Jump to content

Search the Community

Showing results for tags 'spam'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 29 results

  1. The number of robocalls to US consumers increased massively last year. Consumers in the US received a whopping 26.3 billion robocalls in 2018, which was 46 percent more than that the total number of robocalls in 2017, according to Hiya, maker of a caller ID app. The company estimates that people received on average 10 unwanted calls per month and that 25 percent of all robocalls are scams. The top three categories of unwanted calls in the US include general spam, fraud and telemarketing. The Federal Communications Commission (FCC) has outlined plans to combat the problem of robocalls in the US. FCC chairman Ajit Pai in November fired off a letter to carriers demanding that the industry implements a call-authentication system by this year. The system aims to combat caller ID spoofing. He's pushing carriers to immediately adopt the Signature-based Handing of Asserted Information Using Tokens (Shaken) and the Secure Telephone Identity Revisited standards. Carriers would then 'sign' calls originating from their network, which would be validated by other carriers before reaching a phone. According to YouMail, another robocall-blocking service, the situation in 2018 was even worse, with the company last week reporting an estimated 47.8 billion robocalls in the US last year. Robocalls in 2018 were up 56.8 percent from the estimated 30.5 billion robocalls in 2017. Its data found that 37 percent of all robocalls were scams related to health insurance, student loans, easy money scams, tax scams, travel scams, business scams and warranty scams. The remaining 60 percent of robocalls were legitimate, including telemarketing calls, reminders and alerts. The FCC and the Federal Trade Commission both cite unwanted and illegal robocalls as their top source of complaints. The FTC received 7.1 million consumer complaints about robocalls in 2017, up from 5.3 million in 2016. The FCC says it gets about 200,000 complaints each year. The number of robocalls have increased over the years despite over 200 million US consumers have registered on the Do Not Call Registry. Hiya's research sets out the US area codes most targeted by spammers. Source
  2. T-Mobile is beginning to roll out support for call verification technology, which will confirm that a phone call is actually coming from the number listed on caller ID. Now, if one T-Mobile subscriber calls another T-Mobile subscriber, the person receiving the call will see a message saying “Caller Verified” if they have a supported phone. Unfortunately, there’s only one supported phone for the time being. Call verification won’t put a stop to spammy phone calls, but it will start to help people identify which calls are actually coming from real people. As anyone with a phone knows, spammers have relentlessly spoofed local phone numbers in recent years, making it appear that you’re getting an incoming call from someone you may know. Call verification is meant to combat that. There are a lot of limitations at launch, though. For one, T-Mobile is the first carrier to launch support for it. It’s supposed to eventually work across all major phone providers, but that’ll only happen once others come on board. Second, T-Mobile is starting small, launching this only on the Galaxy Note 9 to start. Presumably, it’ll come to other phones eventually, but no timeline was given. The bigger limitation is that this doesn’t actually tell you which calls are spam, just which calls aren’t. That’s definitely still a help. You might get a call from a neighbor or a local business that you’ll now know to pick up, thanks to the verification tech. But if you get a call that isn’t verified, it doesn’t necessarily mean it’s a spammer, just that the call couldn’t be verified, which could simply be due to lack of support from their phone provider. Still, it’s an encouraging sign in the perpetually frustrating fight against spammers. T-Mobile is using a pair of technologies known as SHAKEN and STIR, which FCC chairman Ajit Pai “demanded” the phone industry implement. In November, Pai sent letters to the industry asking that the technologies be adopted “without delay.” Verizon plans to start implementing the tech later this year, and Sprint plans to begin testing it this year. Other major voice providers have said they are working on it or beginning trials. Source
  3. An unknown individual compromised an alert service and abused their access to send out a spam message to some of the service’s customers. The Australian Early Warning Network (EWN) alert service disclosed first in a Facebook post and later on its website that the compromise took place near the beginning of the year: The service responded by launching an investigation into the incident. This effort revealed that the individual responsible used stolen credentials to gain access to the service and send out the spam message. This nuisance alert included a link that wasn’t harmful to customers who received it. Kerry Plowright, managing director of EWN, told ABC News that the breach likely originated in Australia: At this time, the EWN’s systems are online and providing ongoing alerts for severe weather and natural hazard events. The service also said that its investigation into the incident is ongoing with the help of Police and the Australian Cyber Security Centre. This isn’t the first time that an emergency alert service has suffered a security incident. In March 2018, city officials confirmed they detected what they called a “limited breach” on a system that supports Baltimore’s 911 emergency services. According to Baltimore Police Commissioner Darryl De Sousa, the incident did not disrupt his officers’ ability to respond to emergency callers throughout the city. But it did lead the city to temporarily transition its 911 emergency services into manual mode, which means dispatchers took callers’ locations manually without any means to verify those details. Source
  4. There’s a very clever phishing scam going around at the moment – originally thought to be targeting journalists given the sheer number of them mentioning it on their Twitter feeds, it’s also been slinging its way across unrelated mailboxes – from orgs to schools/campuses. This doesn’t mean it didn’t begin with a popped journo mailbox and spread its way out from there or that someone didn’t intentionally send it to a number of journalists of course – but either way, this one has gone viral and not in a “look at the cute cat pic” fashion. Here’s how it happens The potential victim receives an email claiming to be from a Mailnator account, which they dispute is related to their service. The email reads as follows: Title: [Contact] has shared a document on Google Docs with you Body: [Contact] has invited you to view the following document Hitting the Google-styled “Open in Docs” button takes the clicker to a genuine Google sign-in page, which is sure to wrong-foot many people: Where this all goes wrong is on the next page, which is where the victim actually gives the app permission to access the account via OAuth. Somehow, nobody at Google thought of preventing people from calling their apps “Google Docs”. Google Docs would like to Read, send, delete and manage your email Manage your contacts After “Allow” is hit, the spam is then sent on to contacts. While 2FA would normally save you from a phishing attempt, in this case, the victim is willingly giving permission to the app so 2FA won’t help – the only solution is to see which apps have been granted permission and revoke. Here are some of the domains being used for this (all offline at the time of writing, but there may be others): Google is aware of the situation and is currently working on it. Meanwhile, Cloudflare leapt into action very quickly. We’ll update the post with more information as it comes in. Article source Other source: Google shuts down massive Google Docs phishing scam
  5. After almost an almost non-existent presence in 2017 and a few weeks off, Locky is back with a fresh wave of SPAM emails containing malicious docs. While it is not known what caused Locky's hiatus, if they plan on pushing the ransomware like they previously did, then we all need to pay close attention. Locky Distributed Through Malicious PDFs and Word Documents This current wave of SPAM comes in the form of emails that pretend to be payment receipts with various subjects. According to an article by My Online Security, the email subjects include Receipt 435, Payment Receipt 2724, Payment-2677, Payment Receipt_739, and Payment#229, where the numbers change. Locky SPAM Email These emails include a PDF attachment with a name like P72732.pdf. When these PDFs are opened, the target will be prompted to open an embedded Word document as shown below. Malicious PDF SPAM If a user opens the file, the Word document will open and the target will be greeted with the typical Malicious word document prompt. That is the prompting to enable the macros by clicking on Enable Content in order to properly see the document. Enable Macros in Malicious Word Document When the macros are enabled, the macros are currently downloading an encrypted Locky binary from http://uwdesign.com.br/9yg65, decrypting the file, saving it to %Temp%\redchip2.exe, and then executing the file to begin the encryption process. Redchip2.exe currently has a 7/55 detection on VirusTotal. Just like previous variants, Locky deletes Shadow Volume Copies using a Scheduled Task and appends the .OSIRIS extension to encrypted files. You can see the task used below. While encrypting files it will routinely send status updates to the Command & Control servers located at and When done it will display the ransom note to let the victim know that they have been infected. Locky Ransom Note Unfortunately, at this time there is still no way to decrypt files encrypted by Locky. Source
  6. A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security." Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected." The leaked, and unprotected, database is what's behind the sending of over a billion spam emails every day -- helped, as Vickery points out, by "a lot of automation, years of research, and fair bit of illegal hacking techniques." But it's more than a database that has leaked -- it's River City Media's entire operation. Business plans, HipChat logs, accounts and much more. As with any big leak, there is the question of whether it is genuine. Vickery has shared his finding with numerous security sites as well as law enforcement agencies, and says: That was my initial reaction. I'm still struggling with the best software solution to handle such a voluminous collection, but I have looked up several people that I know and the entries are accurate. The only saving grace is that some are outdated by a few years and the subject no longer lives at the same location. In conjunction with security experts Salted Hash and spam experts Spamhaus, Vickery found that RCM had used illegal IP hijacking techniques during some of its spam campaigns. He says that since making this discovery, he has contacted the companies affected by the leak: Once we concluded that this was indeed related to a criminal operation, it was decided that we should approach law enforcement and the affected companies (like Microsoft and Yahoo) before making any attempts at contacting the spammers directly. The leaking servers went dark during the process of notifying law enforcement and the major companies. So, I did not directly contact the spammers themselves. It remains to be seen quite what impact this will have on River City Media's operations, and whether there will be an immediate reduction in the amount of spam flying to inboxes around the world. You can read more about Vickery's finding over on MacKeeper. Article source
  7. Spammers could have a field day with Gmail users, simply by spoofing real Gmail accounts, according to a security researcher. Spoofed @gmail.com messages arrive in the inbox rather than the spam folder, with no Gmail security warning. Google's Gmail spam filters may block the bulk of spam from hitting your inbox, but according to one researcher it won't filter spam from a spoofed @gmail.com address. No one likes spam and for the most part Google does a great job of keeping inboxes free of it. For Safer Internet Day, Google highlighted the "geeky detective work" it does to ensure the average Gmail inbox has less than 0.1 percent spam. Gmail, for example, "tracks where a message originated, to whom it's addressed, and how often the sender has contacted the recipient". This approach helps Google cull spam before the user sees it. But, according Renato Marinho, a researcher from Brazilian security firm Morphus Labs, Gmail doesn't filter or indeed even warn users about dodgy messages from a spoofed @gmail.com address. That is, the email appears to have come from a Gmail account, but actually came from a non-Gmail server. It's not hard to imagine the fun that hackers and spammers could have with this behavior. Marinho demonstrated it to ZDNet using a setup he describes in a post, and the spoofed @gmail.com message arrived as promised in our inbox rather than the spam folder. Gmail did not display a security warning either. The only indication that something might be amiss was that the sender field showed the Gmail address was sent 'via' another server, but that information wasn't even visible in the Gmail app for iOS and Android. "Messages coming from @gmail.com addresses are not filtered by Gmail anti-spam in a specific condition," explained Marinho. First, the spoofed Gmail address needs be pretending to be a valid Gmail address. If it's not a valid Gmail address, the message goes straight to Gmail's spam folder. Marinho also demonstrated this process for ZDNet. Secondly, the email server that sent the message must be authorized via the Sender Policy Framework of the SMTP sender address domain. For that to happen, the spammer's email server first connects to Gmail and says it wants to deliver a message from his domain, such as Im-a-spammer.com, but the spammer switches the address to a fake Gmail address. Gmail then queries the spammer's Im-a-spammer.com domain name service (DNS) server to check if the spammer's email server could send messages on behalf of it, which of course the spammer approves. Marinho says he informed Google of the issue but was told it would not be tracked as a security bug since it did not substantially affect the confidentially or integrity of Google users' data. He also said Yahoo rejected the spoofed email while Microsoft's Outlook moved the spoofed message to spam. But he believes a serious issue here is the trust Gmail users have in Google reliably filtering out spam. "The higher our belief in the provider, the lower tends to be our attention to the risks. The main advice here is to revisit this 'trust logic'. Even highly reputable services may fail, and we need to be careful all the time to avoid risks," he wrote. One sure way to tell if a sender address has been spoofed is by examining the full message headers. It's not clear why Gmail doesn't block these emails or hide them in the spam folder. ZDNet has asked Google for a response and will update the story if it receives one. By Liam Tung http://www.zdnet.com/article/spammers-delight-gmail-weirdly-doesnt-see-spoofed-gmail-com-addresses-as-junk/
  8. i can't unsubscribe or even if i do then there will be other new senders ... a vicious circle. how do i block these?
  9. Microsoft warns internet users for Amazon emails that try to infect computers with ransomware. With Black Friday and Cyber Monday coming up, cybercriminals hope more users are susceptible for opening an attachment coming from a popular online retailer. In this case the malcious emails appear to be from Amazon and state that the order has been sent out. The criminals behind the scam have tried to make the mail look as legitimate as possible and the mail has a .ZIP file attached that ‘contains information about the order’. In reality it contains a Javascript file with obfuscated code that is known a Nemucod, a Trojan downloader that will download the Locky ransomware to the computer that will start to encrypt files on the computer. “We see it every year: social engineering attacks that take advantage of the online shopping activities around Black Friday and Cyber Monday, targeting customers of online retailers”, Duc Nguyen and Wei Li write in a blog on Microsoft’s website. As usual, Microsoft advises to not open emails and especially attachments from unknown addresses. Amazon also has a helpful page that can assist in identifying between a legitimate and fake email from the online retail giant. Article source
  10. Since the beginning of November we’ve been cleaning many sites infected with the same SEO spam malware. The malware creates doorways for hundreds of random trending keywords – from news to porn. For its templates, it uses mobile pages of some legitimate sites (probably taking into account the latest Google’s “mobile first” approach). Infection Details The attackers scan sites for known vulnerabilities and then upload a file with a random looking name that consists of 10 hex digits, e.g. 4ae0e06003.php, 4d9d041ee8.php, f18072c6bc.php, etc. This zip file contains full source code of an open-source PclZip library. However, at the top of the file there are a couple of lines that first decode a long base64-encoded string and then write the resulting output into a .zip file. This file always has a random three-letter word for the filename – vlw.zip in the below example. $data = base64_decode("UEsDBAoAAAAAAPigZ0kAAAAAAAAAAAAAAAAEAAAAdmx3L1B… file_put_contents("vlw.zip",$data); At the bottom of the file there is a piece of code that extracts this newly created zip file within current directory (which is typically the site root directory): Extracting zip archive with black hat SEO malware As a result, the following file structure is created: a directory with the same name as the .zip file two .php files hoop1.php and rohel.php .htaccess two subdirectories gknol and templates Rewrite Requests and Cached Spam This is what the structure looks like: Extracted doi.zip file The files perform the following functions: hoop1.php – makes the doorways ready for the SEO spam campaign by creating an .htaccess file with a rewrite rule to make the URLs look as if they were .html pages. rohel.php – the doorway generator script. It creates content for search engine bots, mixing keywords found on search result pages of Ask.com, Yahoo! and Google for targeted keywords. It caches them in the gknol subdirectory. Real visitors get redirected to a link such as: hxxp://coolin[.]in/for/77?d=…. gknol – the subdirectory where the script saves cached doorway pages. templates – the subdirectory with 10-20 page templates for spammy pages. There are some other variations of the same infection. For example, it can be a master.php file (the doorway generator) and two subdirectories: save (cache) and shabs (templates). The following redirect chain normally lands on porn pages: hxxp://82.146.37[.]48/mobi?sub_id_1... -> hstraffa[.]com/l?link= … -> zvip[.]biz/aff_c?offer_id=20008&aff_id=6716& … The actual chain may vary, depending the visitor’s location and browser. Reinfection and Cross-Contamination It is worth mentioning that the attackers try to infect all sites that share the same server account. This malware doesn’t depend on any CMS, so we find it on all sorts of websites from WordPress to pure HTML sites. One site can be infected multiple times by this malware (several spammy directories) and quite often it can be infected with other types of malware and spammy doorways, like Japanese replica spam doorways. This happens because webmasters usually neglect security issues for quite a long time. Even when they notice the problem and try to clean their sites, they either fail to remove backdoors from all of their sites or harden only their most important sites while leaving less important ones with unpatched security holes. In doing so, all of their accounts remain unprotected against reinfection. This shows that every aspect of website security is important and should be done properly – cleaning, hardening (including configuration and proper isolation), monitoring, etc. Article source
  11. Google Analytics has become a great target for spammers, where they leave fake traffic that draws unwary web site owners to investigate where it came from. This week one of those spammers left a ‘Vote for Trump‘ message in many people’s analytics reports. What most people didn’t notice was that the website it referenced looked like secret.Google.com…but it wasn’t. Instructions below show how to build a Filter to block this particular attack. To get historical spam out of your reports, use the Segment I posted to the Google Analytics Solution Gallery. Remember to change the Segment to use your website domain name in the first expression! The Imitation G In fact, the letter ‘G’ is a Latin Letter Small Capital, Unicode 0262. Compared side by side with a real capital G, they would look like ‘ɢ G’ — see the difference? Notice how the ‘G’ in the image is the same size as the lowercase letter ‘o’? It’s not the G you thought it was. OK, so they faked a letter in the web address….so what? Well, if you click that link, it takes you to ɢoogle.com, not google.com!!! You have just clicked into the spammer’s web site, where anything could happen! [you actually end up redirected to: money.get.away.get.a.good.job.with.more.pay.and.you.are.okay.money.it.is.a.gas.grab.that.cash.with.both.hands.and.make.a.stash.new.car.caviar.four.star.daydream.think.i.ll.buy.me.a.football.team.money.get.back.i.am.alright.jack.ilovevitaly.com] Again, more spam, so what’s the big deal? The Danger Well, someone, somewhere, gave out the domain ɢoogle.com to someone who was not representing google.com. what is stopping them from mimicking YOUR web site, or YOUR BANK’s website, and then leaving innocent-looking links for you to fall prey to? You would probably never realize what you did until it was tool late. Internationalized Domain Names Most people don’t realize it, but there were a lot of people working the past few years on getting international characters into domain names…and they are real today. They are supposed to allow people to create domains in their native language, like 日本語.jp. Seems at least one enterprising individual (in Russia) grabbed the opportunity recently to snap up ɢoogle.com. Expect to see a sharp increase in phishing until the general public catches on. Never trust a link provided by someone else… How to Filter It Out To prevent more of it from appearing in your Google Analytics accounts, create a new filter on the Admin panel. Pick a new Filter Name Filter Type: Custom Choose: Exclude Filter Field: Language Settings Filter Pattern: \. Save the new filter. It will take effect right away, but you may find that today’s data gets reprocessed in a few hours. Read the whole story in the Definitive Guide to Removing All Google Analytics Spam — the authoritative reference on the topic, regularly updated since January 2015. Article source
  12. Every now and then here on the Skype Community we see another wave of reports from customers saying that their Skype account sends unwanted spam instant messages to their contacts including links to Baidu, LinkedIn or other popular online services. Please follow all the following steps to learn how to act on these and take back control over your account: 1. Checking your computer security Is your antivirus scanner up to date? Your firewall still active? Malware scanning doesn't find anything? This is to ensure that no keylogger or other backdoor is transmitting your password input to bad people somewhere else. 2. Update your password(s) If you have a Microsoft account (e.g. you sign in with either email or phone number) and you never linked a Skype name to it before September 2016: Simply Sign in to your Microsoft account, then select Security & privacy and then select Change password. If you linked your Skype account with your Microsoft account in the past: there are still two passwords that grant access to your account. The best way to consolidate your passwords is by opening https://account.microsoft.com and sign in with your Skype name and password there. If this is the first time for you signing in since October 2016 you will be asked to update your account. More information in the article One account for Skype and your other Microsoft services - NB: After you have updated your account going forward there's only one password giving access to your unified account. 3. Protect your account Now to updated your password (and possibly your account as well) secure it by setting up two factor verification: https://support.microsoft.com/en-us/help/12408/microsoft-account-about-two-step-verification Frequently asked questions (and answers to them) I didn't even use Skype while the spam messages were sent? / I haven't signed in to Skype for ages? / I was only signed in to Skype on my mobile phone and the device was always with me? The spammers obtained your credentials and signed in from another computer at any other place in the world to send out the spam messages. They don't need access to your device or even you to be signed in to send their spam. How did the spammers obtain my account password(s)? Over the past years unfortunately data leaks of user credentials (emails/usernames + passwords) have become somewhat of a regularity. If you have been re-using credentials across multiple services then just one service leaking your data will compromise these credentials everywhere else. You can check if your username or email was part of any recent popular leak on the following website: https://haveibeenpwned.com/ - If you see the message "Oh no — pwned!" you should update your password everywhere you use this username/password. Even if your information was not part of a data leak your computer or a computer you used your credentials on - in internet cafes, at a friend or family shared computer, even at work - could have been compromised by malware and your password information gotten into the wrong hands that way. That's why two factor verification/authentication is a powerful tool to enhance your security. But I checked sign ins via the /showplaces chat command? The output of this chat command does not list currently signed in endpoints reliably. Instead it lists all endpoints registered to receive notifications, e.g. for incoming calls. This list largely overlaps, but the output is not a reliable indicator. After you have updated your Skype account to a Microsoft account (see Step 2 earlier) you can use the "Recent Activity" report though: https://account.live.com/Activity Article source
  13. What is Spamnesty? Spamnesty is a way to waste spammers' time. If you get a spam email, simply forward it to [email protected], and Spamnesty will strip your email address, pretend it's a real person and reply to the email. Just remember to strip out any personal information from the body of the email, as it will be used so the reply looks more legitimate. That way, the spammer will start talking to a bot, and hopefully waste some time there instead of spending it on a real victim. Meanwhile, Spamnesty will send you an email with a link to the conversation, so you can watch it unfold live! Conversations
  14. LeeSmithG

    [Giveaway] MailWasher Pro v7.8.8

    Receiving spam is like those telemarketers who call at dinner time, completely annoying and you didn't ask for it. Luckily, you can stop this now! Install MailWasher today to screen all your email accounts in one place and allow only the email you want in your inbox. MailWasher lets you preview all your email before it gets to your computer or mobile device, enabling you to read all your email securely, and instantly delete any unwanted or suspicious email. Your remaining good email is downloaded to your PC or mobile device, saving you from receiving any spam or email viruses. Please note: The software provides a 1-year license. Source: https://www.giveawayoftheday.com/mailwasher-pro-7-8-8/ Registration key: https://secure.firetrust.com/cart/items/add/mw2010/promo/gotd2 I have been using this program for fourteen (14) years and have a lifetime license. It has the odd glitch, but is well written and works well.
  15. Locky ransomware continues to evolve, gets closer to 100% JS Jump in spam file attachment size New versions of the Locky ransomware, the variants that are also known as Zepto ransomware, have changed their classic mode of operation and are now relying on more JavaScript code than ever before. Locky is a ransomware variant that appeared at the start of the year and had constantly evolved. One of the things that remained the same across all these months was its payload, which was a JavaScript file embedded inside a ZIP file, which users received via email. This file usually contained something that security researchers call a downloader, a malicious component that downloaded the actual Locky ransomware binary and launched it into execution. Locky devs are embedding the ransomware inside the JS file According to researchers from Cyren, from July 20, a new wave of Locky infections started delivering the entire ransomware code inside the JavaScript file. Researchers immediately noted this change because of a jump of the ZIP file's size, which grew from a few KBs to over 250 KB. Opening this JS file from the ZIP archive inside a code editor also shows a lot more code than before. Researchers say that this code contains the actual Locky binary, which is reconstructed from the JavaScript code and saved on the user's OS when the JS file is executed. "Embedding malware binaries in scripts has been around for years," Cyren's Maharlito Aquino notes, "so it is not surprising to see Locky making use of this technique in delivering its ransomware component." Only Locky's Zepto variants showcases this behavior Once the Locky binary is saved in the user's Temp folder, it is also automatically launched into execution, starting the encryption process that locks the user's files. As mentioned above, this particular version appends the .zepto extension at the end of all encrypted files. Some security firms have been tracking this wave of Locky ransomware under a separate name altogether, as the Zepto ransomware. At the end of June and start of July, Cisco security researchers noticed a huge spam wave (137,731 emails in four days) delivering Locky/Zepto ransomware. That particular wave still used the old ZIP-JS-downloader-Locky infection routine. Locky also uses DOCM and WSF files as JS alternatives Cyren has been very diligent at keeping an watchful eye on Locky distribution and infection methods in general. The company also noted other changes to Locky distribution, but not to Zepto variants. Among these is the usage of DOCM files, an alternative to DOC and DOCX, for infecting users via Word macros. Additionally, the company also noted the usage of WSF files instead of JavaScript files, with WSF files being essentially another way of packaging and executing JavaScript code. Article source
  16. New Locky variant uses a weaker encryption method New Locky variant comes with offline mode support During the past days, the crooks behind the Locky ransomware have amped up their operations and distributed hundreds of thousands of spam email that contain malicious files, which when opened, will install a new version of the Locky ransomware that can work without an Internet connection. Finnish security firm F-Secure observed the campaign and pointed out that on July 12, the group behind this ransomware sent out a whopping 120,000 spam email messages every hour in two massive surges of activity. As with past Locky campaigns, these files were ZIP archives that contained a JavaScript file, which when executed installed the Locky ransomware. New Locky version appears on the same day of the spam surge According to German security vendor Avira, its researchers have stumbled upon a new Locky version that can work in "offline mode." Avira's experts said they detected this new variant on July 12, the same day when the spam surge happened, but they have reported independently from F-Secure, so it is not officially confirmed that the spam wave delivered the new variant, even if all clues point to it. This new Locky version is very different from past Locky variants, who needed an Internet connection to start the encryption process. Because of this, network administrators discovered that by shutting down Internet access to a company when they detected one Locky infection, they could also stop subsequent computers from being compromised. New Locky version uses a much simpler encryption scheme Locky's authors seem to have addressed this issue and have now created a variant that can work around this limitation, albeit using a weaker encryption method. "That [speaking of Locky's offline mode] makes it tougher to block," said Avira's Lyle Frink. "But, this new variant may have the weakness that once someone has paid the ransom for their private key ID – it should be possible to reuse the same key for other victims with the same public key." This comes in handy for corporate environments, where Locky's authors are known to ask for more money than usual, just because they managed to infect a computer holding more precious data. Victims can pull the computer from the enterprise network, reinfect it, pay the ransom, and then use the decrypter to recover the files at a lower price. This is possible because the Locky offline version generates the same ID per computer, unlike its online version that generates different IDs per infection, not per computer. Locky spam flood on July 12, 2016 Article source
  17. Popular torrent search engine BTDigg is showing signs of life after weeks of downtime. The site, which discovers new files through BitTorrent's Distributed Hash Table (DHT), blames spam torrents for the sudden shutdown. The site's operators will consider a comeback if they can find a way to deal with the issue effectively. Five years ago a new kind of torrent indexing site appeared online. Where most other sites rely on user uploads or pull their torrents from other sites, BTDigg took a different approach by using DHT to find new content. Since then the site has become a regular destination for many people. With millions of pageviews per month, BTDigg listed itself among the larger torrent sites on the web. Despite being blocked by court order in the UK, the site hasn’t faced any significant setbacks. However, a few weeks ago this suddenly changed as the site became unreachable for unknown reasons. With a lack of updates on social media, the prolonged downtime was a mystery. TorrentFreak contacted the site’s operators on several occasions but didn’t hear back, until a few hours ago. In a brief statement the BTDigg team says that the site will remain shut down for the time being. However, the downtime might not last forever. “We closed the site temporarily, but it’s not hard to return,” BTDigg’s operators informs us. A continued flood of spam torrents is the main reason for the sudden disappearance according to the team. They hope to resolve this with an ‘artificial intelligence’ that effectively filters out the problematic content, after which they plan to return. “The main problem is ‘spam’ torrents. When we finish creating an AI that filters spam, we’ll reopen the site,” BTDigg says. This pending return is positive news for BTDigg users. However, with no concrete ETA for the comeback they will have to find their daily torrent fix elsewhere for the time being. Also, while a full return is an option, there’s also a chance that the site will move on under new management. BTDigg’s team informed TorrentFreak that they are considering selling the site’s source code and a year of support to a third party. What that means for the site’s future has yet to be seen. Article source
  18. LeeSmithG

    [Hotmail] Spam

    I logged into my p.c. from sleep around 02:00 this morning and MailWasher Pro automatically checks for emails. Wow, it downloaded over one hundred (100) spam associated emails. Last time this happened was around thirteen (13) years ago. So my line of thought is, there are problems with the Hotmail block process. As I recognised many of the suffix's I've blocked in the past. Anyone else found this problem?
  19. The world's biggest sources of spam. There is one field where Vietnam is second only to the United States, but it is barely worth celebrating: spreading unwanted emails across the globe. Vietnam replaced Russia as the second-biggest source of spam in the first quarter of 2016, with the U.S. remaining on top of the list, software security firm Kaspersky said in its latest Lab Spam and Phishing Report on May 12. India, Brazil and China completed the top five, which according to the report consists entirely of “large, fast-developing countries with high levels of Internet connection.” In Q1/2016, Kaspersky Lab registered 56.3 percent of spam in the global email flow, a 2.9 percent decrease against the same period in 2015, when it accounted for 59.2 percent. The U.S. covered 12.43 percent of all spam emails, maintaining its ‘leadership,’ while 10.3 percent of the unwanted emails came from Vietnam. The respective numbers from India, Brazil and China were 6.19 percent, 5.48 percent and 5.09 percent. Russia fell from last year’s second place to seventh (4.89 percent) in Q1 2016. It followed closely behind France (4.90 percent), which was the world’s sixth biggest source of spam. The report also discovered that spam messages are becoming shorter. In the first quarter, the proportion of emails up to 2 KB or below made up 80 percent of all spam. According to the report, the first quarter saw the amount of spam containing malicious attachments increase dramatically. The share of malicious attachments in mail reached a peak in March – four times greater than last year’s average. The rapid growth was caused specifically by the popularity of crypto-ransomware, which was either contained in emails or downloaded to computers via a Trojan downloader. “This growth confirms our long-term forecasts on the gradual criminalization of spam that makes it even more dangerous, as well as the reduction in the overall share of email traffic,” Kaspersky commented. The anti-virus company said spam has been taken to “a new level of danger,” thanks to the diversity of languages, social engineering, lots of different types of attachments, and text changing within a single mass mailing. In conclusion, Kaspersky said it is unlikely that the amount of malicious spam will continue to grow so rapidly, because “the more cybercriminals distribute malicious spam, the more people get to know of its dangers and the more careful they become about opening suspicious attachments.” “Therefore, such attacks will gradually fade after a few months,” the company said. “However, there is the risk they may be replaced by other, even more complex attacks.” Article source
  20. If you are using one of Microsoft's emailing services, Outlook.com for instance, you may have noticed a sharp increase in spam messages that were not filed as spam in the past couple of days. The main issue here was of course that spam was not flagged properly by Microsoft so that it landed in user inboxes instead of the junk folder where it belonged. You may have noticed as well that spam messages that were not identified as such did not land as frequently in the inbox today or not at all as it did yesterday or the days before. The drop is explained by two fixes that Microsoft implemented. One was a short time fix designed to fix the bulk of the issue for the majority of users as quickly as possible, the other a long term fix to prevent this from happening again in the future. The only source of information about the issue is Microsoft's Service Status page. It reveals little information about what caused the actual issue but it all started with the following message yesterday: Current Status: We’re currently reviewing service logging in order to identify the root cause. User Impact: Users may be receiving excessive spam mail. According to the final message on the page, both fixes have been implemented in the meantime, and users should not receive excessive spam mail anymore that is not flagged properly. Affected users vented their frustration on Twitter and social media sites such as Reddit or Facebook. The issue has been extremely frustrating for users as they had to wade through all the spam flooding the inbox to make sure they did not miss any legitimate emails they have received. We all know that it can be quite time consuming to go through all the "you have inherited US Dollars", "I'm a Nigerian Prince", "Unpaid Invoice" and "Missed You" emails to find legitimate ones. Microsoft did not disclose what caused the issue in the first place, and it is unlikely that the company will do so. On a side note, this is one situation where using a desktop email program can be beneficial as spam has to pass through the providers network first and then the program's spam filter as well before it lands in the inbox. Article source
  21. Spam levels are falling, but Kaspersky Lab says that malicious emails are increasingly becoming malicious and criminalised One of the world’s leading security specialists has warned that spam emails are still a significant threat to many modern PC users. In spite of the quantity of spam emails continuing to decrease, Kaspersky Lab has said that its products prevented 22,890,956 attempts to infect users via emails with malicious attachments in just the month of March this year, twice the number of attempts reported in the previous month. Malicious Intentions The company also revealed that its latest Spam and Phishing Report found a significant increase in malicious spam emails in Q1 2016. It found that the level of spam in email traffic has constantly been decreasing since 2012. In the first quarter for example, Kaspersky Lab registered 56.3 percent of spam in email flow. But this was 2.9 percent lower compared to the same period in 2015 when it was 59.2 percent. But it also found that in the first quarter of this year, the quantity of emails with malicious attachments was 3.3 times higher than during the same period in 2015. Terrorism Hook Geographically, the United States is still the largest producer of spam, sending 12.43 percent of unwanted emails. Vietnam is the second highest originator (with 10.3 percent) and India (6.16 percent). Russia has slipped down to seventh place this quarter with 4.9 percent. And it seems that our German cousins tend to bear the brunt of malicious mailshots, as 18.9 percent of Kaspersky Lab product users in that country were targeted with these nasty spams. China meanwhile was second (9.43 percent) and Brazil took third place (7.35 percent). The attackers are also utilising the growing fear about terrorism, after it became the main topic of spam emails in Q1. Kaspersky Lab for example found that spammers often tried to convince recipients that the file attached to their spam email contained a new mobile application, which after installation, could detect an explosive terrorist device. Suffice it to say, the app in question is an executive file in reality that contains malware that can steal personal user information, organise DDoS-attacks and install other malicious software. And the famous Nigerian spammers have also opted to use terrorist topics in their emails as well. “Unfortunately we are seeing our previous predictions about the criminalisation of spam coming true,” said Daria Gudkova, spam analysis expert at Kaspersky Lab. “Fraudsters are using diverse methods to attract user attention and to make them drop their guard,” Gudkova said. “Spammers are employing a diversity of languages, social engineering methods, different types of malicious attachments, as well as the partial personalisation of email text to look more convincing.” “The fake messages often imitate notifications from well-known organisations and services,” said Gudkova. “This is raising spam to a new dangerous level.” These findings are in line with research from other security vendors. For example both Symantec and Proofpoint have recently said that spam levels are dropping to levels not seen since since 2012. Proofpoint also warned that attacks that rely on malicious email attachments are on the rise. Article source
  22. Ponting

    SPAM Control

    Don't know why the first few posts of a newbie aren't moderated,before it appears on nsane.forums. :unsure: :think:
  23. A new spam campaign has emerged in support of the Asprox botnet. The scheme involves shipping receipt emails that contain malicious links and purport to come from the United States Postal Service (USPS). Anyone who receives one of these emails and clicks on the link therein will have a zip file downloaded onto their machine, according to a Zscaler report. After a user downloads the zip file, it shows up as a seemingly legitimate looking Word document on the Windows desktop. That file is in actuality an executable which must be opened before the user becomes infected with the malware. Researchers from the security firmStopMalvertising analyzed Asprox – also known as Kulouz – in November. They found that the strain of malware began as a password-stealing botnet, but has since evolved to where it’s primary purpose is to launch automated SQL injection attacks. Asprox, they say, is notorious for spoofing shipping companies like the United Parcel Service and FedEx. Asprox is not new, with references to it on Threatpost dating back as far as 2009. As of Zscaler’s publication, the threat was scoring a fairly dangerous 4/52 on VirusTotal. At the time of our publication, the detection engines appear to have taken notice, and the threat is now scoring a less potent 27/52. According to the report, the malware copies itself into an infected user’s Local Application Data before creating an autostarter to ensure that the infection stays around even after restart. “The common factor across all of these dropped files is that they all POST bzip2 compressed data which is then encrypted with a 16-byte random RC4 key via HTTP as reported by StopMalvertising,” wrote Chris Mannon in the Zscaler analasys. “We’re seeing a growing number of attacks which utilize this method of phone home activity. The case of this Asprox threat phones home over ports 443 and 8080.” Source
  24. In Internet years, AOL and its webmail counterpart AOL Mail are beyond ancient at this point. A relic of electronic mail history, the majority of users have long since jumped ship for Gmail or Yahoo. Yet those who still have accounts with AOL were no doubt unhappy when they discovered last weekend that a slew of old AOL Mail accounts had been hacked to send spam to their friends. While it’s unclear exactly how many users’ accounts have been compromised at this point, multiple users have complained on Twitter that their accounts – some which naturally have not been used for years – were compromised and used to send spam to other users. AOL acknowledged the hack late yesterday and pointed out that it’s likely affected users weren’t hacked but spoofed, and that it’s doing everything in its power to correct the issue. “AOL takes the safety and security of consumers very seriously, and we are actively addressing consumer complaints,” AOL said in a statement Tuesday, “We are working to resolve the issue of account spoofing to keep users and their respective accounts running smoothly and securely.” As AOL notes, spoofing attacks are basically spam emails that appear to come from the victim but are technically coming from the spammers’ email account and are sent via the spammers’ server. While spoofing attacks are nothing new this particular campaign appears to have really started picking up steam over the weekend. The hashtag #AOLhacked on Twitter has seen users bemoan the service’s security and others cracking their fair share of jokes since Sunday. Since there’s a difference between being hacked and being spoofed, there’s nothing users can really do prevent the spammer from continuing to spoof their email accounts. Users can change their passwords and delete their contacts but it doesn’t really matter – the spammer already has a copy of the victim’s address book. The company’s mail Twitter page, @AOLMailHelp, said it plain and simple yesterday: “Once your account if spoofed, there is nothing else that can be done.” Some experts, like web designer and programmer Brian Alvey, however are speculating that AOL Mail may have suffered an address book webmail exploit. “When you load [Yahoo’s] webmail interface your browser makes several calls into AOL for data. One is to login. Another is to load all the messages in your inbox. Another is to load your address book so you can a) see who your friends are and B) easily send them email, auto-completing addresses as you type them,” Alvey wrote in a blog entry last night. “Each of those data calls should have security checks.” Alvey surmises that there may not have been a security check like this in place, something that could allow an attacker to bypass security and secure access to users’ address books without being forced to guess passwords or go through the trouble of hacking into the affected accounts. In the meantime, even though it may not help, it may not hurt for anyone with an old AOL Mail account to change their password and to steer clear from any suspicious looking emails, especially those that direct you to a murky looking link, like the one above. Source
  • Create New...