URL Shortening Services Used in SPAM

Shaun — Wed, 04 Aug 2010 14:54:16 +0000

Spammers know that if they include a direct link to their site that their spam messages will not go through so they use URL shortening services to redirect you to their site if you click on the link in the spam message.

Swine Flu Phishing Attacks and Email Scams

Shaun — Mon, 27 Apr 2009 21:37:22 +0000

US-CERT is aware of public reports of email scams circulating related to the Swine Flu. The attacks arrive via an unsolicited email message typically containing a subject line related to the Swine Flu. These email messages may contain a link or an attachment. If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code.

US-CERT encourages users to take the following measures to protect themselves:

Do not follow unsolicited web links or attachments in email messages.
Maintain up-to-date antivirus software.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Maintaining up-to-date anti-virus is vital. Some appliances, like the Barracuda Spam & Virus Firewalls that are used by CudaMail.com to filter mail are updated on a constant basis.

US-CERT will provide additional details as they become available.

Relevant Url(s):

http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.avertlabs.com/research/blog/index.php/2009/04/27/swine-flue-spam/

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

MS09-002 exploit in the wild

Shaun — Thu, 19 Feb 2009 18:57:51 +0000

The Internet Storm Center is reporting that several AV vendors have confirmed that the recently patched IE 7 vulnerability (MS-09-002 Uninitialized Memory Corruption) has been reverse engineered by the malware writers (so quickly!) and that we can expect them to be trying to infect your PC

Reduce Your Spam with a Disposable E-mail Address

Shaun — Fri, 28 Nov 2008 23:41:28 +0000

Some sites that you go to want you to register and provide a valid e-mail address to send you your password or a signup verification link.

This is a great idea to ensure that the services is not being overrun by bots but it does open up the possibility that this site has been setup to gather valid e-mail addresses for the express purpose of spamming you in the future because they can then sell your e-mail address to an ‘affiliate’ who then send you the ‘latest thing’ you may or may not be interested in.

One thing you can do is use a service like McAfee SiteAdvisor “http://www.siteadvisor.com/

This free service installs as a browser plug-in that adds a little icon to your search results. McAfee has signed up on lots of sites and then keeps track of how much spam each site sends. You have to be careful though as the icon does not show up if someone sends you a link in e-mail or you find it on another site. You have to do a specific search for that site to get McAfee’s results and recommendations.

If you’re an e-mail administrator you can setup aliases for your account that are site specific and use them when you sign up so that if that unique address is spammed you can block it and know which site it was that sold your e-mail address. What if you’re like most people and are not the mail server administrator?

What can a regular Joe do?

While we have already talked about using multiple e-mail accounts to keep things separate there is another way: Use a disposable or temporary e-mail address.

Here are some services that allow you to create a temporary forwarding e-mail address and some even let you set how long you want the address to exist, 1 hour to 1 year is possible.

This is not an endorsement of any particular service – just some examples.

Keep a list of a few handy because some sites know about this idea and may not let you sign up if you use an e-mail address from one of these temporary e-mail services.

That said how do you know that these forwarding sites are also not setup for the express purpose of harvesting your real email address? You do have to provide your real e-mail address to these services so they can send you anything sent to your temporary e-mail address. Some sites don’t require a e-mail address to forward to but instead you use a webmail interface. This is ok as long as you don’t want to continue getting e-mail from this company as you have to remember to log into the webmail interface on a regular basis.

You can also use a single GMail account and filter emails. For example, memyselfandI@gmail.com Then add a +[site] after the account and create a label. Those emails will sorted by that site label.

memyselfandI +Site1@gmail.com
memyselfandI +Site2@gmail.com

You get the idea.

That said, you may not want to use a disposable address for anything important like a product registration or a mailing list that you want to subscribe to because the company may want to e-mail you about an important product recall and if your temporary e-mail address has expired by that time they may not be able to send you this important information.

For mailing lists you want to use a permanent e-mail address as the mailing list admin will get an email every single time somebody posts in it and it bounces off of your expired temporary address. You may want to use the segregated e-mail idea in that case.

These idea’s won’t reduce your spam to zero but will help in the battle.

Shaun