Twin Reports Suggest We are Losing the Cybercrime War

According to Symantec, malicious activity in 2008 amounted to 60 percent of all the activity they have recorded since they started keeping records. Last year, they recorded 1.6 million new malicious code signatures and blocked 245 million malware attacks from their users every month.

Many of these attacks – when the words malware or malicious code are used – are designed to steal information (preferably financial) or take command and control of a computer. Once command and control of a computer is accomplished – it’s called a zombie and networked into a botnet. A botnet works as a super computer and is used to spam the electronic universe. Some of these spam e-mails contain even more malware, which infects more unprotected systems.

In 2008, Symantec saw a 31 percent increase in the number of zombie computers. In 2008, Symantec observed an average of more than 75,000 active bot-infected computers each day, a 31 percent increase from 2007. Symantec's latest report, which covers January to December of 2008, suggests that 90 percent of these attacks are designed to steal information. Attacks using key loggers – which log a computer's keystrokes and send them to the criminals who installed the malicious code – grew from 72 to 76 percent of the activity observed by Symantec's security lab.

Many of these attacks use a technique known as phishing, which is normally delivered in a spam e-mail. Phishing either tricks people into giving up their information (social engineering) or gets them to download malicious code, which makes the process automatic. Last year, Symantec detected 55,389 phishing website hosts, which is where you are sent if you click on a link in a phish-mail. Spoofed financial services companies accounted for 76 percent of these lures compared to 52 percent in 2007.

Spam, which delivers most of this activity, continued to grow, too. This equated to 349.6 billion spam messages in 2008 compared to 119.6 billion spam messages in 2007, which is a 192 percent increase. According to the monthly spam report from Symantec, last month's spam social engineering themes included mortgage rescue, tax season, terror and scareware (fake antivirus solutions) for the much anticipated Conficker worm that was designed to hit on April Fool's Day. Please note that Conficker a.k.a. Downdaup is still a problem, but it didn't spread it's gloom and doom on April 1st to the degree it was expected to.

Cybercriminals have always been quick to exploit the headlines and with the sour economy in the news have been targeting the financial industry. Here also, Symantec saw an increase of personal and financial information being stolen by using financial institutions as bait. In 2008, this amounted to 29 percent of the activity compared to 10 percent in 2007.

In their latest report, Symantec leveraged information from their recent Report on the Underground Economy which points to an organized criminal community that specializes in the sale of stolen personal and financial information. They noted that the economic principle of supply and demand has come into play with this underground economy due to a glut of stolen data – causing prices to go down.

Most of this stolen information is sold in electronic forums, such as websites and Internet Relay Chat (IRC) channels. These forums enable information to be sold worldwide and make the activity anonymous. Because the activity is anonymous, it is very difficult to investigate or shut-down. Credit cards go anywhere from less than a dollar to about $30 and bank account credentials sell for anywhere from $10 to $100. Much of the cost depends on the perceived value of information and the amount of it, which is purchased.



Symantec isn't the only one releasing a report showing an alarming increase information theft. Verizon just released a report showing that 285 million information records were compromised in 2008, alone. While the Symantec report focuses more on individual attacks, the Verizon report studies the impact large scale attacks on businesses and organizations. When combined, the information in these reports is pretty revealing.

According to the Verizon report, the 285 million records stolen are greater than what was known to be stolen in 2004 to 2007. I say "greater" because I've often speculated that the most valuable information stolen is the data no one knows has been stolen. After information is known to have been stolen, measures are taken to protect it. This makes it useless or at least a lot harder to use.

Recently, underground services have also popped up in these underground forums, which allow information thieves to see if the information they are buying hasn't been compromised (pun intended).

Verizon, who investigated 90 data breaches last year, noted that malware is now being designed to steal debit card and PIN information. The report also breaks down the point of compromise by industry and how the data was breached. For instance, in the past year 93 percent of the activity compromised was at financial institutions. Also cited was that most attacks were accomplished by external entities (73 percent) taking advantage of procedural flaws, but that when the breach was assisted by an insider (20 percent) more data was stolen.

The trend towards compromising debit cards and PINS is likely because these instruments are the quickest route to obtaining cash. Obtaining cash is normally the ultimate goal of an information thief and stolen debit card information accomplishes this with a minimum of effort.

Also covered are breaches caused by partners (32 percent), which are external entities providing services to a business. Please note these percentages add up to more than 100 percent, which means that multiple points of compromise can be attributed to any one incident in some cases.

Both reports are an excellent read and point to the fact that there is a glut of stolen information for sale on the black market, which isn't good news. The fact that more information is being stolen than ever before – even when security procedures are ramped up on a regular basis – is not good news, either.

Perhaps both of these reports suggest the obvious, which is we are not winning the war against cybercrime and the problem is getting worse. Historically, these losses have been written off and the cost is passed to the consumer. With the sour economy and the fact that a lot of the financial industry is already on the brink of bankruptcy, writing off these losses might no longer be a realistic solution.

The reason criminals can easily exploit this information is that we are storing it in too many places that are too easy to access. The reason this has happened is because a lot of people are making a lot of money by using and selling this information. Making the information easy to access makes it easier to make money from it. I'm all for making money, but at what point does it prove to be irresponsible?

No security fix is going to solve this problem without a healthy dose of common sense being infused into the scheme of things!

After all, the economy is already in a lot of trouble because of some of same people making a lot of money, irresponsibly. My guess is we are getting to the point, where we will no longer be able to write-off the cost of being irresponsible to the consumer, as well as, the taxpaying public.

Spammers Love to Hurt Internet Users

Love is a many splendored social engineering tool and spammers are busy sending out a whole lot of their particular brand of love across the electronic universe.

An interesting blog post (Love Hurts) by Kevin Haley at Symantec points out that malicious code writers are busy spreading their work in attachments hidden in the millions of spam messages being spewed out by zombies (compromised computers). If you click on one of these attachments — and your machine isn't bulletproof — it also can become a zombie and used as part of a botnet to send out more spam. Botnets are groups of compromised computers used to form a super computer. Of course, downloading malware can also mean that all your personal and financial information will be stolen, too. Please note (as you will see below) that some forms of malware currently being sent out can do both.

Kevin's blog post came out at almost the same time Symantec issued it's monthly Spam Landscape Report. With Valentine's Day coming up, love is a predictable lure and it's probably a good idea to make sure you know who loves you before clicking on any links in an e-mail.

Another predictable finding in the report is that spam levels are continuing to rise to normal levels after they fell when McColo was shut-down. McColo (a Web service hosting provider) was shut down in November after it was discovered they were the source of a large number of botnets, which are used to send out spam. Last month, 79 percent of all e-mail was spam. The report also notes that the point of origin for spam is shifting a little. Although the United States is still number one, the number of active zombies in other countries is rising. While some of this is being attributed to McColo, the report points out that this might point to the fact that some of these countries have an increasing number of users accessing the Internet.

From a spam-commerce point of view, the report indicates weight loss products, counterfeit drugs, cheap watches and porn top the list of items available at super-cheap prices as Valentine's Day approaches.

Besides Valentine's Day, President Obama also continues to be used as a spam lure, according to the report. A lot of this spam contains malware with files names such as usa.exe, obamanew.exe, statement.exe, barackblog.exe and barackspeech.exe. The malware being spread in these spam e-mails is called the W32.Waledac, which is capable of both stealing sensitive personal and financial information and turning a machine into a zombie. It also establishes a backdoor to a machine so it can be remotely accessed.

Current events (and holidays) have been and probably will continue to be used as social engineering lures to snare the unwary.

Also noted was a rise in Russian spam hawking goods and services. With cheap long distance services using VoIP, the Russians have actually set up telephone numbers for their intended victims to call. My guess is that they will entice someone to send money, which can't be recovered when the person sending it discovers they've been scammed.

Chinese gambling spam is also mentioned as a new phenomenon in the report. It appears to be patterned after English language gambling spam, but is written in Chinese.

Last, but not least, Nigerian spam is mentioned. Nigerian or 419 spam is named after the section of the Nigerian penal code dealing with fraud. It normally is a come-on for lost riches or winning a lottery and has a lot of spelling and grammatical errors. Typically known as advance fee fraud, the victim is enticed in sending money across a border (wire transfer is preferred) to secure their fortune. Of course in the end, the victim never receives anything and is often left in financial ruin.

There are many twists to advance fee and one of them is to send a bogus financial instrument to a person with instructions to cash it. If the person doesn't get arrested for presenting it, they are instructed to send the money back to the scammer. Of course, the cashing institution eventually figures out the instrument is bogus and the victim is held liable for it.

A lot of people think that advance fee all comes from Nigeria, which isn't true. I've personally traced it to a lot of other places and called some of the telephone numbers. The person answering didn't sound Nigerian and I've spoken to a few people from Nigeria in my time. Naturally, this doesn't mean that scam activity is not coming from Nigeria and just that not all of it does.

Pam Dixon, of the World Privacy Forum, went on record recently that the spelling and grammatical errors aren't being seen as much in advance fee lures anymore. Obviously, advance fee scammers, wherever they hail from, are being more careful and have discovered spell check?

To close, the Anti-Phishing Working Group's recent report on phishing, which is delivered via spam, has noted that the number of crimeware-spreading URLs out there has increased 258 percent versus the same time period last year. It also noted a record high in the amount of hijacked and victimized brand names. Last but not least, it noted another record in the amount of malicious application variants being seen in the wild (on the Internet).

This would suggest that spam is getting more dangerous and the people sending it are becoming more sophisticated. The smartest thing to do with all spam is to delete it. Making sure your computer's security is updated with a known and reliable vendor is also a smart thing to do. After all, as I've speculated many times before, most fraud, phishing and financial misdeeds on the Internet start with spam.

Spam Levels on the Rise, Again

With the shutdown of McColo by Internet Service Providers in November, global spam volumes dropped over 50 percent. Sadly, this appears to have been a short-term fix. According to a new Symantec report, the spammers have moved to new locations and the volumes are back up to 80 percent of pre-McColo levels.

While spam originates from a lot of places, the United States is still in the number one spot, with 27 percent of the spam observed originating from there. China and Brazil tied for second place with 7 percent of spam originating from these countries.

The report indicates that URLs in Canadian Pharmacy spam messages were noted as being top-level Chinese domains (.cn TLD). Could this mean that Chinese knock-off (counterfeit) prescriptions are trying to make it appear as if they are coming from Canada? Given the recent concerns of tainted and poisonous merchandise being exported from China, this might be a concern. Of course, I would think that buying prescription meds over the Internet should be a concern to most people, anyway.

In another variation of recently observed spam, a user is invited to join a social networking site. The link goes to a real group, which was created on the social networking site by the spammer. The group then links to a free blogging site, which redirects the victim to the ultimate destination URL. At the destination URL, personal information is requested, which is probably used to sell to marketing companies or used in other spam campaigns. Please note, although not mentioned in the report, that some of these campaigns might have malicious intent or be scams.

Also noted during the holiday season was a lot of e-Card spam. This spam sometimes comes with malware (malicious software) designed to steal personal and financial information or turn your machine in to a spam spewing zombie computer using your credentials.

A partcularly deceptive spam delivery method noted recently is spammers inserting their messages into legitimate newsletters. This method seems to get past spam filters pretty effectively. If the recipient clicks on the message, they are taken to a spammer site. Here again, it might be a site selling junk, but also could be a site with more malicious intent.

Another spam trend in vogue these days is to use the recession as a social engineering lure designed to get people to click on a spam link. Messages are being sent out in the millions touting easy bail-out money to be had and an assortment of the normal get-rich- quick schemes. If it's too good to be true and doesn't make sense, it's normally a scam, and I suspect that most of this type of spam is one.

Last but not least, the spammers are still using President-elect Barack Obama's name to market coin offers, a "Barackumentary DVD" and a free Visa card for helping the Obama clan pick their dog.

Shutting down McColo by reaching out to the ISPs — which was done largely through the work of Brian Krebs at Security Fix (Washington Post) -- showed that a significant impact can be made on spam when ISPs are held accountable. Given that Brian is one person and a journalist, this was an admirable piece of work. The fact that spam is approaching pre-McColo levels tells us that there are more ISPs that need to be held accountable. Maybe in the end, government and international agencies need to follow Brian's example and and make an impact on spam levels that will last a little longer.

Spam is a dangerous pain for everyone who uses e-mail. Most scams, questionable goods and services and cyber-attacks using malicious software start with a spam e-mail. Shutting down the spam operators can only make everyone's experience on the Internet a little more safe and sane.

Fraudulent Checks Too Profitable for Criminals

Fraudulent checks, bank drafts, money orders, travelers cheques and gift cheques seem to be showing up all over the place. While a portion of these are passed by professional criminals — who sometimes recruit people off the street to pass them — a lot of people are being tricked into cashing them because they believed a (too good to be true) money-making opportunity.

Unfortunately — with the current state of the economy — people seem to be falling for the too good to be true scam opportunities more and more frequently.

Even though the quality of these fraudulent instruments varies, many of these counterfeit items are now produced with magnetic ink that scans. High quality check stock complete with the latest security features can be purchased in office supply stores or on the Internet. This means they scan through most of the readers in point of sale systems at businesses. When used with a real account number, which is why counterfeiting works, these items can be difficult to detect as fraudulent.

The increase in counterfeiting isn't limited to checks. Complete sets of counterfeit documentation are being presented at banks to open new accounts. A small amount of money is put into the account so funds verify on an individual check and then an area is plastered with a lot of checks. Sometimes this is done over the weekend and the funds put in to verify the checks are removed the following Monday. The identities used to pass these checks are often stolen. Since the identities and checking accounts are changed frequently to avoid detection, it's difficult to tie all the activity back to one group or person.

Frequently, people who are down-and-out are recruited to pass these items after receiving a promise for a few quick bucks. If they are caught they are normally considered "expendable" by the people behind the schemes. Sometimes, they even do this using their own identities.

It should also be noted that the groups opening fraudulent accounts and counterfeiting checks also set up phony numbers and even business addresses that get listed in 411 and on information sites fairly easily. Most people would be amazed at how easily they accomplish this because little to no verification is done by the companies listing these numbers. This is also done in a lot of the Internet-related scams and it is not uncommon for them to list a number to a financial institution that isn't real. When they set up these numbers, while the scam is active, they have people answering the lines. Often, if you listen carefully, it's pretty obvious that it is not a legitimate business and sometimes calls are forwarded to cell phones.

Another growing phenomenon is that fewer and fewer banks verify funds when businesses try to find out if a check being presented is good. In this instance, privacy laws and fear of litigation probably have enabled the problem to get worse. A lot of businesses use computerized check verification services, but when stolen identities are used, the checks pass through these systems fairly easily. Even worse, after the check is determined bad and the data goes in the system, innocent people are pegged as passing bad checks.

These checks often returned by the bank for “non-sufficient funds" because they aren't aware the account was set-up with fake information. Eventually the account is closed by the bank, but by this time the damage is done. Since banks frequently don't investigate thoroughly enough to determine the account was set up with fake (often stolen) information, it is never identified as fraud. The exception might be when the bank takes a loss, but more frequently they pass the losses to the entity cashing the check.

It's almost impossible to get anyone prosecuted criminally for non-sufficient funds/account closed cases, which means there is little fear of getting caught in this type of scam. Privacy laws also make it difficult for anyone outside the bank to investigate individual cases. In most cases, law enforcement needs a subpoena, which take time and effort to obtain. Given the resources available at most white collar crime units and the amount of fraud, it often seems like the system is ripe for manipulation by criminals.

Technology and the anonymous nature of the Internet have made check fraud grow substantially. All the necessary software/hardware needed is available right for sale at merchants that sell software and office supplies and on the Internet, itself.

There are also Web sites that appear to be dedicated to providing all the materials to commit fraud despite disclaimers that the items are for educational purposes only. One example, of one of these sites is called HackersHomePage. If you take the time to look at this site — you will see that the the items for sale on this site might enable someone to commit a lot more than simple check fraud.

Another growing phenomenon over the past several years has been the sheer number of counterfeit instruments being passed for a “too good to be true” money making scheme. These schemes, which normally don’t make sense, normally involve secret shopper job opportunities, offers to become a financial representative, auction deals and of course, winning a sweepstakes or lottery.

These scams lure people via spam e-mails, which are sent by the millions, daily. Once someone makes contact with the unknowing victim, they are shipped bogus financial instruments to cash. Along with the bogus financial instrument to be cashed there is a letter instructing the victim to wire the bulk of the money (normally over a border) back to the location of the scammer. Another twist in these money making schemes is to buy small and expensive items, normally electronics or jewelry, and ship them (again) normally overseas. A lot of eBay and Craigslist sellers get taken by these schemes.

From the botnets spewing the spam e-mails out in the millions to the counterfeit checks being sent by the parcelful all over the world, there is little doubt that some pretty organized criminals are behind this activity.

In 2007, an International Task Force monitored the mail in Africa, Europe and North America and intercepted billions of dollars worth (face-value) of counterfeit checks.

The coordination across International borders in these scams is pretty amazing. In any individual scam, the e-mail can come from one country, the checks from another and the request to wire the money to a third.


(Picture of checks intercepted in the mail)

There is also a trend where opportunists receive these items, cash them and keep all the money for themselves. If caught, they pretend to be a victim. If no attempt is made to wire the money to an exotic locale, they are probably in the scheme for their own personal gain. It isn't hard to look in just about any inbox or spam folder, reply to the right e-mail and have all kinds of bogus financial instruments shipped whatever address a person wants.

The first step to recognizing these scams is to understand how they work. Most if not all of the reasons these checks are being presented aren't going to make sense to a reasonable person. The cliche is that they are too good to be true and they normally are.

The best places for potential individual victims to learn how not to be taken are FakeChecks.org and OnlineOnGuard.gov.

A good resource for businesses and other public entities to learn about check fraud is the National Check Fraud Center.

In closing, the sour economy is probably fueling an increase in all kinds of fraud. The bottom line is that individuals and businesses are being ruined by it. When it comes to businesses, any dollar lost to fraud normally equates to a dollar off the bottom line. So far as the individuals being victimized, cashing these items can lead to being financially ruined and even arrested.

The best defense against becoming a victim is to know how these scams work. After all, very few people become victims when they know they are being ripped-off!

Most Internet Scams Start with Spam

I'm sure we've all noticed spam levels are slightly down, or that our spam filters seem to be working a little better. Nevertheless, spam continues to get through filters and for the next few weeks, a lot of it will have a holiday theme. Due to the sour economic situation, it's also likely going to take advantage of financial fears or the promise of a rescue from an already bad situation.

Since most unfortunate situations involving fraud, phishing, and financial misdeeds on the Internet start with a spam e-mail, it pays to use a little common sense and caution before falling for a too good to be true, or sometimes scary e-mail from an unknown source.

Last week, Symantec issued its December 2008 State of Spam Report. It predicts that although spam volumes are down after a lot of providers blocked access to sites hosted by McColo.com, we will likely see them rise again. Spam levels dropped a reported 65 percent after this happened. "McColo.com was allegedly hosting a significant number of botnet command-and-control systems'" according to the report. The bad news is that the report indicates the bad guys are moving elsewhere and that a number of them are hosting their efforts from IP addresses in (where else) China.

Getting back to the holiday season, the report notes that spammers are mimicking marketing come-ons from legitimate retailers offering holiday shopping deals. This makes it hard to distinguish exactly who is behind the e-mail. Sometimes the line between legitimate and illegitimate becomes a little blurry, which is something spammers have always taken advantage of.

The report also reveals a lot of links leading to malware infected sites in spam e-mails are using political themes to draw in their victims. Items related to Barack Obama are especially popular with spammers and scammers. In another twist to using Obama's good name, one spam campaign offered a Barack Obama coin, "a piece of history for only $9.95 plus shipping." This was an attempt to steal debit and credit card information.

Hot news stories were also used as lures to download malicious software. In particular, the recent Mumbai terrorist attacks pointed to links designed to infect machines. Ironically, a lot of this malware is designed to turn a computer into what is referred to as a "zombie," which when used in a botnet is used to send out even more spam.

While we haven't seen the holiday season pass, spammers of the scammer type are already using the IRS name to steal personal and financial information. The pre-tax season phishing scheme mentioned in the Symantec Report involved a come-on designed to snare people by telling them they had a tax refund or economic stimulus payment due to them. The link in these e-mails went to fake IRS site(s) — complete with offical logos — designed to steal personal and financial information.

The IRS isn't alone when it comes to having their good name spoofed. Just this week the FBI reported that their name was being used (yet again) in a campaign involving a typical Nigerian 419 scam. If an intended victim got leery after initially responding — they were threatened with "official consequences" should they fail to turn over the required personal and financial information.

Fear or scaring a victim into submitting to a scam is nothing new. In fact, some of it is now being referred to as Scareware. Scareware most frequently surfaces as a fake message claiming your computer is infected. In then offers to fix the problem for a nominal amount of money. My guess is that malware might actually be downloaded on a system by clicking on one of these come-ons.

Since it's hard to pay in cash over the Internet, anyone who pays on this form of extortion might have their method of payment stolen, also. Symantec recently released another report showing how many personal and financial details are for sale (super-cheap) on the Internet.

Alex Eckelberry of Sunbelt Software and the popular Sunbelt Blog just posted a visual presentation of scareware examples on his Flickr account.

There is little doubt that spam and its intended purposes have made the electronic world somewhat of a "virtual minefield" at times. It pays to make your computer bullet-proof by using good state of the art software from a legitimate vendor, but even if you are protected in this manner, you also need to protect yourself from social engineering schemes designed to lure a person into doing something they are going to regret later.

The Anti Phishing Working Group offers sage advice (from a variety of reputable sources) to the average person on how to avoid becoming a victim. Interestingly enough, they also recently released a report that is rather ominous stating the the number of crimeware spreading URLs are at an all-time high. Crimeware is another name for malware when it has a pure criminal intent.

To close this post, I'll point to a amusing video Symantec did on the 12 Days of Christmas Spam. It's probably best to end on a lighter note on what has become a serious problem.

E-Cards with a Dangerous Twist Spotted on the Internet

(Courtesy of Websense)

With the holiday season upon us, spam campaigns of a malicious nature will start springing up bearing yuletide greetings.

Just the other day, Websense sent out an alert that malicious software authors already are using social engineering techniques with a Christmas theme to compromise your home machine. The instance they are reporting uses spam e-mails offering free animated postcards.

Those unfortunate enough to attempt to get free e-cards will download a Trojan. The spam e-mails are spoofed to appear as if they come from postcard.org. The fact that malware (postcard.exe) is being installed on a machine is covered up with a xmas.jpg image.

Quite simply, once installed it allows cyber-scrooges to control your machine and or steal all the personal and financial information off it. The information is then normally used to steal money.

This type of attack is nothing new and seems to surface every year at this time. The next step in these campaigns normally are more personalized spam e-mails designed to do the same thing (download malware). Please note these e-mails are normally spoofed to appear as if they come from a legitimate e-card retailer.

Last year, American Greetings put up a page on their site to educate people how to spot and avoid falling victim to this type of attack. First and foremost, they recommend that if you are suspicious at all to go to the company site and try to pick up the greeting from there. Most (if not all) of the legitimate sites offer this service. The page on their site contains additional ways to identify "e-card garbage" and is well worth a look if you are unfamiliar with how to spot malware attacks using spam e-mails.

American Greeting put up this page after an attack on their brand. In this attack, some of the e-mails appeared to come from a known (trusted) person. My guess is this happened from an already compromised machine, where a spammer gained access to an address book and sent the e-mails out. Some forms of malware do this without any human interface.

I went to the Postcards.org site and thus far they have no warnings about this that I could find.

While the best thing to do is to avoid clicking on spam e-mail containing malware, the second best thing is to employ solid anti-virus software and a firewall from a reputable vendor like Websense, Sunbelt, or Symantec. Most of these vendors are on top of malware being issued in the wild (on the Internet) and they even share information with each other.

Improved OnGuardOnLine Site Teaches Cyber Safety to the Average Person

One of the better places for the average person to learn about the sometimes murky waters of the Internet is free and sponsored by the Federal Trade Commission. Although OnGuardOnline.gov and AlertaEnLinea.gov, its Spanish-language counterpart have been around for awhile -- some new and exciting improvements have been made to the site with a just released Web 2.0 redesign.

The new and improved site allows users to grab and embed games and videos, search for topics on the site, take a “show of hands” poll, and have a more interactive experience while learning how to avoid becoming an Internet crime statistic.

Articles and games covering sixteen topics -- including social networking, phishing, email scams and laptop security; plenty of buttons and banners you can post on your blog or website; free publications consumers and organizations can order; and links to the OnGuard Online partners from the public and private sector.

I should add that a lot of good people from both the government and private sectors have given resources and their valuable time to assist the Federal Trade Commission with this site. Industry and government partners -- include the U.S. Department of Justice, Office of Justice Programs, Department of Homeland Security, Internal Revenue Service, United States Postal Inspection Service, Department of Commerce, Technology Administration, Securities and Exchange Commission, National Cyber Security Alliance, Anti-Phishing Working Group, i-SAFE, AARP, National Consumers League, Direct Marketing Association, WiredSafety.org, The SANS Institute, The National Association of Attorneys General, Better Business Bureau, NetFamilyNews, CompTIA, National Crime Prevention Council, Association of College Unions International, and the Latinos in Information Sciences and Technology Association.

In my opinion, this represents a valuable partnership in dealing with the ever growing problem of crime on the Internet. This also represents a very credible collaboration of resources and industry experts (my humble opinion).

There is also a lot of material that businesses and organizations can use to educate their people with. Frequently, I get approached on this subject and I will continue to recommend this site as a valuable resource. Of course, the benefits for the individual person wanting to protect themselves, or become more knowledgeable are there (free for the taking), also.

If you are one of those businesses or organizations wanting additional matertials, you can get free OnGuard Online publications. For 50 or more copies, visit ftc.gov/bulkorder. If you need less than 50 copies, call 1-877-FTC-HELP.

Will One Spam King's Conviction and Another's Escape Mean Less E-Trash on the Internet?

Robert Soloway dubbed the "Spam King" was sentenced in Washington yesterday, according to an article in the Seattle Intelligencer.

For his misdeeds, Soloway was sentenced to just under four years. Notably, Soloway was the second person to be prosecuted under the Can-Spam Act. It should also be noted that the prosecutors asked for about twice the time in prison and with good behavior, Soloway will probably only serve about half of the sentence he received.

Like most of the many "Spam Kings" out there, Soloway allegedly used a botnet (army of zombie computers) to saturate the electronic universe with e-trash, including advertisements from commercial clients. To give everybody an idea of the scope of Soloway's activity, he allegedly sent out 90 million e-mails in a three-month period.

The made me wonder if anyone is looking at the commercial clients? Of course, everyone knows that "Spam Kings" send out a lot more than commercial advertisements, including a variety of scams designed to steal from unwary people. They also tout knock-off drugs, merchandise, software and porn.

Spam is also used to deliver malicious software, which can steal all your personal and financial information. Ironically, spam also delivers malware designed to turn a system (part of a botnet), which is then used to send out even more spam.

In fact, spam designed to send out even more spam best describes Soloway's operation. Using a company, Newport Internet Marketing Corporation (NIM), he offered a broadcast e-mail software product and broadcast e-mail services. His website promised a full refund if a customer wasn't satisfied, however in reality, if anyone ever complained they were threatened with financial charges and collection agencies.

According to the Department of Justice press release, one customer tried to complain about the amount of spam he was getting and Soloway's response was to send him even more spam.

The press release also mentions that he willfully failed to pay his taxes after earning more than $300,000 in 2005.

Interestingly, enough another "Spam King," Edward "Eddie" Davidson simply walked out of a minimum security facility in Colorado about the same time Soloway was sentenced. Davis allegedly made $3.5 million spamming for about 20 commercial clients. Like Soloway, he failed to pay any taxes on the proceeds of his misdeeds.

Unfortunately, Soloway's conviction or Davidson's escape is unlikely to make much of a dent in spam anytime in the near future. Earlier this month, Symantec reported blocking 3.5 million spam messages over the 4th of July holiday. Their monthly spam report reported that over 80 percent of all e-mail sent is spam. The 80 percent statistic (and greater) has been a sad fact for several months now.

Notable trends on the last report included using the China earthquake to spread viruses and the use of fake new flashes (like U.S.A. attacks Iran) to net Internet crime victims.

We probably shouldn't be too quick to celebrate Soloway's conviction. He is obviously just one of many "Spam Kings" operating out there. Hopefully, as time goes on, we will see more of these so-called spam superstars put behind bars. After all, just about anything that is distasteful or illegal on the Internet normally starts with a spam e-mail.

On a final note, both Soloway and Davidson seemed to be servicing a lot of commercial clients. Maybe if the legal emphasis shifted towards the people paying spammers, there would be less incentive (money) for spammers to pollute the Internet!

Update (7/25/08): In a horrifying twist to Eddie Davidson's escape, it has now been reported by the AFP that he killed himself after killing his wife and their three month old daughter. Davidson's seven month old son was left in the car unharmed and his sixteen year old daughter was shot in the neck before escaping.

Given these circumstances, I wonder if anyone is going to question why Davidson was locked up in a minumum security facility that he was able to walk away from?

Spam ruse promising money for being an Internet crime victim spoofs IC3's name

(Picture courtesy of the FBI)

"The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA)," according to their website.

In their own words it provides a "vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime."

According to a recently released press release from the FBI's Cyber Division, the good name of IC3 is being spoofed (impersonated) to lure people into become victims of identity theft and financial crimes. In this instance, the specific come-on is a claim that they are passing out money to the victims of cyber crime.

Besides being devious - they obviously have a "sick sense of humor."

From the press release:

The FBI is asking the public to be aware of e-mail schemes containing various versions of fraudulent refund notifications claiming to be from the Internet Crime Complaint Center (IC3) and the government of the United Kingdom. The e-mails falsely state that refunds are being made available to compensate the recipients for their losses as victims of Internet fraud.

The perpetrators of this fraud use the names of people not associated with the Internet Crime Complaint Center, but give them titles in an attempt to make the e-mails appear official. The perpetrators use IC3’s logo and the former name of IC3, the Internet Fraud Complaint Center (IFCC), as well as the names of the Bank of England and the Metropolitan Police (U.K.) in the e-mails.

According to the FBI, the intended victim is required to sign a wire transfer release form in order to receive their refund. In actuality the scammers behind this will probably use the release form to have the bank wire all the money out of an account to them.

I haven't seen one of these spam e-mails yet. They could use different come-ons, or even drop malicious software on your system. When this occurs malware steals all the information from your computer, automatically.

If you would like to learn about cyber scams, the FBI site has a lot of relevant information. They are also requesting that if you spot one of these scams to report it directly to the "real" IC3 site.

Press release on this matter, here.

Monthly Spam report reveals how uncertain economic times are fueling new scams!

(Courtesy of Symantec)

With prices rising out-of-control and foreclosure signs being used to market real estate, one might think that scam artists and other less than ethical people would lay off for awhile. Think again, they are out in force and coming up with devious methods to make bad situations, worse.

I follow Symantec's spam report on a monthly basis. If you want to get an idea of what fraud campaigns are being run by cyber criminals, or what new twists to old scams are surfacing - it's a great place to get an overview.

Interestingly enough, the report starts with a comparison of e-mail spam to the lunch meat it is named after:

The harsh economic times can be witnessed from every angle, with the rise not only in email spam, but also the sales of the actual lunchmeat product, Spam. According to NBC’s Brian Williams, the spike in Spam sales is a huge economic indicator of the times, and families trying to do more with less. The exact same could be said for email spam. With spam messages accounting for over 80% of email in May 2008, the economic slowdown and its effects are definitely being targeted by spammers – preying on the hardships of people not only in the United States, but Worldwide.

In the past month, the economic stimilus program and the disasters in China and Myanmar have clogged inboxes with come-ons designed to trick people out of their money, or even worse (if a little malware is dropped) all the personal and financial information off their computer.

The report also highlights a campaign in China, offering fake invoices to avoid paying taxes.

Also noted was a scam to sell tickets to the Championship League Final, which was the biggest football (soccer) event in recent times:

The biggest football game in the European football calendar took place on May 21, 2008 in Moscow. Tickets were in big demand all over Europe for this event, and spammers certainly took notice.

Under the guise of a travel agency, the spammer offered the recipient “a unique opportunity” to acquire tickets for the game. The prospective customer was asked to click on a link to purchase the tickets and provide personal details. The recipient was then instructed to go to a legitimate online payment site to complete the transaction.

When the recipient paid for the tickets using the legitimate online payment site, the spammer requested that they email their name, surname and the unique online payment voucher number to the spammer in order to receive the tickets. The legitimate online payment website for the Champions League Final clearly states that the unique voucher number should never be emailed and only used on secure websites that accept their payments.

Please note that ticket scams are nothing new and the more popular the event is, the more likely spammers (scammers) are going to try to dupe people out of their money in the hopes of securing a ticket.

The June report highlights how spam has become a problem that has become International in nature!

Full June report from Symantec can be accessed, here.

Previous posts I've done on the monthly Spam Report can be seen, here.

Symantec May Spam Report reveals IRS e-mail leads to vampire game?

Symantec just released it's monthly spam report. I always find these reports a valuable tool to see exactly what trends the cybercriminal and less than ethical e-commerce communities have been up to in the past month.

Although most of us view spam as a major nuisance, the fact remains that spam is the preferred vehicle of marketing garbage and ripping off human beings on the Internet.

This month continues a nasty trend where spammers and phishermen (identity and information thieves) continue to manipulate Google's search engine:

For some time, spammers have used reputable brands to try and deliver spam and phishing messages to end-users. In the last year, Google has become a favorite target for some spammers. In November 2007, Symantec reported the emergence of a technique where spammers manipulated Google’s advanced search query and the “I’m feeling lucky” option to direct users to a spam site. In February 2008, Symantec reported that spammers had manipulated parameters in Google URLs used for AdSense and redirected unsuspecting end-users to a spam website. In April 2008 phishing emails purporting to come from the Google AdWords service have emerged. Google AdWords is a service that allows advertisers to intelligibly connect with individuals who search using Google. In the Google AdWords phishing samples that have emerged, the end-user is encouraged to click on a link to update their billing information and/or renew their account. The link in these phishing emails leads to a fraudulent website where personal information is requested and harvested.

Spear phishing, where specific people are targeted arrived in inboxes in the form of fake government subpoenas addressed to corporate executives. Also seen were come-ons to become a movie star, spam being sent in the form of instant messages and the 419 (Advance Fee) boys inserting calendar reminders in their spam to remind people send them their money.

While closely related to the long known use of job sites to gather information to commit identity theft, a new twist has been noted where professional networking sites are used for this purpose, also.

From the May report:

One of the side effects stemming from the growth of personal and professional networking sites is the increase in unsolicited emails that operate under the guise of connecting business professionals with their peers. The recipient is asked to join the “inner circle” and is encouraged to supply the network with their professional history by clicking on a URL which brings the user to a registration page. The page requests personal information that could be used for identity theft and could fuel future spam attacks.

In these monthly reports, Symantec normally has one twist with a particularly ghoulish or amusing angle. This month is no exception and they are reporting an IRS spam campaign that leads to a site where you can raise a vampire from the dead:

This time, instead of the refund link taking you to a site to steal your credentials, the link takes you to a popular web-based game in which you incarnate a vampire. The vampire gains more power every time end-users click on his link. It’s a rough, dark world out there… be warned.

I found this especially ironic because scammers and spammers are often referred to as ghouls or vampires when being described in literary terms. So far as the connection to all of this with the IRS, I'll leave that to the reader's imagination.

The IRS having their name spammed is nothing new. As predicted, there is an IRS spam (phishing) campaign going on right now using the tax stimulus program as a come-on to steal personal and financial information, which will probably be used to commit financial crimes. I'm predicting this might be a topic of interest on the June Spam Report.

The full report on the State of Spam for the month of May may be seen courtesy of Symantec, here.

FBI reports scams against senior citizens are growing

(Picture courtesy of the FBI site)

Ran into an interesting communication from the FBI on the growing problem of senior citizens being targeted by scam artists. Of even greater interest -- largely because most senior citizens now use the Internet -- a lot of them are being targeted from foreign lands with the click of a mouse.

The FBI reports:

The threat to seniors is growing…and changing. Baby boomers (born between 1946 and 1964) are now the largest segment of our population—about 78 million people. That means that the number of senior citizens is rising. Many younger boomers also have considerable computer skills, so criminals are modifying their targeting techniques—using not only traditional telephone calls and mass mailings but also online scams like phishing and e-mail spamming.

Most experts agree that senior citizens are targeted because many of them have developed solid financial resources over a lifetime of hard work.

I frequently watch spam trends -- largely because I consider spam the vehicle for most fraud, phishing and financial misdeeds on the Internet -- and I've noted a lot of anti-aging and health products of a dubious nature being pitched. To me, this confirms that the spammers and bot-herders are indeed targeting the elderly.

The current press release has a lot of great information on how to spot fraud and avoid becoming a victim.

Instead of copying them for this post, I would recommend reading the press release.

The press release also points to another excellent page on the FBI site dedicated to educating all of us about fraud against our senior citizens.

Last, but not least if someone thinks they are being targeted by a scam, it's always a good deed to report it. By doing this, it might prevent another human being from a lot of pain and suffering.

Here is the FBI recommendation on how to do this:

Who to call. If you’re a senior citizen who has been victimized by fraud, start by calling your local or state law enforcement agency.

The FBI doesn’t handle isolated individual cases: we get involved only when there are huge dollar losses or if there's evidence of an international crime ring at work. But you can report fraud online to us through our Internet Crime Complaint Center, which is run in concert with the National White Collar Crime Center, and we’ll refer it to the proper authorities.

Royal Canadian Mounted Police computers turned into spam spewing zombies by employee!

While the fact that the RCMP (Royal Canadian Mounted Police) computers were exposed to badware because an employee was doing some "unauthorized surfing" makes good press -- it highlights what can happen to any business, or government system when human beings use them to go to the murkier waters of the Internet.

Trust me, the RCMP isn't the only organization that has had an employee compromise their system in this manner.

Robert Koopmans, Kamloops Daily News (courtesy of the Vancouver Sun) reports:

The security of RCMP computers used to process evidence for a looming multimillion-dollar trial was breached from outside the agency, exposing sensitive files to the possibility of theft and tampering, Crown documents reveal.

The police computers were also used to view pornography and download music and illegal software, a letter from senior Kamloops Crown prosecutor Don Mann states.

Apparently, these computers were also turned into spam spewing zombies, or became part of a botnet as a result of some of the malware downloaded on them. Botnets are "a jargon term for a collection of software robots, or bots, which run autonomously and automatically. They run on groups of zombie computers controlled remotely," according to Wikipedia.

More from the article in the Vancouver Sun:

The Crown document reveals the computers were hooked to the Internet in October 2003 and remained connected until May 2005, when Shaw notified the RCMP that the police agency's computers were spamming e-mail to the Internet. The breach was discovered and the connection to the Internet shut down.

Since spam is the preferred vehicle of Internet scammers, it's possible the computers were "inadvertantly" being used to commit crimes, themselves.

There are many examples of employees downloading undesirable items on a system, but here is another example of one, where a Japanese law enforcement type essentially did the same thing.

If anyone is interested in the dangers employees can pose to a system ZDNet did an excellent white paper on this subject:

The Top Six Risks of Employee Internet Use and How to Stop Them

Full story on this recent matter published in the Vancouver Sun, here.

Symantec releases March Spam and Scam Trends

Even though scams don't all originate on the Internet, a great majority of them do. If you ever want to figure out what scams are making their rounds, taking a look at spam analysis is a pretty good way of doing it.

Spam is the vehicle that most cyber misfits seem to prefer when trying to pull a fast one on the unwary. Fortunately, most of them are far from geniuses and all it takes is a little awareness to foil their attempts at trickery.

Of course, providing a little body armor for your system is highly recommended, also. Especially, if you are a Windows user.

Please note that when providing body armor for your system to make sure you are buying it from a reliable vendor. I see spam come-ons for so-called computer security software that might turn your system into a spam spewing zombie, steal all the information from it, or a combination of both.

Last week, Symantec released their March report. This report is a good resource to use to see what is going on in the wild world of spam, scams and malicious software.

Kelly Conley writes:

Social engineering was the driving force behind spammers during the month of February. While overall spam volume hovered steadily at 78.5% of email and tactics remained relatively the same, the use of events, big brands, and public figures drove spam campaigns during the month. The March State of Spam report highlights several of these.

Kelly brings up another point -- which is that despite the fact that scams frequently use technology as a tool -- they also rely on a healthy a dose of social engineering (trickery) to accomplish their intentional misdeed.

Predictably, the presidential candidates are a big lure:

Last month, spammers began to spread bogus links purporting to show a Hillary Clinton speech, but in actuality the links were cloaking a malicious Trojan. Most recently we’ve seen spammers leveraging the last remaining front-runners of the 2008 presidential elections; Obama, McCain, and Huckabee. Just what are spammers linking the candidates with? Everything from Viagra, porn, get-rich-quick schemes, and portable dewrinkle machines.

If you think about it, this shouldn't surprise very many of us. After all, the candidates are filling up our mailboxes with a lot of political spin and requests for financial support, also.

It's probably a good idea to be careful when clicking on a link in any unsolicited messages. Especially, when over 75 percent of all e-mail sent is spam.

Of course, politicians aren't the only human lures spammers use. Celebrities are pretty good "spam fodder," also.

The presidential candidates aren’t the only targets. Also seen were high profile names such as Michael Jackson, Heather Mills, and Indiana Jones to name a few. Spammers are using these names to spread malicious links to videos and the names being circulated are all currently high profile. Who hasn’t heard of the McCartney/Mills divorce or Britney Spears’ woes? The spammer is banking that you want to know more about these celebrities and are therefore leveraging their names to tempt you into opening the malicious link. These are fairly easy to spot because in most cases the names are misspelled. I wonder what Paul McCartney would think of his name more closely resembling a martini (Maccartni)?

It never ceases to amaze me that spammers can't spell. A common demoninator in most scam letters is that a lot of words are misspelled. Especially, the variety that orginate out of Internet cafes in third world countries.

Other notable trends in the lures being used are International Women's Day and (too good to be true) offers of free tickets from Southwest Airlines.

The monthly reports normally includes an amusing, or not so amusing (reader's choice) "hall of shame" category. This month the mortgage crisis is being used, with a sick twist:

As economic conditions have slowed in recent months, Symantec has observed a torrent of spam messages encouraging users to “refinance before its too late,” ”take out a mortgage for the lowest APR ever,” or “this is the time to be the proud owner of your house.” While the deluge of finance spam continues, spammers have also decided to diversify their sales portfolio to include the buying and selling of burial plots. Talk about an idea to get out from being buried, no pun intended. As the message indicates, the U.S. national average price for a burial plot in 1978 was $200 and this has risen to $4500 in 2008. “Get started today” – adverts say – “because tomorrow could be too late”.

In case you missed the link to the full report (above), it can be seen (with some interesting screenshots), here.

Hillary Clinton used as a spam lure to download malicious software

On Thursday, Kelly Conley reported a predicted spam lure (seen in the wild) using the 2008 elections on the Symantec blog:

It’s election year in the United States, everyone must be aware of that by now. We've just observed a Trojan being spammed out utilizing a candidate's name, Hillary Clinton, as bait. The email asks you to click a link to download an interview with her.

"If anyone clicked on the link they were actually downloading "a suspect file, "mpg.exe," which is a Trojan downloader. This downloader downloads a file, inst241.exe, which is detected as Trojan.Srizbi," according to Kelly.

This Trojan normally ends up turning your system into a spam spewing zombie, or part of a botnet.

Shortly thereafter, McAfee reported seeing the same thing. One of the spam e-mails circulating stated that Hillary had been shot right before the Virginia primary.

Fear is a common social engineering technique to lure someone into clicking on to something that they shouldn't. Sadaam Hussein's hanging and Benazir Bhutto's assasination were the two most recent examples of a lure like this being used in spam e-mails.

Gregg Keizer at Computer World did an interesting article on this, where he interviewed Oliver Friedrichs, director of Symantec's security response team. Oliver noted that the spammers might be a little wary of attracting too much attention from law enforcement with this type of activity. He did, however, note that it is still early in the game and attacks using the hurricane disasters a few years ago sparked a lot of activity.

Brian Krebs at Security Fix (Washington Post) also did a nice write-up on this story, where he interviewed Zulfikar Ramzam (Symantec), who gave a lot of insight into the technical aspects of this particular attack. Also noted in the Security Fix article was that the Trojan.Srizbi was used to spread malware using Ron Paul as the lure in October.

In the Computer World article, Oliver Friedrichs speculated:

A lot of money will be at stake. The campaign of Sen. Barack Obama (D-Ill.) raised $28 million online in January alone, according to news reports. That's a substantial amount of money. And clearly any sense of conscience or caution [on the part of hackers] might just go out the window.

Brian Krebbs ended his post with a thought in the same vein:

Coincidence? You decide. But at least the bad guys aren't singling out one particular political party over another. So far, we haven't seen malware attacks apparently designed to disrupt a U.S. election, but the potential for such activity certainly exists (political phishing, anyone?), particularly if candidates aren't taking precautions to ensure that their online fundraising systems can't easily be abused by credit card thieves.

Besides money, another thought to consider might be someone trying to do this to disrupt the election in general, or attack a particular candidate? Politics and or religious beliefs can cause the wrong person to do some pretty nasty things despite a strong possibility of getting caught (my humble opinion).

After all, both of these attacks seem to have originated outside the borders of the United States and it isn't unknown for foreign hackers to attack government systems.

Attacking a political campaign isn't too far a stretch from that type of activity.

Has the European Union become the primary point of origin for spam and scams?

Today, Kelley Conley (manager, Symantec Security Response) announced on their blog that the February State of Spam Report had been posted.

An interesting trend showing that the European Union was now the number one origin point for spam was noted:

The February State of Spam Report highlights an interesting trend in the shift of spam moving from North America to EMEA. The percentage of spam originating from EMEA has surpassed that of North America, which represents a significant shift in where the bulk of the world’s spam is “supposedly” sent from.

Well "supposedly," most of the spam is coming from the European Union. Here is the reason why:

Although it appears that way the very nature of spam distribution makes it difficult to accurately pinpoint the true geographic origin the sender. Spammers often take advantage of tricks that allow them to mask their real location and bypass DNS block lists.

Spam doesn't seem to be decreasing, either. January analysis by Symantec revealed that 78.5 percent of all e-mail sent is spam.

Other notable results from the report are that spammers a.k.a. scammers are busy taking advantage of a rumored tax rebate to steal people's identities and using Valentine's day deals to lure men to a dating site.

My guess is that we will see Valentine's day e-cards bearing malicious software pop up in the near future, also. Clicking on one of these normally turns your system into what I refer as a "spam spewing zombie." It's also a good way to have a keylogger implanted (dropped) on your system, which is capable of stealing all your personal and financial information.

Another persistent trend is spam offering too good to be true job offers, which entail tricking someone into laundering the proceeds of Internet crime. If anyone is considering getting involved in this activity, please be aware that I hear people are getting arrested after getting involved in one of these schemes.

Even when people don't get arrested, they end up being responsible for a LOT of money. Their identities are often used to commit more crimes without their permission, or immediate knowledge, also.

In case anyone wants more information on this, I've written a few "tidbits" about this type of scam (spam), which can linked to, here.

Spammers are also exploiting the global immigration issue by offering "too good to be true" offers of visa help in Europe. So far the targets are Russians and Ukrainians, but if this spam (scam) proves profitable, I'm sure it will be marketed (spammed), elsewhere.

Other notable trends noted in the report are new variations of porn scams, weight loss scams involving a promise to alter your genes and offers to turn a "ton of manure" into biofuel.

I found this especially ironic since it describes a great way to describe most spam, "manure." And if 78.5 percent of all e-mail being generated is spam, we are facing tons of "manure" on the Internet on a daily basis!

I guess that means that most spammers are full of "manure."

The full report, which I highly recommend reading can be seen, here.


(Picture courtesy of Josh Bancroft at Flickr)

January Symantec Report reveals questionable blogs, polls and Nigerian Scam restitution schemes

If you ever want to know what criminals and other misfits are up to on the Internet, watching spam traffic can reveal a few clues.

After all, spam is the vehicle most cybercriminals use to pass along whatever scheme they are behind designed to part people with their hard-earned money.

Symantec noted in December that close to 75 percent of all e-mail being sent is spam.

A little over a week ago, they issued their January report, which showed spam levels peaking towards the end of December to 83 percent.

Highlights noted in the January report are:

Holiday Spam Spikes: Spam levels reached new levels as spammers inserted holiday-oriented keywords into everything from subject lines to images.

Spammers Get Honest? Not So Fast: Spammers tried a new twist on an old scam, falsely promising past spam victims restitution of $100,000.

As Oil Prices Hike, Spammers Strike: This new spam claims to identify gas stations that fraudulently tamper with pump prices.

Not-So-Happy New Year: Recipients were invited to download a fun New Year’s song and dance, but instead found themselves downloading something far more malicious.

Presidential Polling Scam: Promising gift cards in exchange for opinions, spammers leverage the US presidential primaries to collect personal information.

Beware of Blogs: The use of blogs within spams appears to be on the rise, particularly in China where simplified character sets are common.

I found the 419 restitution activity interesting. In case you've never heard the term "419," it is the penal code in Nigeria for the infamous Advance Fee scam.

Here is what the report said:

419 spammers who have traditionally used stories about African dictators to defraud individuals have recently changed their approach to these types of emails. Certain 419 scams observed by Symantec this month claim to offer compensation to victims of 419 scams. The scam states that payments will be supervised by UN officials and about 150 scam victims will be paid compensation of $100,000 each. It provides some URL links as a reference to money that was successfully recovered by 419 scam victims. At the bottom of the email, it explains how the money may be recovered and the fraudulent background of such emails may be observed.

Interestingly enough, the Economic and Financial Crimes Commission (EFCC)of Nigeria has made real victims whole with funds seized from 419 scammers. You can see some real examples of this on their site.

The most recent time, I've mentioned the EFCC on this blog is when they were part of an International task force that intercepted large quantities of counterfeit checks at post offices in several countries. These counterfeit checks are normally used in advance fee scams, where people are tricked into cashing them and wiring the proceeds back to the criminal(s) sending them.

This led to a major press campaign and new website dedicated to educating the public about these checks called FakeChecks.org. The United States Postal Inspection Service, who worked with the EFCC on the task force, is one of the major sponsors of this site.

Most advance fee scams can be traced to a spam e-mail.

So far as the other trends noted, spammers and scammers are very adept of using what is popular or newsworthy to spread their deceit on the Internet.

It's probably not a surprise that they are taking advantage of the rise in oil prices, or political polls to lure people into their web.

If you would like to read more about this, the January report from Symantec can be read in full, here.

Your computer will not love this Valentine

The Storm Worm, which turns systems into spam spewing zombies without their owner's knowledge is taking a predicted twist and using Valentine's Day as a lure.

Websense is reporting:

Websense® Security Labs™ has received reports and confirmed that the Storm worm has once again switched lure tactics. The worm has now adopted a Valentine's Day twist in its attempts to infect users with malicious code. For more details on how we protect against Storm attacks, see http://www.websense.com/securitylabs/blog/blog.php?BlogID=141.

Websense (full) alert with screenshots, here.

Most recently, we've seen the Storm Botnet leased by the phishermen to steal people's personal and financial details.

CNet (Robert Vamosi) did a good write-up on this latest Storm phenomenon, here.

The best way to protect your computer from this (besides having good security software) is to simply "just say delete" to any unsolicited Valentines you receive!

Previous posts I've written about the Storm Worm can be seen, here.

DOJ charges 11 in pump and dump stock spamming operation

The Department of Justice has just announced the arrests of 11 spammers involved in a pump and dump stock spam scheme.

Pump and dump schemes victimize people -- lured by the expectation of too good to be true money -- who buy the stocks at artificially inflated prices. They normally lose money when the value suddenly drops because the people behind the scheme sell off their artificially inflated shares.

One of those arrested, an Alan Ralsky is considered one of the biggest spammers around by Spamhaus, which is an organization dedicated to tracking spam.

From the press release:

A federal grand jury indictment was unsealed today in Detroit charging 11 persons, including Alan M. Ralsky, his son-in-law Scott K. Bradley, and Judy M. Devenow, of Michigan, and eight others, including a dual national of Canada and Hong Kong and individuals from Russia, California, and Arizona, in a wide-ranging international fraud scheme involving the illegal use of bulk commercial e-mailing, or "spamming."

This investigation was conducted over a three year period conducted by the FBI, Postal Inspectors and the Internal Revenue Service. The people involved used all the standard spam diversions including falsified domains and e-mail headers, social engineering lures and good old false advertising.

The release also states that they (tried?) to use botnets to send the spam:

The indictment also alleges that the defendants tried to send their spam by utilizing a cybercrime tool known as a “botnet,” which is a network of “robot” computers that have been infected with malicious software code that in turn would instruct the infected computers to send spam. The indictment charges that the defendants earned profits when recipients responded to the spam and purchased the touted products and services. Hui’s primary role in the scheme was to act as a conduit for Chinese companies who wanted their stocks pumped by the scheme. Ultimately, investigators estimate that the defendants earned approximately $3 million during the summer of 2005 alone as a result of their illegal spamming activities.

Recently, the FBI arrested a lot of Internet misfits in what they termed Operation Bot Roast and Operation Bot Roast II.

Botnets have become a major vehicle in which spam is circulated using zombie computers taken over using spam e-mail containing malicious software. Because the owner of the computer normally isn't aware their computer has been turned into a "spam spewing zombie," it also confuses investigative efforts to track the spam to it's source.

It should also be noted that here again, we see another "Chinese connection" in cybercrime. It's pretty interesting that publically held Chinese companies were working with these spammers to have the price of their stock artifically inflated.

Russian nationals were also arrested in this recent case. Eastern European types seem to be heavily involved in the world of cybercrime.

Here are a list of the laws the government is using to bring the spammers to justice:

The 41-count indictment covers three distinct, but interrelated, conspiracies to capture this evolution in their business practices. The indictment charges the defendants with the commission of several federal criminal offenses, including conspiracy, fraud in connection with electronic mail (CAN SPAM), computer fraud, mail fraud, wire fraud, and money laundering. It also charges the defendants with criminal asset forfeiture, as well as charging one defendant with making false statements to law enforcement.

Sadly enough, spammers have been bold enough to spoof all three investigative agencies involved in this case in the recent past. These spamming incidents normally are what are known as phishing attempts, where the intent of the spammer is to steal personal and financial information using social engineering techniques or malicious software.

The FTC released a report on spam a few days ago. One of the findings was that the people behind this activity are best addressed by agencies that have go after criminal activity.

This action and Operation Bot Roast indicate that these actions are already underway.

On the DOJ site right below the header on this press release is a warning about the DOJ itself being impersonated (spoofed).

A lot of people view spam as an annoying phenomenon in their inbox. If you really examine it, spam is the vehicle for just about every annoying and illegal activity on the Internet.

The full press release, including all the names of the spammers being charged can be seen, here.

FTC issues report on Malicious Spam and Phishing

The Federal Trade Commission just released it's report on the current state of malicious spam and phishing in today's electronic world.

Interestingly enough, it points out that spammers are criminals.

While this isn't a new revelation, the report seems to want to drive that point home. Maybe this is part of the education process referred to at the bottom of this post?

Here is what the press release had to say:

During the workshop, panelists confirmed that spam has increasingly become a significant global vector for the dissemination of malware and the propagation of financial crimes. Panelists opined that, in most instances, the acts of malicious spammers are inherently criminal, and criminal law enforcement agencies are best suited to shut down their criminal operations.

The report discusses the problem of botnets at length and refers to a 2006 report stating that an estimated 12 million bot infected computers are being used to send spam. The report also states that most of these computers are physically located outside the United States.

Going deeper into the problem the report discusses a phenomenon called fast flux:

With fast flux, infected bot computers serve as proxies or hosts for malicious websites. The IP addresses for these sites are rotated regularly to evade discovery. For example, a phisher can deploy numerous and different IP addresses for a single phishing campaign, foiling the efforts of ISPs and law enforcement seeking to stop these campaigns by dismantling a single web site. Despite these challenges, the record reflects that at least one ISP does take proactive measures to detect and disconnect “fast flux” web sites from a portion of its network.

The report also acknowledges that DIY (do it yourself) crimeware kits are making it easy for just about anyone to mount a phishing campaign. One kit described sells for as little as $17.

Also cited are some statements from jailed bot-herders that botnets are being rented by the hour for $300-$700 an hour.

The report also give some statistical information on what this is costing all of us:

A survey by Consumer Reports reveals that viruses, phishing, and spyware resulted in over $7 billion in costs to U.S. consumers in 2007. The survey revealed further that computer infections prompted 850,000 U.S. households to replace their computers. The costs to businesses also are high. One panelist reported that 80 percent of 639 businesses it studied experienced cybercrime-related losses, totaling $130 million.

Also included in the report is information on Operation Bot Roast conducted by the FBI and Department of Justice.

Besides going after the criminal element, the report states that e-mail authentication is crucial in detecting spam at the ISP level so that it can be filtered out by existing spam filters.

Of greatest importance (call me a socialist) is that the report calls that a broader effort needs to be made to educate the public on the dangers of spam:

Consumer and business education can have a significant impact in the fight against spam and phishing. Because spam is an ever-evolving problem, stakeholders should revitalize efforts to educate consumers about how to protect their computers from online threats and improve methods for disseminating educational materials to consumers and businesses. In addition, the Summit identified consumer-interfacing tools such as spam reporting buttons as valuable tools for ISPs and reputation service providers. Accordingly, staff will encourage industry to continue to develop and fine-tune such tools.

In keeping with this theory, the FTC has three sites listed on the right side of the press release to educate the public about spam, FTC Spam site, OnGuard Online: Spam Scams and OnGuard Online: Phishing.

The full report can be viewed, here.