Jump to content

Search the Community

Showing results for tags 'spam'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 26 results

  1. Accounts will be limited to 400 follows per day. In an apparent attempt to combat spam and bot accounts that populate its platform, Twitter announced today that it is changing its rules to allow users to follow up to 400 accounts per day. The change marks a considerable drop from the previous cap, which allowed up to 1,000 follows in a single day, though still allows for more following than the average human user is likely to do in a 24 hour period. "As a part of our commitment to building a healthy service, we remain focused on stopping spam and abuse on Twitter," a spokesperson for Twitter told Engadget. "We found that having a high daily follow rate contributed to follower churn, and as a result, we are reducing the daily follow rate limit from 1,000 to 400." Follower churn, according to Twitter's help center, is the process of following and unfollowing accounts. The process is done to get the attention of users and try to get people to follow back to inflate one's follower count. The rule change is just the latest in Twitter's effort to cut back on the abilities of spam accounts and bots. Last year, the company cracked down on "bulk tweeting" that allowed accounts to tweet the same content from multiple accounts. It also added new reporting tools that allow human users to flag bots and instituted a verification process that requires users to confirm their identity with a phone number or email address when creating a new account. Source
  2. The number of robocalls to US consumers increased massively last year. Consumers in the US received a whopping 26.3 billion robocalls in 2018, which was 46 percent more than that the total number of robocalls in 2017, according to Hiya, maker of a caller ID app. The company estimates that people received on average 10 unwanted calls per month and that 25 percent of all robocalls are scams. The top three categories of unwanted calls in the US include general spam, fraud and telemarketing. The Federal Communications Commission (FCC) has outlined plans to combat the problem of robocalls in the US. FCC chairman Ajit Pai in November fired off a letter to carriers demanding that the industry implements a call-authentication system by this year. The system aims to combat caller ID spoofing. He's pushing carriers to immediately adopt the Signature-based Handing of Asserted Information Using Tokens (Shaken) and the Secure Telephone Identity Revisited standards. Carriers would then 'sign' calls originating from their network, which would be validated by other carriers before reaching a phone. According to YouMail, another robocall-blocking service, the situation in 2018 was even worse, with the company last week reporting an estimated 47.8 billion robocalls in the US last year. Robocalls in 2018 were up 56.8 percent from the estimated 30.5 billion robocalls in 2017. Its data found that 37 percent of all robocalls were scams related to health insurance, student loans, easy money scams, tax scams, travel scams, business scams and warranty scams. The remaining 60 percent of robocalls were legitimate, including telemarketing calls, reminders and alerts. The FCC and the Federal Trade Commission both cite unwanted and illegal robocalls as their top source of complaints. The FTC received 7.1 million consumer complaints about robocalls in 2017, up from 5.3 million in 2016. The FCC says it gets about 200,000 complaints each year. The number of robocalls have increased over the years despite over 200 million US consumers have registered on the Do Not Call Registry. Hiya's research sets out the US area codes most targeted by spammers. Source
  3. T-Mobile is beginning to roll out support for call verification technology, which will confirm that a phone call is actually coming from the number listed on caller ID. Now, if one T-Mobile subscriber calls another T-Mobile subscriber, the person receiving the call will see a message saying “Caller Verified” if they have a supported phone. Unfortunately, there’s only one supported phone for the time being. Call verification won’t put a stop to spammy phone calls, but it will start to help people identify which calls are actually coming from real people. As anyone with a phone knows, spammers have relentlessly spoofed local phone numbers in recent years, making it appear that you’re getting an incoming call from someone you may know. Call verification is meant to combat that. There are a lot of limitations at launch, though. For one, T-Mobile is the first carrier to launch support for it. It’s supposed to eventually work across all major phone providers, but that’ll only happen once others come on board. Second, T-Mobile is starting small, launching this only on the Galaxy Note 9 to start. Presumably, it’ll come to other phones eventually, but no timeline was given. The bigger limitation is that this doesn’t actually tell you which calls are spam, just which calls aren’t. That’s definitely still a help. You might get a call from a neighbor or a local business that you’ll now know to pick up, thanks to the verification tech. But if you get a call that isn’t verified, it doesn’t necessarily mean it’s a spammer, just that the call couldn’t be verified, which could simply be due to lack of support from their phone provider. Still, it’s an encouraging sign in the perpetually frustrating fight against spammers. T-Mobile is using a pair of technologies known as SHAKEN and STIR, which FCC chairman Ajit Pai “demanded” the phone industry implement. In November, Pai sent letters to the industry asking that the technologies be adopted “without delay.” Verizon plans to start implementing the tech later this year, and Sprint plans to begin testing it this year. Other major voice providers have said they are working on it or beginning trials. Source
  4. An unknown individual compromised an alert service and abused their access to send out a spam message to some of the service’s customers. The Australian Early Warning Network (EWN) alert service disclosed first in a Facebook post and later on its website that the compromise took place near the beginning of the year: The service responded by launching an investigation into the incident. This effort revealed that the individual responsible used stolen credentials to gain access to the service and send out the spam message. This nuisance alert included a link that wasn’t harmful to customers who received it. Kerry Plowright, managing director of EWN, told ABC News that the breach likely originated in Australia: At this time, the EWN’s systems are online and providing ongoing alerts for severe weather and natural hazard events. The service also said that its investigation into the incident is ongoing with the help of Police and the Australian Cyber Security Centre. This isn’t the first time that an emergency alert service has suffered a security incident. In March 2018, city officials confirmed they detected what they called a “limited breach” on a system that supports Baltimore’s 911 emergency services. According to Baltimore Police Commissioner Darryl De Sousa, the incident did not disrupt his officers’ ability to respond to emergency callers throughout the city. But it did lead the city to temporarily transition its 911 emergency services into manual mode, which means dispatchers took callers’ locations manually without any means to verify those details. Source
  5. There’s a very clever phishing scam going around at the moment – originally thought to be targeting journalists given the sheer number of them mentioning it on their Twitter feeds, it’s also been slinging its way across unrelated mailboxes – from orgs to schools/campuses. This doesn’t mean it didn’t begin with a popped journo mailbox and spread its way out from there or that someone didn’t intentionally send it to a number of journalists of course – but either way, this one has gone viral and not in a “look at the cute cat pic” fashion. Here’s how it happens The potential victim receives an email claiming to be from a Mailnator account, which they dispute is related to their service. The email reads as follows: Title: [Contact] has shared a document on Google Docs with you Body: [Contact] has invited you to view the following document Hitting the Google-styled “Open in Docs” button takes the clicker to a genuine Google sign-in page, which is sure to wrong-foot many people: Where this all goes wrong is on the next page, which is where the victim actually gives the app permission to access the account via OAuth. Somehow, nobody at Google thought of preventing people from calling their apps “Google Docs”. Google Docs would like to Read, send, delete and manage your email Manage your contacts After “Allow” is hit, the spam is then sent on to contacts. While 2FA would normally save you from a phishing attempt, in this case, the victim is willingly giving permission to the app so 2FA won’t help – the only solution is to see which apps have been granted permission and revoke. Here are some of the domains being used for this (all offline at the time of writing, but there may be others): Google is aware of the situation and is currently working on it. Meanwhile, Cloudflare leapt into action very quickly. We’ll update the post with more information as it comes in. Article source Other source: Google shuts down massive Google Docs phishing scam
  6. After almost an almost non-existent presence in 2017 and a few weeks off, Locky is back with a fresh wave of SPAM emails containing malicious docs. While it is not known what caused Locky's hiatus, if they plan on pushing the ransomware like they previously did, then we all need to pay close attention. Locky Distributed Through Malicious PDFs and Word Documents This current wave of SPAM comes in the form of emails that pretend to be payment receipts with various subjects. According to an article by My Online Security, the email subjects include Receipt 435, Payment Receipt 2724, Payment-2677, Payment Receipt_739, and Payment#229, where the numbers change. Locky SPAM Email These emails include a PDF attachment with a name like P72732.pdf. When these PDFs are opened, the target will be prompted to open an embedded Word document as shown below. Malicious PDF SPAM If a user opens the file, the Word document will open and the target will be greeted with the typical Malicious word document prompt. That is the prompting to enable the macros by clicking on Enable Content in order to properly see the document. Enable Macros in Malicious Word Document When the macros are enabled, the macros are currently downloading an encrypted Locky binary from http://uwdesign.com.br/9yg65, decrypting the file, saving it to %Temp%\redchip2.exe, and then executing the file to begin the encryption process. Redchip2.exe currently has a 7/55 detection on VirusTotal. Just like previous variants, Locky deletes Shadow Volume Copies using a Scheduled Task and appends the .OSIRIS extension to encrypted files. You can see the task used below. While encrypting files it will routinely send status updates to the Command & Control servers located at 188.120.239.230/checkupdate and 80.85.158.212/checkupdate. When done it will display the ransom note to let the victim know that they have been infected. Locky Ransom Note Unfortunately, at this time there is still no way to decrypt files encrypted by Locky. Source
  7. A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security." Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected." The leaked, and unprotected, database is what's behind the sending of over a billion spam emails every day -- helped, as Vickery points out, by "a lot of automation, years of research, and fair bit of illegal hacking techniques." But it's more than a database that has leaked -- it's River City Media's entire operation. Business plans, HipChat logs, accounts and much more. As with any big leak, there is the question of whether it is genuine. Vickery has shared his finding with numerous security sites as well as law enforcement agencies, and says: That was my initial reaction. I'm still struggling with the best software solution to handle such a voluminous collection, but I have looked up several people that I know and the entries are accurate. The only saving grace is that some are outdated by a few years and the subject no longer lives at the same location. In conjunction with security experts Salted Hash and spam experts Spamhaus, Vickery found that RCM had used illegal IP hijacking techniques during some of its spam campaigns. He says that since making this discovery, he has contacted the companies affected by the leak: Once we concluded that this was indeed related to a criminal operation, it was decided that we should approach law enforcement and the affected companies (like Microsoft and Yahoo) before making any attempts at contacting the spammers directly. The leaking servers went dark during the process of notifying law enforcement and the major companies. So, I did not directly contact the spammers themselves. It remains to be seen quite what impact this will have on River City Media's operations, and whether there will be an immediate reduction in the amount of spam flying to inboxes around the world. You can read more about Vickery's finding over on MacKeeper. Article source
  8. Spammers could have a field day with Gmail users, simply by spoofing real Gmail accounts, according to a security researcher. Spoofed @gmail.com messages arrive in the inbox rather than the spam folder, with no Gmail security warning. Google's Gmail spam filters may block the bulk of spam from hitting your inbox, but according to one researcher it won't filter spam from a spoofed @gmail.com address. No one likes spam and for the most part Google does a great job of keeping inboxes free of it. For Safer Internet Day, Google highlighted the "geeky detective work" it does to ensure the average Gmail inbox has less than 0.1 percent spam. Gmail, for example, "tracks where a message originated, to whom it's addressed, and how often the sender has contacted the recipient". This approach helps Google cull spam before the user sees it. But, according Renato Marinho, a researcher from Brazilian security firm Morphus Labs, Gmail doesn't filter or indeed even warn users about dodgy messages from a spoofed @gmail.com address. That is, the email appears to have come from a Gmail account, but actually came from a non-Gmail server. It's not hard to imagine the fun that hackers and spammers could have with this behavior. Marinho demonstrated it to ZDNet using a setup he describes in a post, and the spoofed @gmail.com message arrived as promised in our inbox rather than the spam folder. Gmail did not display a security warning either. The only indication that something might be amiss was that the sender field showed the Gmail address was sent 'via' another server, but that information wasn't even visible in the Gmail app for iOS and Android. "Messages coming from @gmail.com addresses are not filtered by Gmail anti-spam in a specific condition," explained Marinho. First, the spoofed Gmail address needs be pretending to be a valid Gmail address. If it's not a valid Gmail address, the message goes straight to Gmail's spam folder. Marinho also demonstrated this process for ZDNet. Secondly, the email server that sent the message must be authorized via the Sender Policy Framework of the SMTP sender address domain. For that to happen, the spammer's email server first connects to Gmail and says it wants to deliver a message from his domain, such as Im-a-spammer.com, but the spammer switches the address to a fake Gmail address. Gmail then queries the spammer's Im-a-spammer.com domain name service (DNS) server to check if the spammer's email server could send messages on behalf of it, which of course the spammer approves. Marinho says he informed Google of the issue but was told it would not be tracked as a security bug since it did not substantially affect the confidentially or integrity of Google users' data. He also said Yahoo rejected the spoofed email while Microsoft's Outlook moved the spoofed message to spam. But he believes a serious issue here is the trust Gmail users have in Google reliably filtering out spam. "The higher our belief in the provider, the lower tends to be our attention to the risks. The main advice here is to revisit this 'trust logic'. Even highly reputable services may fail, and we need to be careful all the time to avoid risks," he wrote. One sure way to tell if a sender address has been spoofed is by examining the full message headers. It's not clear why Gmail doesn't block these emails or hide them in the spam folder. ZDNet has asked Google for a response and will update the story if it receives one. By Liam Tung http://www.zdnet.com/article/spammers-delight-gmail-weirdly-doesnt-see-spoofed-gmail-com-addresses-as-junk/
  9. i can't unsubscribe or even if i do then there will be other new senders ... a vicious circle. how do i block these?
  10. Microsoft warns internet users for Amazon emails that try to infect computers with ransomware. With Black Friday and Cyber Monday coming up, cybercriminals hope more users are susceptible for opening an attachment coming from a popular online retailer. In this case the malcious emails appear to be from Amazon and state that the order has been sent out. The criminals behind the scam have tried to make the mail look as legitimate as possible and the mail has a .ZIP file attached that ‘contains information about the order’. In reality it contains a Javascript file with obfuscated code that is known a Nemucod, a Trojan downloader that will download the Locky ransomware to the computer that will start to encrypt files on the computer. “We see it every year: social engineering attacks that take advantage of the online shopping activities around Black Friday and Cyber Monday, targeting customers of online retailers”, Duc Nguyen and Wei Li write in a blog on Microsoft’s website. As usual, Microsoft advises to not open emails and especially attachments from unknown addresses. Amazon also has a helpful page that can assist in identifying between a legitimate and fake email from the online retail giant. Article source
  11. Since the beginning of November we’ve been cleaning many sites infected with the same SEO spam malware. The malware creates doorways for hundreds of random trending keywords – from news to porn. For its templates, it uses mobile pages of some legitimate sites (probably taking into account the latest Google’s “mobile first” approach). Infection Details The attackers scan sites for known vulnerabilities and then upload a file with a random looking name that consists of 10 hex digits, e.g. 4ae0e06003.php, 4d9d041ee8.php, f18072c6bc.php, etc. This zip file contains full source code of an open-source PclZip library. However, at the top of the file there are a couple of lines that first decode a long base64-encoded string and then write the resulting output into a .zip file. This file always has a random three-letter word for the filename – vlw.zip in the below example. $data = base64_decode("UEsDBAoAAAAAAPigZ0kAAAAAAAAAAAAAAAAEAAAAdmx3L1B… file_put_contents("vlw.zip",$data); At the bottom of the file there is a piece of code that extracts this newly created zip file within current directory (which is typically the site root directory): Extracting zip archive with black hat SEO malware As a result, the following file structure is created: a directory with the same name as the .zip file two .php files hoop1.php and rohel.php .htaccess two subdirectories gknol and templates Rewrite Requests and Cached Spam This is what the structure looks like: Extracted doi.zip file The files perform the following functions: hoop1.php – makes the doorways ready for the SEO spam campaign by creating an .htaccess file with a rewrite rule to make the URLs look as if they were .html pages. rohel.php – the doorway generator script. It creates content for search engine bots, mixing keywords found on search result pages of Ask.com, Yahoo! and Google for targeted keywords. It caches them in the gknol subdirectory. Real visitors get redirected to a link such as: hxxp://coolin[.]in/for/77?d=…. gknol – the subdirectory where the script saves cached doorway pages. templates – the subdirectory with 10-20 page templates for spammy pages. There are some other variations of the same infection. For example, it can be a master.php file (the doorway generator) and two subdirectories: save (cache) and shabs (templates). The following redirect chain normally lands on porn pages: hxxp://82.146.37[.]48/mobi?sub_id_1... -> hstraffa[.]com/l?link= … -> zvip[.]biz/aff_c?offer_id=20008&aff_id=6716& … The actual chain may vary, depending the visitor’s location and browser. Reinfection and Cross-Contamination It is worth mentioning that the attackers try to infect all sites that share the same server account. This malware doesn’t depend on any CMS, so we find it on all sorts of websites from WordPress to pure HTML sites. One site can be infected multiple times by this malware (several spammy directories) and quite often it can be infected with other types of malware and spammy doorways, like Japanese replica spam doorways. This happens because webmasters usually neglect security issues for quite a long time. Even when they notice the problem and try to clean their sites, they either fail to remove backdoors from all of their sites or harden only their most important sites while leaving less important ones with unpatched security holes. In doing so, all of their accounts remain unprotected against reinfection. This shows that every aspect of website security is important and should be done properly – cleaning, hardening (including configuration and proper isolation), monitoring, etc. Article source
  12. Google Analytics has become a great target for spammers, where they leave fake traffic that draws unwary web site owners to investigate where it came from. This week one of those spammers left a ‘Vote for Trump‘ message in many people’s analytics reports. What most people didn’t notice was that the website it referenced looked like secret.Google.com…but it wasn’t. Instructions below show how to build a Filter to block this particular attack. To get historical spam out of your reports, use the Segment I posted to the Google Analytics Solution Gallery. Remember to change the Segment to use your website domain name in the first expression! The Imitation G In fact, the letter ‘G’ is a Latin Letter Small Capital, Unicode 0262. Compared side by side with a real capital G, they would look like ‘ɢ G’ — see the difference? Notice how the ‘G’ in the image is the same size as the lowercase letter ‘o’? It’s not the G you thought it was. OK, so they faked a letter in the web address….so what? Well, if you click that link, it takes you to ɢoogle.com, not google.com!!! You have just clicked into the spammer’s web site, where anything could happen! [you actually end up redirected to: money.get.away.get.a.good.job.with.more.pay.and.you.are.okay.money.it.is.a.gas.grab.that.cash.with.both.hands.and.make.a.stash.new.car.caviar.four.star.daydream.think.i.ll.buy.me.a.football.team.money.get.back.i.am.alright.jack.ilovevitaly.com] Again, more spam, so what’s the big deal? The Danger Well, someone, somewhere, gave out the domain ɢoogle.com to someone who was not representing google.com. what is stopping them from mimicking YOUR web site, or YOUR BANK’s website, and then leaving innocent-looking links for you to fall prey to? You would probably never realize what you did until it was tool late. Internationalized Domain Names Most people don’t realize it, but there were a lot of people working the past few years on getting international characters into domain names…and they are real today. They are supposed to allow people to create domains in their native language, like 日本語.jp. Seems at least one enterprising individual (in Russia) grabbed the opportunity recently to snap up ɢoogle.com. Expect to see a sharp increase in phishing until the general public catches on. Never trust a link provided by someone else… How to Filter It Out To prevent more of it from appearing in your Google Analytics accounts, create a new filter on the Admin panel. Pick a new Filter Name Filter Type: Custom Choose: Exclude Filter Field: Language Settings Filter Pattern: \. Save the new filter. It will take effect right away, but you may find that today’s data gets reprocessed in a few hours. Read the whole story in the Definitive Guide to Removing All Google Analytics Spam — the authoritative reference on the topic, regularly updated since January 2015. Article source
  13. Every now and then here on the Skype Community we see another wave of reports from customers saying that their Skype account sends unwanted spam instant messages to their contacts including links to Baidu, LinkedIn or other popular online services. Please follow all the following steps to learn how to act on these and take back control over your account: 1. Checking your computer security Is your antivirus scanner up to date? Your firewall still active? Malware scanning doesn't find anything? This is to ensure that no keylogger or other backdoor is transmitting your password input to bad people somewhere else. 2. Update your password(s) If you have a Microsoft account (e.g. you sign in with either email or phone number) and you never linked a Skype name to it before September 2016: Simply Sign in to your Microsoft account, then select Security & privacy and then select Change password. If you linked your Skype account with your Microsoft account in the past: there are still two passwords that grant access to your account. The best way to consolidate your passwords is by opening https://account.microsoft.com and sign in with your Skype name and password there. If this is the first time for you signing in since October 2016 you will be asked to update your account. More information in the article One account for Skype and your other Microsoft services - NB: After you have updated your account going forward there's only one password giving access to your unified account. 3. Protect your account Now to updated your password (and possibly your account as well) secure it by setting up two factor verification: https://support.microsoft.com/en-us/help/12408/microsoft-account-about-two-step-verification Frequently asked questions (and answers to them) I didn't even use Skype while the spam messages were sent? / I haven't signed in to Skype for ages? / I was only signed in to Skype on my mobile phone and the device was always with me? The spammers obtained your credentials and signed in from another computer at any other place in the world to send out the spam messages. They don't need access to your device or even you to be signed in to send their spam. How did the spammers obtain my account password(s)? Over the past years unfortunately data leaks of user credentials (emails/usernames + passwords) have become somewhat of a regularity. If you have been re-using credentials across multiple services then just one service leaking your data will compromise these credentials everywhere else. You can check if your username or email was part of any recent popular leak on the following website: https://haveibeenpwned.com/ - If you see the message "Oh no — pwned!" you should update your password everywhere you use this username/password. Even if your information was not part of a data leak your computer or a computer you used your credentials on - in internet cafes, at a friend or family shared computer, even at work - could have been compromised by malware and your password information gotten into the wrong hands that way. That's why two factor verification/authentication is a powerful tool to enhance your security. But I checked sign ins via the /showplaces chat command? The output of this chat command does not list currently signed in endpoints reliably. Instead it lists all endpoints registered to receive notifications, e.g. for incoming calls. This list largely overlaps, but the output is not a reliable indicator. After you have updated your Skype account to a Microsoft account (see Step 2 earlier) you can use the "Recent Activity" report though: https://account.live.com/Activity Article source
  14. What is Spamnesty? Spamnesty is a way to waste spammers' time. If you get a spam email, simply forward it to [email protected], and Spamnesty will strip your email address, pretend it's a real person and reply to the email. Just remember to strip out any personal information from the body of the email, as it will be used so the reply looks more legitimate. That way, the spammer will start talking to a bot, and hopefully waste some time there instead of spending it on a real victim. Meanwhile, Spamnesty will send you an email with a link to the conversation, so you can watch it unfold live! Conversations
  15. LeeSmithG

    [Giveaway] MailWasher Pro v7.8.8

    Receiving spam is like those telemarketers who call at dinner time, completely annoying and you didn't ask for it. Luckily, you can stop this now! Install MailWasher today to screen all your email accounts in one place and allow only the email you want in your inbox. MailWasher lets you preview all your email before it gets to your computer or mobile device, enabling you to read all your email securely, and instantly delete any unwanted or suspicious email. Your remaining good email is downloaded to your PC or mobile device, saving you from receiving any spam or email viruses. Please note: The software provides a 1-year license. Source: https://www.giveawayoftheday.com/mailwasher-pro-7-8-8/ Registration key: https://secure.firetrust.com/cart/items/add/mw2010/promo/gotd2 I have been using this program for fourteen (14) years and have a lifetime license. It has the odd glitch, but is well written and works well.
  16. Locky ransomware continues to evolve, gets closer to 100% JS Jump in spam file attachment size New versions of the Locky ransomware, the variants that are also known as Zepto ransomware, have changed their classic mode of operation and are now relying on more JavaScript code than ever before. Locky is a ransomware variant that appeared at the start of the year and had constantly evolved. One of the things that remained the same across all these months was its payload, which was a JavaScript file embedded inside a ZIP file, which users received via email. This file usually contained something that security researchers call a downloader, a malicious component that downloaded the actual Locky ransomware binary and launched it into execution. Locky devs are embedding the ransomware inside the JS file According to researchers from Cyren, from July 20, a new wave of Locky infections started delivering the entire ransomware code inside the JavaScript file. Researchers immediately noted this change because of a jump of the ZIP file's size, which grew from a few KBs to over 250 KB. Opening this JS file from the ZIP archive inside a code editor also shows a lot more code than before. Researchers say that this code contains the actual Locky binary, which is reconstructed from the JavaScript code and saved on the user's OS when the JS file is executed. "Embedding malware binaries in scripts has been around for years," Cyren's Maharlito Aquino notes, "so it is not surprising to see Locky making use of this technique in delivering its ransomware component." Only Locky's Zepto variants showcases this behavior Once the Locky binary is saved in the user's Temp folder, it is also automatically launched into execution, starting the encryption process that locks the user's files. As mentioned above, this particular version appends the .zepto extension at the end of all encrypted files. Some security firms have been tracking this wave of Locky ransomware under a separate name altogether, as the Zepto ransomware. At the end of June and start of July, Cisco security researchers noticed a huge spam wave (137,731 emails in four days) delivering Locky/Zepto ransomware. That particular wave still used the old ZIP-JS-downloader-Locky infection routine. Locky also uses DOCM and WSF files as JS alternatives Cyren has been very diligent at keeping an watchful eye on Locky distribution and infection methods in general. The company also noted other changes to Locky distribution, but not to Zepto variants. Among these is the usage of DOCM files, an alternative to DOC and DOCX, for infecting users via Word macros. Additionally, the company also noted the usage of WSF files instead of JavaScript files, with WSF files being essentially another way of packaging and executing JavaScript code. Article source
  17. New Locky variant uses a weaker encryption method New Locky variant comes with offline mode support During the past days, the crooks behind the Locky ransomware have amped up their operations and distributed hundreds of thousands of spam email that contain malicious files, which when opened, will install a new version of the Locky ransomware that can work without an Internet connection. Finnish security firm F-Secure observed the campaign and pointed out that on July 12, the group behind this ransomware sent out a whopping 120,000 spam email messages every hour in two massive surges of activity. As with past Locky campaigns, these files were ZIP archives that contained a JavaScript file, which when executed installed the Locky ransomware. New Locky version appears on the same day of the spam surge According to German security vendor Avira, its researchers have stumbled upon a new Locky version that can work in "offline mode." Avira's experts said they detected this new variant on July 12, the same day when the spam surge happened, but they have reported independently from F-Secure, so it is not officially confirmed that the spam wave delivered the new variant, even if all clues point to it. This new Locky version is very different from past Locky variants, who needed an Internet connection to start the encryption process. Because of this, network administrators discovered that by shutting down Internet access to a company when they detected one Locky infection, they could also stop subsequent computers from being compromised. New Locky version uses a much simpler encryption scheme Locky's authors seem to have addressed this issue and have now created a variant that can work around this limitation, albeit using a weaker encryption method. "That [speaking of Locky's offline mode] makes it tougher to block," said Avira's Lyle Frink. "But, this new variant may have the weakness that once someone has paid the ransom for their private key ID – it should be possible to reuse the same key for other victims with the same public key." This comes in handy for corporate environments, where Locky's authors are known to ask for more money than usual, just because they managed to infect a computer holding more precious data. Victims can pull the computer from the enterprise network, reinfect it, pay the ransom, and then use the decrypter to recover the files at a lower price. This is possible because the Locky offline version generates the same ID per computer, unlike its online version that generates different IDs per infection, not per computer. Locky spam flood on July 12, 2016 Article source
  18. Popular torrent search engine BTDigg is showing signs of life after weeks of downtime. The site, which discovers new files through BitTorrent's Distributed Hash Table (DHT), blames spam torrents for the sudden shutdown. The site's operators will consider a comeback if they can find a way to deal with the issue effectively. Five years ago a new kind of torrent indexing site appeared online. Where most other sites rely on user uploads or pull their torrents from other sites, BTDigg took a different approach by using DHT to find new content. Since then the site has become a regular destination for many people. With millions of pageviews per month, BTDigg listed itself among the larger torrent sites on the web. Despite being blocked by court order in the UK, the site hasn’t faced any significant setbacks. However, a few weeks ago this suddenly changed as the site became unreachable for unknown reasons. With a lack of updates on social media, the prolonged downtime was a mystery. TorrentFreak contacted the site’s operators on several occasions but didn’t hear back, until a few hours ago. In a brief statement the BTDigg team says that the site will remain shut down for the time being. However, the downtime might not last forever. “We closed the site temporarily, but it’s not hard to return,” BTDigg’s operators informs us. A continued flood of spam torrents is the main reason for the sudden disappearance according to the team. They hope to resolve this with an ‘artificial intelligence’ that effectively filters out the problematic content, after which they plan to return. “The main problem is ‘spam’ torrents. When we finish creating an AI that filters spam, we’ll reopen the site,” BTDigg says. This pending return is positive news for BTDigg users. However, with no concrete ETA for the comeback they will have to find their daily torrent fix elsewhere for the time being. Also, while a full return is an option, there’s also a chance that the site will move on under new management. BTDigg’s team informed TorrentFreak that they are considering selling the site’s source code and a year of support to a third party. What that means for the site’s future has yet to be seen. Article source
  19. Ponting

    SPAM Control

    Don't know why the first few posts of a newbie aren't moderated,before it appears on nsane.forums. :unsure: :think:
  20. A new spam campaign has emerged in support of the Asprox botnet. The scheme involves shipping receipt emails that contain malicious links and purport to come from the United States Postal Service (USPS). Anyone who receives one of these emails and clicks on the link therein will have a zip file downloaded onto their machine, according to a Zscaler report. After a user downloads the zip file, it shows up as a seemingly legitimate looking Word document on the Windows desktop. That file is in actuality an executable which must be opened before the user becomes infected with the malware. Researchers from the security firmStopMalvertising analyzed Asprox – also known as Kulouz – in November. They found that the strain of malware began as a password-stealing botnet, but has since evolved to where it’s primary purpose is to launch automated SQL injection attacks. Asprox, they say, is notorious for spoofing shipping companies like the United Parcel Service and FedEx. Asprox is not new, with references to it on Threatpost dating back as far as 2009. As of Zscaler’s publication, the threat was scoring a fairly dangerous 4/52 on VirusTotal. At the time of our publication, the detection engines appear to have taken notice, and the threat is now scoring a less potent 27/52. According to the report, the malware copies itself into an infected user’s Local Application Data before creating an autostarter to ensure that the infection stays around even after restart. “The common factor across all of these dropped files is that they all POST bzip2 compressed data which is then encrypted with a 16-byte random RC4 key via HTTP as reported by StopMalvertising,” wrote Chris Mannon in the Zscaler analasys. “We’re seeing a growing number of attacks which utilize this method of phone home activity. The case of this Asprox threat phones home over ports 443 and 8080.” Source
  21. In Internet years, AOL and its webmail counterpart AOL Mail are beyond ancient at this point. A relic of electronic mail history, the majority of users have long since jumped ship for Gmail or Yahoo. Yet those who still have accounts with AOL were no doubt unhappy when they discovered last weekend that a slew of old AOL Mail accounts had been hacked to send spam to their friends. While it’s unclear exactly how many users’ accounts have been compromised at this point, multiple users have complained on Twitter that their accounts – some which naturally have not been used for years – were compromised and used to send spam to other users. AOL acknowledged the hack late yesterday and pointed out that it’s likely affected users weren’t hacked but spoofed, and that it’s doing everything in its power to correct the issue. “AOL takes the safety and security of consumers very seriously, and we are actively addressing consumer complaints,” AOL said in a statement Tuesday, “We are working to resolve the issue of account spoofing to keep users and their respective accounts running smoothly and securely.” As AOL notes, spoofing attacks are basically spam emails that appear to come from the victim but are technically coming from the spammers’ email account and are sent via the spammers’ server. While spoofing attacks are nothing new this particular campaign appears to have really started picking up steam over the weekend. The hashtag #AOLhacked on Twitter has seen users bemoan the service’s security and others cracking their fair share of jokes since Sunday. Since there’s a difference between being hacked and being spoofed, there’s nothing users can really do prevent the spammer from continuing to spoof their email accounts. Users can change their passwords and delete their contacts but it doesn’t really matter – the spammer already has a copy of the victim’s address book. The company’s mail Twitter page, @AOLMailHelp, said it plain and simple yesterday: “Once your account if spoofed, there is nothing else that can be done.” Some experts, like web designer and programmer Brian Alvey, however are speculating that AOL Mail may have suffered an address book webmail exploit. “When you load [Yahoo’s] webmail interface your browser makes several calls into AOL for data. One is to login. Another is to load all the messages in your inbox. Another is to load your address book so you can a) see who your friends are and B) easily send them email, auto-completing addresses as you type them,” Alvey wrote in a blog entry last night. “Each of those data calls should have security checks.” Alvey surmises that there may not have been a security check like this in place, something that could allow an attacker to bypass security and secure access to users’ address books without being forced to guess passwords or go through the trouble of hacking into the affected accounts. In the meantime, even though it may not help, it may not hurt for anyone with an old AOL Mail account to change their password and to steer clear from any suspicious looking emails, especially those that direct you to a murky looking link, like the one above. Source
  22. By Chris Mooney Feb. 14 2014 1:23 PM Narcissistic, Machiavellian, psychopathic, and sadistic. n the past few years, the science of Internet trollology has made some strides. Last year, for instance, we learned that by hurling insults and inciting discord in online comment sections, so-called Internet trolls (who are frequently anonymous) have a polarizing effect on audiences, leading to politicization, rather than deeper understanding of scientific topics. That’s bad, but it’s nothing compared with what a new psychology paper has to say about the personalities of trolls themselves. The research, conducted by Erin Buckels of the University of Manitoba and two colleagues, sought to directly investigate whether people who engage in trolling are characterized by personality traits that fall in the so-called Dark Tetrad: Machiavellianism (willingness to manipulate and deceive others), narcissism (egotism and self-obsession), psychopathy (the lack of remorse and empathy), and sadism (pleasure in the suffering of others). It is hard to underplay the results: The study found correlations, sometimes quite significant, between these traits and trolling behavior. What’s more, it also found a relationship between all Dark Tetrad traits (except for narcissism) and the overall time that an individual spent, per day, commenting on the Internet. In the study, trolls were identified in a variety of ways. One was by simply asking survey participants what they “enjoyed doing most” when on online comment sites, offering five options: “debating issues that are important to you,” “chatting with others,” “making new friends,” “trolling others,” and “other.” Here’s how different responses about these Internet commenting preferences matched up with responses to questions designed to identify Dark Tetrad traits: To be sure, only 5.6 percent of survey respondents actually specified that they enjoyed “trolling.” By contrast, 41.3 percent of Internet users were “non-commenters,” meaning they didn’t like engaging online at all. So trolls are, as has often been suspected, a minority of online commenters, and an even smaller minority of overall Internet users. The researchers conducted multiple studies, using samples from Amazon’s Mechanical Turk but also of college students, to try to understand why the act of trolling seems to attract this type of personality. They even constructed their own survey instrument, which they dubbed the Global Assessment of Internet Trolling, or GAIT, containing the following items: I have sent people to shock websites for the lulz. I like to troll people in forums or the comments section of websites. I enjoy griefing other players in multiplayer games. The more beautiful and pure a thing is, the more satisfying it is to corrupt. Yes, some people actually say they agree with such statements. And again, doing so was correlated with sadism in its various forms, with psychopathy, and with Machiavellianism. Overall, the authors found that the relationship between sadism and trolling was the strongest, and that indeed, sadists appear to troll because they find it pleasurable. “Both trolls and sadists feel sadistic glee at the distress of others,” they wrote. “Sadists just want to have fun ... and the Internet is their playground!” The study comes as websites, particularly at major media outlets, are increasingly weighing steps to rein in trollish behavior. Last year Popular Science did away with its comments sections completely, citing research on the deleterious effects of trolling, and YouTube also took measures to rein in trolling. But study author Buckels actually isn’t sure that fix is a realistic one. “Because the behaviors are intrinsically motivating for sadists, comment moderators will likely have a difficult time curbing trolling with punishments (e.g., banning users),” she said by email. “Ultimately, the allure of trolling may be too strong for sadists, who presumably have limited opportunities to express their sadistic interests in a socially-desirable manner.” http://www.slate.com/articles/health_and_science/climate_desk/2014/02/internet_troll_personality_study_machiavellianism_narcissism_psychopathy.html Chris Mooney is the author of The Republican War on Science and, with Sheril Kirshenbaum, Unscientific America: How Scientific Illiteracy Threatens Our Future.
  23. By Manish Singh on February 11, 2014 - 07:18PM Internet, much like the real world, has bad people too. And while the digital security of the entire planet seems to be a train-wreck, things are even worse in India. According to Microsoft’s third annual Computing Safety Index (MCSI)​ report, 20% Indians are the victims of online phishing attacks. The victims in this case lose around Rs. 7500 ($120 USD) on average. “About 12 per cent Indian respondents said they suffered identity theft at an average cost them Rs 7,500," the MSCI states. Whereas the annual worldwide impact of phishing and identity theft is around $5 billion, while fixing peoples’ online reputation could go as high as $6 million. “The annual worldwide impact of phishing and other various forms of identity theft could be as high as $5 billion, with the cost of repairing the damage to peoples' online reputation being higher yet at nearly $6 billion or an estimated average of $632 (Rs 39,000) per loss," the MSCI mentioned. The survey which was released today on Safer Internet Day, used the data gathered from testing around 10,500 users from across 20 nations. According to the report, only 34% of them care to prevent strangers from seeing their updates on social media. Whereas, 38% of people actually tweak some settings to set control over who sees what. Furthermore, only 35% of the users employed a PIN protection to keep their devices secure. "Internet users can prevent intrusions and thefts by using a unique four-digit PIN for mobile devices and strong passwords for online accounts," Microsoft India National Technology Officer Prakash Kumar said. It is high time we became aware of online attacks and started using simple preventive measures which can save us a whole lot of trouble. “The Internet touches our lives every day, whether we are communicating with loved ones, for work, shopping, and paying bills. But how cautious are we about monitoring our online presence, and taking note of our own vulnerabilities? There are many things you can do to stay safer online," Kumar added. http://www.winbeta.org/news/phishing-attacks-20-percent-indians-are-victims-says-microsoft
  24. By Casey Johnston - Jan 25 2014, 9:48am AUSEST Gmail shifted the "spam" link away from the layout TechCrunch screenshotted to discourage clicking. It's highlighted here in purple in its new form. A Gmail bug has resulted in thousands of unsolicited e-mails hitting up the Hotmail account of one David S. Peck of Fresno, California, according to a report from TechCrunch. TechCrunch suggests the glitch is possibly related to the outage that occurred earlier Friday. The bug operated like this: a Google search for the word “Gmail” turns up a couple of links under the Gmail header, including one with the text “Email.” Clicking that link would pop up a Compose window with dsp559 at hotmail dot com pre-filled in the To: field; apparently, more than a few Gmail users YOLO’d and hit send. Peck has been receiving the unsolicited e-mails since Thursday. He deleted the day’s bounty and woke up Friday with 1,900 more e-mails, he told TechCrunch. Peck contacted Hotmail for support, and as of Friday afternoon, the “Email” link on the Google results page leads to a 404. Earlier in the day, both Gmail and Google+ went down for about two hours. Given Google+’s recent integration with YouTube, that meant YouTube users were unable to make comments on the site, as well. http://arstechnica.com/business/2014/01/bad-gmail-link-results-in-thousands-of-spam-e-mails-to-a-hotmail-user
×
×
  • Create New...