BLOG

Tag: malware

Botnet activity warning

A bit of advice from the folks at the CBL, posted with permission and some light editing. I’ve been seeing some folks report longer connection times at some places, and this might explain some of it. It’s certainly possible, even likely, that the large ISPs are getting a lot of this kind of traffic. A […]

1 Comment

GDPR and Whois data

For folks who aren’t following the discussion about whois records and GDPR compliance there’s a decent summary at vice.com: What Is Going to Happen With Whois? The problem, briefly stated, is that ICANN has agreements with the thousands of domain registrars around the globe like GoDaddy or HostGator which oblige the companies to post WHOIS […]

1 Comment

Ransomware email protected by DMARC

Virus bulletin has an interesting post about DMARC and how some criminals are protecting their emails with DMARC.

No Comments

Email is inherently a malicious traffic stream

It’s something many people don’t think about, but the majority of the traffic coming into the SMTP port is malicious. Spam is passively malicious, in that it just uses resources and bothers people. But there is a lot of actively malicious traffic coming into the SMTP port. Email is used as a vector to spread viruses […]

No Comments

Spam, Phish or Malware?

Some mornings I check mail from my phone. This showed up this morning. My first thought was “oh, no, Pizza Hut is spamming, wonder who sold them my address.” Then I remembered that iOS is horrible and won’t show you anything other than the Friendly From and maybe it was some weird phishing scheme. When […]

1 Comment

What about the bots?

M3AAWG published a letter to the FCC addressing the implementation of CSRIC III Cybersecurity Best Practices (pdf link) The takeaway is that of the ISPs that contribute data to M3AAWG (37M+ users), over 99% of infected users receive notification that they are infected. I hear from senders occasionally that they are not the problem, bots […]

No Comments

LinkedIn shuts down Intro product

Intro was the LinkedIn product that created an email proxy where all email users sent went through LinkedIn servers. This week LinkedIn announced it is discontinuing the product. They promise to find new ways to worm their way into the inbox, but intercepting and modifying user mail doesn’t seem to have been a successful business […]

No Comments

Compromising a Mail Client

Your entire work life is in your work mail client. All the people you communicate with – co-workers, friends, family, vendors, customers, colleagues. Every email you send. Every email you receive. Any files you attach or receive. If someone can compromise your mail client, they can see all that. They can save copies of all […]

3 Comments

Flush your DNS cache (again)

This time it appears that DNS for major websites, including the NY Times, has been compromised. Attackers put in DNS entries that redirected visitors to a malware site. The compromise has been fixed and the fake DNS entries corrected. However, people may still have the old data in their DNS caches and security experts are […]

No Comments

Cloudflare and Spamhaus

Spamhaus has been the subject of a lot of discussion the last few weeks. I touched on this a little in June when I blogged that a number of large brands were getting SBL listings. But big brands are not the only companies with publicly discussed SBL listings. Cloudflare, the content delivery network that grew […]

25 Comments