someone you know at Twitter with a link to a malicious website designed to steal information.

Twitter also put up a warning on their blog. It starts with a Wikipedia definition of phishing and then details how the phishing attack will come in the form of an e-mail message notifying a person they have a Twitter Direct Message. Thus far, the social engineering lures being used in the e-mail go something like this: "Hey! check out this funny blog about you..." and direct the user to click on a link to a fake website.

They also point out that if you look at the URL you'll see that it is not the same as the URL for the normal landing page for Twitter. A trick to do this (without clicking on the link) is to hover your mouse pointer over the link. If you look at the bottom left portion of your page it will display the URL the link goes to. With all the malware people can get nowadays by just visiting (driving-by) a malicious page — this is a much safer way to go about it rather instead of actually clicking on the link to find it.



Twitter blog picture showing where to look for a suspicious URL

Authentic looking phishing sites aren't hard to create. Often the hacker merely copies the pictures of a legitimate site and puts them on a compromised (hacked) site so the activity can't be traced back to them. Hackers frequently seek out sites with poor security to compromise and put up their own (malicious) site.

Also contained in the blog entry are instructions on what to do if you've been phished. Basically, they direct you to their password reset tool and a legitimate e-mail will be sent to you so you can change your password.

Interestingly enough, Twitter also reported this morning that 33 prominent Twitter-ers were hacked over the weekend. Apparently, the notables included President-elect Obama, Rick Sanchez, and Britney Spears. According to Twitter, this attack has nothing to do with the phishing expedition into their waters. Apparently, someone hacked into some of the tools their support team uses to help people with their e-mail.

They also pointed out that Mr. Obama hasn't been twittering lately due to issues with the transition.

Sunday, January 04, 2009

Richardson Steps Down Because of a Scandal - What Else is New?

In the second scandal in recent weeks — where palms were allegedly greased to gain political favor — New Mexico Governor Bill Richardson has announced he is withdrawing his nomination to be President-elect Barack Obama's Commerce Secretary because of a grand jury investigation into how one of his political donors won a lucrative state contract.

The first scandal in recent weeks was, of course, Illinois Governor Rod Blagojevich allegedly attempting to sell President-elect Obama's recently vacated Senate seat.

The federal grand jury is investigating how a California company, which contributed to Richardson's campaign, won a $1 million transportation contract.

Governor Richardson — who like Governor Blagojevich is not stepping down from his position as governor — has stated he is confident the investigation will reveal he acted properly in the matter. His rationale, as stated in this Washington Post article, is that the investigation could take a long time and he doesn't want to get in the way of important work that needs to be done.

President-elect Obama accepted the resignation with deep regret and cited Richardson's long history of service to the country, both at the state and the federal level.

The federal grand jury investigation in question was announced in mid-December and revolves around whether or not CDR Products was awarded a 1.4 million contract after making contributions to Richardson's political action committees. The contributions of $100,000 were made in 2004 by CDR (based in 90210, Beverly Hills, CA) shortly before they obtained the contract.

Reports indicate that this case is part of a larger one involving the FBI's investigation into "pay to play" practices involving governent bonds. In another part of this investigation, the mayor of Birmingham, Alabama, Larry Lanford, has been indicted for taking hundreds of thousands of dollars in gifts and loans that led his city into bad investments and ultimately, bankruptcy.

Al.com just reported that corruption has dominated the news in Alabama in recent history. In a telling statement, the article noted that corruption deserved top billing in 2006 and 2007, also. Alabama Governor Don Siegelman continues to try to overturn his 2006 conviction on bribery charges, and their Chancellor, Roy Johnson, plead guilty in a federal investigation of corruption in the state's two-year college system.

The sad thing is that politicians being charged and convicted of fraud are becoming too common. From a congressman allegedly getting caught with $100,000 in his freezer, to a senator allegedly accepting $250,000 in gifts from an oil company executive — I sometimes wonder if I am living in a foreign land, where we would expect this to be the status quo. Please note, there are many more examples of public figures getting caught with their hands in the cookie jar in recent history. Please note also that the incidents of alleged corruption involve leaders of different political affiliations.

As we are only days now from President-elect Obama's administration taking office, we face the worst financial crisis since the depression. Not only are we experiencing a financial crisis, but many believe our nation is severely divided; and to top it off, we are at war.

President-elect Obama has spoken out many times on the evils of special interests and lobbyists, who seem to be able to control our government's destiny. Even after Wall Street laughed all the way to the bank (for years) when the mortgage crisis was created — it seems we are being held hostage to bail them out or face even more severe financial consequences.

Change is what is needed and hopefully that is what is about to occur. On his transition website, President-elect Obama is encouraging open government and soliciting us all to write in with our own ideas. I think this a good thing and we all should do it. Our nation was founded in part because of taxation without representation and if you think about it, an argument might be made that this what we've been seeing in recent history.

During the election, I struggled a lot with how to cast my vote; my uncle (who is a huge Obama advocate) sent me a YouTube video about Obama set to John Lennon's song, Imagine. For those of us who still remember his music, Lennon had another song called Gimme Some Truth. What we need now is to imagine our leaders are there for us and to stop finding reasons to lose faith in them.