Posts Tagged: spam

A Little Sunshine / Other10 Comments
11
Jul 11

Spammers Sell More Non-Lifestyle Drugs in U.S.

Spam may be synonymous with male enhancement drugs, but new research shows that Americans are far more likely than buyers in other countries to turn to spam-advertised pharmacies to obtain pills to treat serious ailments–a trend that reflects differences in government health care and prescription drug policies.

Researchers at the University of California, San Diego, have collected the first data showing which drugs consumers most often buy from spam advertisements, and how much they spend at shadowy online apothecaries.

“People are going to them when they’re either too embarrassed to talk to a doctor, or when it would be far too expensive to buy these drugs otherwise,” said Chris Kanich, a PhD candidate at UCSD’s computer science department, and lead researcher of the study.

Previous estimates of monthly revenue from spam have varied dramatically, from $300,000 to more than $58 million. The UCSD researchers found that the largest rogue Internet pharmacies generate between $1 million and $2.5 million in sales each month, although they caution that their estimates are conservative.

Kanich says the figures show that although the spam-advertised market is substantial, it is not nearly as big as some have claimed, and falls short of annual expenditures on technical anti-spam solutions by corporations and ISPs.

This is an excerpt from a piece I wrote that was published today in MIT Technology Review. Read the full story here. The UCSD paper is available at this link (PDF).

A Little Sunshine / The Coming Storm / Web Fraud 2.032 Comments
1
Jul 11

Where Have All the Spambots Gone?

First, the good news: The past year has witnessed the decimation of spam volume, the arrests of several key hackers, and the high-profile takedowns of some of the Web’s most notorious botnets. The bad news? The crooks behind these huge crime machines are fighting back — devising new approaches designed to resist even the most energetic takedown efforts.

The volume of junk email flooding inboxes each day is way down from a year ago, as much as a 90 percent decrease according to some estimates. Symantec reports that spam volumes hit their high mark in July 2010, when junk email purveyors were blasting in excess of 225 billion spam messages per day. The company says daily spam volumes now hover between 25 and 50 billion missives daily. Anti-spam experts from Cisco Systems are tracking a similarly precipitous decline, from 300 billion per day in June 2010 to just 40 billion in June 2011.

Spam messages per day, July 2010 - July 2011. Image courtesy Symantec.

There may be many reasons for the drop in junk email volumes, but it would be a mistake to downplay efforts by law enforcement officials and security experts.  In the past year, authorities have taken down some of the biggest botnets and apprehended several top botmasters. Most recently, the FBI worked with dozens of ISPs to kneecap the Coreflood botnet. In April, Microsoft launched an apparently successful sneak attack against Rustock, a botnet once responsible for sending 40 percent of all junk email.

Daily spam volume July 2010 - July 2011. Image courtesy Spamcop.net

In December 2010, the FBI arrested a Russian accused of running the Mega-D botnet. In October 2010, authorities in the Netherlands arrested the alleged creator of the Bredolab botnet and dismantled huge chunks of the botnet. A month earlier, Spamit.com, one of the biggest spammer affiliate programs ever created, was shut down when its creator, Igor Gusev, was named the world’s number one spammer and went into hiding. In August 2010, researchers clobbered the Pushdo botnet, causing spam from that botnet to slow to a trickle.

But botmasters are not idly standing by while their industry is dismantled. Analysts from Kaspersky Lab this week published research on a new version of the TDSS malware (a.k.a. TDL), a sophisticated malicious code family that includes a powerful rootkit component that compromises PCs below the operating system level, making it extremely challenging to detect and remove. The latest version of TDSS — dubbed TDL-4 has already infected 4.5 million PCs; it uses a custom encryption scheme that makes it difficult for security experts to analyze traffic between hijacked PCs and botnet controllers. TDL-4 control networks also send out instructions to infected PCs using a peer-to-peer network that includes multiple failsafe mechanisms.

Continue reading →

Security Tools70 Comments
6
Apr 11

After Epsilon: Avoiding Phishing Scams & Malware

The recent massive data leak from email services provider Epsilon means that it is likely that many consumers will be exposed to an unusually high number of email-based scams in the coming weeks and months. So this is an excellent time to point out some useful resources and tips that can help readers defend against phishing attacks and other nastygrams.

Don’t take the bait: Many people are familiar with the traditional phishing attack, which arrives in an email that appears to have been sent from your bank or ISP, warning that your account will be suspended unless you take some action immediately, usually clicking a link and “verifying” your account information, user name, password, etc. at a fake site. Commercial emails that emphasize urgency should be always considered extremely suspect, and under no circumstances should you do anything suggested in the email. Phishers count on spooking people into acting rashly because they know their scam sites have a finite lifetime; they may be shuttered at any moment (most phishing scams are hosted on hacked, legitimate Web sites). If you’re really concerned, pick up the phone (gasp!) and call the company to find out if there really is anything for you to be concerned about.

Links Lie: You’re a sucker if you take links at face value. For example, this might look like a link to Bank of America, but I assure you it is not. To get an idea of where a link goes, hover over it with your mouse and then look in the bottom left corner of the browser window. Yet, even this information often tells only part of the story, and some links can be trickier to decipher. For instance, many banks like to send links that include ridiculously long URLs which stretch far beyond the browser’s ability to show the entire thing when you hover over the link. The most important part of a link is the “root” domain. To find that, look for the first slash (/) after the “http://” part, and then work backwards through the link until you reach the second dot; the part immediately to the right is the real domain to which that link will take you.  Want to learn more cool stuff about links? Check out this guy’s site and you’ll be a link ninja in no time.

Continue reading →

A Little Sunshine / Web Fraud 2.032 Comments
11
Aug 10

Spam King Leo Kuvayev Jailed on Child Sex Charges

Undated photo of Leo Kuvayev, courtesy Spamhaus.org.

A man known as one of the world’s top purveyors of junk e-mail has been imprisoned in Russia for allegedly molesting underage girls from a Moscow orphanage, KrebsOnSecurity.com has learned.

According to multiple sources, Leonid “Leo” Aleksandorovich Kuvayev, 38, is being held in a Russian prison awaiting trial on multiple child molestation charges.

Sources in the United States and Russia said that Kuvayev, who holds dual Russian-American citizenship, was alleged to have molested more than 50 young girls he had lured away from one or more local orphanages. He was brought in for questioning after one of the girls reported the incident to Russian police, who reportedly found videotaped evidence of the incidents.

Brandon A. Montgomery, a spokesman for the Immigration and Customs Enforcement (ICE) division at the U.S. Department of Homeland Security, confirmed that Kuvayev was indicted on Aug. 3, 2009, and arrested on Sept. 15 in Moscow for child molestation charges.

“Our attaché in Moscow is working with the criminal investigative team in Russia, and the investigation is ongoing,” Montgomery said.

The Russian criminal case against Kuvayev, Case. No. 378243, charges him with violations of Russian Criminal Code 134, which prohibits “crimes against sexual inviolability and sexual freedom of the person.” According to sources in Russia familiar with the case but who asked not to be named, Kuvayev is being held in a Moscow jail awaiting trial, which is currently scheduled to start 10 months from the date of his incarceration on Dec. 22, 2009.

Kuvayev in Thailand, 2001

Kuvayev is widely considered one of the world’s most notorious spammers. Anti-spam group Spamhaus.org currently features Kuvayev as #2 on its Top 10 worst spammers list.

In 2005, the attorney general of Massachusetts successfully sued Kuvayev for violations of the CAN-SPAM Act, a law that prohibits the sending of e-mail that includes false or misleading information about the origins of the message, among other restrictions. Armed with a massive trove of spam evidence gathered largely by lawyers and security experts at Microsoft Corp., the state showed that Kuvayev’s operation, an affiliate program known as BadCow, was responsible for blasting tens of millions of junk e-mails peddling everything from pirated software to counterfeit pharmaceuticals and porn.

Continue reading →

Other / Web Fraud 2.014 Comments
4
Jan 10

Clever Gmail Spam Technique

The message staring out at me from my Gmail inbox said I’d received an update on my previous conversation with a sender named “vaishali”. The “(3)” next to the sender’s name suggested that I had responded to this person before, although I didn’t recognize the name. I clicked anyhow.

Alas, the message was spam for some company that I won’t mention here. As it happens, Gmail assigned the (3) to the message suggesting a threaded conversation because the sender had sent the same missive three times in a row. I have no way of knowing whether this was some clever new scheme by the spammer or merely an accident, but it certainly seems like an effective way of tricking people into clicking on an e-mail that they might normally just delete.