Scam, Scam, Scam

One of the things that never ceases to amaze me about phishers is how incredibly creative they can be in writing text that encourages recipients to open their emails.
There have been two separate incident recently that inspired me to talk about phishing.
The first was watching viruses propagate through my local neighborhood mailing list. I live in Silicon Valley and we do have an email list for neighbors to talk, plan and generally share information. Last week one of the neighbors got infected with a virus, and their address started posting links to more viruses to the list. Over the weekend I watched half a dozen neighbors get infected and post more viruses to the list.
The second is the dozens of messages I’ve been receiving telling me there are naked photos of me on the Internet. They have a couple different forms. Some pretend to be concerned friends worried that my private photos have leaked. Others threaten legal action or that the police are investigating me. Still others tell me I’ve ruined a friendship by sharing these photos.
None of those things are true, of course. They’re all trying to get me to open a file and infect my machine with some virus or another.

I can certainly see why people might open this
Last week I said that botnets were mostly a solved problem. I then spent a paragraph trying to explain I didn’t mean they were gone, but that we had a handle on them. What I really should have said is that botnets are a mostly mitigated problem and that mitigation doesn’t need manual intervention.
But that doesn’t mean they’re not still a problem. Or that infections are a thing of the past. They’re certainly not.

Related Posts

Uptick in botnet spam

There’s been a heavy uptick in botnet spam over the last few days, judging by things I’m hearing and my own mailboxes. There are a few common subject lines, but all of them are trying to get recipients to either run programs or visit malicious web pages.
The first subject line I’m seeing a lot of is “<name> wants to be friends with you on facebook!” In my mailbox most of those names have not been common European names. The give away that this isn’t actually a Facebook invite is the Reply-To address pointing to Linkedin. The URLs in the message appear to be random strings of numbers, and may actually encode recipient information in them.
The second has a subject that that is a variation on “End of July Statement.” The spammers are mixing capitals, adding in “Re:” and “FWD:” and sometimes increasing the urgency by adding required or STAT!! to the mail. These mails contain a .zip file which probably contains some virus which will turn the recipient machine into the next spam spewing bot.
The third variation has the subject line “Uniform Traffic Ticket.” The content is a citation that tells the recipient they were speeding somewhere in New York (possibly other states, I have only done a spot check of the couple hundred copies I have). There is, however, a .zip attachment with a virus.
Most people probably aren’t seeing these. SpamAssassin is doing a reasonably good job here of catching the spam and filtering it. I’m sure that the bigger ISPs are also filtering it effectively. But one person did forward a copy of the spam to a mailing list and ask if anyone knew what was going on.
If you get any of these messages, you don’t need to ask. It’s virus spam. Don’t open it and don’t forward it.

Read More

User education doesn't work

A growing OSX security problem illustrates why user education is not the solution to virus, spam or malware problems.
HT: @briankrebs

Read More

Things people hate about your email marketing

I found this article over on Hubspot, and I think it covers a lot of why people hate email marketing quite well.

Read More