Archive for Spam

Spammers Have Internal Database Leak Onto The Web

Posted in Commentary with tags , on March 7, 2017 by itnerd

In an #EpicFail moment, notorious spammers River City Media (RCM) has exposed 1.37 billion email addresses after failing to password-protect a remote backup. This was discovered by Chris Vickery who is a security researcher at MacKeeper:

A cooperative team of investigators from the MacKeeper Security Research Center, CSOOnline, and Spamhaus came together in January after I stumbled upon a suspicious, yet publicly exposed, collection of files. Someone had forgotten to put a password on this repository and, as a result, one of the biggest spam empires is now falling.

Additional coverage can be seen over at CSOOnline.

The leaky files, it turns out, represent the backbone operations of a group calling themselves River City Media (RCM). Led by known spammers Alvin Slocombe and Matt Ferris, RCM masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends.

Think about that for a second. How can a group of about a dozen people be responsible for one billion emails sent in one day? The answer is a lot of automation, years of research, and fair bit of illegal hacking techniques. 

I say illegal hacking due to the presence of scripts and logs enumerating the groups’ many missions to probe and exploit vulnerable mail servers.

The game that these spammers were playing goes something like this. RCM gathered its mammoth database from people requesting credit checks, entering prize giveaways and sweepstakes and applying for education opportunities, along with techniques like co-registration in which a person’s info is shared with unnamed affiliates after clicking “submit” or “I agree” on a website. Thus, there’s a very good chance that your e-mail address is likely in this leak.

The good news is that RCM’s spamming days are over. Spamhaus has blacklisted their entire operation. The bad news is that this database has a ton of personally identifiable info. Who knows what hands that is going to end up in.

Leave a comment »

Canadians Report 1000 Violations Of New Spam Law

Posted in Commentary with tags , on July 4, 2014 by itnerd

As of July 1st, Canada has a new anti-spam law which was designed to keep spam out of the inboxes of Canadians. Well, an interesting side effect of this new law is the fact that according to the CBC the CRTC has been flooded with complaints since the law went into effect:

More than 1,000 complaints have been filed since the new anti-spam law took effect on Tuesday, says Manon Bombardier, the CRTC’s chief compliance and enforcement officer.

Hundreds of reports have been submitted daily and investigators are already at work looking into whether companies have violated the new law, says Bombardier.

“We have received a number of complaints, and the numbers will keep going up for sure, but really for us the positive message is Canadians are seeing the importance of the legislation and they are reporting (spam) to the CRTC as the mechanism allows them to do,” she says.

“From what we’ve observed in social media the reaction seems to be quite positive.”

I’m not so sure about that. First, I fully expect that number to grow. Second, as I’ve said previously, I fully expect that responsible businesses will obey the law. But those offshore or those who just don’t care won’t. But it’s still early in this process so perhaps I’ll be proven wrong. But somehow I doubt it.

 

Leave a comment »

Hey IT Nerd! Will The New Canadian Spam Law Work?

Posted in Commentary with tags , on June 4, 2014 by itnerd

A new question just popped into my inbox:

Hello IT Nerd. Canada has a new anti-spam law that goes into effect July 1st and I am wondering if you think it will work? 

Cheers!

Thanks for the question.

I think this new spam law is going to be ineffective. The law requires senders to get the permission of recipients. Good luck with that. I’m pretty sure that some people aren’t going to do that. Secondly, It will do little to stop spam as I think it will have no effect on those spammers outside of Canada which is where most spam comes from. So I fully expect that you will continue to see e-mails trying to get you to buy Viagra in your inbox past July 1st. Now that’s not to say it’s all bad. The good can be found in the fact that text messages, social media, IM and voice messages are included in this law. But that doesn’t stop this law from being a bit of a #fail. Give it a year and I think that it will become clear as to how much of a failure this law is.

Leave a comment »

Third Largest Botnet Taken Down… Less Spam For You… For Now….

Posted in Commentary with tags , on July 22, 2012 by itnerd

Last week a group of researchers announced that Grum which was the third largest botnet on the planet had been taken down by blocking the botnet’s command and control servers in both the Netherlands and Panama. What does this mean for you? It means that 18% – as much as 50% of the world’s spam volume has just disappeared.

Excellent!

However the people who run this botnet were able to briefly bring it back up before it was shut down again. It’s likely not to stay down, though bringing it back may be a problem:

“It’s not about creating a new server. They’d have to start an entirely new campaign and infect hundreds of thousands of new machines to get something like Grum started again,” said Atif Mushtaq, a computer security specialist at FireEye.”They’d have to build from scratch. Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server.”

So this is a win. But it may only be a short lived one before the mayhem starts again. So enjoy the reprieve from spam while it lasts.

Leave a comment »

Facebook Scores $873 Million Victory Against Canadian Spammer…. Good Luck Collecting That

Posted in Commentary with tags , , on November 25, 2008 by itnerd

A US court has ruled against spammers who were bombarding Facebook with spam messages and ordered them to pay $873 million in damages. Spammer Adam Guerbuez of Montreal and his company Atlantis Blue Capital were told to pay $436.2 million in statutory damages and another $436.2 million in aggravated statutory damages for violations of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). However, Facebook is unlikely to collect any of the money:

“Does Facebook expect to quickly collect $US873 million ($A1.38 billion) dollars and share the proceeds in some way with our users?” asked Kelly in a posting on the Facebook blog. “Alas, no. It’s unlikely that Geurbez and Atlantis Blue Capital could ever honour the judgment rendered against them.

“But we are confident that this award represents a powerful deterrent to anyone and everyone who would seek to abuse Facebook and its users,” he added.

This is a very significant victory against the forces of evil spammers. Hopefully it will lead to many more and ultimately lead to the elimination of Spam.

Leave a comment »