Big Shift as Phishing Now Outnumbers Email Viruses

In what is likely to be a landmark month in email, in January of this year phishing now outnumbers viruses as a threat against email. According to experts, in January 2007, 1 in 93 emails (1.07%) was some sort of phishing attack while only 1 in 120 emails (.83%) was found to be infected by a virus.

While this has several explanations, from the fact that viruses are now being picked-up mostly by surfing the web, and the fact that the email attacks carrying malware are much more targeted nowadays, and no longer represent the huge macro-attacks that try to infect every computer in the country. That's because those big malware attacks are easy to combat with blacklisting and content matching programs, so they've gone much smaller, because the longer they remain unknown to the general public the more damage they can do and the more money they can make cybercriminals.

But the main reason for the big shift is the simple fact that phishing has become so highly effective. Phishers are resorting more to Flash content than HTML, which makes it harder for the anti-phishing browsers to pick-out. Also, phishing is also becoming more targeted, and much more likely to include a fake email from the actual bank or ecommerce site a target uses then simply a random guess at a potential match.

It's simply become a fact of life that email is becoming more profitable for criminals, and more dangerous for users. I can't think of any more persuasive argument for email providers to make sure as much of this crime-mail is stopped dead before it ever gets on a company's server and gets that much closer to the users inbox.

That's why my company, Message Partners, has spent years fine-tuning our pre and post-queue filtering capability, with cuts spam and phishing mail off at the pass. You can read all about it here, at Message Partners.

That's it for today, and hey, safe computing everyone.

Taunting Spam IV

My company, Message Partners, utilizes all the most modern and advanced tools available in the tech arsenal to fight spam, and we also use something totally unique to us: we taunt spam. So I received the following spam email:

Subject: our members get laid. PERIOD

Stop posting profiles on lame dating sites.

People on our site are looking for intimate partners now.

Some naughty, some nice but everyone has fun and gets what they want ;-)

Taunt begins:

Interesting subject line, I must admit, and it did get my interest. So you say your members get laid. You know, some men refer to their Johnsons as their member, so do you mean all of your MEMBERS get laid, or just the people who belong to you oh-so-non-exclusive spammo club?

So you tell me to stop posting my profile on lame dating sites, where with your site, it's just straight to the business at hand, where, in this case, if I'm getting action, well, I don't have to give myself the business with my hand. Ha.

But for all of your promises, sir spam-a-lot, you simply cannot change the true fact of human nature, that, well, that men typically want sex more than women, and are more interested in, well, relationships. So from looking at your site closer, I must only deduce, that if everyone is in fact looking for intimate partners right now, and everyone IS getting what they want, then your site must be all men all the time. PERIOD.

Not that there's anything wrong with that. You should just say you're a gay site and come out of the spam closet, OK?

Doggone Phishing

Phishing is the practice of sending emails pretending to link to an official internet or banking site when in fact the link is fake the graphics are stolen and it's all just an attempt to con you out of your vital information. And everyone everywhere just keeps sounding the warnings, trying to make people understand that no matter how convincing an email looks, and how dire the situation they tell you your account is in, if you think you're having problem with an online bank or commerce site, go directly to the site by typing the address directly into the address bar at the top of your browser.

For instance, say you get a dire message from eBay, saying someone has hijacked your account and has started putting a big price on some priceless artifacts using your name, DO NOT CLICK on the link provided in the email. Close the browser down, open a new one, and from your home page, simply type EBAY.COM after the WWW in the address bar and click enter.

Only then do you truly know you are at eBay, not eBob, not eRippoff, not eTakeAllYourMoney, but eBay.

There, I said it. Better yet, go to my company, Message Partners, where we have some excellent phish-fighting tools.

Taunting Spam III

At Message Partners, not only do we use the absolutely most advanced and sophisticated email tools anywhere to fight this new flood of spam, we also utilize another spam fighting tool: we taunt it.

I received the following spam-mail:

Subject: And be medical

existing; it would be difficult, if not impossible, to find a branch both small and great. For the same thing may be small in comparison things, also, which are said to be such and such in virtue of these aquatic, are differentiae of animal; the species of knowledge
qualities. For pallor and duskiness of complexion are called is long; these things cannot in their own right claim the quantitative these are not relatives, and, this being the case, it would be true to be true and the other false, for when he is not yet able to acquire
It may be questioned whether it is true that no substance is first is reciprocally connected, as in the aforesaid instances, when particular branches of knowledge are not thus explained. The knowledge substance than another, for it has already been stated that this is
also, in virtue of that habit, to be thus or thus disposed; but surface, for he would state the area which it covered. Thus the things is predicated of the individual, the genus both of the species and knowledge does not differ from another in being two-footed.
present in body at all. Thus everything except primary substances is existence of the perceptible. For perception implies a body receptive of these qualities, but only in that subject of which the a universal rule that each of a pair of opposites of this type has and all those qualities which are classed as dispositions. However character: for the terms like and unequal bear unequal bear a subjects one of the pair should be present, and that in a It is the mark of substances and of differentiae that, in all


Begin taunt: Please note, I shortened the spam by about half for clarity and concision, but it actually didn't help el spammo get to any point at all.

Wow. What a word stream my spammy friend. Are you some sort of modern day poet? Because when I squint my eyes and read those words really fast, it just about puts me to sleep, just like poetry.

I caught somewhere in your stream something about being two-footed. Yep, that's me, two footed all right. Wait! Do you mean two feet on the end of each leg. Yes, I think you do. Actually, that's not me at all. I only have two feet in total.

Had you been more clear, I really really think I would have bought something from you.

Oh, and I like the subject line. "And be medical." How do you "be medical." Is that like "be physical." You know the song, Let's get physical, physical, physical. So instead I'm singing, Let's be medical, medical, medical.

That really works! And it's fun. You, my friendly spam, are a genius.

Udgrade from AmavisD with MPP

I’ve been reading several different posts in how to make AmavisD do this or that (mostly how to get rid of the new flood of spam), and while I am not a system administrator, I have to say most of suggestions seemed quite difficult to execute and of questionable efficacy.

While I’ve heard that this complaint often about open source software, it seems to be particularly true of AmavisD. The compliant is, that while it is free, what exactly does free constitute? First, you have to be a system admin with a great deal of time on your hands, as even though you certainly won’t need approval from the CFO to download a free mail server, what do you tell the boss as hour after hour is eaten up by the newest AmavisD patch or fix?

The second complaint, once you start making your own fixes to AmavisD, it essentially becomes one person’s customized system. And what happens when that one person who did all the AmavisD fixes changes jobs. Who’s around to know what specifically was done to that system. This at a time when the pressure on e-mail from both users and — as in viruses and spam and phishing — abusers, continues to grow exponentially.

Inevitably, IT professionals must ask themselves exactly what free means. Because if it’s free upfront, I guarantee you that it will cost, and cost more, in terms of paying for the fixes of highly skilled labor. And as the system gets more and more patched up, it’ll start doing some very quirky things.

The other alternative, of course, is to pay upfront, which might require the clearance of the CFO, but won’t send the labor costs spiraling out of control. And by paying for something like MPP, our email platform, you get both a time-tested system, and someone always ready willing and able to help ASAP.

Also, the great thing about MPP is that it allows you to use both the best of open source and commercial filtering software, as we all now open source does have some great things. Because the whole point of e-mail is its immediacy, and when it goes down and stays down, the system admin will get a visit from the CEO whether they want it or not.

So what do you say, give Message Partners a look/see.

Best Offense is Still a Good Defense

Today I've been reading survey after survey about the growing deadliness of today's malware (malicious software). As one report succinctly summed it up, today's malware is "stealthier, more complex and harder to identify and defend against."

One of the doors these cybercriminals use to get access to corporate servers is "greyware." The following comes from Wikipedia explaining greyware: Greyware gets into a corporate network when users download legitimate software that includes greyware applications in the installation package. Greyware applications often use ActiveX controls.

Most software programs include an End User License Agreement (EULA), which the user has to accept before downloading. Often the EULA does include information about the additional greyware application and its intended use to collect personal data; however, users often overlook this information or do not understand the legal terminology describing the application.

So you see, usually it's right in the users agreement (I can even imagine how many users agreements I haven't read, as I didn't read them).

So the best way to prevent against this scourge, which in turns adds to the botnet problem, which in turn continues our spam problem, is to keep it off your system.

And you do that by investing in the best virus and spam and phishing filtering software. I ask that you consider Message Partners. Click here.

Taunting Spam II

I said I would do this every Monday, but this Monday was a holiday, and yesterday was too busy of a day, so I chose today to take spam to task and, in essence, to taunt them. Why? Because it makes me feel just a little bit better.

So I received the following spam in my Message Partners' inbox:

Subject: Bruce willis sylvester stallone?

Bruce willis sylvester stallone?
June divorced staple tabloids due romantic junior!
By spy placed williss? Throttlein bobby featured allstar, cast
husband ashton. Spy placed williss body spawned, honest imitators
again wearing.
These, photos unnoticed until? Lifemoore was roswell new mexico but,
spent much.
About last nightfor time hollywood boxoffice successes including
ghost.

Company: CHINA BIOLIFE ENTERP (Other OTC:CBFE.PK)
Symbol: CBFE
Price: $1.55
Target: $4
Market: Bullish

Jane movie shaved off all long hair camera? Mixed founding celebrity,
investor planet chain theme. Near, famous sun valley.
Mark among considered basic instinct batman? Allstar cast, husband
ashton kutcher although, they. Saturday night live served guest, host
brought stage? Demetria gene guynes on november is an. Often fought
beat each other. Bokmlnorsk modified january text. Cover vanity fair
seven months pregnant daughter scout larue.
With bruce willis, sylvester stallone arnold august nude cover.
Murphya menlt cdr joanne butchers wifemarina jensenwere! Suicide
frequently changed jobs made, family move total. Childhood teenage
years suburbs. Uncredited cameo end, spoof young doctors lovein.
Do grantthe onlythe jurorannie lairdnow thenolder murphya menlt cdr.
Played part jackie templeton abc soap opera. Sketch march episode
saturday night.
Stallone, arnold august nude cover vanity

My taunt follows: Huh, interesting, your profligate, overaggressive use of nouns with no connecting verbs is damn near idiot-savant-esque -- without the savant part. So you hook me with Bruce Willis Sylvester Stallone in the subject line.

It's almost like a booming movie trailer...Bruce Willis and Sylvester Stallone in a blockbuster hit SPAM attack. Not one over-the-hill Hollywood icon, but two, sort of Spam Hard With a Vengeance mixed with Spambo.

This spam will make you laugh, and it will make you cry, and it will also make you plenty confused.

Then it's just pure gibberish, but probably not much different then most of the scripts that get sold in Hollywood. I can just picture some producer guy handing these words over to a screenwriter and saying: We did a study that the next hit movie is going to contain all of these words, but you have to figure out what order they go in.

Then we get to the middle of the spam, the kernel, the truth, the payoff: some penny-stock come-on to help in your pump-and-dump scam run on some foreign exchange.

But you know, I wasted 10 bucks on the last Bruce Willis movie (and I'm probably going to rent the latest version of Rocky), so I think I've spent enough money on your two spam superstars.

You should know, though, if you're spam scam makes money, you're probably going to be hearing from Stallone's and Willis' attorneys. They're going to want their cut.

Who knows, maybe they'll partner up with you, create a Spam-It Hollywood chain of burger joints.

MPP for ISP

Was at a big meeting with some folks that run a service provider, and we were going over their architecture, and the question came up, as it almost always does, why in the world should we go with MPP?

You see, while they had solved some of the most intractable problems facing an ISP in terms of email, with the main one being -- while people truly hate spam, just let one customer miss one email they were supposed to get (what we call a false positive), and you won't ever hear the end of it. Well, they had pretty much solved this problem cold.

But now, due to their popularity, new problems were arising. One, which I won't get into much, is scalability. Now that they had so many customers, they needed scalability, which we had in spades.

The other, and more insolvable problem for them, was the demand for -- as more and more people use email, and use it for different reasons -- their customers were demanding more flexibility from their email, choices that influenced both cost and usability. And anyone that studies the evolution of a product knows that, as a product travels along its life cycle, it tends to evolve from a simple product with little choice into a much more complex multiple-choice product.

Henry Ford himself said, "You can have any color car you want, as long as you want black." That was in the era of the Model T, when just having a car was enough. Well just the other day I saw a car colored in a color I never even knew existed, and all I can say was it was a cross between purple and fucsia (not exactly sure about the spelling of the last one).

The point being, this ISP's customers were starting to ask for different email choices, like archival, and different spam settings, and while their old email engine couldn't do that, they wondered if MPP could help with that?

Bingo, I thought. At long last, after years spent developing a product powerful enough to do exactly that, someone had finally asked us, Can it enable different settings for different users? Damn right it can.

Did Message Partners get the contract? You betcha!

More Spam?

As I wrote in an earlier blog, this past Wednesday I attended a teleconference held by the folks at Ferris Research, and one of the analysts said something very interesting.

He said that, in fact, there actually is about the same amount of spam being sent around on the internet, the reason that many people think there is so much more is because so much more spam is breaking through our defenses (unless, of course, you use Message Partners, where we quickly plugged the big spam leaks with various tools).

Now I don't think this is entirely true, as with botnets, their ability to spread spam has certainly added to the total amount of spam out there. But I do think it is mostly true, that it's not so much the total amount of spam people are talking about, but the spam that breaks through to the inbox.

So while even I had been reporting that spam is up huge amounts, what I really meant to say is that more spam is breaking through our defenses. Got it?

Hope everyone has a great weekend.

Thinking Outside the Inbox

Everyone that has access to the internet pretty much has to use a service provider, unless of course you are a service provider yourself. And while everyone has been blogging on and on about all the spam and viruses and phishing that have increased geometrically in the last year , what about service providers, as they must be taking the brunt of spam.

My company, Message Partners, does a great deal of their business with service providers, so we get to hear a lot of what's going on spam's front lines. While it hasn't been easy, we've done everything we could do, used every bit of thinking outside the inbox, as I've been calling it, just to get a leg up on spam. I'm just damn glad Message Partner's President, Mike Katz, had the vision early on to build what is pretty much the most adaptable email engine anywhere. Because one of the keys to survival in this spam storm is certainly adaptability.

And we also keep a close watch on the industry for any ideas in beating back spam. We have coders from Russia all the way to Brazil working on it. Because no matter what solution we come up with, it works for awhile, but then it seems spam invents something else, so we can never ever stop, because through rain, sleet, or Viagra spam, your email must be delivered.

Check us out at Message Partners.

25th Anniversary of First Computer Virus

Attended a teleconference this morning about the future of email and communication technology, held by Ferris Research, and learned that this year marks the 25th Anniversary of the very first computer virus ever to appear.

As Wikipedia indicates, it was a program called "Elk Cloner," and spread via the floppy disk (remember the floppy disk?). Jeez, wasn't the first floppy about the size of a 33 1/3 record, so when you were carrying records around, you really new you were holding onto something. The first virus, written by Rich Skrenta, was written for the Apple DOS 3.3. It was originally intended as a joke, and was embedded into a game, and once the game was set to play the 50th time, instead of the game a blank screen would appear with a poem about the virus Elk Cloner.

On that same note, the first PC virus was a boot sector virus called "Brain," created by two brothers, Basit and Amjad Farooq Alvi, who lived in Lahore, Pakistan. Brain was written to detect pirated copies of software they had written.

Doesn't that now just sound like ancient history, when viruses merely spread mostly through portable media like floppy disks?

Sometimes, when thinking and writing about viruses and all the trouble they create, I think back to the show "Get Smart." I remember at one point, Maxwell Smart had Kaos, the bad guys, totally cornered, and finally, at long last, with one fell swoop could totally destroy them. But then Max realizes, without Kaos, he wouldn't have a job, so he let them go (or, in his distracted state, they escaped, I forget which). So Kaos survived to continue their lifelong battle with Control.

So as I rev up everyday to fight spam and viruses for Message Partners, I sometimes wonder what I would do if they weren't around? But I guess with anything, where there is control, there is always Kaos close by.

Trouble With Botnets

I tell you, last year about this time, it really looked like we just about had spam licked. While I was just starting work with Message Parters, I remember the feelings of self-satisfaction when we told someone that you use this spam filter, and then spam would be gone.

Oh my oh my how things have changed. Image spam, while we're getting a leg-up on them, image spam is quite the tough baliwick, and it's gonna take the best minds a bit longer to find a true fix (though our greylisting sure is giving spam all sorts of difficulties right now).

And then there's the unending zombie war currently going on with botnets. Seems malware has been written that, once some sort of MS Office document is opened, immediately turns that persons computer into a spam slave (please people, never ever open an attachment from someone you don't know, and if you get something unexpected from someone you know, contact them first to make sure it's all right to open).

Currently, there are botnets ranging anywhere from a few thousand computers to over a million. That's a lot of spam clogging inboxes. But I promise you, the gang at Message Partners is doing fine against the million bot march of spam, and not long from now, we just may have an answer to bring down some of these nattering networks. I'll keep you tuned in.

Taunting Spam

Some Mondays are tough, and other Mondays are super-tough -- for me, the fact that this is really the first work Monday of '07 means this Monday hit me particularly hard. In what is already a dreary and rainy day (at least in NYC, where this morning, the smell of gas permeated the entire city, which always immediately makes me think of 9/11, but as of this post I remain unblown-up), from now on I am going to take a moment out of each Monday to try to add some levity to the day by taunting spam.

Although this in no way reflects the policy of my company, Message Partners, and we have much better tools to stop spam then a rude taunting, well, who knows, maybe if I taunt spam hard enough, maybe spam will finally decide it's had enough and go straight home and refuse to come out anymore. Hey, anything to help Message Partners beat spam is all right by me.

So, today I received the following spam:

Dear Friend,

Greetings to you and your family, I am David Xueqing, a staff of
Private Banking services of the Bank of china, Shenzhen China. I have an
obscured business proposal that I am sure will be of interest to you.

Please respond to me via my private email address:
dxue10112@yahoo.com.hk

Upon reciept of your response, I will give your more information on the
business.

I will await your prompt response to this email.

Sincerely,

David Xueqing

My taunt:

Hey fellow email user from China. Thank you for taking the time out of your very busy crime-ridden schedule to contact me. I know you probably are very anxious to hear from me, as you probably have to purse-snatch a couple of little old ladies later. And your mother probably still has no idea you've stolen her identity so you can opt for the extra-special nail-spa treatment.

Thanks for calling me your friend, David. I've never met you before and already I'm your friend. That's really great. In America, friends send friends extravagant birthday presents, so I'll let you know when and where to send it.

I know, I know, enough small talk, let's get down to the business at hand. You say you have an "obscured business proposal." Obscured, huh, does that mean it's obscured from you? If I get into a business deal with you, I'd prefer you knew about it, friend.

And you say you are a "staff" of Private Banking services of the Bank of china. I've never done business with a staff before, but if you were a walking stick, or better yet, a magic wand, then you might really have my interest.

Also, David, one easy bit of advice, USE A DICTIONARY. While the fact that you're using English is quite exemplary, as it's probably not your first language, you misspelled receive, man. Not that big of a deal, but your whole email revolved around receive, you see, because you simply cannot proceed to the next step of the scam unless you receive something, anything, from me. So receive is a key word, the crux word, the word you really want to get right, my fiend David. And no, I didn't mean to write My friend David. You see how that spelling thing works.

But altogether, David, I can only say I have contempt for you, my friend. I mean, aren't you really just running a scam that the Nigerians have been doing for years, and a scam that they do better (they use much better details). And from what I've read, Nigeria is a seriously depressed country, whereas China is booming, so here's some unsolicited advice for you, David.

Go get a job. I mean a real job. Something your mother would be proud of. And I don't mean you imitating your mother so you can get a bunch free credit cards, I mean the-woman-who-gave-birth-to-you mother.

Out Damn Spam

Well, I'll be the first to admit it, it's been a little while since my last post. You know, I've read that over 50 million blogs have been abandoned and are now longer being updated, which basically makes them orphans. Well I'm not going to let that happen to this blog.

Basically, the reason for my reticence is spam's recent great resurgence. My company, Message Partner's, has been battling this recent flood, surge, outright global spamming epidemic that's going on right now. Did you know that spam now accounts for just about 9 out of every 10 email messages sent today. That just makes that 1 out of 10 real emails all that much more important.

I mean, aren't people starting to get a clue? If spam worked like it said it did, people would now need pills to make their sex organs smaller. Actually, the truth is, spam has changed, and they've switched from the pharmaceutical come-on, shifting to stock pump-and-dump scams as well as phishing. Phising, as I'm sure you probably know, are emails that pretend to be from actual banks or legitimate internet merchant sites that typically warn you that something unauthorized has happened to your account, and please click on this link and sign in and get everything back in order. Only problem, it's a SCAM, the link generally goes to a fake site using borrowed graphics (graphics are just so easy to steal on the internet), which means the information you've just typed in to clear everything up has now turned everything bad. Very very bad.

Phishing is a scourge, one that threatens the very viability of email, so please, never ever ever respond to an email message from a bank or eBay or Amazon no matter how official it looks. If you think you are having account trouble, go straight to the site by typing it directly into the address bar.

Well, it's near the end of the day Friday, and I got some other stuff to do. So the reason for the delay is this sudden onslaught of damned spam. But, while I admit this groundswell of junk email did catch us folks at Message Partners somewhat by surprise, we've battled back quite well, thank you, and have plenty of nifty tools in our email platform that will not only defeat spam, it'll stop it from ever even getting on your server. We've also got some excellent tools to fight phishing.

Yes indeedy. Have a great weekend, all. I'll be back with another post before you can eat a full can of actual Spam.

Tags: Spam, Stop Spam, Fight Phishing