Of Spam & Men

Who has not yet gotten one of those Nigerian Scam or 419 scams? For those who haven't:

This scam usually begins with a letter-form e-mail8 sent to many target recipients making an offer that will purportedly result in a large payoff for the intended victim. The stories behind the offers vary, but the standard plot is that a person or government entity is in possession of a large amount of money or gold.This person, for myriad reasons, either cannot access the wealth directly or is no longer in need of it. Such people, who are fictional or impersonated characters played by the scammer, could include the wife of a deposed African or Indonesian leader or dictator, a terminally ill wealthy person, a wealthy foreigner who had deposited money in the bank just before dying in a plane crash, leaving no will or known next of kin, a U.S. soldier who has stumbled upon a hidden cache of gold, a business being audited by the government, a disgruntled worker or corrupt government official who has embezzled funds, a refugee21, and similar characters. The money could be in the form of gold bullion, gold dust, money in a bank account, so-called "blood diamonds", a series of cheques or bank drafts, and so forth. The sums involved are usually in the millions of dollars, and the investor is promised a large share, often forty percent or more, if they will assist the scam character in retrieving the money from holding and/or dispense of it according to the scam character's wishes. The proposed deal is often presented as a "harmless" white-collar crime, in order to dissuade participants from later contacting the authorities.

Anyway, since this form of polite request doesn't seem to work well enough anymore, they have changed their technic: They now tell you to give them money or.. they will shoot you dead:

Am very sorry for you my friend, is a pity that this is how your life is going to end as soon as you don't comply. … I don't have any business with you, my duty as I am mailing you now is just to KILL/ASSASINATE you and I have to do it as I have already been paid for that."

If people aren't gullible enough to believe in polite help requests are they really fall for those brute death treats?

from STLToday

Looks like the spammers are a little early on that one but here is the subjects used by this version of storm worm:

• A Dream is a Wish
• A Is For Attitude
• A Kiss So Gentle
• A Rose
• A Rose for My Love
• A Toast My Love
• Come Dance with Me
• Come Relax with Me
• Dream of You
• Eternal Love
• Eternity of Your Love
• Falling In Love with You
• For You....My Love
• Heavenly Love
• Hugging My Pillow
• I Love You Because
• I Love You Soo Much
• I Love You with All I Am
• I Would Dream
• If Loving You
• In Your Arms
• Inside My Heart
• Love Remains
• Memories of You
• A Token of My Love
• Miracle of Love
• Our Love is Free
• Our Love Nest
• Our Love Will Last
• Pages from My Heart
• Path We Share
• Sending You All My Love
• Sending You My Love
• Sent with Love
• Special Romance
• Surrounded by Love
• The Dance of Love
• The Mood for Love
• The Time for Love
• When Love Comes Knocking
• When You Fall in Love
• Why I Love You
• Words in my Heart
• Wrapped in Your Arms
• You... In My Dreams
• Your Friend and Lover
• Your Love Has Opened
• You're myDream

we caught about 67 000 of those in less than 15 days already.. talk about a storm!

Christopher Smith, the notorious "pharmacy spam king," has received a 30-year-jail sentence for running an illegal internet store that sold millions of dollars in prescription drugs.

via Secure Computing Magazine

Already found out how to block image spam included in .xls and .doc documents? Lucky you. Spammer got a new challenge for you (ok, an easy one): I just received a spam with "pdf" as the subject, with a pdf.zip file attached, which contains a pdf.txt file with the actual spam in it... That's not very original, it's even boring (i'm suspecting it's even counter productive for them to generate all those files when the victim has to open 3 applications to get the actual spam)

Come on spammers! you can do better than that!

Choose an unknown, forgotten, valueless stock value like DIAAF.OB, quoted at $0.0008 per share. Buy millions of shares, it will make the value rise (you are creating a demand) to $0.0011. Now, flood the world with spam, advertizing how the stock value is raising... you'll create more demand, the share value will rise... And now? Sell. You're rich.

I just got a new piece of image spam and it's not only obfuscated but also animated

(click on the reduced picture to get to the original one)

A good way to prevent your main email address from being spammed is not using it when creating web accounts or subscribing to websites. Managing different email accounts isn't trivial and dropping a free account when it starts being spammed to open another one in the next minute isn't really usefull either.

What you really need is a temporary email address you can use to prove you're not a robot. One you can throw away as soon as you have used it. That's what disposable email services are for.

ordb.org was one of the rare open-relay rbl (Realtime Blackhole List) that would actually perform a check on the servers before blacklisting them. You could always remove your servers after correcting the problem since ordb would also perform a check before removing a server from its RBLs. It was my favorite RBL and it's shuting down:

Marshal a company specialized in mail and internet security has some very nice statistics about what's going on in the world with spam, virus and phising. They provide interesting stats:

• percentage of spam detection using their own solution
• percentage of image spams
• average size of spam messages
• spam volume index
• spam by category
• spam sources by country
• (...)
• Image Spam Over Time

Brad Stones from The New York Times writes about the new surge of spam:

You’re not the only one. Spam is back — in e-mail in-boxes and on everyone’s minds. In the last six months, the problem has gotten measurably worse. Worldwide spam volumes have doubled from last year, according to Ironport, a spam filtering firm, and unsolicited junk mail now accounts for more than 9 of every 10 e-mail messages sent over the Internet.

Much of that flood is made up of a nettlesome new breed of junk e-mail called image spam, in which the words of the advertisement are part of a picture, often fooling traditional spam detectors that look for telltale phrases. Image spam increased fourfold from last year and now represents 25 to 45 percent of all junk e-mail, depending on the day, Ironport says.