Facebook users under attack? It would appear that the three million users that Facebook has under its skin, are serpentinely being duped into clicking on the link found in an email being sent to them. In this mass mailing, users are asked to update their account information before they are allowed to login, by clicking on the link provided in the email.
If your interested in learning how to take down a spammer, read on. The information that will be provided in this article will only get you started. Over the years we have had several people ask us to help them deal with a spammer or or bot master. Most of what we do is investigative work. By that we mean actually pulling apart the emails or decompiling the bots that we catch. Granted decompiling is a job that most users cannot do themselves, but the pulling apart emails, you can.
First off, you need to copy your entire spam email message over to plain text file. An example in how to do this using Microsoft Outlook Express. The easiest way to do this is to right click on message in the top window, above the preview window, and click on properties. Then click on details. After that, you can now see the full raw email with headers. Right click in that window and select all and the right click again and select copy. Now your ready to paste that over to a blank text file. Open up windows explorer and either find a directory that is suitable or create one to place all your investigative work in.
If your like everyone else, you not immune to the phishing tactics of the scammers or spammers that send you daily junk that tots messages about your banking services being updated. We have decided to take one such phishing email apart and show you just how crafty these criminals really are. We start off by receiving the spam message in our inbox like the one below.
If your curious about the bad effects that rouge online pharmaceuticals have, then you must read this report from KnujOn. They go into depth on the how the criminals are getting away with breaking the laws. Let us know what you think, by posting your comments in the forums.
GNSO Fast Flux Hosting Working Group Publishes Final Report
7 August 2009
The Fast Flux Hosting Working Group has just submitted its final report to the GNSO Council.
In May 2008, the GNSO Council launched a Policy Development Process (PDP) that tasked a Working Group to answer a number of questions related to fast flux hosting. Fast flux hosting is a technique that utilizes short Time To Live settings and frequent updates of DNS records to increase a domain’s resiliency. It has legitimate uses, but is widely known as a tactic cybercriminals use to enhance their phishing and pharming gains. The questions the Working Group addressed included:
As more and more spammers and scammers are creating fake sites on the internet these days, its getting even more difficult to know where to report these problems to. We here at Spacequad AntiSpam Services are more than happy to help out in forwarding your legit complaint thru to the proper channels. In order for us to help you, we must have some information from you:
Your real full name
Working email address
Mailing postal address (Optional)
A raw copy of the spam mail that includes:
All header information in tact without modifications or removals
The body of the spam mail
Any of the above information missing or scrambled, will not be processed.
Forward your mail on to firstname.lastname@example.org and we will also make available all copies on the website minus any personal identifiable information leading back to you. Any comments or problems , you can contact us thru our link in the menu above.
MSN was recently attacked on July 13th by a group of Chinese hackers. This band of miscreants were able to successfully infiltrate MSN's WebMail server to send thousands of emails to various victims around the world using the Hotmail mail servers. When reporting this this abuse to the Hotmail team, we were rerouted to a help group forum. This is not good practice to be shunned by turning away a report that was just to notify them of the problem. Read the full article for more.
It seems that there are a few spammers out there that like to consider themselves above average when it comes to sending illegal email. These spammers are using a mail server that has been altered to change the header information to suit their needs. Plus now they are feeling pretty confident that these bogus email, also known as backscatter email, are getting through to the intended recipient. Trust me, that is the farthest from the truth. These backscatter email are being trashed or in some cases, not even allowed to connect here. So do us and every other person that has an email account some place in this world a favor, stop wasting your time, because we'll never see them. See below for more information and how these creeps make the bogus email work.
Spacequad has now implimented OpenID for easier login capabilities. So if you have an OpenID account, this means that you can now use it here.
As of February 12, 2009, Spacequad AntiSpam Services will now start keeping records of websites that host spam. We are doing this now to allow website owners the opertunity to check this list everyday if they wish, to be alerted that their website has been compromised. Once put on this list, the URL will not be removed until the spam has been removed from that website listed. To be removed, the spam messge must be removed, along with the website being secured against further spam postings. If you are running Snitz Forum software, you are strongly encouraged to update your files, as spammers have discovered security holes that allow them to spam your website. To be removed, the above conditions must be met and you must contact us with a request. Only then, once verified, will we remove your domain URL. To check if your on this list, click here.
All spam postings made to Spacequad will also be copied and sent to Knujon for further processing. From there, it will most like put more pressure on the sites hosting the spam within the forums to clean it up. It could also result in the end domain thats being advertised to be terminated.