SpamBully Grows Up

A second version SpamBully, a Bayesian filter based spam fighter, has been released.

SpamBully 2.0 integrates into Outlook and Outlook Express and introduces some new features:

  • Email blocked based on the language of the email or the country of origin;
  • A link analyzer looks for spam by following links in an email and analyzing the web pages. Realtime Blackhole List integration continually checks for domains that are responsible for sending spam and automatically filters them from the Inbox;
  • Users can choose words and phrases they wish to allow or block from their Inbox;
  • Customizable languages, including English, Spanish, Italian, German, French, Russian, and Chinese.

These sound like good features. It’s a shame the product doesn’t work outside the Outlook world, but for those within it, it sounds like it’s worth a try. SpamBully 2.0 is free to try for 14 days. Single user licenses cost $30.

The Perils Of AutoResponse

Be careful what you put in your email auto response when you head off on holiday/maternity leave/business trip. Anyone can read it.

One of the the things that came out of Daniel McNamara’s travails at Code Fish was that, by having phishers put his name in the from field of one of their attacks he got swamped by bounce-back emails that didn’t reach their destination. This is part of the Internet email system where a server will return anything it can’t pass on.

But among those bounce-backs are emails from legitimate addresses where the recipients have automated some sort of response, usually stored on the server, that will send a message back to the sender, informing them they’re out of the office. It’s these emails that are a problem.

I haven’t heard it happening yet, but I’m sure it will. Daniel says a lot of those autoresponses contained a lot of surprising personal information that would be very handy to someone somewhere. Who to call, where that person will be, when they’ll be back. Daniel says some of the messages are surprisingly informative, ranging from the person’s full-name and workplace, through details of injuries incurred that are keeping the person in question at home, to companies using the autoresponse to notify senders that the person in question no longer works there, or, in some cases, has been “fired for misconduct”.

In these days of targetted phishing this is an invitation to social engineering of a high order. All a phisher would need to do is flood a company with emails, either guessing the email addresses, using a dictionary attack (where practically every word in the dictionary and English language is used) or else grabbing names from the company directory online. If a dozen people have autoresponds on, the information gained could easily facilitate a socially engineered attack on the company as a whole.

My advice: Assume that sleazy folk can read your autorespond messages and ask yourself whether you want to share that kind of information with them. Then either rewrite the autorespond message, or better still, don’t use one at all.

Is SPIM Another Non-Problem?

No. It is a real problem, if only because there’s still plenty of sleazy people figuring out new ways to ruin your day.

There’s some skepticism out there about this new spam threat: SPIM, in case you didn’t know, is spam that’s delivered, not to your inbox, but to your instant messaging chat program, like ICQ. Some folk say it’s a problem.  Yankee Group, according to a recent report, estimates that currently five to eight percent of all instant messages are spam generated by automated bots. Others are more skeptical. Greg Cher on thespamweblog points out that he’s “been on all three of the major IM’s for at least years and have never…ever had a problem with ‘spim’.”

I was skeptical too, until I today saw these programs being peddled via PRWeb: ”ICQPromoter is a powerful tool for sending messages to thousands of Online or Offline ICQ users. Audience can be targeted by specific interests, country, city, occupation, age, gender or language.” The company behind this, Nanosoft Inc. of Milpitas, California, also offer:

  • Admessenger (“a feature-rich direct advertising program designed to deliver your messages directly to upto 2 Billion Windows 2000, XP, and NT desktops…It is like showing Banner Advertisement with paying a single penny”)
  • Yahoo Answering Machine (“Serves as Perfect Advertising Machine and Advertisement Machine. You can send Message in Room after Predefined time. Send PM to all users in Current Chat Room.”)

You get the idea. These programs will basically spam large numbers of people using chat messengers, or Yahoo chat rooms, all of them automated. What would be amusing if it weren’t so dumb is the fact that Nanosoft prominently display their “zero-tolerance policy” towards Spam. “If you have found this website due to spam, please let us know,” they say. Presumably that doesn’t include using the products they sell?

On closer inspection, Nanosoft have some other rather sleazy products on display. How about this for size: Shadow Pooper [sic], which will, unknown to the user, “periodically open new browser (in fullscreen mode) and load your ad page.” And just in case that’s not intrusive enough for you, “it also can change users Homepage in browser to any URL you choose.” Helpfully, the blurb says “All you need, is to force user install your application on his PC. Use your imagination. Advertise your application as free xxx-dialer, internet booster, etc… You can even include it in installation pack with other free software.” So now we know how spyware works.

Then there’s the problem that Google have come across: The way that advertising via pay-per-click can be abused. Nanosoft offer this: the Traffic Blaster/ URL Generator which will “allow you to generate a massive amount of traffic to any website you wish. Affiliate sites, Banner Sites, Exit Exchanges, and the list goes on and on.” To be honest, I’m not clear from the blurb exactly how this works. Definitely worth a closer look though.

Ironically, these are the same guys selling Popup blockers, chat encrypters, privacy protecters and evidence eliminators. Which brings me back to an earlier post on the question: How can you buy software to protect your privacy from folk you don’t trust? (And I couldn’t help noticing that Nanosoft don’t really trust their customers. This message appears on their website: Because of the growing incidences of Internet fraud, we log everything and take it very seriously. All the fraudulent transactions will be reported to FBI’s Internet Fraud Complaint Center (IFCC).” Right.)

Beware the phisher’s revenge

Australian Daniel McNamara, who runs the hugely informative anti-phishing website Code Fish Spam Watch says he was today the victim of an attack on his website and his character, by a phishing email.

The email, spammed all around, pretends to be from him and says,  Dear Online Banking User, You should be heard about such called interned scam, also called phishing – the activity, aimed to stole your personal details. Possibly you already seen letters, asking you to verify your personal bank account details, reactivate it, or to stop illegal payment…

It then goes on to say more information can be found at his website of that of the Australian Federal Police. Of course the links don’t go there, they go to a website that, for IE users, downloads a trojan, which (probably) installs a program to log keystrokes and mail passwords back to the originator.

The phishing email not only seeks to implicate Daniel by delivering a trojan with his name in the email, it also overloads his servers. Since the email spoofs his email as the return address, those emails that do not reach their destination bounce back to his inbox. He says he has had to turn off his email server because of the traffic.

Daniel has been at the forefront of recording and investigating the phishing phenomenon, and has clearly attracted the ire of those involved. He tells me he believes it’s the same people who left a hidden message in a recent phishing email directed at Westpac; the message implied somehow Daniel and Codefish were involved in the scam. Daniel believes he “really managed to nark them.”

This kind of thing shows that one guy like Daniel can make a difference, simply by cataloging phishing attacks, since he’s provoked their authors into what appears to be a somewhat inept attempt at revenge. It’s a shame more people aren’t doing this kind of sleuth work.

The Maibach Mystery

Spam, scam, smear or did someone really buy earthenware and a bomb?

You may have recently received a copy of what looks to be weird spam:

You’ve just purchased set of Maibach brand earthenware on web site cvv2.ru
Easy to use, Maibach kitchenware is also famous for its modern look.
Our utensils, designed for easy and fast cooking of a variety of foods, will lower your energy consumption rate and save your time and money.

It goes on to trumpet the quality of Maibach’s kitchenware before offering a bonus:

1. Sony VHS cassette with 240 minutes of best underage porno you ever see. (NTSC and Secam both are available)
2. Bestselling manual “How to create plastic bomb in home” and “How to hijack a train or an aircraft, with color pictures and FAQ”

Needless to say, you might be somewhat alarmed by this. Did you buy some earthenware? Is someone using your credit card to buy earthenware? And what is a kitchenware manufacturer doing selling child pornography and bomb-making literature?

Well, it’s a puzzle. Mailbach does exist: It’s a Russian kitchenware manufacturer, and much of the blurb in the email comes direct from their website. The email looks as if it comes from a Russian ISP called RBC, and mentions in the header a website called CVV2.ru, which is a site for hackers and carders run by a guy called Don.

Daniel McNamara of Code Fish Spam Watch reckons it’s ”a fake email designed to get this carder site and its supporting network in trouble. We don’t think this has been sent out by any vigilante group and feel that it’s more likely that a rival carder gang is doing it in order to reduce competition. Our inboxes are simply victims of the crossfire in this turf war.”

I think he’s right. But it’s a weird one all the same.

Are Spam Lawsuits A Waste Of Time?

Not everyone thinks the big boys are on the right track by pursuing spammers in the courts.

Postini, ‘the industry’s leading provider of email security and management for the enterprise’, says spam “cannot be solved by lawsuits and legislation alone”.

America Online, Microsoft, Earthlink and Yahoo announced on Wednesday that they had filed numerous civil lawsuits against spammers, charging them with violating the provisions of the two-month-old CAN-SPAM Act. Steve Kahan, corporate vice president for Postini, says, “We believe these law suits will only succeed against small unsophisticated spammers, while doing little to stop the overwhelming amount of spam clogging corporate America’s email boxes. We hope these lawsuits do not give people running email systems a false sense of security.”

Postini says that since CAN-SPAM it “has seen no reduction in the amount of spam directed at its customers”: 75-80% of all messages are spam, viruses and other malicious email. On March 3, Postini recorded its highest spam day ever, blocking 103,193,573 spam messages.

Of course, Postini would say all this. “We make sure our 2600 enterprise customers and ISP’s don’t have a spam problem,” says Kahan. “There’s no need for them to spend money suing spammers because we keep them totally protected.” But what about the rest of us, who don’t have an ISP willing to pony up for this kind of service?

That said, Postini are probably right about the lawsuits. Spam is processed outside the U.S. and other territories getting tough on spam. The only way to close down spammers, in my view, is to go after the people using their services. Spammers don’t sell the goods, they just market them.

To Russia With Love, So Long As It’s Not Email

Russia’s image as Spam (And Other Bad Stuff) Central is beginning to hurt.

CNET reports thats customers of high-speed Internet service provider Comcast were unable to email anyone in Russia for four days last week after the company’s spam filter blocked any emails to an address with the Russian suffix ‘ru’.

Although CNET called the block a malfunction, I can’t quite believe that. Russia is one of the main conduits for email spam, since most of its ISPs either turn a blind eye to spammers, or else collect fees for allowing the huge volume of spam to pass through their servers. Could a spam filter automatically exclude every email with a domain suffix? Or could someone have flicked a switch in frustration? And while the story only refers to outgoing email, what happened to email coming from Russia to Comcast customers?

CNET said that “Comcast implemented the filter to thwart spammers who were using the ISP’s servers to send spam with spoofed return addresses ending in .ru, which is the Russian top level domain.”

I could find no reference to the outage on the Comcast website.

Two Ways To Fight Fraud

Here are some tools to help folk worried by all this identity theft/fraud/phishing thang.

Protecteer LLC has today released SignupShield 2.0, an add-on for Microsoft’s Internet Explorer that, among other things “automatically creates a hard to guess password and a disposable email address, each time a user signs-up with a new Web site”.

It then automatically “fills up up sign-up forms, saves and tracks usage or change of passwords. When a user needs to provide sign-in credentials to a site, SignupShield does it automatically.” With the disposable email address that it automatically uses, “users can easily block any misbehaving sources of emails. Shielding is 100%, no false positives.” SignupShield is available for $29.95. A free, limited version is offered as well.

Then there’s Cloudmark’s Anti-Fraud, also out today, “the first free fraud prevention service for email users available today”. Cloudmark’s SpamNet uses real-time feedback from users, which has, the company says, “protected the SpamNet community from all email threats — viruses, worms, spam and even the most devious fraud messages — since the product was launched”. Cloudmark also uses a Rating program, an “email reputation system that fingerprints those messages sent by legitimate businesses and matches them at the end-user level, correctly allowing them through every time”. Taken together, the company says, the two “rebuild trust between companies and consumers, ensuring that the email from PayPal waiting for you in your inbox was positively sent by PayPal, Inc.

New users can download SpamNet for Outlook or Outlook Express and get free anti-spam and anti-fraud service for 30 days here. After the trial, the regular price is $4 per month, or $40 per year.

I’ll level with you: I haven’t tried either, but I plan to.