The Main Risks Associated with Spam

There was a time when spam was considered little more than an invasive annoyance. It was merely an attempt, albeit an unwanted one, to communicate information about a product or service to as many people as possible. But then hackers saw another opportunity. They decided to use this tool as a means to exploit consumers and businesses.

 

Spam then, can pose considerable risk to the enterprise. But what are the primary issues?

 

Productivity – If we estimate the time that it takes for an employee to evaluate and delete an unwanted email, and multiply that by the number of employees, we begin to see how costly spam is. While this scenario may not represent real dollars spent mitigating the problem, it does translate into productivity losses which can have a financial impact. Time spent dealing with spam is time not spent on company business.

 

Storage Space – Company managed anti-spam solutions typically include one or more servers and software. Some estimates indicate spam accounts for over 90% of email. What this means is that a significant portion of that server space is used to receive and sometimes quarantine suspicious emails. If messages aren’t deleted, space can be easily consumed, forcing the purchase of additional storage space.

 

Security – Unfortunately, many spam messages are sent with the intent to harm the receiver. Clicking on erroneous links or opening infected file attachments can result not only in damage to the computer, but loss of data as well. In an era where privacy laws protect consumer data, the loss may be further compounded by financial penalties and damage to company reputation.

 

Spam can no longer be viewed as a problem of convenience, targeted at potential consumers. Real loss of data, reputation or company services can prove costly. Based on these risks, businesses should invest in solid anti-spam service solutions. To further reduce costs, cloud-based solutions have proved that they are not only up to the task, but will also save your time and money in the process.

 

Additional Resources:

http://www.allspammedup.com/2009/10/taking-control-of-the-risks/

http://www.spamlaws.com/

http://blogs.computerworld.com/16285/outbound_spam_hard_data_illustrates_real_risks

 

This guest post was provided by Veronica Henry on behalf of GFI Software, a leading software developer that produces network and messaging security solutions for SMBs. More information about GFI anti-spam solution can be found at http://www.gfi.com/mes

All product and company names herein may be trademarks of their respective owners.

Contract_05_07_2010.zip – all you’ll contract is a malware infection

SophosLabs is seeing another widespread malicious spam attack being sent to email addresses around the world. The emails, which have a malware-infected attachment called Contract_05_07_2010.zip, pretend to be a legal contract – however, opening the contents of the file could infect your Windows computer.

 

A typical email reads:

Subject: Permit for retirement

Message body:

Good day,
We have prepared a contract and added the paragraphs that you wanted to see in it.
Our lawyers made alterations on the last page. If you agree with all the provisions we are ready to make the payment on Friday for the first consignment.
We are enclosing the file with the prepared contract.
If necessary, we can send it by fax.
Looking forward to your decision.
"<name>

Attached file: Contract_05_07_2010.zip

 

 

Read More…

 

Beware ‘Your log 05.07.2010′ emails – they carry malware

Malicious hackers are spamming out emails around the world disguised as a changelog, with the intention of infecting recipient’s Windows computers with the attachment.

 

A typical email reads as follows, although there can be minor variations in the message body:

 

Subject: Your log 05.07.2010

Message body:
Dear Customers,
as promised your changelog is attached,
<name>

Attached file: Changelog_05_07_2010.zip

 

The emails, by the way, are always signed off by the first name of the person who is mentioned in the message’s from: field. That field is, of course, forged – it’s not really that person who sent you the email so don’t blame them if you get infected!

 

Read More…

 

iPad owners’ email addresses exposed: let’s stay calm

One of the hottest security news story today revolves around the news that a weakness on AT&T’s website allowed outsiders to grab the email addresses of early adopters of the Apple iPad – at least those who had chosen to subscribe via AT&T.

 

The news was broken as an “exclusive” by Gawker in a story entitled “Apple’s Worst Security Breach: 114,000 iPad Owners Exposed”.

 

As my fellow blogger Paul Ducklin points out, it’s Gawker’s lead story right now – alongside continuing coverage of Debrahlee Lorenzana, the so-called “Hottie Banker” who alleges that she was sacked from her job at Citibank because she was too sexily distracting for her male co-workers.

 

If you can divert yourself away from Debrahlee Lorenzana’s charms for a second to read the Gawker story you’ll find that it has some very scary things indeed to tell you:

"dozens of CEOs, military officials, and top politicians. They - and every other buyer of the cellular-enabled tablet - could be vulnerable to spam marketing and malicious hacking"

"the most exclusive email list on the planet"

"the breach will also likely unnerve customers thinking of buying iPads that connect to AT&T's cellular network"

"One affected individual was William Eldredge, 'who commands the largest operational B-1 [strategic bomber] group in the U.S. Air Force'"

 

and so it goes on..

 

Reading on in the report it appears that a group called Goatse (don’t Google it, trust me..) bombarded the AT&T website service with thousands of requests using made-up ICC-ID codes (that’s an internal code used to associate a SIM card with a particular subscriber).

 

The hacking group deluged the website with so many made-up requests that some were bound to reflect genuine ICC-ID codes, and effectively “stick”. When this happened the website believed them to be a genuine iPad user and revealed the associated email address.

 

Ok. So I can see how this embarrassing, and it shouldn’t have happened. But, as Paul Ducklin underlines, it’s just an email address and you reveal your email address everytime you send an email.

 

READ MORE…

Changelog 07.06.2010: Hackers spam out malware attack

Updated Have you received a curt email in the last 24 hours with a mysterious attachment called Changelog_07.06.20010.zip? If so, you could be at risk of falling victim to the latest attack launched by malicious hackers.

 

Poisoned emails have been spammed out worldwide, posing as a legitimate communication.

Typical emails have the following characteristics:

Subject: Changelog 07.06.2010
Message body:

Good afternoon,
as promised,
<Name>

or

Dear customers,
as promised,
<Name>

or

Good morning,
as promised,
<Name>

or

Good day,
as promised,
<Name>

Attached file: Changelog_07.06.20010.zip

 

where <name> is the first name of the supposed sender of the email. In other words, if the from address says that the message was from “Peter Bathurst” then the email will be signed “as promised, Peter”.

 

Read More…

 

Danger! Fake $50 iTunes certificate carries malware

 

 

Amid all the usual attacks posing as delivery notices from DHL and FedEx this morning, I spotted some malware that had been spammed out posing as an Apple iTunes certificate for $50.

 

The emails read as follows:

Subject: Thank you for buying iTunes Gift Certificate!
From: "iTunes Online Store" <software@itunes.com>
Attached file: iTunes_certificate_997.zip

Hello!

You have received an iTunes Gift Certificate in the amount of $50.00
You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.

 

Running the attached malware can infect Windows computers. Clearly the hackers are hoping that in your excitement about receiving a $50 iTunes gift certificate that you will throw caution to the wind and open the attachment.

 

Sophos detects the malware, contained inside a ZIP file, as Troj/BredoZp-AM andMal/FakeAV-BW.

 

 

By Graham Cluley, Sophos

 

Canadian Pharmacy spammers set up shop on Twitter

At the beginning of this month I received an email telling me about someone new who had started following me on Twitter.

Their name was @canadianshop, and it was immediately apparent that they were promoting a Canadian online pharmacy via their account. These kind of websites are frequently promoted in email spam.

Like every other time you receive a new follower on Twitter, the service reminds you that you can report them for spam:

If you believe canadianshop is engaging in abusive behavior on Twitter, you may report canadianshop for spam.

 

But for once I decided not to. After all, this account was clearly spammy and I was curious to see how long it would take before someone else reported them and their account was suspended.

 

That was 24 days ago. And despite the @canadianshop account making no attempt to hide who they are – even their background wallpaper uses familiar imagery used in hundreds of thousands of emails to promote medications like Viagra and Cialis – they remain active on Twitter.

 

At the time of writing the account is following over 2000 people, and has 589 folk following it back.

In addition to its activities on Twitter, the account has also created a number of custom bit.ly links to promote its online stores which redirect to Canadian Pharmacy websites like the one below:

So, let’s hope the account gets shut down soon. I’ve reported it to Twitter now, and also dropped a line to the folks at bit.ly about the links in case they want to take action against those.

 

As if anyone needed reminding let me say it again – if you buy drugs online you’re not only putting your personal information at risk (remember these guys are prepared to spam and use scummy tactics to promote their sites, they possibly wouldn’t flinch at doing something naughty with your credit card details), but you’re also potentially putting your health in jeopardy.

 

By Graham Cluley, Sophos

 

Beware airplane ticket N648365 – it contains malware

The bad guys are up to their old tricks again, spamming out malicious attachments posing as airline tickets.

 

The latest attack, which we’re seeing in many of our spamtraps around the world, poses as an email from Delta Air Lines.

 

Here’s a typical message:

Subject: Online order for airplane ticket N648365
Message body:
Good afternoon,
Thank you for using our new service "Buy airplane ticket Online" on our website.
Your account has been created:

Your login: [removed]
Your password: G6vFjbdp

Your credit card has been charged for $998.63.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%! Attached to this message is the purchase Invoice and the airplane ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
Delta Air Lines

Attached file: eTicket.zip

 

Of course, even if you haven’t booked an airline ticket you may still very well open the attachment – especially if you believe your credit card may have been charged for such a large amount of money!

 

Sophos detects the malicious file attached to the emails as Mal/BredoZp-B and Mal/EncPk-MP. Users of other anti-virus products are advised to ensure that they are up-to-date and capable of detecting this email-borne threat.

 

By Graham Cluley, Sophos

 

 

Related Blogs

No, you’ve not received a postcard from a family member

Over the weekend there has been a new wave of attacks spammed out, spreading a version of the Bredo Trojan horse via malicious emails.

 

The emails claim to be an ecard from a family member, but opening the attachment can infect your computer with the Troj/Bredo-BS Trojan horse.

 

A typical email has the following characteristics:

Subject: You've received a postcard
Attached file: postcard.zip
Message body:
Good day.

Your family member has sent you an ecard
If you wish to keep the ecard longer, you may save it on your computer or take a print.
To view your ecard, open zip attached file.

 

This is clearly an old tactic to trick people into infecting their computers, but the reason why it’s so familiar is that it really does work.

 

There’s clearly a danger that some people may return to their work email on Monday morning and, with still sleepy eyes after the wekeend, open the attachment before their brain has been woken up by a strong sip of coffee.

 

Sophos detects the ZIP file as Troj/BredoZp-AC, and its contents as Troj/Bredo-BS.

 

Somehow the BS nomenclature seems particularly appropriate for this clearly bogus ecard from a family member.

 

Make sure your anti-virus software is up-to-date, and able to protect against these latest threats, which are still being distributed via spam right now, as you can see in the above snapshot of malware being detected in our traps.

 

Don’t forget you should always be cautious of opening unsolicited email attachments – criminal hackers will often use this technique to try to trick you into running malicious code on your computer.

 

By Graham Cluley, Sophos

 

 

Facebook Password Reset Confirmation emails carry malware

Today I received an email about  Facebook Password Reset Confirmation email with subject :

 

"The Facebook Team" <service@facebook.com>

 

 

and it tells me my facebook password changed for safety reason then they wants me to download the attached document to see the new password and the attachment (Facebook_document_145.zip) it content a virus called :

 

• Mal/FakeAV-BW [Sophos]
• Suspect-1B!E4800A5BF6F6 [McAfee]
• Not Detected  [Kaspersky Lab]
• Not Detected  [Microsoft]

its an EXE file with DOC icon .

 

Be careful with these kind of emails and don’t run any attachments that you don’t trust.

 

To Download the removal tool : (ClickHere)

 

Next Page »