Weekly analysis – 27th February 2010 to 6th March 2010

No Comments

MillerSmiles provides its weekly phishing analysis for the week of 27th February 2010 to 6th March 2010

Excerpted from:
Weekly analysis – 27th February 2010 to 6th March 2010

Share/Save/Bookmark

Spammer Jailbreak

No Comments

Prolific spammer Eddie Davidson was arrested last year, and, in April was sentenced to twenty-one months at the Federal prison in Florence, Colorado – about 3 hours north of Denver.

He was remanded to the custody of Florence Prison Camp’s minimum security facility. After all, while being a notorious and prolific spammer, he was still just a spammer, as compared to, say, a murderer. So the minimum security section of Florence Prison Camp made sense.

Not any more, because this past Sunday, during visiting hours, Eddie Davidson hopped into his wife’s car and escaped.

Now, when he is caught – and he will be caught – instead of being “just a spammer”, he’ll be “a spammer who made an escape from Federal prison.”

Instead of being in the minimum security facility, you can be sure he’ll be in a higher security area.

And that mere 21 month sentence? Davidson could face as much as another 7 years for his Sunday drive.

Nobody ever said that spammers were smart.

Here, in case you are interested, is the official Federal press release about Davidson’s escape:

FLORENCE PRISON CAMP

DENVER—Edward “Eddie” Davidson, age 35, also known as the “spam king,” walked away from a federal prison camp in Florence on Sunday, July 20, 2008. Davidson, who was sentenced to serve 21 months in federal prison, is now officially in “escape” status. He was last seen in Lakewood . U.S. Marshals are leading the search for Davidson. The FBI, IRS, and the Rocky Mountain Safe Streets Task Force are aiding in the search.

Davidson was housed in a minimum security facility. Minimum security institutions, also known as Federal Prison Camps (FPCs), have dormitory housing, a relatively low staff-to-inmate ratio, and are work and program-oriented. FPCs are generally located adjacent to larger institutions, where inmates help serve the labor needs of the larger institution.

On April 28, 2008, Davidson was sentenced by U.S. District Court Judge Marcia S. Krieger to serve 21 months (just under 2 years) in federal prison. Judge Krieger also ordered him to pay $714,139 in restitution to the IRS. As part of the restitution, Davis has agreed to forfeit property he purchased, including gold coins (which the IRS is selling today), with the ill gotten proceeds of his offense. At the time of sentencing Judge Krieger ordered Davidson to report to a facility designated by the Bureau of Prisons on May 27, 2008. He pled guilty before Judge Krieger on December 3, 2007. Davidson was indicted by a federal grand jury on June 5, 2007.

According to the stipulated facts contained in a plea agreement, on July 5, 2002 through April 15, 2007, Davidson conducted a business in Colorado using the name Power Promoters. The primary nature of Davidson’s business consisted of providing promotional services for companies by sending large volumes of unsolicited commercial electronic messages (“spamming”). The spamming was designed to promote the visibility and sale of products offered by various companies. Davidson utilized the services and assistance of other individuals who he hired as “sub-contractors” to provide spamming at his direction on behalf of his client companies.

During 2002 through the middle of 2005, Davidson’s spamming activities were provided on behalf of companies to promote watches, perfume, and other items. Beginning in the middle of 2005 through 2006, Davidson sent spam on behalf of a Texas company for purposes of promoting the sale of the company’s stock. The company generated its income through selling stock (commonly referred to as “penny stock”) on behalf of small companies on the public market. Davidson aided by several sub-spammers sent hundreds of thousands of unsolicited e-mail messages to potential purchasers throughout the United States and the world, which messages touted the penny stock as an excellent investment. Davidson possessed hundreds of thousands of e-mail addresses, which he and his sub-spammers would use to send e-mail messages. Such e-mail messages contained false header information, which concealed the actual sender from the recipient of the e-mail. Davidson provided spammed messages for approximately 19 companies. Davidson operated his spamming activities from his personal residence in Bennett , Colorado , where he had a large network of computers and servers, which facilitated his business.

This case was investigated by the Federal Bureau of Investigation (FBI) Denver field office, and the IRS Criminal Investigation Division. Assistant U.S. Attorney Tim Neff prosecuted the case.

Source:
Spammer Jailbreak

Share/Save/Bookmark

Vonage Caught Red-Handed Comment Spamming

No Comments

Imagine our shock to discover that VoIP provider Vonage has turned to comment spamming.

Oh, they will probably deny it, but what else can you call it when their Online Marketing Manager, Costas Kariolis, shows up at an article about Skype on the Internet Patrol, and posts a comment about the Vonage offerings, with an SEO-formatted link back to the Vonage site – and also posts the exact same comment to articles about Skype on other sites?

Shame on you, Vonage – don’t you know that comment spamming is the scourge of the Internet? This alone is enough to ensure that the Internet Patrol will recommend that people not use Vonage – we don’t support spammers.

Here is the comment spam that Costas Kariolis posted today (link disabled, of course) – the original article about Skype to which he posted his comment spam is here.


The introduction of these new call plans from Skype should prove beneficial for the internet telephony / VoIP sector generally. Anything that helps to bring internet telephone calling further into the mainstream is very welcome.

May we mention that there are other options in the market that allow you to make unlimited calls for a flat rate such as Vonage. There are some significant differences between the services that Vonage and Skype provide that should be taken into consideration by anyone looking to make internet calls.

Firstly, call quality is a major advantage of using Vonage, our call quality is comparable with a regular landline service. Secondly, with Skype you have traditionally needed 1) your PC to be switched on to be able to make and receive calls, with Vonage you have never been reliant on your PC being switched on and 2) a headset or USB phone to be able to make internet phone calls, with Vonage you just plug in your existing home phone. Using your existing touch tone phone gives users the freedom to make unlimited calls in the way you want while you walk around your home or office.

You can find out more about Vonage at
.

It is interesting to note that Mr. Kariolis didn’t single out the Internet Patrol – he posted the exact same comment spam here today as well.

Here is the original post:
Vonage Caught Red-Handed Comment Spamming

Share/Save/Bookmark

Priest Mistakes Legitimate Invitation to Meet with Pope as Spam – Oops!

Comments Off

It seems like the clergy are subject to the same earthly problems as the rest of us after all. In this case, spam. A Roman Catholic priest, Reverend James Shea of Killdeer, ND, received an email from the White House, containing an invitation to meet Pope Benedict XVI during the Pope’s recent visit to the United States. Pope spam indeed!

Rather than make plans to travel to Washington, Revered Shea deleted the email, believing it to be spam. Perhaps he was, quite understandably, guided in his decision to do so by the date on which the email was delivered – April Fool’s Day. Perhaps again he was suffering under the deluge of spam that floods the mailboxes of so many people today. “I put it in the same place I put all the e-mails with special offers for Viagra,” Shea said.

However, it turned out that the email invitation had been legit!

Luckily, Reverend Shea was contacted a little time later to follow-up on the invitation. There’s no news on whether he did renew his relationship with the Pope, whom, as Cardinal Joseph Ratzinger, Reverend Shea had known when he studied for the priesthood in Rome.

Excerpt from:
Priest Mistakes Legitimate Invitation to Meet with Pope as Spam – Oops!

Share/Save/Bookmark

WordPress Comment Spam Hack Disables Plugins and Allows Massive Comment Spam Injection

No Comments

If you noticed that the Internet Patrol was down for a short while yesterday, it was because we were the target of a DCS (Distributed Comment Spam) attack. We actually took the site down ourselves, while we figured out what was going on, and now you can benefit from our hard-earned lessons! So pull up a chair, and listen, particularly if you run WordPress.

This new hack has WordPress hackers disabling all of your WordPress plugins (including, you see, Akismet or any other anti-spam comment spam stopper plugin), which then allows them to inject comment spam into your blog at will. So if you suddenly find yourself getting an enormous amount of comment spam all at once, or if you suddenly find your blog pages coming up blank (because with your plugins disabled, that often can be the case) you may be the victim of this latest plugin-disabling comment spam hack.

We first noticed that something was amiss when we suddenly started getting several requests to moderate comments a minute – comments that would ordinarily have never made it that far because they were so obviously spammy. Our first thought was to just block the IP address of the comment spammer – and that is when we noticed that the comments were coming from many different IP addresses. That meant that dealing with it was going to be much more complicated, as we couldn’t simply block the offending IP address.

The next thing we noticed was that, suddenly, our site was not loading properly – the page would just stop loading about a quarter of the way down the page.

That was actually the clue which lead me to realize that something was going on with our plugins, because the page always stopped loading right when there was a call to one of our plugins. So I went to the plugin admin page for WordPress, and saw that all of our plugins had somehow been deactivated.

And that’s when it hit me.

By deactivating our plugins, the spammers had deactivated Akismet – which would otherwise have simply dispatched this comment spam to comment spam oblivion.

Sneaky.

Evil.

Fortunately for us, even though the spammer was submitting their comment spam by going straight to our comment form URL (rather than through the form at the bottom of an article), what they didn’t know was that we have comment moderation turned on – no doubt this hack method relies on WordPress sites that run Akismet or other anti-comment-spam plugins not also having moderation turned on – so none of the spam actually got posted. But that didn’t stop it from severely impacting us.

I should also point out that we routinely change the name of the comment posting form so that the URL for posting a comment also changes, and we do that to thwart exactly this kind of comment spam. When this happened yesterday we tailed our httpd log, and we saw the spammer going directly to that file and URL, which means that the spammer had already discovered our newest file name and URL. This leads us to suppose that part of the reason we are all seeing an uptick in manually posted comment spam may be because there is an advance spammer group who is out manually discovering the file names and URLs of comment forms.

As always, whenever the forces of good find a new way to thwart spam – be it email or comment spam – the forces of evil catch up, and the cycle starts all over again.

Now, I will confess here that we had not yet upgraded to the newest version of WordPress – WordPress 2.5. I also don’t know if it would have made a difference or not, but among the other things we did to counter this spam attack, we upgraded to 2.5. Even if there isn’t anything in 2.5 which directly addresses this hack, we know that we have the latest and greatest in WordPress security by having upgraded.

Then, we put into place the following suggestions, found over on Matt Cutts’ excellent blog. Those suggestions include securing your wp-admin directory and creating a dummy wp-content/plugins/index.html, so that which plugins you run becomes much more difficult to discover. While these suggestions were not made by Matt in the context of this hack (about which he may or may not have known), they are directly applicable to thwarting this hack. So, thank you, Matt!

So we’re back up and running, a little wearier, but a little wiser.

Of course, this had to happen while I was out of town – in fact, in the middle of nowhere. Thank goodness for my Verizon Wireless USB broadband modem, which kept me connected even while in the middle of the rockies, and allowed me to work with our dev team to trouble shoot this, and to download and install the 2.5 upgrade!

See the rest here:
WordPress Comment Spam Hack Disables Plugins and Allows Massive Comment Spam Injection

Share/Save/Bookmark

A New Breed of Twitter Spam

No Comments

Recently I got a notice that someone of whom I’d never heard was following me on Twitter. Now, this isn’t all that unusual – it happens to me at least once or twice a day. But when I checked this person’s profile, it said they were following 32,244 people!

Yes, I’d run into a new breed of spammer – pushing a new breed of Twitter spam.

You see, this type of Twitter spam – this Twitter spammer – doesn’t actually care if you ever follow them – and they certainly aren’t actually reading the 32,244 people they are ‘following’.

Here’s how it works: you get the notice from Twitter that TwitterSpamMan is following you. Now, naturally, you are curious who it is, and so you go to their Twitter profile and, you naturally click the link they provide in their profile to tell you all about themselves.

Under normal circumstances, this would lead to their legitimate business or personal website but (and you see where this is going, don’t you?), the link in TwitterSpamMan’s profile just happens to lead to a site which is nothing but a webpage full of ads – won’t you click on one while you’re here and help line TwitterSpamMan’s pockets? (Not!)

In this particular jerk spammer’s case (aren’t you glad that I’m holding back and not telling you how I really feel?), there was absolutely nothing on his website site other than ads – unless you count the “buy this domain!” link!

Twitter, of course, has no mechanism for reporting such a miscreant because, technically, they aren’t doing anything wrong.

Read the original post:
A New Breed of Twitter Spam

Share/Save/Bookmark

China Takes Notice when Chinese Spammers Spam 200 Million Chinese Cell Phones

No Comments

The great firewall of China has since the beginning of the Internet age prevented people there from accessing many international news sites. And while there are welcome signs that the centrally-supervised ISPs may be loosening their control a little on the inbound side, there doesn’t seem to be too much effort to tighten up on the outbound side, and text messages to cell phones in China seems fertile ground for spammers.

China Mobile and China Unicom between them account for over 500 million active cell phone accounts, and recently more than 200 million of these users received a stream of unwanted and unwelcome advertisements as text messages – cell phone spam. China Mobile apologized for the messages, and promised to prevent them in future by blocking all text messages from seven companies who focus on online advertising.

Liu Yue, deputy head of the wonderfully-named State Council Office for Rectifying Malpractice, told off both spammers and cellular providers, saying they should “beef up self-scrutiny to correct their wrongdoing, which is profit driven in defiance of public interests.”

Sharp words indeed. Let’s hope that some of that Rectifying Malpractice ire is turned on China’s email spammers, with some sharp teeth added for those who cannot or will not self-police. Perhaps the Golden Shield technology that scans data entering China for banned words could be adapted to prevent “Make Money Fast” emails from exiting the country. Wouldn’t that be poetic; the same dynamic control that limits the access of China’s citizens to “unhealthy material” could reduce worldwide spam by around 10%.

Excerpted from:
China Takes Notice when Chinese Spammers Spam 200 Million Chinese Cell Phones

Share/Save/Bookmark

Scam Identity Theft Calls to Cell Phones Tout Expiring Auto Warranty, Coming from 408-587-2116 and 623-238-6228

No Comments

People across the country are reporting telephone calls coming from the numbers 623-238-6228 and 408-587-2116. These calls claim that your car warranty is expiring, but they are really scam artists trying to steal your personal information and identity. Other numbers generating these spam identity theft calls include 202-552-1332, 702-520-1105, 609-948-0971 and 562-289-8136.

The calls always say roughly the same thing (often leaving automated voicemail), along the lines of:

“Your car warranty is expiring. We have notified you several times by mail.”

or

“Your car warranty has expired! Protect your loved ones with an extended warranty!”

Sometimes, instead of an expired warranty, they will also offer debt consolidation or refinance loans.

In any case, they are after your financial information, and your money.

These calls are illegal, probably under both the Telephone Consumer Protection Act (TCPA), and the Federal anti-spam law, CAN-SPAM.

You can report these calls to the FCC (Federal Communications Commission) – and file a complaint with the FCC at http://www.fcc.gov/cgb/complaints.html.

Excerpted from:
Scam Identity Theft Calls to Cell Phones Tout Expiring Auto Warranty, Coming from 408-587-2116 and 623-238-6228

Share/Save/Bookmark

Spammers Now Using TinyURL to Avoid Spam Filters

No Comments

Spammers are now cloaking their website domains in their spam by abusing the TinyURL service.

TinyURL is a service which allows you to enter a gawd-awful long URL, and turn it into a, well, tiny URL, which then forwards to the gawd-awful long one.

But now spammers are abusing the service, using a TinyURL link to their website in their spam, rather than their true website link, presumably so that their website domain doesn’t get blocked by anti-spam services – or even because their website domain is already being blocked by anti-spam services.

In some instances, the TinyURL service is being used as a conduit for affiliate spam – where the affiliate cloaks their affiliate link with the TinyURL – this has the added creep factor of not only cloaking the domain of the program the affiliate is spamming for, but helping that domain avoid detection as having their affiliate program work with spammers (which can carry harsh penalties under the Federal anti-spam law, CAN-SPAM).

Take, for example, this spam below. Note the TinyURL link, which we have bolded here for your reading ease – it resolves to http://www.advanced-intelligence.com/index.html?2735 – that 2735 at the end is almost certainly an affiliate identifier. Sorry, Advanced-Intelligence.com Affiliate #2735, no sale today!:

I was recently reviewing Spy Gadgets sites in some of the major search engines and I came across your web site: Theinternetpatrol.com. Out of all the sites I came across yours really stood out for me and If you could please spare me just two minutes I have a business proposition for you as you are in the same market as I am.

After reviewing your site I found that we are both targeting the exact same market, though we are not in competition with each other.

I have been studying this target market for quite some time and would like to present you with the opportunity to increase your income for five minutes work. You will be provided with the marketing materials, all you need do is send out an email to your ezine list or add a graphic to your web site, and you can make money. You can do this by signing up to the affiliate program found here: http://tinyurl.com/2kntfq

By promoting this product you can earn a commission without ever having to handle customer service or ship any products. It’s a fantastic way to make money pretty much out of
thin air!

By working together, we have the potential to create an additional revenue source for both of us — without investing any money or even any time. Because we share the same target
market, your customers are guaranteed to be interested in the product. An affiliate arrangement is a surefire way to make that interest work to our mutual benefit. To sign up to this affiliate program visit: http://tinyurl.com/2kntfq

I offer this partnership very selectively, so please do act fast if you wish to go ahead with this. Also please feel free to email me if you have any questions.

Finally, Anne I know you’re a busy person and I’d like to thank you for reading this email whether you choose to promote and make some extra cash or not. Keep up the good work!

By the way, you’ll be paid on the 1st of each month. http://tinyurl.com/2kntfq
Sincerely,

Daniel Lee

P.S. I hope you don’t mind me emailing you it’s just your web site really stood out from the others I came across during my research.

Excerpt from:
Spammers Now Using TinyURL to Avoid Spam Filters

Share/Save/Bookmark

Mega Spammer Alan Ralsky and Son-in-Law Indicted Along with Several Other Big-Time Spammers

No Comments

Mega spammer Alan Ralsky has been indicted under Federal anti-spamming law, along with ten other spammers involved in Ralsky’s operation, including Ralsky’s own son-in-law, Scott Bradley (”Oh dad, how could you?) Other spammers charged include Judy Devenow, also of Michigan; James Bragg, of Arizona; California spammers John Brown, William Neil, Anki Neil, James Fite, Francis Tribble; and How Wai John Hui, of Vancouver, Canada and Hong Kong, and Peter Severa of Russia.

But by far the most high profile is Alan Ralsky – authorities estimate that Ralsky is responsible for pumping tens of millions of spam messages throughout the internet every day. As such, he has engendered a great deal of hostility, and has earned mention both in Spam Kings and Spam Wars.

Even Ralsky’s own attorney, Philip Kushner, can’t seem to quite bring himself to say with a straight face that Ralsky’s not a spammer, and he seems to understand the public’s disaffection with his client. “There’s a lot of people who are hostile to spam and I understand that,” said Kushner, “but it’s a separate question about whether he’s done anything illegal.”

The current charges against Ralsky, son-in-law Bradley, and the nine others include efforts to use botnets to send their spam, perpetrating a pump-and-dump spam scam for a worthless Chinese stock which, once inflated in value by their spam campaign Ralsky and the others quickly dumped, and falsifying header and other email information intended to disguise the origin of their spam.

The indictments are the result of a three-year cooperative investigation by the FBI, the IRS Investigation Unit, and the U.S. Postal Service.
he three-year investigation was handled by the FBI, U.S. Postal Service and IRS Crimiminal Investigation.

See more here:
Mega Spammer Alan Ralsky and Son-in-Law Indicted Along with Several Other Big-Time Spammers

Share/Save/Bookmark

Older Entries