Scam, Scam, Scam

One of the things that never ceases to amaze me about phishers is how incredibly creative they can be in writing text that encourages recipients to open their emails.
There have been two separate incident recently that inspired me to talk about phishing.
The first was watching viruses propagate through my local neighborhood mailing list. I live in Silicon Valley and we do have an email list for neighbors to talk, plan and generally share information. Last week one of the neighbors got infected with a virus, and their address started posting links to more viruses to the list. Over the weekend I watched half a dozen neighbors get infected and post more viruses to the list.
The second is the dozens of messages I’ve been receiving telling me there are naked photos of me on the Internet. They have a couple different forms. Some pretend to be concerned friends worried that my private photos have leaked. Others threaten legal action or that the police are investigating me. Still others tell me I’ve ruined a friendship by sharing these photos.
None of those things are true, of course. They’re all trying to get me to open a file and infect my machine with some virus or another.

I can certainly see why people might open this
Last week I said that botnets were mostly a solved problem. I then spent a paragraph trying to explain I didn’t mean they were gone, but that we had a handle on them. What I really should have said is that botnets are a mostly mitigated problem and that mitigation doesn’t need manual intervention.
But that doesn’t mean they’re not still a problem. Or that infections are a thing of the past. They’re certainly not.

Related Posts

User education doesn't work

A growing OSX security problem illustrates why user education is not the solution to virus, spam or malware problems.
HT: @briankrebs

Read More

World IPv6 launch day

Today is world IPv6 launch day. A group of ISPs, network hardware manufacturers and web companies permanently enabled IPv6 for their products and services.
What’s this got to do with email? According to a post on the NANOG mailing list the very first email to arrive at the Comcast IPv6 mailserver was received a minute after the server was turned on. This email was spam and was caught by Cloudmark’s filters.
Comcast goes on to assure readers that more mail came in and not all of it was spam.
But, yes, the first email sent to Comcast over IPv6 was spam. Welcome to the future.
 

Read More

Data Cleansing part 2

In an effort to get a blog post out yesterday before yet another doctor’s appointment I did not do nearly enough research on the company I mentioned selling list cleansing data. As Al correctly pointed out in the comments they are currently listed on the SBL. And when I actually did the research I should have done it was clear this company has a long term history of sending unsolicited email.
Poor research and a quickly written blog post led to me endorsing a company that I absolutely shouldn’t have. And I do apologize for that.
With all that being said, Justin had a great question in the comments of yesterday’s post about data cleansing.

Read More