For the London Free Press – September 14, 2009

Read this on Canoe

Financial gain, notoriety and mischief are main motivators for unscrupulous ‘Net users, report says.

Symantec, maker of Norton Antivirus, recently released its mid-year update of 2009 Security Trends.

Security threats range for simple annoying spam to malware intended to cause damage to systems, to phishing attempts to obtain information leading to identity theft.

The following summarizes their top five security threats as well as some newly recognized threats.

- There has been an influx of new malware variants. In other words, attackers continue to develop new types of threats and deliver them in various ways. This leads to an increasingly large number of distinct threats.

Symantec says it blocks an average of more than 245 million attempted attacks each month, the vast majority of which are new threats. Detection methods required to repel these attacks continue to evolve. Different detection methods are often combined for better results.

- The global economic crisis has been the impetus for new security threats. Some prey on the latest trends and vulnerabilities, including an increase in things such as fake “work at home” schemes, and variations targeting employment ads. Other scams try to take advantage of homeowners under foreclosure or seeking mortgage refinancing.

- The popularity of social networking sites such as Facebook have made them a constant target for security attacks and scams. This threat has continued as scams attack through the use of compromised accounts, games and surveys which have the potential to collect lucrative information about users.

- Spam levels continue to rise, and will eventually comprise 75% to 80% of all e-mail. Spam volumes remain high despite ongoing successful efforts to shut down spam sites.

- Advanced web threats and malicious activity remain an increasing problem. Many such attacks occur against users of legitimate websites who are falsely redirected to malicious content. Forms of infection have been through “drive-by” downloads and attacks on social networking sites. Further attacks have occurred through plug-in applications and cross-site scripting.

Some of the more recent threats combined new threats with those used in previous years. An example is the use of characteristics of the CodeRed and Nimda threats in the Conficker worm, one of the “most complex and widely spread” threats in recent years.

Conficker was serious enough that last February, the Conficker Working Group, a panel of industry leaders and academics, was formed to help come up with a co-ordinated, global response.

Though many attacks are motivated by financial gain, others are motivated by the quest for notoriety and/or mischief.

The bottom line for both commercial and personal users of the Internet is that it is crucial to have protection in place to lessen the risks of spam, viruses, and malware in general.

That includes making sure firewalls are properly configured, and having regularly updated anti-virus software.

And be skeptical about any e-mail that doesn’t look right, or seems too good to be true.

For the London Free Press – June 1, 2009

Read this on Canoe

The federal government recently tabled an anti-spam bill aimed at reducing spam originating in Canada.

The anti-spam bill, officially known as the Electronic Commerce Protection Act (ECPA), also would apply to text messaging, instant messaging, phishing, spyware and botnets.

The ECPA is lengthy, but basically makes electronic communication for commercial purposes subject to consent. Thus, sending mass e-mails to random addresses would be prohibited.

Section 6 sets out the consent principle: “No person shall send or cause or permit to be sent to an electronic address a commercial electronic message unless the person to whom the message is sent has consented to receiving it, whether the consent is express or implied.”

The section also stipulates that a commercial electronic message must identify the sender and how they can be contacted.

Implied consent can be found where there is an existing relationship between the sender and recipient.

An “existing business relationship” can arise from business transactions within the last 18 months or “an inquiry or application, within the six-month period immediately preceding the day on which the message was sent.”

Section 8 prevents unauthorized installation of software, which aims to prevent the surreptitious installation of spyware and other malware.

The bill contains significant penalties for those who breach the rules — as much as $10 million.

As is often the case with legislation, the overall goals are laudable — no one would argue that anyone should be able to send spam or install malware on people’s computers– but it has the potential to cause headaches for normal businesses that no one would consider spammers.

The bill should not impede normal commercial practices, and would not be good for either business or consumers if it impedes commerce.

The draft legislation needs careful review and possible amendments on two fronts:

- First, to make sure a business that sends an e-mail to a specific person to solicit business, even though it has no existing business relationship, is not prohibited. It’s one thing to send out a mass e-mail to thousands of people. However, it should be acceptable to solicit on a one-on-one basis. And, sending a mass e-mail to one’s customers advising of things such as corporate events or new developments should be allowed absent contrary instructions.

- Second, to make sure the software provision does not negatively impact the process of placing cookies or providing software updates — provided, of course, they aren’t malicious in nature.

The bill has passed second reading and has gone to committee for review. Interested parties should take this opportunity to comment on the bill.

Once the dust settles, the bill is passed with its final wording, and the effective date is known, all businesses will need to pay attention to the bill’s requirements to ensure they are not offside.

A bill has been introduced that is intended to cut down on email spam originating from Canada.  I’ll have more to say about this later – but for now, here are some links to commentary by Michael Geist.  Michael’s thoughts on the bill are worth a look as he was on a task force a few years ago that studied spam.

Here, and here, and here, and here

Thats the title of my Slaw post for today.

It reads as follows:

Researchers from the University of California, Berkeley and UC, San Diego have published a paper on a study they did on spam.

They actually took over part of an existing spam botnet, and sent their own spam to test the response. We all wonder why anyone would actually fall for the scam, and know that the uptake must be low – but how low?

In their case, 350 million emails sent resulted in 28 “sales” – a response rate of 0.00001%.

Commentary ranges from the thought that the rewards for spammers are decreasing to math showing how lucrative it can be even at this low rate. For more detail, read Techdirt, a BBC news article, the Washington Post.

For the London Free Press – September 17, 2007

Read this on Canoe

Tired of receiving e-mails offering to help you lose weight, get rich and earn a diploma by simply clicking on a handy link?

You’re not alone.

A recent survey by Symantec found that spam levels remain high, accounting for about 66 per cent of e-mails. Despite efforts to combat junk e-mail, spammers continue to adopt new methods to evade detection by e-mail filters.

One difficulty faced by those working to reduce spam is the speed with which spammers change their tactics.

As recently as six months ago, almost 52 per cent of all spam received was image spam, in which the text of the message is presented as a picture in an image file.

Last month, this form of spam accounted for only eight per cent of all spam.

This is an indication that anti-spam filters are increasingly successful at combating this type of spam.

To fill the gap left by this decline, newer styles of spam are on the rise. In the last month the percentage of spam messages utilizing PDF images rose from three to seven per cent.

While PDF image spam is still nowhere near as popular as image spam was, it’s on the rise.

Two other new styles of spam are emerging. These involve the attachment of Excel and zip files to spam messages.

In the past, spammers pushing stock and pharmaceutical spam were significant users of image spam.

This variety of spam has witnessed a noticeable increase in usage by spammers looking for a replacement outlet.

While generally reliant on staying one step ahead of those combating spam, spammers still depend on some “traditional” methods.

Fake greeting cards remain a spammer favourite. These cards may appear to come from legitimate sources and instruct the user to click on a link to access their “greeting card.”

When the link is clicked a downloader accesses the Internet and downloads a Trojan Horse, a program that installs harmful software onto the computer.

E-mail users should be wary when clicking on such links in e-mails and watch for warning signs.

Examine the link and watch for anything suspicious, such as an exposed IP address which indicates the e-mail is not from a legitimate e-card company.

Changing the type of spam message isn’t the only tactic used by spammers.

The last month witnessed an increase in the percentage of spam messages from URLs using China’s top level domain (TLD), “cn.”

At the same time, the number of messages from URLs using “hk” (Hong Kong) TLDs dropped significantly.

This shift may be due to the enactment of new anti-spam laws in Hong Kong on June 1.

There are other possible explanations for the increase in use of China’s TLD.

In the past, spammers have used various TLDs to register names that reflect the product or service they offer.

Over time, the names become blacklisted, forcing the spammers to find new TLDs.

Switching to new TLDs can also be a way to avoid spam filters.

Unfortunately spam is not likely to go away any time soon. The battle for supremacy between spammers and spam filters will continue.

David Canton – For the London Free Press – November 11, 2006

Read this on Canoe

The amount of spam on the Internet is significant. Some of it is filtered out by Spamhaus, a United Kingdom-based volunteer organization that runs an anti-spam service.

Some entities, such as e360Insight (e360), did not like the volunteers to whom we are indebted and sued them for blocking their spam. Spamhaus ignored the e360 lawsuit, which, if successful, would shut down or suspend the Spamhaus domain name, because Spamhaus refused to recognize the U.S. court’s jurisdiction and $11.7-million judgment.

Most recently, regardless of Spamhaus’s failure to defend the action, an Illinois judge denied a motion by e360 to suspend Spamhaus’s domain name because the compl-ainant’s requested relief is too broad. That request for relief was aimed at the Internet Corporation for Assigned Names and Numbers (ICANN), which oversees the domain registration system, and Tucows, the registrar Spamhaus used to register its domain name.

The Illinois court noted that since there is no indication ICANN or Tucows participated with Spamhaus, the Court could not conclude that either party could be brought within the ambit of the Federal Civil Procedure Rules, which provide that an order granting an injunction is binding only on the parties to the action or on those persons in active concert or participation with them.

ICANN issued a statement saying it does not have the ability or authority to suspend individual domain names.

If Spamhaus were to be shut down, we would all feel the effects. Spamhaus states that more than 650 million Internet users, including those at the White House and the U.S. army, benefit from Spam-haus’s services. It has been said that as many as 50 billion junk e-mails a day would be unleashed worldwide.

In mid-October, Spamhaus released a statement reassuring computer users there is no need for alarm.

Spamhaus stated it initially ignored the order because a U.S. court has no jurisdiction over a U.K.-based organization, but Spamhaus states it is working with lawyers to both appeal and contest the ruling that may shut it down.

It is interesting that the Tucows registrar is located in Toronto. This raises the additional jurisdictional question of whether an Illinois judge can order a Canadian company to deregister a domain name based in the U.K.

We should also hope that spammers’ actions to shut down spam filters do not have a chilling effect on the anti-spam industry.

Its ironic that the same multijurisdictional tactics that spammers hide behind worked to keep Spamhaus in business.

An article on SecurityFocus entitled Stop the Bots is a good read. It explains what bots and botnets are, and why they are a major source of Internet evil.

Essentially this is about code that gives control of a computer to another. Large numbers of controlled computers are then used maliciously. The article states:

Botnets also do much more harm than just send out spam and phishing scams, however. In aggregate they are often used for denial-of-service attacks and extortion against legitimate companies, Google and Yahoo advertising click fraud, and more – such as hosting phishing sites.

Read the article

David Canton – For the London Free Press – Saturday March 25, 2006

Read this on Canoe

A subscriber to residential high-speed Internet services recently complained to the Privacy Commissioner that his Internet Service Provider (ISP) was reading his outgoing e-mails and declining to send them if they did not go through their own mail server.

The Privacy Commissioner decided the ISP had not breached any privacy obligations. The decision suggested the complainant was a spammer. The real reason behind the complaint may have been the individual did not want the spam he was sending to be blocked by the ISP.

The complainant subscribed to the ISP’s high-speed Internet service. He also subscribed to a web-centred company’s e-mail service, which allows individuals to send and receive e-mail messages from external mail accounts. The complainant was upset because he could not send e-mail without going through his ISP’s mail servers.

The ISP stated it makes its customers use its outgoing mail server because of its anti-spam measures. The complainant alleged by “reading” his outgoing e-mail, the ISP was collecting and using his personal information without consent.

Information travelling over the Internet is sent in packets which are combined at the other end to form the web page, image, e-mail, or whatever other form the information is in. Each packet contains information that is used to send the packets to the right place. One piece of that information is the port number information.

Think of the port number as a highway number.

Port 25 relates to e-mail.

The Internet knows a packet is e-mail if it refers to port 25.

In this instance, when port 25 was identified, the ISP looked at the destination IP address to make sure the e-mail was being routed through its own mail servers.

If that was not the case, it assumed the e-mail was spam and did not send it.

The ISP stated it did not otherwise inspect the content of the packet.

The complainant was trying to route his e-mail through the outside mail server, and believed his ISP did not have the right to know that he was using the other web-centred company as a third-party mail provider.

An important element of the commissioner’s findings was that the ISP’s terms of service — to which the complainant consented when subscribing for service — state the user agrees the ISP can monitor use of the ISP’s internet services, and monitor, review and retain content, material or information if the ISP believes such activity is necessary to provide the ISP’s Internet service to its customers. The ISP can read just about anything sent by users if it decides it is necessary for service.

A PCWorld article says a spammer has been assesed a $900,000 fine, which they describe as the largest ever. The articel also mentions that 4 people have been charged for a Nigerian money transfer scam.

That won’t do much on its own to lessen the amount of spam we get, but everything that discourages spammers helps.

Read the article

Slashdot points to articles claiming the Australian gold medal mogul winner is a wealthy spam king. He moved to Australia from Canada a while ago. Canadian journalists questioned him about his move after his win, thinking it could have been a gold for Canada – how quickly things change.

He claims his businesses are legitimate.

Read the Slashdot post