Spam Industry News

Scammers jingle all the way

2005-12-21T15:41:00.000-08:00

With the holidays just days away, shoppers rush around late into the night, radio stations blare seasonal tunes--and cybercriminals busily try to scam unsuspecting targets.
"Holidays are an excellent hook for scams," Klein said. Last year there were 8,829 different phishing campaigns in December, and the number has increased since, hitting a high of 15,820 in October, he said. "The real problem with phishing e-mail is that they really look like e-mail that you would expect to receive."
CNET

Phishers attack eBay using new technique

2005-12-12T15:15:00.000-08:00

Scammers have found a new way to try to trick eBay members into giving them their personal information.
The new technique effectively hijacks links on listing or search results pages, taking people to an official-looking eBay log-in page that is actually phony.
Mercury News

'Tis the Season for Holiday Spamming

2005-12-12T15:09:00.000-08:00

AppRiver has tracked dozens of Sober variants each week since late November, when the holiday shopping season officially began. Subject lines include "christmass dinner -- eat with no worries," "send the kids a letter from Santa" and "Holiday Treats and a free gift from Jelly Belly."
TechNewsWorld

Security Threats Up Nearly 50 Percent In 2005

2005-12-07T13:53:00.000-08:00

It's been a good year for cybercrooks, especially those with the foresight to have gotten in on the boomingTrojan horse business.
The number of new worms, viruses, and Trojan horses jumped 48 percent in 2005, a security company said Tuesday, as it detailed the year's security woes.
Information Week

1 in 4 target with Phishing Scams

2005-12-07T13:51:00.000-08:00

About one in four Internet users are hit with e-mail scams every month that try to lure sensitive personal information from unsuspecting consumers, a study says.

Of those receiving the phony e-mails, most thought they might be from legitimate companies -- seven in 10, or 70 percent, were fooled by the e-mails, said the report.
CNN

Gone Spear-Phishin'

2005-12-05T11:29:00.000-08:00

About a year and a half ago, Amnon Jackont, an Israeli mystery novelist and Tel Aviv University history professor, became ensnared in a mystery of his very own: friends and students were receiving e-mail messages from him that he had never written. A few months later, unpublished paragraphs and chapters from a book he was writing were plucked from his computer and began appearing on Israeli Web sites.

Mr. Jackont took his computer to the Israeli police last fall and was told to reformat it. But his problems persisted. So the police examined his computer more closely and discovered that a malicious program known as a Trojan horse lay hidden deep inside and had hijacked the machine from a remote location.
New York Times

Phishing: Beware the Internal Revenue Scam

2005-12-05T11:28:00.000-08:00

The official-looking e-mails promise an income-tax refund, but they're really one more reminder to be cautious with personal info online

Scam artists are in hot pursuit of your identity. And they're cooking up a growing number of so-called phishing schemes, using e-mails that look like they're from a reputable source to cull personal data needed to steal your hard-earned money.
Business Week

Network Computing's Spam Filters Tested

2005-11-28T14:27:00.000-08:00

Still Sick Of Spam - Keeping Spam out of your Inbox
We've always placed our bets on technology over politicians anyway, so we invited 16 vendors to send their antispam products that run on Microsoft Exchange servers to our Syracuse University Real-World Labs(r) for testing and evaluation. We limited this review to Exchange-only offerings to serve readers with small-or no-IT groups; many small IT shops use single Exchange servers for their e-mail gateways. Antispam appliances/ firewalls, hosted spam services and products that do not integrate with Exchange were excluded from these tests-we covered them in "Sick of Spam"

NETWORK COMPUTING EDITOR'S CHOICE
B+
MailFrontier Gateway Server 4.1 MailFrontier installed in a snap using a wizard installation routine common to Windows-based software. Gateway Server includes copies of Sun's Java Runtime Engine and Apache's Tomcat for the administration console. The installation wizard warned us about Gateway Server's capacious space needs-it requested 40 GB of free space for use with its Web-based quarantine, dubbed "Junk Box."
Network Computing

E-mail-based worm puts VARs, vendors on alert

2005-11-28T14:24:00.000-08:00

The rampant spreading of an e-mail-based worm attack this week shows that after a somewhat dormant period, widescale hacker threats are alive and well.

Variants of the “sober” e-mail worm have been arriving in millions of e-mail inboxes over the past several days. Many of them have been posing as fake messages from the CIA or FBI, warning recipients that their Internet addresses have been identified as having conducted illegal activities online. Clicking on the messages exposes the users’ computers to control by whomever sent the messages.
VAR Business

UK Spammer gets 6 Years

2005-11-17T11:22:00.000-08:00

A man described as Britain's most prolific spammer has been sentenced to six years of prison.

Peter Francis-Macrae's sentencing on Wednesday in the Peterborough Crown Court followed his six-week trial and his conviction on charges of fraudulent trading, concealing criminal property, threatening to destroy or damage property, making death threats, and blackmail.

Francis-Macrae of Cambridgeshire was accused of defrauding thousands of people by tricking them into sending him money to register an .eu domain name on their behalf. He was also charged with sending fraudulent e-mails to companies and claiming they had to pay a renewal fee to avoid losing their domain names.
CNET

Arrest Shows Focus on Bot Viruses

2005-11-07T11:33:00.000-08:00

The arrest of a 20-year-old California man accused of profiting from networks of hijacked computers, among the first cases of its kind, illustrates law enforcement's increased focus on the growing scourge of "bot" viruses.

Malicious computer programs known as bots, short for robots, allow hackers to hijack thousands of far-flung computers and control them remotely. Criminals can use the commandeered machines to disseminate spam, hawk fake goods, send "phishing" emails to steal bank and other personal information or bombard corporate Web sites with Internet traffic to extract extortion payments.

A federal grand jury in California Wednesday returned a 17-count indictment charging Jeanson James Ancheta with conspiracy to cause damage to a computer, accessing a computer to conduct fraud and money laundering, among other charges.

According to the indictment, Mr. Ancheta, of Downey, Calif., earned thousands of dollars by infecting computers and then renting out access to networks of as many as 10,000 machines at a time to people who wanted to launch Internet attacks and send spam. He also hijacked U.S. government machines at the weapons division of the Naval Warfare Center and an information-systems agency at the Defense Department, the indictment alleges.

Mr. Ancheta allegedly made an additional $58,000 by surreptitiously planting adware -- programs that show the computer user targeted advertisements and tracks their activity online -- on hijacked computers, receiving payments from advertising companies for each installation.
Wall Street Journal

SEC Warns Investors Of Spyware, Phishing

2005-11-07T11:30:00.000-08:00

The agency is concerned that investors aren't taking proper precautions when accessing their accounts.
The Securities and Exchange Commission (SEC) on Thursday issued a guide to private investors on the dangers that identity thieves pose to online broker accounts.
InformationWeek

Sure, that e-mail looks legit, but is it from a 'phisher'?

2005-10-31T13:26:00.000-08:00

The e-mail in my in-box looked official. It had the familiar E-Trade Financial logo across the top. The return e-mail address was a legitimate financial document delivery website. The e-mail informed me that my statement was now available online and that I could click a link embedded in the e-mail and log on.

The problem was the e-mail was not sent by E-Trade. It was a scam.
LA Times

Microsoft takes on spam zombies

2005-10-28T11:38:00.000-07:00

Hoping to turn the tide on spam zombies, Microsoft has filed suit against entities it said used compromised PCs to send millions of junk e-mail messages.

The company has identified 13 different spamming operations that use such "zombies," it said Thursday. A lawsuit was filed against unnamed defendants in August. Since then Microsoft has tracked down some of the people behind the operations, said Tim Cranton, director of Internet Safety Enforcement Programs at Microsoft in Redmond, Wash.
CNET

My adventures in anti-spam

2005-10-24T14:22:00.000-07:00

For 24 hours I was in IT hell. A simple move to stop the onslaught of spam that was overwhelming my inbox turned into a nightmare. I was so gung-ho to increase my productivity by removing the spam that I overlooked some IT basics. Hopefully, you’ll learn from my mistakes.

A few weeks back, fed up with the amount of “enlargement” messages I was receiving, I purchased Norton Anti-Spam software. I installed it on the computer without reading any of the accompanying literature or studying the support site to see what snafus I might encounter.
Network World

FAQ: Identity fraud uncovered

2005-10-24T14:20:00.000-07:00

How could identity fraudsters get my personal information in the first place?
It depends. Fraud artists can bribe employees of banks or credit card companies who have access to confidential records, or they can pose as an employer or landlord to get a copy of your credit report, or simply steal a wallet, purse or your mail. One of the most common ways that information is snatched is through lost credit cards. All of those techniques are more frequent than any methods using the Internet.
CNET

Hackers, Scammers Hide Malicious JavaScript On Web Sites

2005-10-21T12:04:00.000-07:00

Hackers and scammers have suddenly turned to a new technique to hide malicious JavaScript on compromised or criminal sites, a security researcher said Thursday.

According to Dan Hubbard, the senior director of security and research at Websense, a family of obfuscation routines with the umbrella name of "JS/Wonka" has spread wildly in the last few weeks.
CRN

Marketing Group Requires Members To Adopt E-Mail Authentication Systems

2005-10-19T11:24:00.000-07:00

The idea is to protect both consumers--who will know the e-mail offer comes from a 'trusted source'--and the vendors' brands from illegal use.

The Direct Marketing Association (DMA) today said it will begin requiring its member companies-who represent some of the nation's largest and best-known consumer brands-to adopt e-mail authentication systems that help verify the authenticity of legitimate commercial e-mail messages.
InformationWeek

E-mail claiming to contain Version 1.4 of Skype's VoIP software contains variant of IRCbot Trojan horse

2005-10-19T11:21:00.000-07:00

After making a big splash in the news through its $2.6 billion deal with eBay, Skype Technologies (Profile, Products, Articles) can't be happy about a malicious Trojan horse that is circulating as an e-mail attachment and purports to be the newest release of the company's Internet telephone software.

The e-mail, claiming to contain version 1.4 of Skype's VoIP (voice over Internet Protocol) software client, contains a variant of the IRCbot Trojan horse, according to MessageLabs (Profile, Products, Articles) Ltd., which issued a warning earlier this week after detecting and blocking hundreds of copies of the new variant.
InfoWorld

Calif. gov. signs law to punish 'phishing' scams

2005-10-03T16:19:00.000-07:00

California Gov. Arnold Schwarzenegger signed a bill on Friday making Internet "phishing" identity theft scams punishable by law.

The bill, advanced by state Sen. Kevin Murray, is the first of its kind in the United States and makes "phishing"--getting people to divulge personal information via e-mail by representing oneself as a business without the approval or authority of the business -- a civil violation. Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater.
News.com

Spam Rate Declines As Volume Increases

2005-09-23T11:55:00.000-07:00

Spam's slice of the e-mail pie has dropped by 12 percent so far this year, indicating that defensive strategies and technologies, and perhaps high-profile prosecutions of big-time spammers are having an affect, a message filtering firm announced Thursday.

Through August 2005, said Denver-based MX Logic, spam accounted for an average of 67 percent of the messages run through the company's filters. At the same point in 2004, spam accounted for an average of 76 percent of all mail.

Governor signs bills on identity theft, military families

2005-09-23T11:50:00.000-07:00

Gov. Arnold Schwarzenegger signed legislation Thursday that increases the penalty for e-mail spam, bolsters identity theft laws and helps families of active military members.

IDENTITY THEFT: Sending unsolicited commercial e-mails -- known as spam -- in violation of California's anti-spam law will now be a misdemeanor, punishable by fine of up to $1,000 or up to six months in county jail. The anti-spam law took effect last year, but this legislation, by Sen. Kevin Murray, D-Los Angeles, adds the punishment element.
San Jose Mercury

EarthLink lands a win in phishing suit

2005-09-22T11:44:00.000-07:00

EarthLink can't be held liable for incorrectly identifying the Web site of a legitimate bank as a fraudulent attempt to snatch customers' identities, a federal judge has ruled.

U.S. District Judge John Shabaz in Wisconsin has tossed out a case that Associated Bank-Corp. brought against the Internet service provider in April claiming negligence and injury to its business reputation.

EarthLink had warned its customers who installed a free "ScamBlocker" toolbar--and visited AssociatedBank.com--that the Web site was "potentially fraudulent" and said that they should "not continue to this potentially risky site."
CNET

Imagine Widespread Anti-Phishing Use

2005-09-20T09:50:00.000-07:00

Opinion: There are many anti-phishing tools for Windows, but they're all small-timers. That all changes with Internet Explorer 7.

Jaded old jerks like me who are skeptical of everything don't need anti-phishing software. I don't trust anyone, let alone some vendor sending me an e-mail. But anti-phishing software is definitely a good thing, and I have high hopes for it.
eWeek

After the Storm, the Swindlers

2005-09-08T11:49:00.000-07:00

Even as millions of Americans rally to make donations to the victims of Hurricane Katrina, the Internet is brimming with swindles, come-ons and opportunistic pandering related to the relief effort in Louisiana, Mississippi and Alabama. And the frauds are more varied and more numerous than in past disasters, according to law enforcement officials and online watchdog groups.

Florida's attorney general has already filed a fraud lawsuit against a man who started one of the earliest networks of Web sites - katrinahelp.com, katrinadonations.com and others - that stated they were collecting donations for storm victims.

In Missouri, a much wider constellation of Internet sites - with names like parishdonations.com and katrinafamilies.com - displayed pictures of the flood-ravaged South and drove traffic to a single site, InternetDonations.org, a nonprofit entity with apparent links to white separatist groups.
New York Times

Suckers For Spam

2005-09-06T11:57:00.000-07:00

Hard as it is to believe for long-time Internet denizens, online scammers and spammers are still reaping rewards from the community at large.

Last week's bizarre tale of a Los Angeles record producer claiming he was being chased by Nigerian scam artists is a high-profile example of the pervasiveness of the activities still evident today.
Internet News.com

Spamhaus: Yahoo major phishing site host

2005-09-06T11:56:00.000-07:00

Spamhaus has accused Yahoo of failing in the fight against online fraud, and Microsoft has admitted there is room for improvement.

Yahoo is playing host to thousands of phishing sites and doesn't have sufficiently well-trained staff to address the problem of online fraud, according to a leading anti-spam and security organization on Tuesday.
CNET

How to avoid Katrina-related online fraud

2005-09-02T11:08:00.000-07:00

Almost before Hurricane Katrina’s winds subsided, thousands of people nationally queued up to help ease the Gulf Coast’s misery by offering food, water or a hand with the cleanup. Some even have suggested the homeless move in with them temporarily.

Just as quickly, however, opportunists arose. They surfaced, too, following the South Asia tsunami in December and the London terror bombings in July.
St. Louis Post Dispatch

Don't get ripped off by hurricane cyberscams

2005-09-02T11:07:00.000-07:00

Online con artists have launched at least a dozen scams preying on people donating to Hurricane Katrina relief efforts or seeking news, federal authorities and anti-spam experts say.

The FBI is looking into suspicious Web sites and phishing spam messages that attempt to filch personal data such as credit card numbers, spokesman Paul Bresson says.
USA Today

New Microsoft Phishing Filter for MSN Search Toolbar

2005-08-31T11:19:00.000-07:00

If a customer inadvertently visits a potentially fraudulent Web site that can steal the customer's personal information, the beta Microsoft Phishing Filter Add-in will proactively help protect the customer. This new add-in uses a dynamic system that quickly checks the Web pages customers visit with an online service with up-to-the-hour information to see if the sites they visit are suspicious or actual reported phishing Web sites. The filter will block customers from entering personal data if the site is confirmed. If the Web site contains characteristics common to a phishing Web site, but is not in the list of known sites, the MSN Search Toolbar will provide a warning and give people the option to continue or close their tab in the toolbar.

Microsoft Phishing Filter helps detect potential phishing Web sites and divert visitors away from them in three ways:

-- It compares addresses of Web sites a consumer attempts to visit with
a list of reported legitimate sites that is stored on the consumer's
computer and updated periodically.

-- It analyzes the sites that people seek to visit for characteristics
common to phishing sites.

-- It provides the option to automatically send Web site addresses that
a consumer attempts to visit to an online service run by Microsoft
Corp. that checks the address against a frequently updated list of
reported phishing sites.

Arizona State Savings Moves Quickly In Wake Of Attempted Phishing Scam

2005-08-30T14:11:00.000-07:00

Unfortunately, a phishing attack against a credit union is nothing to admire. However, the speed and efficiency of the response to one such attack by Arizona State Savings & Credit Union is.

The Arizona State Savings & Credit Union (ASSCU) branch at the University of Arizona was alerted to the problem when students walked into the credit union and reported a suspicious e-mail had been sent to them. Someone had accessed 9,000 state university e-mail addresses and sent a phony message asking for information, according to ASSCU SVP of Planning and Strategic Services Jill Bechard. Bechard said the e-mail asked for the member's name, account number and a credit card number, but not for a social security number. "In the email, was a replica of our website," Bechard said.

In response to previous suspicious incidents, ASSCU staff enacted a step-by-step plan. In only four hours ASSCU quickly shut down nine student accounts, took down its own website, alerted two other state universities to the problem, called the FBI and Secret Service, alerted the media, contacted CUNA and sent e-mail notifications to each of its 42,000 members who are online users.

The Phishing Hole

2005-08-30T14:09:00.000-07:00

Phishing has emerged as one of the online world's more frightening scourges. Even at their most irritating, most spammers just wasted your time or left you averting your eyes from scary porn. Phishing scams are worse -- they're attempts to steal your money or even your identity, and they threaten to undermine some of the basic conveniences and efficiencies of the Internet age.

And unfortunately, phishing is going to be with us for some time: The Internet's technical underpinnings date back to when the Net was a preserve of scientists who had no reason not to trust each other, and it looks like the technical overhaul needed to make us less susceptible to phishers will take years to accomplish. In the meantime, what's needed is greater awareness of the phishing's dangers, a task that should fall on companies targeted by phishers, Internet-service providers, government agencies, individual users and others.
Wall Street Journal

Brazil Pinches 85 Phishers

2005-08-29T13:37:00.000-07:00

Brazilian police have arrested 85 people in connection with a phishing ring that pilfered over $33 million from duped consumers who handed over their online bank account usernames and passwords, the Reuters news wire service reported Friday.

The raid, dubbed "Operation Pegasus," was a multi-state crackdown that involved over 400 police officers and issued more than 100 arrest warrants after a four-month investigation.
TechWeb

Three indicted in major spam case

2005-08-29T13:34:00.000-07:00

A federal grand jury on Thursday indicted three people accused of sending pornographic bulk e-mail in a major international spam case, the U.S. Department of Justice announced.

The case centered on allegations that the three distributed bulk e-mail advertising pornographic Web sites and containing explicit images of adults having sex. The unsolicited e-mails may have numbered in the tens of millions, the Justice Department said.
CNET

ID theft sneaks to the top of fears list

2005-08-29T13:32:00.000-07:00

We're paying more and more protection money on our financial lives. Identity theft, phishing scams, viruses and worms are turning the convenience of online personal finance into a jungle of security fears. Direct costs to banks and credit companies of computer scams like phishing and other identity theft--ultimately paid by consumers--have mounted to more than $1.2 billion, according to research firm Gartner Inc.

Sales of scanning software for virus protection and other personal computer security products continue to build, especially after massive security breaches in recent months. In one of those breaches, hackers obtained credit card and debit account data on hundreds of thousands of card customers.
Chicago Tribune

Phishers Sinking to New Lows; Scammers Now Impersonate Small Financial Institutions

2005-08-29T13:30:00.000-07:00

Don't get me started on spam. But the other day, scanning the dregs of my spam filter, there was this one that stood out from the hundreds of unsolicited commercial e-mails that pitch porn, get-rich-quick schemes, cheap pharmaceuticals, urgent business proposals and sure-thing investments. All no-brainer deletes. Click, click, click.
Washington Post

Microsoft to Expand Anti-Phishing Tool

2005-08-25T11:40:00.000-07:00

Microsoft Corp. will soon make available to the general public a tool for warning users about "phishing" scams that could lead to identity theft. Currently, such a tool comes only with the Internet Explorer 7 browser, which is available in tests only to a select group of developers.

But within a few weeks, Microsoft will incorporate it into a toolbar for older versions of IE. While still officially a test, the anti-phishing tool will be available to anyone running the Windows XP operating system with the Service Pack 2 security upgrade from last summer.
Associated Press/InformationWeek

Can Authentication Make The E-mail Highway Safe?

2005-08-24T16:03:00.000-07:00

E-Mail Authentication Standards: It’s Like Seatbelts And Airbags
Significant progress has already been achieved as Microsoft Caller ID and Meng Weng Wong’s Sender Policy Framework (SPF) came together under the umbrella of the Sender ID Framework. At the same time Yahoo! Domain Keys joined together with Cisco Systems and its Internet Identified Mail to become DomainKeys Identified Mail (DKIM). However, this has left us with two leading authentication methods vying for dominance.
Messaging Pipeline

APWG Report Shows Identity Theft Crimeware Growth Eclipsing Conventional Phishing

2005-08-23T10:40:00.000-07:00

The Anti-Phishing Working Group (APWG) today released their July 2005 phishing report. The report shows a slight decrease in conventional phishing attacks but discloses a marked increase in crimeware: malicious software designed to steal identity information for financial crime. In July, APWG researchers have found that phishers are designing systems specifically to neutralize counter-phishing technologies that are being deployed by financial institutions and e-commerce sites.

"The technological contest between phisher and counter-phisher is well and truly underway," said APWG Chairman David Jevans. "It is a contest of escalation."

APWG researchers reported a marked increase in screenscraper technology by phishers, used to counter the graphical keyboard systems that some financial services firms are using to avoid the hazards of keylogging Trojans that phishers use to mine the usernames and passwords directly from the keyboard entry of alphanumerics and symbols. When the user mouseclicks a character on the graphical keyboard, the screenscraper takes a snapshot of the screen and sends it to the phishers' server for inspection, in one example intercepted by the researchers.
Business Wire

Online Pharmacy Spammer Arrested

2005-08-22T15:42:00.000-07:00

Christopher Smith's neighbors didn't know exactly what he did for a living. But they knew well that he liked to collect expensive cars and set off fireworks at all hours.

At an age when most of his peers could barely afford a new car, Smith was amassing a collection that would include BMWs, Hummers, a Ferrari, a Jaguar and a Lamborghini. And when other twentysomethings were trying to save for down payments on modest starter homes, Smith paid $1.1 million for a house in a more affluent suburb.

Smith got all that through his successes in massive unsolicited e-mail marketing, authorities say. The Spamhaus Project, an anti-spam group, considered him one of the world's worst offenders.

He was just 25 when the feds in May shut down his flagship company, Xpress Pharmacy Direct, and seized $1.8 million in luxury cars, two homes and $1.3 million in cash held by Smith and associates.
InformationWeek

Anti-porn spam laws to shield kids backfire

2005-08-22T15:40:00.000-07:00

Laws in two states to shield children from objectionable e-mail are having a chilling effect on nearly everyone but the spammers they were intended for.

The laws in Michigan and Utah create e-mail registries to prevent children from viewing adult-oriented messages. But the laws, both barely a month old, threaten to disrupt businesses nationwide, marketers and legal experts say.
USA Today

Constant Struggle: How Spammers Keep Ahead Of Technology

2005-08-18T10:36:00.000-07:00

Efforts to use automation to outsmart spammers and crooks online have had spotty results. Often it's because spammers keep coming up with new tricks to work their way around anti-spam technology, forcing the good guys to continually play catch-up.
Information Week

Seller of AOL List Gets Prison

2005-08-18T10:35:00.000-07:00

A former America Online Inc. engineer who sold 92 million stolen e-mail addresses to an alleged spammer was sentenced Wednesday to 15 months in prison, but spam fighters said the punishment was too lenient to stem the flow of junk messages.

Jason Smathers, 25, pleaded guilty in February to hacking AOL's customer database and selling the e-mail addresses of customers for $28,000. His case was among the first prosecuted under the federal anti-spam laws that took effect last year.
LA Times

It's a bull market for stock spam

2005-08-05T13:58:00.000-07:00

The volume of stock scam spam has risen, posing a new threat to investors, warns a new study from network security firm Sophos.

Though traditional spam categories--medication, mortgage and pornography--continue to dominate, new ones such as stock scams are growing, according to the study, which covered the first six months of 2005.
CNET

Coalition Issues Definitions For 'Spyware'

2005-07-13T10:49:00.000-07:00

Antispyware vendors and consumer groups took a stab at issuing uniform definitions for "spyware" and "adware" on Tuesday in hopes of giving computer users more control over their machines.

The definitions seek clarity that could help improve anti-spyware products, educate consumers and fend off lawsuits from developers of software that sneaks onto computers.

It's not clear what, if anything, the taxonomy itself might accomplish in ending the deception involved in placing intrusive and damaging programs on people's computers.

The 13-page document is silent, for instance, on what developers must do to obtain consent from consumers. Nor does the document, still formally a draft, clearly state how specific programs might fall under a certain category.

"It's not the end game but it's a great starting point," said Dave Cole, director of product management at Symantec, a member of the coalition that spent three months crafting the terms.

"You've got to have a foundation, a common vocabulary to start with ... and have all of us speak the same language."

Forty-three percent of adult U.S. Internet users say they've been hit with spyware, adware or both, according to the Pew Internet and American Life Project. More than 90 percent of Internet users have changed their online behavior, meanwhile, to try to avoid becoming victimized.

Associated Press

Yahoo/Cisco Systems-Led Spam Blocking Idea Inches Closer To Becoming Technical Standard

2005-07-13T10:47:00.000-07:00

Proposal Sent To Task Force; Microsoft, IBM among the other supporters of method for authenticating e-mails.

Someday, the Internet community might actually agree on a way to tell if an e-mail's real or likely fake.

This week, it edged closer to that spam-thwarting goal.

Cisco Systems, Yahoo, Sendmail and PGP Corp. on Saturday submitted an e-mail authentication method draft to the Internet Engineering Task Force, with hopes it will lead to a standard..

Called DomainKeys Identified Mail, the method also is supported by Microsoft, IBM, VeriSign, EarthLink and others.

"This is definitely a major step to getting it to be an Internet standard," said Eric Allman, chief technology officer at privately held mail security firm Sendmail.

Allman put together the draft for the loose alliance of tech firms. He expects a working group in the IETF to soon start discussing -- and at some point possibly ratify -- DomainKeys Identified Mail.

Called DKIM for short, it's a technical way for firms to tag and check e-mail to prove its origination point, thus helping identify spam that pretends to come from a real person or company. DKIM uses encryption for extra safety. It combines two e-mail authentication techniques: Yahoo's DomainKeys and Cisco's Internet Identified Mail.
Investor’s Business Daily

Trojan horses gallop into networks

2005-07-08T11:08:00.000-07:00

An outbreak of Trojan horse programs is hitting networks around the world, an e-mail security company has warned.

MessageLabs said it has blocked 54,000 copies of new Downloader Trojans since 6 p.m. PDT on Wednesday.

"They are pretty run of the mill--they use e-mail subjects that have been used before," Alex Shipp, a senior antivirus technologist at MessageLabs, said. "But we're detecting them from all over the place."
CNET

Web Surfers' Sense of Siege

2005-07-08T11:06:00.000-07:00

While users know about adware and spyware, many don't grasp the difference, according to a new survey -- and that's a big problem

Most people who use the Web still don't quite understand what spyware is -- but they know they sure don't like it. That's the finding of a new survey by the Pew American & Internet Life Project, which looked at surfers' relationship with programs that invisibly install themselves in PCs and then track users' Web activity. Advertisement

The proliferation of spyware and other unwanted software certainly seems to be changing the way the Internet is used, according to the survey of 1,336 users, conducted between May 4 and June 7. More than 91% of those questioned reported making at least one change in their online behavior to avoid downloading viruses and spyware. The survey had a margin of error of 3%.
BusinessWeek

Suspected spam king to appear in court

2005-07-06T10:51:00.000-07:00

A 30-year-old man suspected of being the "Rizler" spam king is scheduled to appear in federal court Wednesday, following his arrest last week when he flew into the United States.

Christopher Smith, who allegedly sent a billion junk e-mails to America Online subscribers, was arrested at a Minneapolis airport after he stepped off a plane from the Dominican Republic.

Smith allegedly had been operating illegal online pharmacies and a call center in the Dominican Republic, according to a representative for the Justice Department.
CNET

Phishing fraud lands two men behind bars

2005-06-29T10:50:00.000-07:00

Two men have been jailed for conspiracy to defraud and launder money in an international phishing operation that may have netted up to 6.5 million pounds over two-years, authorities said.

Douglas Harvard, 24, a U.S. citizen who lives in Leeds, England, was sentenced to six years in prison, and Lee Elwood, 25, of Glasgow was given four years behind bars. According to the National Hi-Tech Crime Unit (NHTCU), the two stole at least 750,000 pounds in one 10-month period as they forwarded money on to unnamed groups in Russia.
CNET

Phony phish phantoms haunt e-mail

2005-06-28T15:15:00.001-07:00

After all the publicity about phishing, you’d think the con artists would have moved on to another scam.

But we’re not out of the woods yet.

Phishing attacks grew 28 percent in the last 12 months, costing U.S. consumers almost $1 billion, according to a new study by Gartner Inc.

Phishing is geekspeak for scam e-mails purporting to be from reputable financial institutions on online retailers.

The e-mail directs the recipient to click on a link to update their personal profile or complete a transaction. The link is designed to look like the bank or retailer’s Web site, but it’s a phony.

The information actually goes to a scammer, who sells that information or uses it to steal from a user’s credit card or bank account.

About 73 million online Americans received an average of more than 50 phishing e-mails in the 12 months that ended in May, according to the Gartner study.

Avivah Litan, research director at Gartner, said phishing attacks are causing consumers to delete more and more e-mail without looking at it. Up to 80 percent of consumers said they now don’t trust e-mail from companies or individuals they don’t know personally, she said.

About 85 percent of those consumers delete suspect e-mail without opening it, Litan said.

[Kansas City Star]

UK Phishers Caught, Packed Away

2005-06-28T15:15:00.000-07:00

Two identity-theft racketeers, one a U.S. citizen, have been sentenced to a combined 10 years in prison for their use of stolen credit card data
eWeek

Police Arrest Phishing Mob Suspect

2004-11-11T15:51:00.000-08:00

A suspected Russian gangster and phishing scam operator, caught with $200,000 in stolen goods and $15,000 cash, has been charged on several counts of identity fraud and credit card fraud.
CNET Article

New Phishing Technique runs when message is viewed

2004-11-04T17:37:00.000-08:00

Opening the wrong E-mail may soon be enough to empty your bank account. In an effort to woo security-conscious computer users, "phishers" have come up with a new technique to harvest online banking details without requiring users to click on a Web link and enter personal information on a submission form.
InformationWeek Article

Spammer gets 9 Years

2004-11-04T17:35:00.000-08:00

A brother and sister were convicted yesterday of three felony charges of sending thousands of junk e-mails through servers located in Virginia
ComputerWorld Article

AOL, Yahoo, Microsoft, Earthlink sue spammers

2004-10-29T13:53:00.000-07:00

Lots of articles today about America Online Inc., Yahoo Inc., Earthlink Inc. and Microsoft Corp. all filing suits in federal courthouses around the country, alleging violations of the federal anti-spam law passed late last year and of state statutes.
Washington Post Article

AOL support Microsoft's Sender ID

2004-10-25T14:58:00.000-07:00

America Online is today announcing its support of the newly submitted version of an email authentication technology known as Sender ID and advanced by our key partner in the antispam crusade, Microsoft Corporation.
BusinessWire Article

Microsoft Revises Anti-Spam Standard

2004-10-25T14:56:00.000-07:00

As Microsoft and other industry leaders announce the latest progress in the fight against malicious spammers, Microsoft's anti-spam general manager explains the revised Sender ID Framework proposal submitted to the Internet Engineering Task Force.
Microsoft Article

Four in court over 'phishing' charges

2004-10-15T15:35:00.000-07:00

The Financial Times is reporting that four Europeans were in court yesterday to face charges to defraud internet banks for "phishing scams".
The two men and two women from Russia, Estonia and Ukraine, were allegedly part of a gang that fraudulently took money from online consumers' accounts, after duping customers into giving them their banking details. The National High-Tech Crime Unit says this is the first time in the world charges relating to phishing have been pressed. The four - aged between 25 and 34 and all living in London - have been charged with one count each of conspiracy to defraud financial institutions and of conspiracy to money launder. All four were refused bail at Bow Street magistrates court and were remanded to appear in Southwark crown court for a preliminary hearing on October 21.

Industry Announcements

2004-10-15T15:33:00.000-07:00

Netriplex today announced that it has released a free version of its highly acclaimed anti-spam solution specifically engineered to meet the needs of small business.
PhishGuard Corporation today launched their FREE anti-phishing service to detect and disable Internet "phishing" and "spoofing" attacks.
CyberGuard announced the availability of the CyberGuard WW1000 Content Security Appliance, which integrates Webwasher’s Content Security Management (CSM) Suite into a full content security management device.

First settlement for the Can-Spam Act

2004-10-13T13:41:00.000-07:00

DC Enterprises has agreed to settle a spam-related case with the Massachusetts Attorney General's office, marking a resolution of the first state case under the federal Can-Spam Act, state regulators announced Monday.
ComputerWorld Article

Worldwide Spam Crackdown

2004-10-13T13:40:00.000-07:00

Representatives from worldwide governments, including the U.S. Federal Trade Commission, are meeting in London this week to discuss how a united front can help to crack down on the problem of unsolicited bulk e-mail. A Daily Star article reports that spam now makes up more than 60% of email traffic, up from 10% in 2001, according to new figures from the Office of Fair Trading.

Industry Announcements

2004-10-13T13:38:00.000-07:00

SurfControl released the newest version of its e-mail filtering software to protect enterprises against the full array of e-mail borne threats that are rapidly escalating in volume, sophistication and harm potential.
Symantec announced that CSO Magazine and Alta Associates, an information security recruitment firm, presented Linda McCarthy, executive security advisor for Symantec, with the 2004 Private Solutions Provider Woman of Influence award for information security.
Postini announced that it ranked as the leading antispam solution in a survey of IT executives at top law firms.
Tumbleweed announced that it has formed a distribution agreement with Zones, Inc., a single-source direct marketing reseller of name-brand information technology products.
Akonix, a leading provider of secure, multi-network enterprise instant messaging (IM), announced record revenues in Q3 2004 and a doubling of both revenues and new customers from the previous quarter. Akonix added 190,000 new seat licenses and ended the third quarter with over 400 customers and more than 500,000 seats deployed.

Keeping track of cyberslackers Web and e-mail monitoring by bosses becoming common in the workplace

2004-10-11T13:37:00.000-07:00

Big Brother may not be watching you, but Big Employer probably is.
SF Chronicle Article

Consolidated News

2004-10-11T13:36:00.000-07:00

SurfControl has supplied its powerful Web filtering technology to the leader in real-time, high performance Internet content security solutions, StreamShield Networks.
Symantec announced the acquisition of @stake, originally announced on Sept. 16, 2004, has been completed.
Commtouch announced today that the Commtouch Spam Detection Center analyzed hundreds of millions of spam messages in the month of September 2004 and found that in the first 3 weeks of the month the amount of spam was less than the amount for the first three weeks in August, which was a record month for spam outbreaks.
Global cooperation on network security, law enforcement and heightened consumer awareness is needed to help shield internet users from spam, said the Office of Fair Trade today at a conference of international spam enforcement agencies in London.

Spammers use opt-out button to hijack computers

2004-10-07T10:38:00.000-07:00

Inventive spammers can send junk mail on computers commandeered from email users who hit the "unsubscribe" link in junk mail, security experts have discovered.
The latest spamming trick uses the opt-out feature on spam mail to turn computers into "open proxies" that allow unauthorised users, or hackers, to remotely control a computer and send spam.
Financial Review

Consolidated News

2004-10-07T10:35:00.000-07:00

FrontBridge announced that spam volumes reached a record peak of 91 percent on Sept. 12 and hit a monthly average of 85 percent, an increase of three percent from August.
Tumbleweed unveiled Tumbleweed Email Firewall 6.0™, the latest generation of Tumbleweed's award-winning email security gateway.
Yesterday, the FTC has submitted a recent report to Congress with recommendations on how to reward people who come forward and supply information on violations of the CAN-SPAM Act that was passed last year. In addition to other proposals, the FTC recommends that reward amounts should be in the range of $100,000, and as high as $250,000 in some cases.

Fighting Phish, Fakes and Frauds

2004-10-06T13:46:00.000-07:00

The Internet makes identity theft almost laughably easy. Phishing - or the practice of sending e-mails and using fake Web sites that spoof a legitimate business in order to dupe unsuspecting customers into sharing personal and financial data - requires minimal effort and capital. "A lot of drug lords are getting into phishing," says Avivah Litan, a vice president and research director at Gartner.
CIO Magazine Article

Legislation aims to block spyware

2004-10-05T10:41:00.000-07:00

Help! There's a spy in my computer.
These words, and coarser ones, are being voiced by legions of Internet users whose hard drives are infiltrated by what is commonly called spyware. The term describes a broad range of software, often downloaded to a home computer without the user's knowledge, that can lead to identity theft and frustration.
San Francisco Chronicle Article

Banks Join Group To Battle Phishing

2004-10-05T10:39:00.000-07:00

An article in InformationWeek reports that the Financial Services Technology Consortium said 11 financial institutions--which include Citicorp, J.P. Morgan Chase, Comerica, Visa USA, ABN Amro, KeyBank, Capital One, and University Bank--will define technical and operating requirements for counter-phishing measures, and clarify the infrastructure fit, requirements, and impact of technologies when deployed in concert with customer education, enforcement, and other industry initiatives.
InformationWeek Article

Consolidated News

2004-10-05T10:38:00.000-07:00

Postini announced it has obtained a Statement on Auditing Standards No. 70 (SAS 70) audit report for its email managed service.
Sane Solutions, developers of the NetTracker(R) line of Web analytics software, and SurfControl today announced a new OEM partnership.

Announcements

2004-10-04T11:57:00.000-07:00

The FSTC counter-phishing initiative announced on September 20 is attracting some of the industry's most prominent financial institutions and technology vendors, according to Gene Neyer, Managing Executive of FSTC's effort.
Network World reports that SurfControl plans to upgrade its e-mail filter to catch phishing attacks, and flag more spam and other abuses. SurfControl's E-mail Filter 5.0 is slated for release next week.
CNET reports that Microsoft plans to offer its own anti-spyware software. Gates said Microsoft will offer software to detect malicious applications and that the company will keep it up-to-date on an ongoing basis.

Going after Kingpin Spammers

2004-10-01T11:55:00.000-07:00

The Washington Post reports that a new law aimed at prosecuting big-time Internet spammers, among others, will become effective today in Maryland. The law is designed to go after "kingpin" spammers, who send out more than 10 deceptive e-mails in a day or 1,000 in a year.

Announcements

2004-09-30T11:44:00.001-07:00

Sophos has published a report revealing the top ten viruses and hoaxes causing problems for businesses around the world.
Postini today announced that spam is still threatening email despite anti-spam legislation and other attempts to stop the flow of unwanted junk mail.
Entrust announced the commercial availability of the Entrust Entelligence™ Compliance Server, a Linux-based appliance that enables real-time e-mail compliance. This content scanner automatically enforces e-mail policy pertaining to individual privacy, intellectual property protection, anti-spam, offensive language, and regulatory mandates such as HIPAA, Sarbanes-Oxley and Gramm-Leach Bliley.
RSA announced its support of October's National Cyber Security Awareness Month, a month-long initiative kicked off today by the National Cyber Security Alliance (NCSA) to educate consumers and businesses alike on how to improve their cyber security posture during.
Symantec also announced its participation in the October National Cyber Security Awareness Month initiative organized by the National Cyber Security Alliance (NCSA).
Summitsoft has partnered with Edovia Technologies, Inc. to launch Edovia’s next-generation email protection software, Anti-Spam EmailGuardTM, in the North American retail channel.
Lastly, The Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security (FSSCC) announced plans to work with its members to actively promote awareness of cyber security issues in October in conjunction with National Computer Security Awareness Month.

INBOX East

2004-09-30T11:44:00.000-07:00

The Golden Group unveiled sponsors and pieces of the conference agenda for INBOX East (Nov. 17-19 in Atlanta). The conference is sponsored by IronPort Systems, Microsoft, Qualcomm Eudora, MailFrontier, CipherTrust, EarthLink and Port25 Solutions and will be themed “How to Secure Your Email Today'' via the latest spam, phishing, Sender ID, SPF and vendor solutions.

Amazon, Microsoft Sue Spammers

2004-09-29T10:47:00.000-07:00

Microsoft has filed 70 lawsuits since early this summer to try to put spammers out of business and to warn others of the potential consequences of spoofing and phishing. Amazon lawyer David Zapolsky said, "When people use our name to get by spam filters, it's an abuse of our trust."
Tech News World Article

35 percent receive fake e-mails at least once a week

2004-09-29T10:41:00.000-07:00

In industry announcements today, a recent national study conducted by Ponemon Institute and sponsored by TRUSTe revealed that 76 percent of consumers are experiencing an increase in spoofing and phishing incidents and that 35 percent receive fake e-mails at least once a week. The report estimates the nation's total monetary loss to victims of these incidents at approximately $500 million. Larry Ponemon and TRUSTe are presenting the study’s results at the Anti-Phishing Working Group meeting today in DC
CNET Article