beforeyoukillyourcomputer.com Saving computers one at a time from their owners

A new bot can crack defenses erected by Microsoft to keep spammers from creating large numbers of accounts on its Live Hotmail service within seconds, a security researcher said Friday.

Dan Hubbard, vice president of security research at Websense, said the bot broke Live Hotmail’s CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) within six seconds, on average. CAPTCHA is the name given to the distorted, scrambled characters that many Web services require users to decipher and type in to create a new account; the tests are meant to block automated account registration by spammers and malware authors.

The bot, Hubbard acknowledged, is similar to one Websense uncovered in February.

“In the past, though, it was kind of questionable whether the CAPTCHA breaking was automated,” Hubbard said Friday, noting that there had been some evidence that spammers were paying people to decode and type in the CAPTCHA characters. “But the bot’s breaking [CAPTCHA] in six seconds, so it’s definitely automated.”

In a long post to the Websense blog Thursday, Sumeet Prasad — “our CAPTCHA expert,” said Hubbard — provided technical details of how the bot automatically registers Live Hotmail accounts and then immediately begins using those accounts to spew spam.

The bot’s total response time — how long it takes the program to grab a CAPTCHA image, analyze it and return with the correct code — is considerably shorter than that of earlier such bots, said Prasad in the blog.

One in every eight to 10 attempts to create a Live Hotmail account is successful, added Prasad, meaning that the success rate is 10% to 15%.

Spammers are using a sophisticated piece of software that can create thousands of Windows Live email addresses by cracking the protections designed to prevent the large-scale creation of fraudulent accounts.

According to security firm Websense, the bot is surreptitiously installed on the PCs of end users. It then establishes a connection to the registration page of the Microsoft-owned mail service. About a third of the time, the software is able to bypass the Captcha requirement through a process that researchers have yet to precisely figure out.

The executable software,has already led to a surge of spam being sent from the Microsoft-owned service, said Dan Hubbard, vice president of security research at Websense. Its discovery comes a few weeks after the release of proof-of-concept code that defeats a similar Captcha used by Yahoo! Mail.

Free email services from Microsoft, Yahoo! and Google are rarely blocked by anti-spam products, making accounts on those services highly prized by spammers. In the past week or so, Websense antispam filters have gone from blocking fewer than 100 Windows Live accounts per day to a number that’s in the thousands.

“Some customers were actually flagging the mail as legitimate because it was coming from Microsoft Live,” said Hubbard. “Clearly, (spammers) are using the fact that (the services) are legitimate.”

Short for “completely automated public Turing test to tell computers and humans apart,” Captchas have emerged as a key barrier hindering scammers who want to create large numbers of fake online accounts. In some cases, Captcha-cracking has involved software that transmits the graphic to third-party website that promises a visitor free porn in exchange for typing in the characters.

Spam is an annoyance most of us have just had to deal with on some level if we use email. As an IT Manager for a local company, I have dealt with spam at the prevention level as well as the user level, both with their own frustrations. Although, I must admit some level of satisfaction when able to block certain spam. Of course, that satisfaction is often short-lived and much like trying to keep your house dry by sitting on the roof holding an umbrella.

Why We Haven’t Stopped Spam

Opinion: Even very smart people are misinformed on this subject. Here’s a clue: If it were easy to fix, it would have been fixed already.

Several years ago when Bill Gates declared that the spam problem would be solved within two years, he appeared to be thinking of SMTP authentication as the heart of that solution. I wouldn’t have said what he said, but I was pretty optimistic too. Not anymore. The overwhelming power of inertia seems too much for any solution to take on. People just won’t stand for the inconveniences that fixing spam would bring.

Full Story and Source

Hackers have launched a widespread “pump-and-dump” stock spam campaign using PDF files, anti-virus researchers have warned.

In a change of tactics, the attackers have hidden the spam content within a PDF file instead of attaching an image file to plug the stock, according to a security advisory on the McAfee website.

The spammers are sending the PDF files with randomly generated subject lines, sender names and a blank message body.

The stock spam is believed to have been sent from Stration infected computers, as this attack is similar to the W32/Stration worm mass-mailing, which contained a number of PDF files, Nick Kelly, sustaining engineer at McAfee said.

“Spammers are struggling to find ways to fool spam filters and get their messages into people’s inboxes,” said Bradley Anstis, director of product management at Marshal.

“But, spammers believe many anti-spam solutions largely ignore PDF files, so they use them in an attempt to add credibility and legitimacy to their messages. We expect to see a lot more of PDF spam. This recent case is just the beginning.”

Source

It’s the biggest spam blast in the last year

A massive spam outbreak that tries to trick recipients into opening a file attachment that can hijack their computers has already broken records, security companies said today.

According to researchers at Postini Inc., the spam run is the largest in the last 12 months, and more than three times the volume of the two biggest in recent memory: a pair of blasts in December and January. “We’re seeing 50 to 60 times the normal volume of spam,” said Adam Swidler, senior manager of solutions marketing at Postini.

Arriving with subject headings touting Worm Alert!, Worm Detected, Spyware Detected!, Virus Activity Detected!, the spam carries a ZIP file attachment posing as a patch necessary to ward off the bogus attack. The ZIP file, which is password protected — the password is included in the message to further dupe recipients — actually contains a variant of the “Storm Trojan” worm, which installs a rootkit to cloak itself, disables security software, steals confidential information from the PC and adds it to a bot army of compromised computers.

Irony, it seems, isn’t lost on the attackers. “This is really a self-fulfilling prophecy,” said Swidler, “by warning users about a worm attack to get them to click on a worm.”

Dave Q. Lintard writes with a link to The Register’s coverage of a suit against the spammer that sued Spamhaus. e360 Insight, as the company is known, is accused of using a botnet and compromised headers to get their ‘advertising’ into the mailboxes of the claimant. These are also the folks that tried to get the Illinois courts to suspend SpamHaus’s domain registration when they wouldn’t play by e 360’s rules. ‘e360 Insight sued Spamhaus after the anti-spam organisation blacklisted its domains over alleged spamming. In a default ruling made by an Illinois court in September 2006, Spamhaus was ordered to pay $11.7m in compensation to e360 Insight, pull the organisation’s listing, and post a notice stating that it was wrong to say e360 Insight was involved in sending junk mail. UK-based Spamhaus did not defend the case and the ruling was made in its absence.’

Source

There’s an interesting discussion going on over at Danah Boyd’s site about social network fatigue, or why people switch messaging technologies (in particular social networks) over time.

One view is that SPAM eventually overrides every technology, forcing people to move to something else. A commenter, JD, suggested that SPAM killed Usenet, Email, and IM, and even domain names (not sure about that one: phishing?). There is certainly merit to this viewpoint…it does seem that as time goes on SPAM just grows and grows…maybe we get tired not only of social networks but also of the signal/noise ratio of quality content on the medium.

I proposed another view, that isn’t necessarily opposed to the first one but isn’t quite as black/white. I think that SPAM does cause fatigue…but actually isn’t powerful enough to get us to switch technologies. I think usability has a lot to do with actual switching. Simply put, we message in the easiest way possible.