On multiple Windows Live Messenger accounts (formally MSN Messenger), we received the messages (don’t visit the link!): Get surprise at http://www.messengerweb.info/ Unbelievable! Hey, http://www.messengerweb.info/ helps u find out who is your friend! U have deleted me! Look here http://www.messengerweb.infoWas this a new worm? Or a bot that was sending out IM spam? Turns out it is neither and instead much more like adware. The site being advertised states they can find out who may have removed you from their contact list. All the service requires is for you to “enter your MSN account and password and we will tell you who has left you out from their lives.”However, if you read the fine print, it states “By using this service the user allows Messenger-Tips to send intant messanges [sic] to your online contacts and/or change temporarily the nickname in order to advertise free this service.”So, these messages aren’t coming from a bot or a worm, but friends on your contact list who have given out their username and password to this service. The service then sends messages to everyone on their contact list. As usual, we recommend that you do not give out your account details to third parties. If you provided your credentials to this site, we recommend you change your Live/MSN/Passport/Hotmail password here.Update: We have received the following similar messages in Spanish: hola mira, en www.TeBloqueo.com puedes averiguar quien te tiene No Admitido en el MsnTranslation: Hi look, at www.TeBloqueo.com you can check who has you blocked in MSNWe haven’t confirmed if this Spanish site is a copycat or related.
Read More… (From Security Response Weblog)
-
Categories
-
Archives
-
Links
Introducing a unique
way of killing spam: SpamShootout! Available exclusively in:
E-mail Client for Windows Download Free Trial
(POP3/SMTP/SSL)
View Demo
Screenshots
Features
-
Admin
Associations Guidelines June 19, 2007 Building A Blog Anvil Joseph Thornley comments on a panel discussion at Enterprise 2.0 with panelists Anil Dash, Suw Charman, Sam Weber and Oliver Young. via PR Communications
Read More… (From Email Spam News)
In the words of the Ghost Busters, SWe”ve got one We”ve got what?, I hear you ask. We now have an example of alleged SMS spam with some real statistics rather than the usual conjecture. We know SMS spam has been growing through the monitoring of such sites as Grumble Text [1] however we”ve never had true insight into the scale of a professional SMS spamming operation. Well recently that changed - TelecomWeb broke the story [2] that,
SVerizon Wireless filed a lawsuit against Nev.-based I-VEST Global Corporation and various “John Does,” alleging they sent unsolicited commercial electronic messages (wireless spam) to its customers. and that SThe lawsuit, filed in U.S. District Court in Trenton, N.J., alleges that, beginning in April, I-VEST attempted to send more than 12 million text messages to Verizon Wireless handsets, offering information about buying stocks or real estate. However, the carrier says spam filtering and network monitoring actions it took prevented the vast majority of “the messages from getting through to subscribers’ handsets and resulted in fewer than 5,000 messages being delivered.”
So this shows us that the attempt was of a reasonable size, and that the anti-spam and network monitoring tools in place allowed them to either automatically block or react in a timely fashion to block the spam run.What about the court documents? Well the court documents are available on Pacer [3] and, while the first provides details of the complaint [4], both actually provide some examples of the SMS spam allegedly sent [4] [5 Exhibit A].From reading the court documents, some interesting things emerge. The first is that in the first document, [4] point 27, Verizon mention that they had to develop and purchase systems in order to combat the defendant”s Spam operation. Point 28 describes the strain that the attack placed on the Verizon SMSC and associated infrastructure.Anyway, a fascinating insight into the scale and the ramifications of SMS spam on operators.A short note to thank Khoi Nguyen and Eric Chien of Symantec, for bringing the information to my attention and finding the court documents, respectively.[1] http://www.grumbletext.co.uk/
[2] http://www.telecomweb.com/tnd/23581.html
[3] http://pacer.psc.uscourts.gov/
[4] Verizon1.pdf
[5] Verizon2.pdf
Do you know what your “talkers” are saying about you? You should, because what they say can affect your quest to get your e-mail messages safely through ISP and corporate spam filters and into the inbox. via Clickz
Read More… (From Email Spam News)
In my previous post on the basics of email headers, we saw the basic headers that are inserted by receiving mail agent. In this post, we are going to look at some of the techniques that spammers use to hide themselves. Recall a received header; it’s an envelope header that a machine inserts to log where it came from. A good mail recipient will log the received IP. From the example earlier: Received: from mailhost.tzink-is-awesome.com (mailhost.tzink-is-awesome.com [292.13.130.22]) by mail.tzink.net (8.8.5) for me@tzink-is-awesome.com with EMSTP id 123456789-0AH for <me@tzink.net> In this example, the IP (292.13.130.22) that sent the message has a reverse DNS of mailhost.tzink-is-awesome.com. When the transmitting machine sent the message, it said “Hello, my name is mailhost.tzink-is-awesome.com.” In other words, everything checked out. However, what would happen if a spammer decided to forge the HELO? What if they said “Hello, my name is mailhost.awiebersand.com”? Received: from mailhost.awiebersand.com (mailhost.tzink-is-awesome.com [292.13.130.22]) by mail.tzink.net (8.8.5) for me@tzink-is-awesome.com with EMSTP id 545D2FE805C for <me@tzink.net> In this example, the machine claimed to be mailhost.awiebe.com, but was sending from mailhost.tzink-is-awesome.com. Right off the bat we can see that there is a mismatch. By looking up the IP address awiebersand.com, it resolves to 264.33.78.90. In other words, it is completely different than tzink-is-awesome.com. Thus, we have come across an example of a transmitting machine that claimed to be sending from one mail host but in actually was sending from another. A smarter spammer will use a trick to bypass this. Rather than sending from an IP address that has a reverse DNS lookup (ie, converting an IP to a domain name), they will send mail from an IP that has no reverse DNS. In that case, the received line would look like the following: Received: from mailhost.awiebersand.com (unknown [282.31.31.22]) by mail.tzink.net (8.8.5) for me@tzink-is-awesome.com with EMSTP id 545D2FE805C for <me@tzink.net> I’ve inserted the “unknown” because the above IP address does not resolve to a DNS (and that’s the way our servers mark it in the headers). Since the transmitting IP has no reverse DNS there’s no way to verify whether 282.31.31.22 resolves to it. Doing a DNS lookup on awiebersand.com doesn’t match the IP address; this is suspicious and in itself doesn’t prove the domain is spammy but is definitely worth increasing the spam probability. A smarter spammer still would obfuscate even more: Received: from hofgado (unknown [272.16.141.210]) by mail.tzink.net (8.8.5) for me@tzink-is-awesome.com with EMSTP id 545D2FE805C for <me@tzink.net> The transmitting machine called itself hofgado and sent from an IP with no reverse DNS. In this case, there’s definitely no way to resolve this because the machine name won’t resolve via a DNS lookup (not in the proper format) and there is no reverse IP. This is certainly suspicious and would definitely increase the spam probability. On the other hand, there are a lot of misconfigured mail servers out there that are sending legitimate mail. In the next post, I will go into how Forward-Confirmed Reverse DNS can help with email authentication.
Read More… (From Terry Zink’s Anti-spam Blog)
Now that we have seen how email headers are inserted by the receiving machine upon receipt of an email, we need to go into a little bit on how mail servers convert IP addresses to host names and vice versa. DNS stands for Domain Name System. It converts a host name to its IP address. Reverse DNS is the opposite, it converts an IP address to its host name. It does this by examining the IP’s PTR record. From answers.com:
A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address. For example (at the time of writing), www.icann.net has the IP address 192.0.34.164, but a PTR record maps 164.34.0.192.in-addr.arpa to its canonical name, referrals.icann.org.
The converse of a PTR record is the A record, which maps a hostname to its 32-bit IP address. So, A-records are used for DNS lookups, PTR records are used for reverse DNS lookups. This brings us to Forward Confirmed Reverse DNS, or FCrDNS. An IP is said to have FCrDNS if it has a forward DNS (name -> IP) and reverse DNS (IP -> name) that match. First, an IP has a reverse DNS performed. This returns a list of hostnames associated with that IP (the list could 0, 1 or more entries). For each entry in that list (assume it is greater than or equal to 1), a regular DNS lookup is performed to see if the IP matchup matches the original IP address. So, for example: IP = 292.28.75.16 Reverse DNS = tzink-is-awesome.com, tzink-is-okay.com, tzink-is-not-that-great.com A-record for tzink-is-awesome.com = 292.13.130.22 — no match
A-record for tzink-is-okay.com = 292.21.14.15 — no match
A-record for tzink-is-not-that-great.com = 292.28.75.16 — match! Since we matched the IP address in one of the domain’s A-records that was found in the PTR, we are said to have FCrDNS for the IP. In spam filtering, if an IP has FCrDNS then we can be sure that the mail originated at the domain. Spammers cannot normally forge this if they are sending from zombie computers. Of course, if the ISP in question doesn’t care about spammers then this form of authentication won’t stop the mail. On the other hand, if the ISP doesn’t care about spam filtering and a spam analyst figures this out, this IP can very quickly be placed on a blocklist and accept no further mail from them until they clean up their act. You can see how DNS lookups can be useful in some circumstances. At the very least, if the connecting IP says HELO, has an rDNS that matches the HELO, then the mail did indeed originate from that domain. The DNS information can then be inserted into the received headers. If the mail is spammy, the ISP can be complained to. If the ISP ignores the spammee, they can be placed on a blacklist. After all, it’s proof that the IP is sending spam that indeed is originating from that host.
Read More… (From Terry Zink’s Anti-spam Blog)
“What he owns is a lot of clothes.”
SEATTLE, June 14 A federal judge in Seattle has denied bail to a man accused of sending millions of illegal “spam” e-mails. Robert Soloway is charged with violating the federal CAN-SPAM Act of 2004 by sending … via Earth Times
Read More… (From Email Spam News)
“You’ve got to do the same types of things with your computers.”
More than 1 million computers _ possibly yours, too _ are used by hackers as remote-controlled robots to crash online systems, accept spam and steal users’ personal information, the FBI said Wednesday. The government has no way to track down all the computers, both in the U.S. and elsewhere, that hackers have massed into centrally controlled collections known as botnets.But the FBI has pulled the plug on several botnet hackers, or zombies. One man was charged this week in a scheme that froze computer systems at Chicago-area hospitals in 2006 and delayed medical services. Read more
Read More… (From Email Spam News)
Creating Address Lists (c)janes-placeThere are a lot of reasons to keep address lists. Here are some of them:A-Keep a list of your contacts, so that you can use them for contacting later.B-Keep a list of your customers and put them into categories. For instance, I keep a list of my customers that advertise with me. […]
Read More… (From Technology News for your Daily Use)
In the last issue, we made some address lists. In this issue, we will print out address labels from our lists.This is great for Christmas cards. Just make the list, print out the labels and stick them to the envelopes.You will save time printing out your labels, plus you can create a wide variety of […]
Read More… (From Technology News for your Daily Use)
Party coming up? Need to mail those invitations asap? Not to worry! Use your computer to create them!Making your own invitation is like picking the right card for the person you are sending it to. Your design can show what type of event and the type of person you are designing it for. For ex–if […]
Read More… (From Technology News for your Daily Use)
If trends hold true, approximately 68 million inkjet ink cartridges will be consumed this year. That’s a lot of inkjet printer ink! If you’re one of the thousands that purchased an inkjet printer at a real bargain, then reality has already hit you. Inkjet printer ink is not cheap. Depending on the size of your […]
Read More… (From Technology News for your Daily Use)
