fak3r

I guess since the Nigerian scams are too common people are working on new angles to rob people via email.  This is a great one too, the email purports to be from a contract killer with the recipient being the intended target, but the killer will renege on the killing if the person will cough up some cash.  It said, in part, “Am very sorry for you my friend, is a pity that this is how your life is going to end as soon as you don’t comply. … I don’t have any business with you, my duty as I am mailing you now is just to KILL/ASSASINATE you and I have to do it as I have already been paid for that. [...] Get back to me now if you are ready to pay some fees to spare your life, If you are not ready for my help, then I will carry on with my job straight-up.“  The FBI reports that it started seeing these emails about 6-8 months ago, and they’ve traced at least one to Eastern Europe.  It looks like they’re even starting to resort to some standard phishing tactics to get more personal information out of people, “…some bold thieves have even used the e-mails on FBI letter­head, or claim to be from the Department of Justice, Internal Revenue Service, Social Security Administration or Better Business Bureau. Typically, they say some kind of complaint was filed and ask the recipient to make a phone call, click a hyperlink or open an attachment — tricks designed to steal personal information.“  So just remember, if any of this were true they would not be contacting you via email.

This is interesting, apparently to test out stolen credit card numbers, scamers are donating small amounts to charities to verify they have a working number on their hands. “In the world of carding, where stolen credit card information is bought and sold, carders need to know if the credit cards they are buying or selling can actually be used. It is sometimes difficult for them to verify this without raising any alarm bells and risking that their cards will be identified as stolen and disabled. As a consequence, a new trend is appearing. Carders attempting to verify that a stolen credit card is legitimate and active have begun donating money to charity. By attempting to pay small amounts of money to various charities, including well known charities such as the Red Cross, carders can determine if a stolen credit card is valid depending on the success or failure of the transaction.” Ah, nothing is scared online, nothing. I wonder if they report their donations on their taxes? (joking)

In another scary move, Microsoft is behind a recent patent for an “advertising framework” that appears to be little more than an adware application on steriods. Coupled with another patent that aims to use “context data” from your hard drive to show you advertisements and “apportion and credit advertising revenue” to ad suppliers in real time. … The application, filed in 2006, describes a multi-faceted, robust ad-delivering system that lives on a “user computer, whether it’s part of the OS, an application or integrated within applications.” “Applications, tools, or utilities may use an application program interface to report context data tags such as key words or other information that may be used to target advertisements,” says the filing. “The advertising framework may host several components for receiving and processing the context data, refining the data, requesting advertisements from an advertising supplier, for receiving and forwarding advertisements to a display client for presentation, and for providing data back to the advertising supplier.” The adware framework would leave almost no data untouched in its quest to sell you stuff. It would inspect “user document files, user e-mail files, user music files, downloaded podcasts, computer settings, computer status messages (e.g., a low memory status or low printer ink),” and more.” If that’s not bad enough, read on… (more…)

A former spammer comes forth to tell his story, an amazing look at how easy something like this is to get away with.  “Ed,” a retired spammer, built a considerable fortune sending e-mails that promoted pills, porn and casinos. At the peak of his power, Ed says he pulled in US$10,000 to $15,000 a week, storing the money in $20 bills in stacks of boxes.“  In his last year he pulled in $480,000.

These are just amazing statistics that the volume of spam increased 147% in 2006 and that 94% of all email in December was spam! The primary reasons are armies of zombie computers “botnets” (that are hijacked due to users inability to protect their systems from malware) all ready to send out a distributed attack from anywhere; mail servers are helpless. Plus the problem is going to get worse because not only, “…the rising volume of spam that’s a problem, but the size of the spam messages. Because botnets use stolen bandwidth, spammers can send files of any size at no cost. And that’s just what they’re doing. In order to defeat content filters that might block their messages, spammers are increasingly using images. The result is that unsolicited bulk e-mail is getting bulkier. The 147% increase in spam that Postini observed in 2006 resulted in a 334% increase in e-mail processing requirement for companies. “This is causing the e-mail infrastructure of many businesses to melt down,” says Druker. “Nobody budgeted for four-and-a-half times more infrastructure capacity in one year.“

This is an amazing statistic, particularly after knowing how much email was just spam as of last month, the level of spam is down 30% from last week. “After rising steadily for many years spam levels have mysteriously dropped 30% in the first week of January. According to SoftScan the most plausible explanation is that a botnet has broken down and lost control of it’s zombie computers. Other possible explanations have been put forward including a large number of infected machines getting replaced by new computers received for Christmas or spammers being isolated by the Asian earthquake. Both explanations are considered unlikely. Spam accounted for almost 9 of 10 emails in December. Diego d’Ambra, SoftScan’s chief technology officer, said that governments will probably be forced to take a tougher stance on spam due to the sheer volume of the problem.” That would be amazing if they could tie it to people getting new computers over the holidays and finally shutting down their trojan based messes. Of course it’ll just be a matter of time until their systems get back to that state and they start complaining their computers are ’slow’ (wonder why?).  I’m sure buying a new computer next year will solve that.

Earlier in the week I talked about the biggest security worry home users should have is that their systems can be hijacked, taken over, and used as a zombie to blindly send out spam emails. I had no idea how many a standard home DSL setup could handle, but learned from this article that it’s huge. ”Today, the biggest problem is “zombie” computers that have been hijacked by trojans, viruses, or other badness to do various nefarious tasks without the owners’ knowledge. A very popular nefarious task is–surprise!–spamming. On a regular DSL connection, a regular PC can attempt to deliver up to 10,000 messages per minute.^[source] The zombie machine goes down its list of addresses, tries to connect to the mailserver associated with the next address, and if connects, it delivers the message. If it doesn’t connect, it just goes down the list.”