Remember the movie ‘Castaway’ starring Tom Hanks about how a man becomes stranded on an island and has to relearn some of the most basic survival skills such as making firing, building shelter, improvising clothes and footwear, doctoring and most importantly finding food?

At the beginning of the island scenes the castaway tries casting a fishnet in the hopes of catching fish but is able to only catch a few small sardines. The movie then fast forwards and we find that the castaway has evolved his food hunting skills and is now able to catch a much larger fish using a single throw of a spear.

In the email security world this is very much like what has happened with regard to email phishing attempts on large organizations. In the beginning, these attacks were similar to the casting of a wide net, a mass email distribution to as many individuals in the organization as possible in the hopes of catching a small percentage of recipients thus gaining access to private yet valuable information that was later used to cash in on the unsuspecting recipients.

Just as our novice fisherman in the movie was able to evolve and learn new skills which allowed him to catch a bigger fish in a lesser amount of time and energy so has our phishing community also evolved to catch a bigger fish in a shorter amount of time and with more accuracy within a large organization using targeted attacks now known as “spear phishing”.

Traditional phishing tactics involved the use of fraudulent emails and fake web sites which were set up to enlist the details of your identity – name, address and credit card numbers – in the hopes of running your credit cards up to their limits. Spear phishing is a more targeted approach and includes emails sent to specific groups of individuals who meet specific criteria such as high ranking members of an organization.

Continue reading 5 Tips on how not to become a Spear Phishing Victim

If you haven’t received an email from someone asking you to buy their latest and greatest digital device or some other product that promises to help you lose weight and look younger in twenty-four hours then consider yourself not part of the world population.

We’ve all received these emails either through our email mailboxes or via text messages on our cell phones. And in case you haven’t heard of it, it’s called spamming.

Spamming involves massive distributions of email messages to recipients that number in the thousands to tens of thousands. All the spammers need is for one percent to five percent of the recipient pool to open their spam messages to get their message out there. That one percent to five percent can translate into 20 to 50 persons for a small sampling of 2,000 recipients to upwards of 200 to 1,000 people on the high end sampling of 20,000 recipients. And it doesn’t cost the spammers anything more than the keystrokes needed to send out their burst of emails and the costs associated with the harvesting of email addresses which is another subject altogether.

So how can an administrator protect their enterprise from being the subject of these email spamming campaigns?

Continue reading 6 Best Ways to Stop Spamming

Sometimes spam, viruses, and other malware filtering at your email gateway isn’t enough. It’s important to keep your host anti-virus signatures up to date, and if you don’t have anti-virus protection at your firewall or on your network at the Internet gateway you should seriously consider it.

Here’s why these items are critical. Some recent malware attacks have used malware embedded in video and audio streams as a transfer. They can gain an initial foothold, so to speak, by managing to get a link to your users in a spam email. If your spam filter doesn’t block the message, a link in the email appears to be a video or audio link, but in fact the destination contains a trojan that is embedded in the content stream.

This method of attack isn’t exactly new. For example, the ZLOB Trojan began making rounds in 2005, and began gaining traction in 2006. Some attacks with it simply involved downloading other viruses or malware. Using a video link, however, for users that have their ActiveX controls set to download codecs automatically means that those users with poor virus protection would automatically download the virus and become infected.

Continue reading Malware Threats from Unexpected Sources: Trojans Embedded in Streaming Video Links

Despite the generally excellent performance of most modern, well-tuned anti-spam engines, some spam is going to get through. We may be lulled into a false sense of superiority when for a period of time our anti-spam tools and techniques have borne fruit, and we see that we have more-than-just-excellent results; we have no spam in our inboxes for an entire day, week, whatever. Then, it returns. We’ve all seen it happen. Some strangely formatted message that you or I can surely tell is garbage, a bizarre attempt to sneak through your heuristics that has surprisingly succeeded.

Lately it has been some rather clever nonsense. I’ve been getting these spam emails with a particularly peculiar twist. Many of them have what appear to be at first glance meaningful, but “non-spam” sentences. On closer look, the sentences are strange, and not quite sensible. For some reason they consistently were getting through the spam filtering. What was strangest to me was the lack of any marketing content or attempt to sell whatsoever. They did have a link in the message, and the link was not ever to the same web destination or even clearly directed to an obvious undesirable site. This may have been one of the reasons this set of spam got by; to the filters, it looked really no different than a sentence or two sent by a friend describing some link they thought I would be interested in.

Continue reading The Latest Spam Getting Through Your Filtering – and What to Do About It

In a somewhat peculiar case, e360Insight LLC – the one-man mass mailing company which sued Spamhaus for besmirching its *cough* good name with accusations of spamming and which is now itself being sued for spamming – is suing data aggregation company ChoicePoint for CAN SPAM violations and breach of contract.

BackGround: e360Insight bought millions of email addresses from ChoicePoint. Some of the addresses were marked with an “O” to indicate that they could not be used for email marketing, while others were marked with an “I” to indicate that they could be used for email marketing. e360 proceeded to send emails to all addresses, regardless of whether they were marked with an “O” or an “I” – and that resulted in them being sued by some peeved recipients. Now here’s where it gets interesting: CAN SPAM prohibits the selling of email addresses belonging to people who have opted out of mailings. Consequently, e360 are claiming that ChoicePoint breached both contract and CAN SPAM provisions by selling opt-out addresses, even though those addresses were clearly marked as such:

If Ms. Sidewater’s assertion is true, this assertion constitutes an admission of violation of the CAN-SPAM Act of 2003, which provides that if a recipient requests not to receive commercial email, then it is unlawful for the sender to release, sell, or transfer such person’s email address to a third party. Thus, ChoicePoint admits that it breached 12(a)(ii) of the Agreement. But for this breach, e360 would not have sent any emails to the complainants and would not have been sued.

Hmmm. Gotta say, I don’t have much sympathy – in fact, make that I have no sympathy at all – for either side in this dispute. Who’d you prefer to see win? A(n) spammer alleged spammer? Or a company which sells your email address to a(n) spammer alleged spammer?

Tough choice!

Should you be interested in reading more, the documents are available over at SpamSuite.

The Swiss Security Blog (SSB) published results of research performed from honeypots implemented on their network. This is a small example of the benefits of honeypots, while exposing the potential damage new Trojans accomplish everyday.  Security Honeypots are closely monitored network decoys serving several purposes:

- distract adversaries from more valuable machines on a network

- act as an early warning system for new attack and exploitation trends

- allow in-depth examination of adversaries during and after the exploitation of a honeypot.

Continue reading 15 Countries most affected by security honeypots

When a Michigan State student fired off an email to nearly 400 faculty members protesting the school’s plans to shorten the 2009 fall semester, she probably didn’t expect to be labeled a spammer, but that’s exactly what happened. One of the people who got the email, a biology professor, promptly filed a complaint with the university’s administrators and now the student is facing a disciplinary hearing. None of the other faculty who got the email had a problem with it.

  Continue reading Michigan State Reprimands Student Over Email Flap

We do pay a lot of attention to filtering out spam, and rightly so. The vast majority of all email traffic is spam, and while some of it is merely annoying, some also contains dangerous malware in the form of attachments, or links to malicious web sites. It drains bandwidth and saps productivity. Constant vigilance and strong protection is called for.

At the same time though, email has become a vital part of business, and a vital part of marketing and customer relations. Where does spam stop and valid email-based marketing begin? It’s not as clear as one might think. Some take the position that anything whatsoever related to a commercial product is spam, which is actually a bit shortsighted. Companies whose products you use, for example, may create a periodic email newsletter, to keep you and other customers informed of changes, updates, and industry information.

Continue reading The flipside of spam protection: Keeping your business out of blacklists