Facebook and Twitter are Popular among Hackers and Thieves

No Comments

  IT security firm Sophos revealed Monday in its Security Threat 2010  that Facebook and Tweeter are not only for social networker, it is extensively used by cybercriminals. The survey also said that spamming on social networking sites went up to 70%. 57% of the users said that they have been spammed through social networking …. Source


Warning: Serious Scam Involving IRS (W8 BEN)

No Comments

There is a serious scam involving IRS (Internal Revenue Service, USA) which can fool even the most web-savvy people. Please read below for details on how you can protect yourself from this email which appears to genuinely come from IRS, inquiring about your tax exemption status.

I received an email today which states:
Our record indicates that [...]

Excerpted from:
Warning: Serious Scam Involving IRS (W8 BEN)


Minimizing Corporate Network Risk Means Cost Savings

No Comments

Free Live WebinarJoin this FREE live webinar to see how more and more IT departments are focused on cost-effective network solutions and upgrades in response to today’s economy. Without sacrifi…

The rest is here:
Minimizing Corporate Network Risk Means Cost Savings


In the News: Hacking Sarah’s Email, TSA-Approved Laptop Bags

No Comments

Hacking Palin’s EmailIt’s no secret in the IT community that hacking into someone’s email account is a fairly trivial task, but now that VP-candidate Sarah Palin’s account has been cra…

Originally posted here:
In the News: Hacking Sarah’s Email, TSA-Approved Laptop Bags


In the News: Neosploit’s Crook Database, Disk Encryption Cracked and Whack-a-Fraud

No Comments

DNS Spoof Exploit in Austin, TexasYou may have read about a major security problem in the Internet’s DNS that allows a crook to send users to a spoofed site that could attack their computers and s…

In the News: Neosploit’s Crook Database, Disk Encryption Cracked and Whack-a-Fraud


Spammer Jailbreak

No Comments

Prolific spammer Eddie Davidson was arrested last year, and, in April was sentenced to twenty-one months at the Federal prison in Florence, Colorado – about 3 hours north of Denver.

He was remanded to the custody of Florence Prison Camp’s minimum security facility. After all, while being a notorious and prolific spammer, he was still just a spammer, as compared to, say, a murderer. So the minimum security section of Florence Prison Camp made sense.

Not any more, because this past Sunday, during visiting hours, Eddie Davidson hopped into his wife’s car and escaped.

Now, when he is caught – and he will be caught – instead of being “just a spammer”, he’ll be “a spammer who made an escape from Federal prison.”

Instead of being in the minimum security facility, you can be sure he’ll be in a higher security area.

And that mere 21 month sentence? Davidson could face as much as another 7 years for his Sunday drive.

Nobody ever said that spammers were smart.

Here, in case you are interested, is the official Federal press release about Davidson’s escape:


DENVER—Edward “Eddie” Davidson, age 35, also known as the “spam king,” walked away from a federal prison camp in Florence on Sunday, July 20, 2008. Davidson, who was sentenced to serve 21 months in federal prison, is now officially in “escape” status. He was last seen in Lakewood . U.S. Marshals are leading the search for Davidson. The FBI, IRS, and the Rocky Mountain Safe Streets Task Force are aiding in the search.

Davidson was housed in a minimum security facility. Minimum security institutions, also known as Federal Prison Camps (FPCs), have dormitory housing, a relatively low staff-to-inmate ratio, and are work and program-oriented. FPCs are generally located adjacent to larger institutions, where inmates help serve the labor needs of the larger institution.

On April 28, 2008, Davidson was sentenced by U.S. District Court Judge Marcia S. Krieger to serve 21 months (just under 2 years) in federal prison. Judge Krieger also ordered him to pay $714,139 in restitution to the IRS. As part of the restitution, Davis has agreed to forfeit property he purchased, including gold coins (which the IRS is selling today), with the ill gotten proceeds of his offense. At the time of sentencing Judge Krieger ordered Davidson to report to a facility designated by the Bureau of Prisons on May 27, 2008. He pled guilty before Judge Krieger on December 3, 2007. Davidson was indicted by a federal grand jury on June 5, 2007.

According to the stipulated facts contained in a plea agreement, on July 5, 2002 through April 15, 2007, Davidson conducted a business in Colorado using the name Power Promoters. The primary nature of Davidson’s business consisted of providing promotional services for companies by sending large volumes of unsolicited commercial electronic messages (“spamming”). The spamming was designed to promote the visibility and sale of products offered by various companies. Davidson utilized the services and assistance of other individuals who he hired as “sub-contractors” to provide spamming at his direction on behalf of his client companies.

During 2002 through the middle of 2005, Davidson’s spamming activities were provided on behalf of companies to promote watches, perfume, and other items. Beginning in the middle of 2005 through 2006, Davidson sent spam on behalf of a Texas company for purposes of promoting the sale of the company’s stock. The company generated its income through selling stock (commonly referred to as “penny stock”) on behalf of small companies on the public market. Davidson aided by several sub-spammers sent hundreds of thousands of unsolicited e-mail messages to potential purchasers throughout the United States and the world, which messages touted the penny stock as an excellent investment. Davidson possessed hundreds of thousands of e-mail addresses, which he and his sub-spammers would use to send e-mail messages. Such e-mail messages contained false header information, which concealed the actual sender from the recipient of the e-mail. Davidson provided spammed messages for approximately 19 companies. Davidson operated his spamming activities from his personal residence in Bennett , Colorado , where he had a large network of computers and servers, which facilitated his business.

This case was investigated by the Federal Bureau of Investigation (FBI) Denver field office, and the IRS Criminal Investigation Division. Assistant U.S. Attorney Tim Neff prosecuted the case.

Spammer Jailbreak


The ?Receipt for Your Payment to? eBay Paypal Phishing Spam

No Comments

There has been a new rash of phishing spam which is intended to elicit a shock response causing the target to rush to log into their Paypal account to figure out why they are being charged hundreds to thousands of dollars for an eBay purchase which they know that they didn’t actually make.

Well of course they didn’t actually make the eBay purchase – because it never happened. But the fear that you are about to lose several hundred dollars from your Paypal account ($347.85 in the example below, but we’ve seen them as high as $1200 or more) causes people to not think clearly – and when the email really looks like a legitimate email from Paypal, they are likely as not to click the links in the email so they can get the problem resolved quickly, before “their money” is wrongly sent away.

Of course ironically, the very act of clicking the link and logging in to “Paypal” ensures that all of the money will be drained from their Paypal account. Because what they are really logging in to is a clone site which looks like Paypal, but is being run by the phishers, who capture the victim’s Paypal username and password, and then log in and drain the Paypal account of all of its funds – after also grabbing all of the user’s banking information.

Here’s an example of the Paypal eBay phish that was caught in our net today.

This is the view not that the end user sees with an html-enabled email reader, but the actual, underlying text – see if you can spot the nasty bits:

From: service@PayPal.Inc.com
Subject: Receipt for Your Payment to achaade13@yahoo.com
Dear PayPal Member,

This email confirms that you have sent an eBay payment of $347.85 USD to
achaade13@yahoo.com for an eBay item.

Payment Details

Amount: $347.85 USD

Transaction ID: 2LC956793J776333Y

Subject: Digimax 130

Item Information

eBay User ID: scratchandgnaw2

Edward Harrell’s UNCONFIRMED Address

Edward Harrell
211 David St.
Springtown, TX 76082
United States

Important Note: Edward Harrell has provided an Unconfirmed Address. If
you are planning on shipping items to Edward Harrell, please check the
Transaction Details page of this payment to find out whether you will
be covered by the PayPal Seller Protection Policy.


If you haven’t authorized this charge ,click the link below to dispute
and get full refund

Dispute Transaction:


*SSL connection:
PayPal automatically encrypts your confidential information
in transit from your computer to ours using the Secure
Sockets Layer protocol (SSL) with an encryption key length
of 128-bits (the highest level commercially available)

This payment was sent using your bank account.

By using your bank account to send money, you just:

- Paid easily and securely

- Sent money faster than writing and mailing paper checks
- Paid instantly — your purchase won’t show up on bills at the end of
the month.

Thanks for using your bank account!


Thank you for using PayPal!
The PayPal Team
PayPal Email ID PP118


Excerpted from:
The ?Receipt for Your Payment to? eBay Paypal Phishing Spam


Vonage Caught Red-Handed Comment Spamming

No Comments

Imagine our shock to discover that VoIP provider Vonage has turned to comment spamming.

Oh, they will probably deny it, but what else can you call it when their Online Marketing Manager, Costas Kariolis, shows up at an article about Skype on the Internet Patrol, and posts a comment about the Vonage offerings, with an SEO-formatted link back to the Vonage site – and also posts the exact same comment to articles about Skype on other sites?

Shame on you, Vonage – don’t you know that comment spamming is the scourge of the Internet? This alone is enough to ensure that the Internet Patrol will recommend that people not use Vonage – we don’t support spammers.

Here is the comment spam that Costas Kariolis posted today (link disabled, of course) – the original article about Skype to which he posted his comment spam is here.

The introduction of these new call plans from Skype should prove beneficial for the internet telephony / VoIP sector generally. Anything that helps to bring internet telephone calling further into the mainstream is very welcome.

May we mention that there are other options in the market that allow you to make unlimited calls for a flat rate such as Vonage. There are some significant differences between the services that Vonage and Skype provide that should be taken into consideration by anyone looking to make internet calls.

Firstly, call quality is a major advantage of using Vonage, our call quality is comparable with a regular landline service. Secondly, with Skype you have traditionally needed 1) your PC to be switched on to be able to make and receive calls, with Vonage you have never been reliant on your PC being switched on and 2) a headset or USB phone to be able to make internet phone calls, with Vonage you just plug in your existing home phone. Using your existing touch tone phone gives users the freedom to make unlimited calls in the way you want while you walk around your home or office.

You can find out more about Vonage at

It is interesting to note that Mr. Kariolis didn’t single out the Internet Patrol – he posted the exact same comment spam here today as well.

Here is the original post:
Vonage Caught Red-Handed Comment Spamming


Priest Mistakes Legitimate Invitation to Meet with Pope as Spam – Oops!

Comments Off

It seems like the clergy are subject to the same earthly problems as the rest of us after all. In this case, spam. A Roman Catholic priest, Reverend James Shea of Killdeer, ND, received an email from the White House, containing an invitation to meet Pope Benedict XVI during the Pope’s recent visit to the United States. Pope spam indeed!

Rather than make plans to travel to Washington, Revered Shea deleted the email, believing it to be spam. Perhaps he was, quite understandably, guided in his decision to do so by the date on which the email was delivered – April Fool’s Day. Perhaps again he was suffering under the deluge of spam that floods the mailboxes of so many people today. “I put it in the same place I put all the e-mails with special offers for Viagra,” Shea said.

However, it turned out that the email invitation had been legit!

Luckily, Reverend Shea was contacted a little time later to follow-up on the invitation. There’s no news on whether he did renew his relationship with the Pope, whom, as Cardinal Joseph Ratzinger, Reverend Shea had known when he studied for the priesthood in Rome.

Excerpt from:
Priest Mistakes Legitimate Invitation to Meet with Pope as Spam – Oops!


WordPress Comment Spam Hack Disables Plugins and Allows Massive Comment Spam Injection

No Comments

If you noticed that the Internet Patrol was down for a short while yesterday, it was because we were the target of a DCS (Distributed Comment Spam) attack. We actually took the site down ourselves, while we figured out what was going on, and now you can benefit from our hard-earned lessons! So pull up a chair, and listen, particularly if you run WordPress.

This new hack has WordPress hackers disabling all of your WordPress plugins (including, you see, Akismet or any other anti-spam comment spam stopper plugin), which then allows them to inject comment spam into your blog at will. So if you suddenly find yourself getting an enormous amount of comment spam all at once, or if you suddenly find your blog pages coming up blank (because with your plugins disabled, that often can be the case) you may be the victim of this latest plugin-disabling comment spam hack.

We first noticed that something was amiss when we suddenly started getting several requests to moderate comments a minute – comments that would ordinarily have never made it that far because they were so obviously spammy. Our first thought was to just block the IP address of the comment spammer – and that is when we noticed that the comments were coming from many different IP addresses. That meant that dealing with it was going to be much more complicated, as we couldn’t simply block the offending IP address.

The next thing we noticed was that, suddenly, our site was not loading properly – the page would just stop loading about a quarter of the way down the page.

That was actually the clue which lead me to realize that something was going on with our plugins, because the page always stopped loading right when there was a call to one of our plugins. So I went to the plugin admin page for WordPress, and saw that all of our plugins had somehow been deactivated.

And that’s when it hit me.

By deactivating our plugins, the spammers had deactivated Akismet – which would otherwise have simply dispatched this comment spam to comment spam oblivion.



Fortunately for us, even though the spammer was submitting their comment spam by going straight to our comment form URL (rather than through the form at the bottom of an article), what they didn’t know was that we have comment moderation turned on – no doubt this hack method relies on WordPress sites that run Akismet or other anti-comment-spam plugins not also having moderation turned on – so none of the spam actually got posted. But that didn’t stop it from severely impacting us.

I should also point out that we routinely change the name of the comment posting form so that the URL for posting a comment also changes, and we do that to thwart exactly this kind of comment spam. When this happened yesterday we tailed our httpd log, and we saw the spammer going directly to that file and URL, which means that the spammer had already discovered our newest file name and URL. This leads us to suppose that part of the reason we are all seeing an uptick in manually posted comment spam may be because there is an advance spammer group who is out manually discovering the file names and URLs of comment forms.

As always, whenever the forces of good find a new way to thwart spam – be it email or comment spam – the forces of evil catch up, and the cycle starts all over again.

Now, I will confess here that we had not yet upgraded to the newest version of WordPress – WordPress 2.5. I also don’t know if it would have made a difference or not, but among the other things we did to counter this spam attack, we upgraded to 2.5. Even if there isn’t anything in 2.5 which directly addresses this hack, we know that we have the latest and greatest in WordPress security by having upgraded.

Then, we put into place the following suggestions, found over on Matt Cutts’ excellent blog. Those suggestions include securing your wp-admin directory and creating a dummy wp-content/plugins/index.html, so that which plugins you run becomes much more difficult to discover. While these suggestions were not made by Matt in the context of this hack (about which he may or may not have known), they are directly applicable to thwarting this hack. So, thank you, Matt!

So we’re back up and running, a little wearier, but a little wiser.

Of course, this had to happen while I was out of town – in fact, in the middle of nowhere. Thank goodness for my Verizon Wireless USB broadband modem, which kept me connected even while in the middle of the rockies, and allowed me to work with our dev team to trouble shoot this, and to download and install the 2.5 upgrade!

See the rest here:
WordPress Comment Spam Hack Disables Plugins and Allows Massive Comment Spam Injection


Older Entries