Whatever your opinion of UCEPROTECT, hold on to your hat, as things are apparently about to change.

This posting to the USENET newsgroup news.admin.net-abuse.email indicates that Johann Steigenberger is no longer involved with UCEPROTECT. Going forward, Claus v. Wolfhausen has indicated that he is charge of the lists.

At first there was some concern that this post wasnt true, that it was a deception. Ive spoken to Claus via email, and that, along with other information, leads me to believe that this is in fact true and correct. (Ive met neither individual in person, so I suppose this could be a giant hoax, but Ive got no reason to believe so at this time.)

Claus indicates that UCEPROTECT will no longer list for backscatter and sender verification callouts. These two listing criteria were controversial and I am told that they resulted in numerous complaints of false positives relating to UCEPROTECT. These data relating to listings based on these criteria are being repurposed into a new blacklist at www.backscatterer.org.

He went on to say due to his intervention, UCEPROTECT has ceased publishing the controversial anonymous APEWS blacklist data, and that he is unsure if UCEPROTECT will again publish the APEWS data in the future.

APEWS, an anonymous list widely thought to be created as a replacement for the defunct SPEWS, has been regularly criticized by respected anti-spam advocates such as Steve Linford of Spamhaus and Suresh Ramasubramanian of ISP Outblaze. Controversy includes listing policies considered to be broad and inaccurate, and contact/removal policies perceived as cruel to listees (by deflecting all contact away from the blacklist and toward public discussion forums where listees are often subject to abuse from unrelated parties).

I have yet to write and post reviews of UCEPROTECT or APEWS for dnsbl.com. Look for this in the future.

Read More… (From Al Iverson’s DNSBL Resource)

I continue my brief hiatus from sender authentication to comment on the amount of spam we’re seeing.

We continue to see high levels of spam not seen on our networks in previous times. They haven’t really dropped off at all since they started hitting record highs last Tuesday, June 26.

There are two different kinds of spam that are causing some headaches lately. The first is stock spam attached in a pdf file. I realize that I am late to the party in commenting about this (!) but to summarize it, it’s image spam pumping a stock except that the image is contained within a pdf file. There’s a second kind of pdf spam with a really nice-looking prospectus about a penny stock. It almost looks professional. Clearly, spammers are doing this because they figure that sending out spam with images in the message just isn’t doing the job anymore. They are betting that spam filters can’t scan pdf attachments.

I won’t comment one way or the other on that particular assumption, but the spammers are varying their tricks. At first, they were sending out reports with pdf attachments named “Report.pdf” or “Request.pdf.” Recently, they have started varying their tactics and are using a variety of attachment names like “invoice.pdf” or “post.a2bf4tgh5.pdf.” This is a very typical spammer trick - they start small with predictable text and then start using all sorts of variations. They can react fairly quickly so my bet is that the first round of predictable attachment names wasn’t working as well as they had hoped.

The second type of spam that we are seeing (again, I’m late to the party in commenting about this, but I digree) is greeting card spam. As has been pointed out in other blogs, this message says “You have received a greeting card! Click here to view it!” The link, of course, takes you to a web page where you are invited to download some malware onto your system. Spammers have started varying their subject lines, whereas before they read “You have received a greeting card” they now read “Happy 4th of July!” Again, this is a tactic that spammers have used over and over again in the past - using current events in the subject line. I wonder what they’re going to do now that Independence Day has passed?

From an anti-spam perspective, I am hesitant to reveal whether or not we in EHS are any good at dealing with both types of spam; I’m not one to tip my hand in public. However, let me say this: I’ve been around a while and the tactics I am seeing are new variations on old techniques.

Update July 6, 2007: Well, it finally happened. Spammers have moved beyond pdf stock spam and are now using it for pharmacy spam. I guess they found out that putting spam in a pdf is useful.

Read More… (From Terry Zink’s Anti-spam Blog)

This morning I had the distinct “pleasure” of getting spam in my inbox that was pumping the services of Spamhaus. Here’s an excerpt:

---

WORKING TO PROTECT INTERNET NETWORKS WORLDWIDE
Spamhaus tracks the Internet’s Spammers, Spam Gangs and Spam Services, provides dependable
realtime anti-spam protection for Internet networks, and works with Law Enforcement to identify
and pursue spammers worldwide.

<snip>

The Exploits Block List can be used by all modern mail servers, by setting your mail server’s anti-spam
DNSBL feature (sometimes called “Blacklist DNS Servers” or “RBL servers”) to query xbl.spamhaus.org.
Use of the XBL is free for users with normal mail servers (but networks with high email traffic should see DataFeed).

You can get MUCH MORE if you contact us:

---

My bet is that this is a direct attack on Spamhaus. Spammers (or possibly somebody with a grudge… I’m not naming any names here but I wouldn’t be surprised) is trying to attack Spamhaus’s credibility and reputation by spamming (spoofing) in their name. How low can you get?

Read More… (From Terry Zink’s Anti-spam Blog)

Spammers have turned a widely-used anti-spam trick - fuzzy text that computers cannot recognise - to their own advantage, according to the head of an anti-spam software developer. via Channel Register
Read More… (From Email Spam News)

Openmind Networks, a global pioneer of messaging router solutions today announced that they have released the latest version of Protect for the mobile wholesale carrier community. via PR-inside.com
Read More… (From Email Spam News)

Someone has started sending out emails that purport to be advertisements for anti-spam services from Spamhaus. This is presumably intended as a joe-job, but it’s a little difficult to see what they think they can achieve.
Read More… (From Spamnation)

Fuzzy PDF menace

Spammers have turned a widely-used anti-spam trick - fuzzy text that computers cannot recognise - to their own advantage, according to the head of an anti-spam software developer.
Read More… (From The Register - Security: Spam)

Fuzzy PDF menaceSpammers have turned a widely-used anti-spam trick - fuzzy text that computers cannot recognise - to their own advantage, according to the head of an anti-spam software developer.Original post by Dougal and software by Elliott
Read More… (From The War on Spam)

“Our SWAT team is ready to respond on a moment’s notice but we did not have a vehicle to transport the team”

No, the government is not after you. That’s what the U.S. Department of Justice is saying about e-mail messages some people have reported receiving from the agency. via Gainesville.com
Read More… (From Email Spam News)

What Are Blacklists? A blacklist usually refers to a list of e-mail or IP addresses known to send spam e-mails or some other type of unsolicited messages. via TMCnet
Read More… (From Email Spam News)

Who sends greeting cards for the Fourth of July? Apparently spammers. Beware of emails with Fourth of July subject lines such as:Subject: Celebrate Your Independence
Subject: America the Beautiful
Subject: July 4th Fireworks Show
Subject: July 4th Family Day
Subject: 4th Of July Celebration
Subject: American Pride, On The 4th
Each message contains a link to the “greeting card”. The link in these cases is an exposed IP address, which is a pretty good indicator that it isn”t a greeting card from an established and reputable Ecard service . When clicked, the link delivers a downloader that accesses the Internet and downloads a Trojan onto the computer. We’ve been seeing a lot of generic Ecard spam over the past month and have noted it in previous blogs. What makes this one different is that it specifically targets the July 4th Holiday. We have observed over 15 million of these messages since the attack first appeared.

Read More… (From Security Response Weblog)