The Spam Cryer http://www.thespamcryer.com Intelligent Discussion on Anti-Spam Wed, 25 Apr 2012 16:19:42 +0000 en hourly 1 http://wordpress.org/?v= M86 Reports Cutwail Botnet is back in action http://www.thespamcryer.com/m86-reports-cutwail-botnet-is-back-in-action/ http://www.thespamcryer.com/m86-reports-cutwail-botnet-is-back-in-action/#comments Mon, 27 Feb 2012 18:38:13 +0000 Shaun http://www.thespamcryer.com/?p=564 Recently, M86 Security has reported that the Cutwail botnet has been reactivated.

Also known as Mutant, Pushdo and Pandex, their specialists report that they’ve seen several waves of emails infected with malicious javascript which probably came from Cutwail-infected computers.

About 5 years ago, it led the botnet list with over 1.5 million infected computers.

Original story:

http://labs.m86security.com/2012/02/cutwail-drives-spike-in-malicious-html-attachment-spam/

The above are among botnets that are blocked by the CudaMail system.

]]> http://www.thespamcryer.com/m86-reports-cutwail-botnet-is-back-in-action/feed/ 0 Lilupophilupop Exceeds 1million infected pages http://www.thespamcryer.com/lilupophilupop-exceeds-1million-infected-pages/ http://www.thespamcryer.com/lilupophilupop-exceeds-1million-infected-pages/#comments Mon, 23 Jan 2012 16:07:16 +0000 The Spam Cryer http://www.thespamcryer.com/?p=526 The Internet Storm Center published a story on the recent Lilupophilupop malware infections. They had originally written about it back in November. 1 month later, the infections had increased:

  • UK – 56,300
  • NL – 123,000
  • DE – 49,700
  • FR – 68,100
  • DK – 31,000
  • CN – 505
  • CA – 16,600
  • COM – 30,500
  • RU – 32,000
  • JP – 23,200
  • ORG – 2,690

In order to see if your site has been effected, search for “<script src=”hxxp://lilupophilupop.com/” in google and use the site: parameter to hone in on your domain.

For example, in Google type

site:yoursite.com “<script src=hxxp://lilupophilupop.com/

( note: we changed to hXXp so you don’t actually go there. )

This is a nasty SQL Injection attack, so be careful when doing your investigation.

 

Original story is here. http://isc.sans.edu/diary/Lilupophilupop+tops+1million+infected+pages/12304

 

 

]]> http://www.thespamcryer.com/lilupophilupop-exceeds-1million-infected-pages/feed/ 0 Shipping Related Spam Increase for the Holidays http://www.thespamcryer.com/shipping-related-spam-increase-for-the-holidays/ http://www.thespamcryer.com/shipping-related-spam-increase-for-the-holidays/#comments Tue, 15 Nov 2011 16:55:02 +0000 Shaun http://www.thespamcryer.com/?p=515 At CudaMail, we’ve noticed lately that the recent wave of “Shipping-related” spam has been increasing.

You know the ones – “Package Tracking Details”, “Fedex Shipment Details” or “Express Tracking Notification”.

If you regularly deal with these companies it may not come as a surprise, but if you’re not expecting a shipment, you may be thinking of clicking on the links to check this “shipment”.

As usual, it’s a good idea to not click the links! Try logging into your account on their actual website, or call them to check.

With the coming Holidays, it’s only natural to expect some shipments – and the spammers are taking advantage of this, and even dropping names like “Amazon” or major store names to try and lure you to click on their links and load their malware on your computer.

- Take care when reading these emails, and be careful what you click on.

 

 

]]> http://www.thespamcryer.com/shipping-related-spam-increase-for-the-holidays/feed/ 0 How a LinkedIn notice could empty your bank account http://www.thespamcryer.com/how-a-linkedin-notice-could-empty-your-bank-account/ http://www.thespamcryer.com/how-a-linkedin-notice-could-empty-your-bank-account/#comments Tue, 30 Aug 2011 17:14:58 +0000 Shaun http://www.thespamcryer.com/?p=503 How a LinkedIn notice could empty your bank account

An interesting article from BarracudaLabs. We’ve all seen notices from “LinkedIn, FaceBook, Bank of America” etc. trying to come into people’s email inboxes.

Like any email, we always suggest you make sure you know what you’re clicking on before you click on it!

Some people have been learning the hard way with the latest “Linked In” malware delivery email campaigns.

Those behind the CudaMail system are protected from these types of campaigns.

Here’s the Original Story:

By Dave Michmerhuizen & Luis Chapetti

]]> http://www.thespamcryer.com/how-a-linkedin-notice-could-empty-your-bank-account/feed/ 0 Top 5 Things to Know Before Choosing a Spam Filtering Service http://www.thespamcryer.com/top-5-things-to-know-before-choosing-a-spam-filtering-service/ http://www.thespamcryer.com/top-5-things-to-know-before-choosing-a-spam-filtering-service/#comments Thu, 23 Jun 2011 22:53:02 +0000 Shaun http://www.thespamcryer.com/?p=280 There’s a new guide available on CudaMail.com that talks about things you need to know before choosing a Spam Filtering service.

Some firms do their own spam and virus filtering with an appliance like the Barracuda Spam & Virus Firewall, . However, some don’t have their own I.T. resources, or simply don’t want to manage their own appliance.

That’s the advantage of a “Cloud-Based” Spam Filtering service – it’s set up for you, and managed for you. You also don’t have to bother with updating spam definitions or other subscriptions.

There are several services available on the web, but it’s important to ask yourself some questions like:

Is it important to be able to contact them (and talk to a live person) easily?

Can I add people to my whitelist or blacklist?

It’s a free downloadable guide, so if you want to get some tips on choosing a spam filtering service, you can check it out easily. There an opt-in form on the top right of the site, and after confirming with AWeber, you get a link to the guide.

]]> http://www.thespamcryer.com/top-5-things-to-know-before-choosing-a-spam-filtering-service/feed/ 0 Malware emails with fake cellphone invoice http://www.thespamcryer.com/malware-emails-with-fake-cellphone-invoice/ http://www.thespamcryer.com/malware-emails-with-fake-cellphone-invoice/#comments Thu, 23 Jun 2011 22:42:40 +0000 Shaun http://www.thespamcryer.com/?p=408 The Internet Storm Center recently posted a story about a new email malware scam.

The emails appear to show that a company has put a sale on a credit card of yours.

There’s an attached .pdf file, which many people have been opening.

Though hitting older vulnerabilities, the javascript is obfuscated and has been getting through some filters.

The email sample they showed was:

Thank you for ordering from Cell Phone Inc.

This message is to inform you that your order has been received and is currently being processed.

Your order reference is Cell Phone Inc. You will need this in all correspondence.
This receipt is NOT proof of purchase. We will send a printed invoice by mail to your billing address.

You have chosen to pay by credit card. Your card will be charged for the amount of 629.99 USD and "Cell Phone Inc." will appear next to the charge on your statement.
Your purchase information appears below in the file.

Cell Phone Inc.

The good old “rule of thumb” of not clicking on anything, and being very careful with attachments would be well advised here.

Link to the original article.

]]> http://www.thespamcryer.com/malware-emails-with-fake-cellphone-invoice/feed/ 0 US-Cert Reports Gmail Phishing Attack http://www.thespamcryer.com/us-cert-reports-gmail-phishing-attack/ http://www.thespamcryer.com/us-cert-reports-gmail-phishing-attack/#comments Thu, 02 Jun 2011 22:40:29 +0000 Shaun http://www.thespamcryer.com/us-cert-reports-gmail-phishing-attack/ US-Cert recently published an article about a new phishing attack, which is aimed as specific targets in the US Government.

The Story:

US-CERT is aware of public reports of a phishing attack that specifically targets US government and military officials’ Gmail accounts. The attack arrives via an email sent from a spoofed address of an individual or agency known to the targeted user. The email contains a "view download" link that leads to a fake Gmail login page. The login information is then sent to an attacker. Google has indicated that this phishing campaign has been disrupted and that affected parties have been notified.

  • US-CERT encourages users and administrators to do the following to help mitigate the risks:
  • Review the Google blog entry Ensuring your information is safe online.
  • Do not follow unsolicited web links or attachments in email messages.
  • Use caution when providing personal information online.
  • Verify the legitimacy of the email by contacting the organization directly through a trusted contact method.
  • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
  • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
  • Refer to the Using Caution with Email Attachments document for more information on safely handling email attachments.

Relevant Url(s):

http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html

http://www.us-cert.gov/cas/tips/ST04-010.html

 

Original Article:  http://www.us-cert.gov/current/index.html#gmail_phishing_attack

]]> http://www.thespamcryer.com/us-cert-reports-gmail-phishing-attack/feed/ 0 Ongoing Phishing Attack targeting PayPal, Bank of America, Lloyds and TSB http://www.thespamcryer.com/ongoing-phishing-attack-targeting-paypal-bank-of-america-lloyds-and-tsb/ http://www.thespamcryer.com/ongoing-phishing-attack-targeting-paypal-bank-of-america-lloyds-and-tsb/#comments Fri, 18 Mar 2011 15:24:15 +0000 Shaun http://www.thespamcryer.com/?p=398 Phishing-email-Scams

This new story by US-CERT shows they have become aware of reports on a new phishing attack. Apparently it’s bypassing some of the new phishing protection built-in to many browsers. The team at CudaMail have also noted the new campaign (fortunately with a global network of 100,000 spam firewalls feeding “zero hour” threat information to the reputation database, it begins thwarting such campaigns very early), and have been successfully blocking it.

The US-CERT Story:

US-CERT is aware of public reports of an ongoing phishing attack. At this time, this attack appears to be targeting PayPal, Bank of America, Lloyds, and TSB users. The attack arrives via an unsolicited email message containing an HTML attachment.

This attack is unlike common phishing attacks because it locally stores the malicious webpage rather than directing user to a phishing site via a URL. Many browsers utilize anti-phishing filters to help protect users against phishing attacks, this method of attack is able to bypass this security mechanism.

US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing attacks:

  • Do not follow unsolicited web links or attachments in email messages.
  • Use caution when providing personal information online.
  • Verify the legitimacy of the email by contacting the organization directly through a trusted contact method.

Relevant Url(s):

Link to the original story.

]]> http://www.thespamcryer.com/ongoing-phishing-attack-targeting-paypal-bank-of-america-lloyds-and-tsb/feed/ 1 Japan EarthQuake and Tsunami Email Scams http://www.thespamcryer.com/japan-earthquake-and-tsunami-email-scams/ http://www.thespamcryer.com/japan-earthquake-and-tsunami-email-scams/#comments Tue, 15 Mar 2011 16:35:12 +0000 Shaun http://www.thespamcryer.com/?p=390 We at CudaMail, and others in the anti-spam community see it all the time. Spammers and malware writers try to exploit all kinds of traumas and disasters. The recent earthquake and tsunami disasters in Japan are no exception – so the anti-spam community should be prepared for the onslaught.

US-CERT recently posted a warning about impending Phishing and Malware email scams regarding Japan’s recent earthquake and the resulting tsunami disaster:

- original story below:

US-CERT Current Activity

Japan Earthquake and Tsunami Disaster Email Scams, Fake Anitvirus and Phishing Attack Warning

Original release date: March 11, 2011 at 10:14 am Last revised: March 11, 2011 at 10:14 am

US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in the form of pop-ups which flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus for charitable organizations commonly appear after these types of natural disasters.

US-CERT encourages users to take the following measures to protect themselves:

  • Do not follow unsolicited web links or attachments in email messages.
  • Maintain up-to-date antivirus software.
  • Review the Federal Trade Commission’s Charity Checklist.

Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.

You can find the original story here.

]]> http://www.thespamcryer.com/japan-earthquake-and-tsunami-email-scams/feed/ 0 Panda Security finds 20 Million New Malware Strains In 2010 http://www.thespamcryer.com/panda-security-20-million-new-malware/ http://www.thespamcryer.com/panda-security-20-million-new-malware/#comments Mon, 29 Nov 2010 16:19:34 +0000 Shaun http://www.thespamcryer.com/?p=384 Apparently malware writers have “cranked up” their production this year. Security firm Panda Security has reported that 20 Million new strains of malware have been created by “the badguys” this year already. That includes over 33% of all active malicious programs. Some information from the original post:

Malware authors have been very busy this year

How busy? According to Panda Security, 20 million new strains of malware have already been created this year

]]> http://www.thespamcryer.com/panda-security-20-million-new-malware/feed/ 0