Devious Spamhaus Phishing Scam Warns You’re On An Email Block List ^HOT^
If you are an email administrator, then you are most likely familiar with this organization and how removing one of your IP addresses or domains from their block list can be an arduous task, to say the least.
Devious Spamhaus Phishing Scam Warns You’re on an Email Block List
By using scare tactics, such as adding an email address to a spam block list, the attackers hope that the recipient will make a rushed decision and overlook clues like the document being a VBS file and open it.
From ACM's TechNews, June 28, 2004 "Winning the War on Spam"Discover (06/04) Vol. 25, No. 6, P. 24; Johnson,Steven The current model for fighting spam is treating it as a disease, with spam-blocking software, blacklists, and other techniques being disease-fighting antibodies. Some technology experts say this thinking is flawed because it does not try to address the root cause of spam, which is its profitability: If millions of identical messages are sent out, the cost is still basically the same as if the spammer sent only one message. Ferris Research estimated businesses spent $10 billion fighting spam last year, not to mention the inconvenience caused to home users and the millions of hours consumed emptying junk mail. Over the past several decades, environmentalists figured out that industrial pollution, like spam, actually costs more than it appears: People buying gas at the pump pay for the oil extraction, refining, and transportation, but do not pay for the associated damage to the environment; in this sense, email is simply too cheap to reflect the exorbitant costs of spam on users and the Internet infrastructure. Although some experts have advocated a small monetary charge for email, this system would not only be difficult to implement, but would unfairly punish those who could possibly benefit from email most. Microsoft researcher Cynthia Dwork has another solution that involves payment for email, except in computation time, not money: She suggests making sending computers figure out a puzzle so that each email message would cost about 10 seconds in computational time. Dwork's scheme is dependent on a variable element in the puzzle, which can increase the complexity of the puzzle in relation to Moore's law; though this 10-second tax would not likely affect regular users much since they could do other tasks on their PC in the meantime, it would mean a single computer could only send out roughly 8,000 emails per day instead of the millions they currently can churn out. Spammers would have to buy more machines, which would put many of them out of business. Click Here to View Full Article "Internet Takedown"Government Technology (06/04) Vol. 17, No. 6, P. 24; McKay, Jim
From ACM's TechNews, May 19, 2004 "Fine-Tuning Spam Filtering"TechNewsWorld (05/18/04); Korzeniowski, Paul Unsolicited commercial email has expanded by more than five times its volume since 2001, and though spam filtering solutions help mitigate the problem, they are not foolproof--and worse, they can unintentionally prevent legitimate email from getting through, often without the user realizing it. The risk of false positives, which has escalated as spammers and anti-spam product vendors play a rapidly accelerating game of one-upmanship, is frustrating for companies that rely on sending large volumes of valid email for their business. One of the more popular spam filtering methods, whitelisting/blacklisting, involves placing incoming spam messages on a whitelist (senders whose emails are permitted into the recipient's inbox) or a blacklist (senders whose messages are blocked because they are assumed to be spam); however, Ferris Research's Richi Jennings warns, "Spoofing [the process of putting another person's or organization's email address in the header] is a major issue, and more than one out of every three spam messages does not come from the address listed." Another widespread spam-blocking technique, content filtering, analyzes message content to statistically determine whether the email is spam, and ranks messages accordingly. With spammers continuously probing filters for work-arounds, and current strategies to avoid false positives resulting in spam overload or reduced productivity, users are clamoring for better spam-blocking measures. Among the techniques vendors are looking at is the use of domain keys that confirm email senders via public-key encryption technology. A successful domain key authentication scheme requires widespread adoption, the creation of a standard supported by all vendors, and upgrading corporate email systems. Though Jennings thinks domain key technology will help curb spam, he notes that "in the short term, it will continue to be difficult for companies to block spam but still deliver needed messages to their users." Click Here to View Full Article From EduPage, May 12, 2004 Canada Urges International Cooperation To Fight Spam Canadian officials this week suggested that international efforts, possibly including a treaty, are necessary to fight the growing problem of spam. Lucienne Robillard, Canada's Industry Minister, said, "Alone, country by country, we cannot solve this problem," noting that 95 percent of spam received by Canadians originates in other countries. According to Robillard, an international treaty on spam could include extradition of those accused of sending spam. Richard Simpson, director general of e-commerce for Industry Canada, compared a potential international agreement on spam to existing tax treaties, which countries use in collecting taxes and "countering other forms of activities like money laundering." A spam treaty is also being discussed at the Asia Pacific Economic Cooperation forum, according to Canadian officials. CNET, 11 May 2004 -1028_3-5210534.html From EduPage, May 10, 2004 Microsoft Reward Credited With Arrest Of Sasser Suspect An 18-year-old German student has been arrested for, and has confessed to, writing the Sasser worm that began infecting computers around the world last week. The arrest was made after acquaintances of the teen tipped off the Munich offices of Microsoft, which set up a reward program last year to try to catch writers of malicious computer code. The informers, who said they were aware of the reward program, provided Microsoft with details about the worm, convincing the company to notify German authorities. After being arrested and having his computer confiscated, the teen confessed. The informants will receive $250,000 if he is convicted. An official from Microsoft praised the reward program, calling this first instance of its use a "defining moment in demonstrating our ability to combat malicious code in collaboration with the authorities." Wall Street Journal, 10 May 2004 (sub. req'd) ,,SB108401726263605863,00.html Sasser Author Tried To Create Virus-Fighting Virus
From ACM News, January 14, 2004 "Is the Tide Turning in Battle Against Hackers?"IT Management (01/04); Robb, Drew Despite the Internet and computer systems appearing to be under constant assault by ever craftier hackers, security safeguards are progressing faster, as demonstrated by a documented slowdown in exponential damage increases in 2003, compared to previous years. According to a joint Computer Security Institute/FBI report, the percentage of companies experiencing unauthorized computer use fell from 60 percent in 2002 to 56 percent in 2003; furthermore, significant security incident totals remained about the same, but financial losses reported by respondents fell from $455 million in 2002 to $202 million in 2003. The greatest losses in 2003 were attributed to theft of proprietary information, but damages were again significantly lower than in the previous year. However, fewer numbers of organizations experiencing Denial-of-Service attacks were countered by an increase in damage, from $18 million in 2002 to $66 million in 2003; the third biggest threat was viruses, whose collective damage last year totaled $27 million, almost half that of the year before. Symantec's most recent Internet Security Threat Report indicates significant growth in the number of blended threats and a shrinking interval between the discovery of vulnerabilities and the launch of exploits. Odds are more favorable toward network security right now because companies are regarding threats with more seriousness, according to the results of a Business Software Alliance/Information Systems Security Association poll released last December. Seventy-eight percent of respondents claimed their companies were better fortified against major attacks than they were 12 months earlier. However, these positive reports are not an excuse for companies to relax their vigilance or their deployment of cyber-defenses, given the increasing sophistication and speed of hacks, as well as indications that such attacks are the work of organized groups sponsored by enemy governments. Click Here to View Full Article From ACM News, January 12, 2004 "Security Threats Won't Let Up"InformationWeek (01/05/04) No. 970, P. 59; Hulme, George V. The state of information security, which took a hammering last year, is expected to worsen this year as security vulnerabilities increase in severity, the use of spyware grows, and spammers adopt hacking tools and techniques to distribute junk email. To bolster themselves against these threats, businesses may have to add commercially available intrusion-prevention applications to an arsenal that includes fast patching, firewalls, regularly updated antivirus software, and strict remote-user security regulations. A Yankee Group poll of 404 security decision-makers finds that over 50 percent of respondents expect their security budgets to grow significantly over the next three years. Gartner VP John Pescatore notes that virus writers are getting craftier and launching spyware attacks, many of which are designed to fool users into thinking they are dealing with trustworthy parties so that they will give out confidential information that can be exploited. The good news is that more and more effective anti-spyware tools are available from software vendors, while antivirus vendors are enhancing their offerings with spyware-detection and -removal software. In addition, anti-spyware legislation such as an overhauled Safeguard Against Privacy Invasions Act is slated to be introduced in 2004. Meanwhile, Vincent Weafer of Symantec anticipates that spammers will continue to employ Trojan horses and viruses to hijack computers and use them as spam launching platforms; experts also believe hackers will start taking advantage of popular peer-to-peer networks and instant-messaging services, and target cell phones, handhelds, and emerging operating systems as well. Though well-publicized "zero-day" worms are of less concern to security analysts, Pescatore points out that more worms are appearing within one to two weeks after a software flaw is discovered. Click Here to View Full Article From ACM News, January 7, 2004 "Security: From Bad to Worse?"InformationWeek (12/29/03); Keizer, Gregg A TruSecure study issued Dec. 29 indicates that spyware and peer-to-peer file-sharing software will make 2004 just as bad as 2003, if not worse, for businesses beleaguered by cybersecurity woes. Bruce Hughes of TruSecure's ISCA Labs reports that "perimeter killer" worms that attack networks directly through software flaws and unprotected Internet ports experienced a 200 percent increase in 2003, and such worms will constitute the biggest danger to businesses in 2004; he predicts that such worms will incur at least $1 billion in damages in the coming year. Hughes also projects a rise in "zero day" attacks, in which exploits appear prior to the disclosure of a software vulnerability. "Some hacker is going to release exploit code ahead of the patch and create significant damage to those unprepared," he warns. Hughes notes that spyware may be relatively less malign than viruses, but the two have begun to overlap, so companies should be vigilant for more malevolent spyware iterations. He foresees peer-to-peer (P2P) software as an especially frustrating headache for businesses, and has learned through analysis of hundreds of files shared on Kazaa that almost half include worms, viruses, and Trojan horse programs. Hughes urges companies to limit P2P usage on their networks, audit the enforcement of such regulations, and familiarize workers with the risks of P2P. Hughes sees the collaboration between government and the private sector in catching and prosecuting virus authors as a hopeful sign. Click Here to View Full Article From ACM News, December 29, 2003 "Device Guards Net Against Viruses"Technology Research News (12/24/03); Patch, Kimberly The communicability of computer viruses is often related to people's unwillingness to install and regularly maintain virus-filtering software on their systems, and Washington University and Global Velocity researchers have devised a new, hardware-based countermeasure called the Field Programmable Port Extender. The reconfigurable device scans data packets passing through a network byte by byte, blocking any packets that contain an Internet worm or computer virus signature. The Field Programmable Port Extender's reliance on hardware rather than software makes the system sufficiently speedy to scan high-speed backbone Internet traffic for viruses. Global Velocity co-founder John Lockwood says the device boasts a data-filtering rate of 2.4 billion bits per second, and claims the network-level protection offered by the Field Programmable Port Extender could make the system more effective at stopping worms and viruses than software running on end-users' computers. The hardware produces an abundance of specially-tailored circuits that individually scan data for a specific virus or worm type, and Lockwood notes that network managers can easily update the system's worm or virus signature database via a Web-based interface. He explains that the viability of the Field Programmable Port Extender stems from the construction of protocol processing circuits capable of scanning high-speed TCP/IP traffic as well as recognizing malware even when it is fragmented and distributed among multiple data packets and traffic flows. Click Here to View Full Article "DARPA Evaluates Proposals for Self-Regenerative Systems"Computerworld (12/22/03); Anthes, Gary H.