Spam Dropped Last Week. Are You A Victim?

You may or may not have heard the news last week, but spam traffic dropped by 50 to 70 percent last week after two Internet Service Providers (ISPs) cut off Internet access for hosting company McColo in California last week.

If you’re not familiar with these terms, a hosting company provides computer service and equipment for other companies and individuals. A hosting company typically offers storage service for email and web sites. An ISP provides companies and individuals with access to the Internet.

In last week’s case, McColo, a hosting company with locations in Delaware and California, was providing hosting services to several companies and individuals who used the McColo’s computers to distribute viruses and spyware via spam and harmful web sites. Many of the sites and messages dealt in pharmaceutical drug sales and child pornography. These companies were paying McColo for the use of their computers, and despite the illegal activity McColo ignored it.

McColo’s host computer center in San Jose, CA was connected to the Internet via several Internet Service Providers.  Two of the providers took it upon themselves to deprive McColo of Internet access and shutdown the Internet connection. Within seconds the level of spam traffic worldwide dropped by 50% to 75% according to several spam watchdog services such as Spamhaus.

Consumer Risks: “XP AntiVirus Protection” and “AntiVirus 2009″

If you downloaded either of these two programs then you can probably count yourself among the victims of this incident. “XP AntiVirus Protection” and “AntiVirus 2009″ were fraudulent programs distributed by several companies and individuals who were provided hosting services by McColo.

AntiVirus 2009

XP AntiVirus

Help Yourself, Help Your Computer

If you downloaded either of these programs you should remove them immediately. To do so:

1. Click Start > Conrol Panel
2. Click or double-click “Add/Remove Programs”
3. Locate and click each of these programs on the list and click “Remove”

After removing these programs, go to http://pack.google.com and download, install, and run “PC Tools Spyware Doctor” and “Norton Security Scan” to remove any traces of these programs and the harmful software they may have added to your computer. Users of Lavasoft’s Ad-Aware 2008 software may want to run an additional scan of their system for through cleaning. You may need to scan your system three times to fully clean out these programs.

Click here for more news

Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

Subscribe to the comments for this post

33 percent of all spam ended yesterday

Sort of….

The FTC (Federal trade Commission) won a preliminary legal victory against the world’s largest spam gang  by persuading a Chicago Federal court to freeze the gangs assets and to order their spam network shutdown.

The spam gang, known by spamfighting agencies as HerbalKIng, had a networks of 35,000 computers which which could send out 10 billion spam messages a day.  Many of these computers were owned by people who didn’t know their computers had been remotely commandeered to send email on behalf of the spammers.  The network had ties in the United States, China, India, New Zealand, and Australia. The network was referred to as the “Mega-D Botnet”.

If you’re unfamiliar with the term “botnet, here’s an explanationation from SearchSecurity.com:

A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie - in effect, a computer “robot” or “bot” that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based. According to a report from Russian-based Kaspersky Labs, botnets — not spam, viruses, or worms — currently pose the biggest threat to the Internet. A report from Symantec came to a similar conclusion.

The network was purportedly responsible for a third of all spam at one point, and had been collecting $400,000 in Visa charges in one month.

The spammers had been sending messages hawking various pharmaceuticals and male-enhancement drugs. The charges brought against them are more than just spamming counts, but the charges also include making false claims about their product, selling pharmaceuticals without a prescriptions or doctor’s intructions, and selling drugs from countries such as Indie which aren’t regulated or approved for sale in the US.  Many of the drugs being sold had harmful side effects.

The FTC’s investigation aginst this organization had been ongoing for over 2 years.

Here’s a bio about HerbalKing from Spamhous spamfighting organization:

HerbalKing is a massive affiliate style spam program for snakeoil Body Part Enhancement scams (penis enlargement). It has also done spam campaigns for replica luxury goods, pharma (counterfeit pills) and porn. Spam arrives via botnets with spamvertised sites on “bulletproof” hosting offshore, particularly in China. The group also uses fast-flux hosting, running sites on hacked botnet PCs.

HerbalKing, with connections to India (possibly due to pharmaceutical supplies), rivals the traditional Eastern European spam gangs for volume and criminal botnet methods of its spam. “Tulip Labs” appears to be the source of HerbalKing’s herbal remedy products. The main operation may be run out of New Zealand or Australia by long-time spamming brothers Lance & Shane Atkinson. (see: http://www.geekzone.co.nz/juha/2237 )

There are hundreds of SBL listings related to HerbalKing but some may not be linked to this ROKSO due to the tremendous number of identities and domains used by the program. Lists of domains should be considered examples of that abuse of domain name space, not comprehensive lists of their registrations.

Read more at the FTC’s web site; the NY Times; and the ars technica web site.

Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

Subscribe to the comments for this post

I’ve attached… Oops!

Have you sent an email that said “I’ve attached a …” and then sent the email without the attachment? Of course you have. Who hasn’t? (If you haven’t tried to send an attachment, I’ll talk to you at the end of this post. Stay with me.)

Well, if you use Gmail (Google Mail) you can reduce the chances of ever forgetting to attach a file ever again by enabling the “Forgotten Attachment Detector” feature.

Enable Forgotten Attachment Detector

1. Sign in to your Gmail account
2. Click “Settings” (upper right)
3. Click “Lab” (end of the orange Settings bar)
4. Scroll down to “Forgotten Attachment Detector”
5. Select “Enable”
6. Scroll down and click “Save Changes”

By the way, there are many other “experimental” features listed here under the Lab area. You might want to try out some of the others ones, too. Maybe you need Mail Goggles? Questions about any Lab features? Feel free to ask me with the comments links below or through the contact form.

How Does It Work

In order for the feature to work, you have to mention in your email message that you are sending an attachment. The detector looks for phrases such as “I’ve attached” or “I’m attaching”.  It will ignore the word attach by itself, it also ignores phrases such as “I”m sending a file”. It also ignores the phrases if you misspell the words, or if you use email slang.

When you click “Send” the detector will check your email message to see if you mention “I’m attaching” or “I’ve attached” or some similar language. If it spots such a phrase it will then check to see if you did attach a file. If you didn’t, a dialog box will pop-up to alert you with the following message “It seems that you might have forgotten to attach files. Send this message without attachments?”

Forgotten Attachment?

If you click “OK” the message goes out without an attachment, and you friends will wonder “Where’s the file?”, but if you click “Cancel” you’ll be returned to the composition window so you can attach the files.

Attachments?

Are you saying to yourself, “I’ve never sent an attachment because I don’t know how to.” I’ve even been asked, “What’s an attachment?” Don’t be embarrassed if you asking the same question now. Not everyone sends attachments. Even Senator McCain claims, “I’ve never felt the particular need to email.”

Fair enough.

When you use postal mail and you include a photo, or a news clipping, or some other item in the envelope beside your message, that item is called an attachment.

On your computer, and with email, an attachment can be any file stored on your computer. Anything that you place on your computer in the past by clicking a “Save” button can be used as an attachment. That includes word processor files, photos, videos, music files, spreadsheets, graphic images, etc.

It’s easy to add an attachment:

1. When composing your email message, you will see “Attach a file” under the Subject line
2. Click “Attach a file” and a box will appear above it with a button labeled “Browse”
3. Click the “Browse” button. A “File Upload” dialog box will appear
4. Locate the file to be attached on your hard drive, and click on the file’s name
5. Click the “Open” button (lower right)
6. (Optional) For adding more than one file, repeat steps 2 through 5

I always think it’s good email etiquette (or “netiquette”) to mention in your massage to the recipient:

• that you’ve attached a file
• what’s in the file
• and what type of file is it (photo, music, video, word document, spreadsheet, etc.)

This gives them an idea of the importance of the attachment, or their ability to open it. After all, if they get the email on their mobile phone they might not be able to open a sound file or document at that time.

If you don’t use Gmail, and you have questions regarding attachments, please leave a comment or question with the links below. Or send me an email via the contact form.

Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

Subscribe to the comments for this post