Facebook has had a fair share of problems, being a large community of course it’s going to be a ripe target for spammers, scammers and malware distributors.
The latest to hit is a spam e-mail claiming to be from the Facebook team that actually spreads a nasty piece of malware called Bredolab. It’s also been observed [...]
As Twitter gains momentum there are more and more attacks on it, it’s users and the most recent is a phishing scam via DM (Direct Message).
It was uncovered recently that it was being used as a Botnet Control Channel, shortly before that it was subjected to a DoS attack.
This isn’t the first time DMs have [...]
We need more companies like this that acknowledge hoarding data isn’t doing anything for the greater good, to really stamp out the core problems you have to share the data you’ve correlated across the World so everyone can put together what they have and do something about it.
It seems like with China pumping out the [...]
For people of my age and generation and I’d guess for most readers of Darknet, Michael Jackson would have had a great influence on our lives.
The biggest news last week was most certainly his death, as usual the bad guys were extremely quick to capitalize on this and were sending out spam within hours of [...]
I thought this would have been stamped out by now, but sadly it’s still going on. With the advent of cheap web hosting and easy to use CMS systems like Wordpress more and more people are managing their own websites (gone are the days of Geocities).
More people with websites means more FTP details to be [...]
We did mention Torpig in passing back in January 2008 when talking about the Mebroot rootkit which digs down deep into the Master Boot Record.
It seems like Torpig has been pretty active since then and the latest break is that some security researchers have managed to infiltrate the botnet and collect some data on what [...]
You might remember back in November last year Spam ISP McColo was Cut Off From the Internet and there was a fairly drastic drop in spam e-mail traffic.
Well it looks like the spammers have got their acts back together as spam levels are back up to 91% of their previous volume.
Having McColo shut down was [...]
In a recent undercover sting the BBC has uncovered some unscrupulous Indian chaps selling valid UK credit card details, the kicker to the story is the fraud is linked to Symantec as the people being defrauded had all recently bought Norton subscriptions.
I guess it’s hard to control a 3rd party call center though and who [...]
Conficker has gotten quite a lot of news recently with it growing so fast and Microsoft offering a bounty for the authors.
It seems like the Conficker authors are really serious about retaining control of their botnet and expanding it further without hindrance from the companies trying to stop them.
It’s quite likely they are netting some [...]
The BBC has made an odd move recently by buying/seeding a botnet of 22,000 computers under the guise of investigative journalism.
They claim it’s not illegal as they caused no harm and only sent spam to e-mail accounts used by themselves. Technically I think it’s still breaking the law under the Computer Misuse Act but most [...]
Back in November there was a considerable drop in Spam when Spam friendly ISP McColo was cut off from the Internet by it’s upstream peer.
Srizbi worm was pretty smart though and was picking up again by the end of November. Later in the year the botnets were somewhat neutralised leading to a huge drop in [...]
The latest Phishing E-mails going round are leveraging on people’s need to digest the latest information, in this case about the Israel-Hamas conflict.
They set up a fake CNN site which prompts you to upgrade your flash player to view the video, of course it’s not Flash but a Trojan targeting your sensitive financial information.
I don’t [...]
After McColo was partially disconnected from the Internet by it’s peers global spam dropped noticeably.
It seems however that the spam was emanating from a zombie network and the control servers were hosted by McColo, the creators of the botnet (Srizbi) were smart about it though and built a fail-safe system into the the malware.
It should [...]
You might recall we reported a while ago about ’spam friendly’ ISP Intercage coming back online after having their plug pulled by upstream provider UnitedLayer.
They pledged to clean up their act though and drop their biggest client who was an Eastern European malware and phishing host.
This time another ISP has been suspected of hosting sites [...]
No surprise here, the malware authors are leveraging on the social engineering aspect of the US presidential elections.
In less than half a day Google Adwords adverts and custom malware was popping up conning users into a sense of security by using Obama’s name.
Malware purveyors have wasted no time capitalizing on Barack Obama’s landslide victory in [...]
It seems the latest target for spammers, opportunists and those into Domain Squatting is the registration of interesting or possibly valuable Twitter usernames.
Twitter has exploded recently as a new ‘micro-blogging’ platform and it works really well, especially when combined with more traditional blogging and the host of tools that have been build around Twitter to [...]
You may remember the story about the Pro ATM Hacker ‘Chao’ and his Tips a while back, apparently that was the start of a big global sting operation on credit card fraud.
Chao was admin/moderator on a community of carders (where they bought/sold stolen credit card info) called DarkMarket and the first to be busted, it [...]
Microsoft users are being targeted again by malware via e-mail, scammers/spammers never give up and for once the e-mail looks fairly legitimate.
Usually this kind of ‘baitware’ is riddled with terrible grammar and horrible spellings, do make sure you brief the less security aware friends you have about this though just in case.
Email scams are a [...]
Some interesting security industry news, it seems like Symantec is really setting itself up to be the Microsoft of the security world.
They are buying up anything and everything and merging it into the Symantec borg…things that are successful of course. Their latest acquisition is the popular MessageLabs, a good example of both cloud computing and [...]
It seems like ATM hacking is still the way to go for those into a bit of hardware hacking. One of the most notorious and well known ATM hackers was recently arrest in Turkey and a list of his tips discovered online where he also sold the ATM skimming equipment.
Well his tips can’t be THAT [...]
There has been a big hoo-haa recently about a US ISP called Intercage who have said to have been harbouring spammers and scammers via their largest client an Eastern European webhost called Esthost.
Their plug got pulled 2 days ago by the upstream provider IP transit provider UnitedLayer after weeks of criticism from the community showing [...]
This one is of interest to me as I do actually use Twitter as a microblogging service and to keep up with what various friends are up to.
It’s quite an interesting wep app especially paired with something like Twitterfox in your browser and Twibble in your mobile phone.
It must have made it big now though [...]
We all know what botnets are (think so), but anyway let’s see a proper definition of botnets taken from shadowserver… and I quote:
A botnet is a collection of computers, connected to the internet, that interact to accomplish some distributed task. Although such a collection of computers can be used for useful and constructive applications, the [...]
It’s somewhat ironic that shortly after the Kaminsky DNS bug went wild and almost immediately got ported into Metasploit that it was then used to attack HD Moore’s very own company BreakingPoint.
It happened just a couple of days ago, it doesnt seem to have been a targeted attack though more like mass spammers/scammers leveraging [...]
I stopped using ISP based e-mail accounts years ago, they always had lousy spam control and after joining a few mailing lists they used to get flooded with junk.
I always found web based mail systems to have much more effective spam filtering systems, plus I don’t have to waste my time and bandwidth downloading spam [...]
It seems like the Phishing crews at trying to get some new ideas on how to con people into giving away their credentials and leaking info.
The latest target appears to be Google Calendar.
As always be on your guard as these scams are coming from all directions.
A few months ago, spam came to Google Calendar. Now [...]
You might remember a while ago we mentioned MP3 spam, which in October last year was the latest evolution in spam.
Currently there is a new type annoying mail-server owners the world over, it’s known as NDR or Backscatter Spam and involved NDRs or Non Delivery Reports (those emails you get when you send a mail [...]
Looks like India has them moving into the hacking scene young, it’ll happen anywhere with decent network infrastructure and disparate levels of economy. Look at Eastern Europe and China as other examples, India though due to it’s outsourcing culture and plentiful legitimate jobs in the IT industry doesn’t seem to suffer so many problems with [...]
Malware authors are getting sneaky again, in the latest turn of events they have started encrypting your files and holding them at ransom!
You have to pay up to get the ‘decryptor’ and get access to your files again. This is pretty dangerous…and cunning too. It’s not easily broken either, they are using RSA 1024-bit encryption!
Kaspersky [...]
Vishing, now there’s a new term for you. Basically its Phishing – but utilising VoIP call services, which makes it very easy to spoof the Caller ID.
Even though Caller ID Spoofing was Made Illegal in the USA – people will still continue to do it, remember the FCC said it’s still easy to spoof caller [...]
It makes sense, spammers will follow whatever is popular, wherever the social mass is at and reading they will bombard.
In the earlier days Myspace was a big target, now they are moving on to other sites such as Facebook. Social networking sites are an ideal place for spammers as they can exploit the trust between [...]
It seems like spammers are now moving to automated spam via popular web mail services as a way to bypass IP-blacklisting services.
It’s a large advantage for them as they can still use botnet sources to generate the e-mail but the source IP address will be from a ‘trusted’ domain such as Gmail or Yahoo!.
The growing [...]
We wrote a while back about a new wave of sophisticated botnets, which were predicted to overtake Storm and become the largest infectors online.
It seems like it’s come true, after extensive research Damballa has uncovered the biggest botnet ever, which at present has over 400,000 unique IPs (in a space of only 24 hours) which [...]
These spammers and scammers are getting rather clever, and very sneaky. This is still epedemic and seems to be happening more and more. It takes a re-write of many of the large sites online..which frankly isn’t going to happen is it?
It just shows once again the spammers will think of all kinds of weird little [...]
It seems like botnets are getting more sophisticated – we thought the Storm Worm was pretty hot, but some of these new contenders are showing the guys on the dark side has some advanced understanding of technology and the architecture many companies use…this enables them to get deeper inside and remain undetected
Researchers have unearthed two [...]
Ah I think it’s time for controversy on a Tuesday, what do you think about this case where a hacker got some info on a company about it’s soon to be plummeting share prices by breaking into their computer. By investing $41,000 in stock potion trading on the shares that were about to drop – [...]
It seems like malware pushers have found another avenue to delivery their payloads, Embassy websites. Which makes sense as they are probably not maintained well nor updated often meaning the chance they are easily compromised is quite high.
Plus a lot probably use off the shelf CMS software, which when not updated is a playground for [...]
Another tale to do with advertising, it just goes to show it’s really not a good idea to run JavaScript from a 3rd party source on your site, especially if you don’t want your visitors redirected to a porn site!
This is just what happened to Perl.com a few days ago.
Visitors to Perl.com, the O’Reilly Media-owned [...]
Ah so Mr Alan Ralsky one of the biggest spammers of all-time is back in the news after his indictment with 10 others for running a large scale spam operation intended to inflate stocks artificially.
At one time it was thought Mr Ralsky and his friends were responsible for the majority of the spam sent, he’s [...]
It seems Phishing is have effects in ways that weren’t originally obvious, it comes back to the same topic we generally discuss here when it comes to security and consumers.
IGNORANCE.
Someone consumers see a Phishing attempt from ‘Brand X‘ as a negative against that brand…even though it has absolutely nothing to do with the brand and [...]
If you remember a while back we mentioned PDF & Image Attachment Spam – The New Problem with E-mail, now we have another ‘innovation’ in spamming..
MP3 spam!
It seems they are using it for the same old pump and dump tactics (Microcap stock fraud) to artificially inflate stock prices then sell out fast.
Spammers are back with [...]
The spam landscape has changed quite a lot in the last year or so with image spam and now the latest tactic is PDF and .zip attachments.
PDF’s of course being preferred by spammers as you don’t need to extract anything to view their spam, you just open it in your favourite PDF viewer and read [...]
I have noticed an increase in Spam activity lately, especially in Spam blog comments there has been a noticeable surge in the frequency and number.
That’s why we’ve implemented stricter measures against spammers on Darknet and our other sites.
It seems there has been a big raise in the number of bot infected systems, so it’s suggested [...]
I’ve known for a while you can buy software for spamming and MFA (Made for Adsense) site generation for a few hundred USD which utilises Google’s Blogger platform (blogspot.com sites).
You will have seen all the splogs as they are called (spam blogs) hosted on Blogger, a lot of them scrape Darknet articles and repost them [...]
As always, spam filters get better and smarter, but so do spammers..and frankly spammers have more to gain by beating the spam filters so they always work harder and think in more innovative ways.
As they get their spam resembling real emails more and more, the spam filters become less accurate.
On top of that they start [...]
Now this is a massive growth, 8000% percent..woah!
Thankfully losses are still ‘modest’ whatever that means, I guess although the attacks grow in
number, awareness an education also increases (in places like UK anyway) so the risk is fairly well mitigated.
UK incidents of phishing scams have grown 8,000 per cent over the last two years, according to [...]
It seems common in most things, and it’s the same in infosec and especially malware, phishing and spam.
The majority of malware, phishing attacks and spam mails are coming from the same few sources, I’d say it’s a case of 80/20.
20% of the people are sending 80% of the messages, one of the big groups is [...]
The battle is heating up between the spammers e360 and the anti-spam warlords Spamhaus, some say the Internet may meltdown if Spamhaus stops its service..
Some estimates say 80% of spam is stopped by Spamhaus and e-mail could suddenly shoot to a server melting rate if their service is pulled.
The legal battle between antispam organisation Spamhaus [...]
Hackers are switching targets now, companies are getting too hard to break into due to the availability of decently configured perimeter kit like firewalls and IDS.
Plus the information they do get if they manage to break in is often worthless commercially and really not worth the effort.
So instead, they target the end user, home bankers, [...]
Cyber and computer laws are always a grey area, they tend to be very vague and don’t cover specific technologies.
Spam is a good example, look at how long we’ve been getting spammed, and it’s been a SERIOUS problem for at least the last 5 years, spam legislation has only started coming in to effect in [...]
For those that didn’t see, there is a new all singing all dancing ‘light-weight’ Codec in town that is actually a trojan.
Indeed it’s not the first time we’ve seen this kind of thing.
The zCodec software actually messes with your DNS settings.
Users looking for the latest and greatest video software may not just be in danger [...]
Ah China, always been famous for repressing their population, now there repression is moving onto the Internet and using digital means..
Just like the so called ‘Great Firewall of China’, I’ve been meaning to do an article about that for quite some time, I have something drafted.
Anyway the latest thing China has done has made it [...]
Sometimes doing good can help bad things propogate, sometimes it’s good to consider the big picture and the repucussions of your charitable actions.
This is a case where such logic rings true.
Programs to send PCs to third world countries might inadvertently fuel the development of malware for hire scams, an anti-virus guru warns.
Eugene Kaspersky, head of [...]
Recently one of the sites I am developing for my self was link spammed. Some unpleasant individual decided that it would be fun to post 160 “comments†spread over all the blog posts. All the comments contained was URL’s. Even more stupid they used BB tags, but as I wrote the site it doesn’t use [...]
Splogs are becoming a huge problem, half the stuff you search for nowadays returns a splog, mostly auto syndicated content.
I find a lot of my own entries on there, surrounded by Adsense ads.
New age scrapers I guess.
Technorati returns a lot of results from splogs too, but at least they have made some efforts to clean [...]
Scammers are getting more inventive and so it seems more technically advanced. They have actually duplicated the Interpol site to dupe people.
419 advanced fee scammers have created an exact copy of the Interpol website, which is expected to be used to dupe victims into believing they are dealing with the real International Criminal Police Organisation.
A [...]
In my opinion, the best way to keep clean of spam is simple:
The first rule is NEVER reply to spam, NEVER click the unsubscribe link and NEVER e-mail to the unsubscribe address.
These are simply underhand tactics to get ‘active’ e-mail addresses.
Some other tips to avoid getting spammed in the first place:
1) Never use your [...]
Hmm Taiwan are really way ahead of everyone when it comes to being a spam hub, sadly that’s nothing to be proud of and generally it’s due to a large amount of poorly configured/unsecured servers.
Taiwan needs to start doing some vulnerability assessment! Taiwan and Korea have always had loads of open proxies/exploitable machines in my [...]
Sounds complicated, it’s almost a tongue-twister.
It turns out the carders (people using stolen credit card details fraudulently) have worked out how to get money out of the spammers (spamming being massive nowdays)
Fraudsters who deal in stolen credit card data have devised a means to extract money from sponsors of junk mail campaigns.
Carders have signed up [...]
So a friend of mine received a spam, which is not unusual, but this one was a little different.
This guy is in Malaysia, and the spam he usually receives is from all over the place, mostly US-centric, but this one was targetting Malaysians, Malaysian spammer producing Malaysian spam, is it the first?
I asked for him [...]
