The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Tuesday, December 17, 2013

"FedEx" tracking spam

Just a quick heads-up. With the holidays around, there's been a flood of fake FedEx spam.

You get an email saying that the package was delivered, and that you should click on the attachment.

Obviously, it's a virus. If you're reading this, you're probably savvy enough to know better than to click on this attachment, but make sure your not-so-savvy friends and relatives aren't clicking on it either.

Tuesday, November 26, 2013

Grrr; Senderbase lists my server

File this one under hidden costs of spam.

I run a small server out of the back room in my house. It's just a place for me to keep my own files where I can access them. Very low bandwidth.

I'm on a dynamic IP address, and use dyndns to access it. That's all fine.

Now, my service provider has me listed in the SpamHaus PBL. For those unfamiliar with it, the PBL is the "Policy Black List". It's a list of IP addresses which the owners have informed Spamhaus, out of courtesy, should never be sending unauthenticated email. It is not a list of IP addresses that have actually done anything wrong.

That's well and good, and it reflects well on my service provider that my address is listed. Dynamic IP addresses shouldn't be sending email. And I don't.

But the friendly folks at Senderbase have decided that a PBL listing means I must be hosting malware. And so now I find there are networks from which I can't access my own files.

So now it's off to see if I can't convince them to adjust their filters.

Thursday, August 15, 2013

Wayne Mansfield back in the news, find $95,000

New Zealand Business Day reports that longtime spammer Wayne Mansfield has — again — been fined for spamming.

The article, Spam leads to $95,000 fine, reports that Mansfield had been spamming advertisements for his sales coaching seminars using a purchased email list containing around 67,000 addresses. Typical spam runs were to 10,000 addresses at a time. "Unsubscribe" requests were being ignored.

Although Mansfield is an Australia resident, the New Zealand court ruled that he was still subject to fines in New Zealand.

The article notes that he was banned from running a business for four years in Australia, although that ban has now expired.

Monday, March 11, 2013

Name and Shame -- Dropbox leaks my email

Based on a tip from John Levine's blog, I went back and looked at my own spam filter. Turns out that I've received two spams in the last month to the tagged address I gave to Dropbox when I opened my account there.

Did they sell their mailing lists, or were they stolen?  I don't really care; they had a duty to keep that information away from spammers and they failed. Frankly, I would have hoped for better security from a company to whom people trust their personal data.

Well, the primary lesson here is that you can't trust the cloud. If you're putting personal stuff up on Dropbox or any other cloud service, make sure you encrypt it at your end first.

News: Dropbox users report spam emails after last year's data breach. (ZDNet)

Relevant articles: How to encrypt your cloud storage for free (PCWorld), How To Add a Second Layer of Encryption to Dropbox (LifeHacker).  Executive summary:  Use TrueCrypt (or any other crypto software) to manually encrypt your files before uploading them, or BoxCryptor (Windows, Mac, iOS, Android) as a front end to DropBox, Google Drive, or any other cloud provider.

Tuesday, January 29, 2013

Name and Shame -- Dyndns leaks my email

Today, I got hit by a phishing email from a Russian spammer.  The email was sent to a tagged email address I had only given to dyndns.org.

Did they sell their mailing lists, or were they stolen?  I don't really care; they had a duty to keep that information away from spammers and they failed.

Wednesday, October 17, 2012

Name and shame: Waiter.com sells me out

This is happening more and more often.  This time, I received a phishing spam to an email address I had only ever given to waiter.com.

The most likely explanation is that Waiter.com or their email provider failed to properly secure my email address and it was stolen by spammers, but either way, shame on Waiter.com for not protecting it better.

Sunday, October 14, 2012

Name and shame: deabath.com sells me out to Nikon

Just received spam from Nikon camera to an email address I had previously given to deabath.com.

Either DEA Bathroom sold my email address to Nikon, or they failed to secure it properly and it got stolen.

Either way, shame on DEA Bathrooms for not keeping my email safe, and shame on Nikon for spamming.

Thursday, October 04, 2012

Name and Shame: Sporty's Sells Me Out

Got some spam today to the tagged email address I had used only with Sporty's Pilot Shop.

Yet another internet vendor who either thinks my personal information is a commodity to be bought and sold, or who didn't think their contact database needed protecting.

Probably the latter, but doesn't anybody care about security any more?

Here's the text of the spam (one sample) with the formatting removed.

Fax Message [Caller-ID: 400-610-8390]
You have received a 62 pages fax at Thu, 04 Oct 2012 12:12:49 +0530.
* The reference number for this fax is min1_20121004121249.56555.
View this fax using your PDF reader.
Click here to view this messagePlease visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!

Don't click the links, of course. The payloads are dead links now, but presumably led to phishing sites.

Sunday, August 26, 2012

Thank you scammer, for my morning chuckle

Got a pretty typical phish this morning; the usual "please help me launder my money out of Nigeria" scam.
But the "From" line was unsually good:  From: "James Ford"<...@aol.com>

Friday, April 27, 2012

Spam riding the tailcoats of ham

Ham is the term used to describe unwanted email that clogs up your inbox like spam, but isn't strictly-speaking spam.  It typically takes the form of mailing list traffic that you signed up for but can't figure out how to unsubscribe from, or advertising from a company you once did business with online.

For years now, I've been subjected to the occasional bit of ham from LinkedIn reminding me of this or that invite I haven't yet replied to, or a message I haven't read yet.

Lately, I've noticed a fair amount of actual spam coming in designed to look like LinkedIn ham. The layout, artwork, and subject line are similar to the "You have a pending message from X" messages I frequently get from LinkedIn, but the link takes you to a phishing site.

The key signs that it's a fraud are the From: line which is typically gibberish, and the Subject: line which is just a little bit off, but these will likely be fixed as the phishers refine their fraud.  Ultimately, the best defense is the practice you should be using on all emails: always hover over a link before clicking it, and make sure it goes where you think it does.

Be careful out there, you hear?

Tuesday, April 10, 2012

Twitter fights spammers in court

According to Tech News World, twitter Twitter is suing a number of spammers and spam-support providers.

In particular, Twitter is going after five tool providers who make apps such as TweetBuddy and TweetAdder which are used to insert advertisements into trending Twitter topics.

Thursday, December 01, 2011

Michelle Bachmann campaign -- spammers

An article from the Iowa Republican: Bachmann Campaign In Hot Water Over Misuse of Homeschooler Email List

In a nutshell, the Bachman campaign downloaded the email contact list of the Network of Iowa Christian Home Educators (NICHE) without NICHE's knowledge or permission and used to to send political spam to its members.

Interestingly, campaign laws may now require NICHE to make its mailing list available to any other political candidate that wants to use it.

Friday, October 21, 2011

Shout out to "MainSleaze" anti-spam web site

Just a quick pointer to a new blog run by Catherine Jefferson: MainSleeze

The title pretty much says it all, it's a blog devoted to naming and shaming mainstream companies that use Spam in their advertising.

Sunday, July 10, 2011

Name and shame: CDR Outlet sells me out

A tagged address I gave only to CDR Outlet has just received spam, ostensibly for some McDonald's coupons, but probably really a virus.

Now, whether CDR Outlet deliberately sold my email address, or a rogue employee sold a copy of the email list, or a rogue email service provider sold it, it's impossible to tell, but whichever it was, shame on CDR Outlet for not protecting my email better.

Thursday, June 09, 2011

Quick news from the E360 case

(via usenet)

The audio transcript of the damages hearing in the E360 case is available as an mp3 file: http://www.ca7.uscourts.gov/tmp/8K0VUL4K.mp3

The money quote at 19:20 into the recording:

I have never seen such an incompetent presentation of a damages case, it's not only incompetent, it's grotesque. You've got damages jumping around from 11 million to 130 million to 122 million to 33 million. In fact the damages are probably zero

Labels: , ,

Thursday, May 19, 2011

A true Final Ultimate Solution to the Spam Problem?

A common acronym in spam-fighting is FUSSP — Final Ultimate Solution to the Spam Problem. It's used (usually derisively) to describe the latest proposed scheme to end spam once and for all. Usually these schemes are based on false assumptions or have already been tried with no results.

This time — be still, my beating heart — it looks like some researchers at the University of California might really be on to something.

According to the New York Times, researchers have discovered that 95% of drug and herbal remedy credit card transactions are handled through just three financial companies in Azerbaijan, Denmark and the West Indies. Presumably, if these companies could be persuaded to stop supporting spammers, then the money supply which drives spam would dry up, and the spammers would be forced to close shop.

The UC paper is available here (pdf).

I've said before that spam exists because ISPs tolerate it. This seems to hold true for financial institutions as well. If the financial institutions stopped abetting spammers, the theory goes, then spam would be significantly curtailed.

Of course, I don't have any illusions that this is the final solution to the spam problem. There will always be spam as the spammers find ways around the shut-down of their credit card processing suppliers. But as the shut-downs of major botnet command-and-contol centers in the past have shown, you can fight spam, if you're just willing to do it.

Friday, May 07, 2010

Shame on Waiter.com for giving my email address to spammers

And as a follow-up to my previous post, the "Thank you for buying iTunes Gift Certificate!" virus spam I received yesterday was sent to a tagged address I created for use with waiter.com.

So shame on waiter.com for either selling my email address to spammers, or at the very least, for having sloppy security.

Just to be clear, no you didn't buy an iTunes gift certificate and forget

I've gotten a couple of these in the last couple days. "Thank you for buying iTunes Gift Certificate!" followed by the usual yada-yada telling you to open the enclosed zip file.

The only thing in the zip file is a .exe file, and I don't think I need to warn you about running .exe files from strangers.

y'all be careful out there.

Thursday, March 18, 2010

Big win for California spam law

Big news from California:

Court Holds Recipients of Unlawful “Spam” Are Entitled to $1,000 Per Email


Last week, Superior Court judge Marie Weiner ruled that Dan Balsam was entitled to $7000 damages plus attorneys' fees and costs from Trancos Inc., of Redwood City.

This is huge news for two reasons: First, it's the first time an anti-spam case has been won by an individual instead of a major ISP.

But more importantly, the judge has ruled that the CAN-SPAM act does not pre-empt the California anti-spam law, California Business & Professions Code § 17529.5.

The judge ruled that the use of generic words in the From: line such as "Paid Survey" and "Your Business" were deceptive, along with their use of multiple domain names, the use of unregistered fictitious business names, and a box at the UPS store were intentionally misleading.

Full details at http://www.DanHatesSpam.com/trancos.html (pdf).

More coverage can be found at the San Francisco Chronicle: SF lawyer awarded $7,000 from email spammer, and SlashDot: 1st Trial Under California Spam Law Slams Spammer.

Labels:

Tuesday, March 16, 2010

Waledac botnet goes down

Another triumph in the "yes, you can fight spam" category: Kaspersky lab's Thread Post newsletter is reporting that the Waledac botnet has been knocked nearly completely off line and is sending almost zero spam.

I briefly mentioned the Waledac botnet in an earlier post in which I reported that Microsoft had significantly damaged the botnet's command-and-control servers via court order.

More details can be found on Microsoft's security blog in the article What we know (and learned) from the Waledac takedown.