Google's Picasa and Yahoo! Groups used to spread spam

One of the most effective techniques anti-spam products have to block spam messages from reaching your inbox is reputation filtering.

Yes, to a degree, anti-spam solutions may still look for v1@gr@ and Mrs. Gaddafi offering you $40 million, but the biggest bang for your buck comes from reputation.
What do you do if you are a spammer? Figure out a way to get a legitimate mail provider to deliver your messages for you...


Here is an example. You can see I have received six emails, all from "Picasa Web Albums" offering me some very spammy subjects. How do they do this? They are simply creating bogus accounts on Google Picasa, uploading a photo of their product, then "sharing" this photo with a personalized spammy message.

Even worse is the abuse of Yahoo! Groups. It has been standard practice for many years that mailing lists require you to confirm you want to subscribe.
Yahoo! Groups seems to have a mechanism built for the convenience of spammers, the ability to add anyone to a group without their permission. Here is an example invitation from a spammer:



Upon receiving something like this you might think you could safely ignore it and not be subscribed. Instead when you read the fine print it explains you are already subscribed to this group and you have to opt-out to not receive messages.
Every time the spammer wants to reach you he can now depend on Yahoo! to send his message, digitally sign it with DKIM, have valid SPF records and successfully evade reputation-based spam filters.



I'm not sure what Yahoo! or Google were thinking when they created systems that allow people to arbitrarily use their email systems to spam people, without any confirmation that the recipient is interested in communicating with the sender.
You can opt-out of receiving these messages, but you shouldn't have to. To test this I clicked the link Yahoo! says will allow me to prevent future spams. I clicked it and got to a page that read:

"Sorry, that link has expired. We do this to prevent abuse."

Huh? I am the victim and you are preventing me from opting out of your ill thought policy? I tried again on a newer spam and was successful in opting out.



Oddly they make me confirm my decision not to let them spam me, very strange workflow here. I expect that Google and Yahoo! should seek our permission before allowing third parties to abuse their systems for sending spam.

Read More...

SpyEye Trojan stole $3.2 million from U.S. victims

The amounts stolen and the number of large organizations potentially impacted is cause for serious concern, says Trend Micro

A Russian cybergang headed by a mysterious ringleader called 'Soldier' were able to steal $3.2 million from U.S. citizens earlier this year using the SpyEye-Zeus data-stealing Trojan, security company Trend Micro has reported.

Over a six month period from January 2011, Trend found that the Soldier gang had been able to compromise a cross-section of U.S. business, including banks, airports, research institutions, and even the U.S. military and Government, as well as ordinary citizens.

[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. ]

A total of 25,394 systems were infected between 19 April and 29 June alone, 57 percent of which were Windows XP systems with even Windows 7 registering 4,500 victim systems.

The company has not explained how the sum of $3.2 million was taken, nor from which types of user, but accounts across a wide range of applications were found to have been compromised. The three largest by some margin were Facebook, Yahoo and Google, but eBay, Amazon, PayPal, and Skype also appear on the list.

"'Soldier' has mainly targeted U.S. users and to increase the number of successful infections achieved in the U.S., he even bought U.S. traffic from other cybercriminals. Besides using malware to steal money from the compromised accounts, he also steals user security credentials," Trend Micro said.

"Compromise on such a mass scale is not that unusual for criminals using toolkits like SpyEye, but the amounts stolen and the number of large organizations potentially impacted is cause for serious concern."

Banking Trojans such as SpyEye and the older Zeus (possibly now merged with SpyEye) have been one of the malware stories of the last year, and have featured in a number of high-profile online crime cases.

In the U.K. this included a teen gang said to have stolen as much as £12 million ($18 million) from a range of activities including online bank fraud. Earlier in 2010, a separate gang using Zeus was able to steal up to £20 million ($30 million), police believe.

nb : infoworld Read More...

Researchers Find Ads on Bing, Yahoo Leading to Malware Downloads

Searching on the Internet is fun. You can find videos of cats making meatloaf, cats playing the hammer dulcimer and cats reading Shakespeare while juggling eggs. Oh, and you can find malware, too. Lots of malware. Researchers at GFI Labs are good at finding that malware, and they've come across a number of advertisements in Yahoo and Bing search results that are pointing users who searched for Firefox, Skype or other popular software to malicious sites that instead serve up rootkits and other malware.

The idea of redirecting unsuspecting users to malicious download sites is an old one, but it's not often as blatant and bold as the most recent examples that GFI discovered. In these cases, simple searches on Bing and Yahoo for terms such as "Firefox download" and "Skype download" returned advertisements at the top of the results page that pointed users to the malware-download sites. These are not the sites you're looking for.

In one case, the site that purports to be delivering a Firefox download instead installs a rootkit on the victim's machine and also attempts to perform some click fraud operations in the background in Internet Explorer.

"Clicking the adverts takes end-users to sites such as river-park(dot)net, and they do a pretty good job of convincing visitors that these sites are the real deal (incidentally, you'll notice that some of the ads display the "real" URL of the program mentioned, but take you to a rogue site such as the "Download uTorrent Free" advert above which actually takes you to aciclistaciempozuelos(dot)es/torrent)," GFI Labs' Christopher Boyd wrote in a blog post.

Boyd said that the rootkit from the fake Firefox download site also was performing Google redirects, a popular technique that's used by attackers and scammers to force users to visit a particular site, either for malicious purposes or for click fraud campaigns. Attackers have developed a long list of techniques for abusing search engines, and some of them have become quite effective over the years. SEO poisoning is high up on that list, as is the practice of setting up counterfeit sites that look somewhat like the legitimate download site for applications such as Firefox, Skype or security software and then delivering malware instead.

The search providers have taken steps recently to help users avoid these sites in their search results and in the ads on the side of search result pages, but it still can be difficult in some cases to discern which sites are legitimate and which are littered with malware and drive-by downloads. Boyd said that GFI Labs has informed Yahoo and Microsoft about the malicious ads and that the companies are working to remove them.

nb : threatpost Read More...