spammers

Spam turns 30

Mon, 05 May 2008 06:59:59 -0400

Spam, the bane of every office and personal email system, celebrated its 30th birthday on May 3 and as every CIO knows, age hasn't stopped the scourge from remaining ubiquitous. Microsoft founder Bill Gates predicted in 2004 that the spam problem would be solved in two years. But Sophos, an email security company, says that 95 percent of all email today is spam, while Symantec says that figure is more like 80 percent to 85 percent. Due to sophisticated solutions, email service providers and the hard work of IT managers, end users only see a fraction of what's out there. But the spammers are an industrious lot, constantly presenting new security risks to company systems and offering an unrelenting array of solicitations for unwary victims. Princeton computer science professor Ed Felten says "there is more spam than ever and no end is in sight."

For more on spam's significant birthday:
- See this InformationWeek article

FTC targets spam

Mon, 07 Jan 2008 06:59:59 -0500

The Federal Trade Commission is taking a hard look at the next generation of spam and what companies can do to fight the impact of malicious emails and phishing. In a new report called "The Next Generation of Threats and Solutions," the FTC said that Internet service providers' spam filters are essential to reducing the amount of spam that gets into a user's inbox.

The FTC is looking at spam and other malware as a consumer problem. It is fielding an increasing number of Internet, telemarketing, identity theft and other fraud-related complaints. While the problem is growing, panelists at a recent summit said there are an increasing number of software solutions that can be employed to stop spam in its tracks. These include email authentication and email reputation services. And panelists at the summit also underscored the importance of educating both consumers and businesses to detect and hunt down spam attacks.

While the FTC can do little to shut down all these malicious attacks, summit panelists said the actions of these spammers are inherently criminal, and criminal law enforcement agencies, across the board, should be shutting them down. The FTC's Consumer Sentinel, a secure, online database, is available to more than 1,600 civil and criminal law enforcement agencies in the United States and abroad. While the problem has not yet been solved, there are ways to fight a problem that is growing, not shrinking, in cyberspace.

To read more about the FTC's efforts to fight spam:
- See this agency report

Cybercrime on the rise

Mon, 03 Dec 2007 07:00:00 -0500

The FBI recently announced the arrest and prosecution of several cybercrime cases against individuals accused of defrauding banks, companies and consumers. It is part of an FBI probe called "Operation Bot Roast." And it is just the beginning of a crackdown into the compromise of two million PCs attacked by at least 10 individuals.

It's pretty scary when you look at the kind of cases being prosecuted. A 21-year-old student at the University of Pennsylvania was recently indicted for orchestrating attacks from a botnet of 50,000 PCs against various online chat networks. The scheme had a very far reach--the student was charged with working with an individual from New Zealand. Meanwhile, a 27-year-old Tacoma, Wash., resident pleaded guilty in September to maintaining a botnet of hundreds of thousands of compromised PCs. He rented them out to spammers and people who wanted to use the bot network to take websites offline.

There are plenty of others, too. This may sound a bit like Bonnie and Clyde or the Wild West, but the reality is these are now new types of crimes that did not exist a decade ago. It's important for every CIO to remember that your network is not just your own. You probably keep your door locked at night and park your car in a safe location. With these new kind of cybercrimes, it's important to remember that law enforcement may not know what is coming next until a successful attack has been launched. Will you be the next victim?

ALSO: For a look at what's coming down the road for CIOs, check out this week's special report on eDiscovery, a legal issue that involves preserving and keeping track of electronic documents, including email, in the event of a court order to turn the material over in a lawsuit.-Judi

Protect your networks

Mon, 15 Oct 2007 06:59:58 -0400

You've likely heard about honey pots, fake sites that can lure the bad guys to the wrong place. There are other ways to test your site to make sure the door is bolted to keep intruders out. You can put messages in the mail stream in real time, to see how your security responds to spam and viruses, for example, before committing to any one messaging-security gateway.

The bottom line for all CIOs investing in anti-spam software is to see how the mail comes in from the spammers and to extract specific information about how they get in and how to respond to the attack. If you are using security settings, such as encryption requirements, you will need to put that device in its final position to test its accuracy. One suggestion: keep your old messaging-security gateway inside of the new test system. And be sure to keep the old system until you are certain that the new one works.

For more on protecting your network:
- see NetworkWorld article

ALSO NOTED: Microsoft sues alleged Hotmail spammers; Why do women leave IT?;

Sun, 24 Jun 2007 20:01:38 -0400

> Microsoft sues alleged Hotmail spammers. Article
> Why do women leave IT? Article
> Homeland Security CIO blamed for vulnerabilities. Article
> How to get Windows users to switch to Linux. Blog

And Finally... Green tech makes strides. Articles

ALSO NOTED: No more excuses when it comes to security; The Future State CIO;

Sun, 06 May 2007 20:01:38 -0400

> When it comes to security, there are no more excuses. Article

> The Future State CIO. Blog

> IT: Major contributor to the bottom line. Blog

> Microsoft readies seven patches for May. Article

> Spammers find new ways around filters. Article

> Windows Server Longhorn Beta 3. Review

And Finally… Corporate email practices compromise security. Article

Fighting anti-spam-proof image spam

Mon, 12 Mar 2007 20:01:38 -0400

Spammers have plenty of tools in their arsenals to bypass anti-spam software by incorporating their sales pitches into images rather than sending them as plain text. Anti-spam vendors fought back, developing signatures designed to detect specific image spam messages, but spammers have now come up with a new technique: they're using randomized images that appear identical to the human eye, yet appear to be entirely unique to most anti-spam software. There has been a significant increase in image spam recently, due in part to the problems anti-spam software is having in detecting the new method. It takes real diligence today to stop image spam.

Learn more about reclaiming the corporate inbox:
- read the white paper at ITWorld

ALSO:
- read this on the spam onslaught
- and this on layoff email as a spam strategy
- and this on a new spam approach

SPOTLIGHT: Spam can be hard to ignore

Tue, 19 Dec 2006 19:01:34 -0500

The message that tech leaders have to send to users to thwart spam is that if something sounds too good to be true, it usually isn't true. Take, for example, a recent scam, in which spammers are hawking Microsoft's Vista for a low price in order to lure unsuspecting victims to their site. Article

New worm boasts two-pronged attack

Tue, 07 Nov 2006 19:01:39 -0500

The latest worm assault to hit the enterprise comes with a surprise: a secondary attack that hits the network about six hours after the initial installation, say security vendors. According to VeriSign iDefense, the Stration worm (aka Warezov) starts sending massive amounts of spam for pharmaceutical products once it has infected the network. This payload has gone yet undetected by antivirus and antispam software. This two-pronged strategy provides more evidence that spammers and worm writers are getting more clever than ever.

For more on the double whammy worm:
- read the news at TechWeb

Related Articles:
New worm can knock down firewall, connectivity. Report
Worm on prowl for mobile devices. Report

Layoff email is latest spam strategy

Mon, 06 Nov 2006 19:01:38 -0500

It seems that even spammers keep up with IT news. Taking a page from a recent incident where a big name retailer laid off employees via email, it seems that spammers are using the same strategy to lure unsuspecting users to a site where a keylogging program is downloaded onto their PC. It happened last week at a medical center in Georgia and experts say that it's just another piece of evidence that proves how sophisticated the online criminal element is getting these days.

For more on the latest spamming strategy:
- check out the article at NetworkWorld

PLUS: New approaches in controlling spyware. Article