Category: Tech

Posted on
by

Found in a spamtrap today:

“Remove your bills the Christian way”

WTF?

What follows is a long, disjointed collection of unrelated sentences that I suspect is actually Bayes poison (some spammers have figured out that using natural-sounding language is more effective at making Bayesian filters, well, less effective). There is, however, apparently an image above that, which I suspect contains the real payload.

Now if it were trying to get rid of creditors the Christian way, it might make more sense…

Posted on
by

This has got to be a typo:

About 91 percent of PCs today are infected with spyware programs that send information from your PC to an unauthorized third party.

NCSA (National Cyber Security Alliance, not the National Center for Supercomputing Applications of Mosaic fame) Chairman Ken Watson quoted by CNET in Study: Consumers take cyberattacks lightly.

That’s a staggering number, and I hope it’s supposed to be 19. Even so, considering how many computers there are in the world, it’s still a staggering number.

Spyware, viruses and worse are out there, and they’re all over both business and home computers. It’s worth checking out the NCSA’s website, staysafeonline.info, as well as others like CERT‘s page on Home Network Security, the US-CERT website, or the FTC‘s guide to Consumer Information Security (though I can’t quite get past the turtle logo on that one).

Posted on
by

I took an odd tech support call at work the other day. Someone called in asking about how quickly she could get a new IP address, because she didn’t want anyone to know where she lived. I tried to explain it was all about the network connection, not the physical location, and no, it wasn’t associated with her email address either, and how are you connected?

It transpired that she wasn’t even one of our customers, and that she wanted us to “block” her IP by putting X’s through everything “like you have on your website.”

Huh?

Well, Continue reading

Posted on
by

Rob Cockerham of Cockeyed.com (home of the fascinating How Much is Inside? series) noticed the same model showing up in a lot of his spam (often wearing the same dress). He collected the advertisements, and linked them together in what he calls An Unsolicited Commercial Love Story.

Since he first wrote it up, other people have spotted the same model on banner ads, MSN articles and even a kiosk at UCLA. Where will “Alicia” show up next?

Aren’t stock photos fun?

(Via SpamBlogging)

Posted on
by

Here’s another one. First the notice they sent me:

Subject: VIRUS (Worm.SomeFool.P) IN MAIL FROM YOU

VIRUS ALERT

Our content checker found
    virus: Worm.SomeFool.P
in your email to the following recipient:
-> ADDRESS REMOVED

Please check your system for viruses,
or ask your system administrator to do so.

Delivery of the email was stopped!

And now my response:

Subject: BOGUS ALERT (sent to wrong address) IN MAIL FROM YOU

BOGUS WARNING ALERT

My BS checker found
    bogus warning: notice sent to known-forged sender
in your email to the following recipient:
-> MY ADDRESS

Please check your virus scanner for better notification options,
or ask your system administrator to do so.

All modern email-based viruses forge the sender address. Additionally, since your virus scanner was able to identify the specific virus, it can determine on its own that this virus always uses a forged address.

By notifying the supposed sender of a message when you know that sender is forged, you are knowingly sending virus warnings to people who are, in all likelihood, not using an infected computer. Messages like these are just noise, and the more of them that are sent, the less attention people will pay to *real* warnings. Additionally, it also runs the risk of causing unnecessary concern among the less tech-savvy (and extra calls to tech support about the nonexistant virus they fear they have).

(Feel free to re-use my response. I partially quoted myself anyway.)

I’m contemplating building a “hall of shame” and actually posting the sources of some of these. Any thoughts?

Posted on
by

From a recent abuse report:

Hello. The spammer below is either using your resources to send out BULK, unsolicited, S.P.A.M. or is deceptively trying to make it look as if from your server as the ISP.

I’ve seen similar wording before, mainly on reports via SpamCop, but this really made me wonder.

I know what SPAM is (processed lunch meat), and I know what spam is (unsolicited bulk mail), and while many people get them confused, this is the first time I’ve seen S.P.A.M. Obviously they meant spam, but what if it was an acronym?

So, what should S.P.A.M. stand for?

Posted on
by

I had to reboot one of the Windows servers on Thursday, at which point the GDI+ checker installed by Tuesday’s security fix popped up a message explaining that there was still some software with the JPEG vulnerability. OK, fine, I’ll run it again and see what’s missing. So I clicked on, well, OK, and it pulled up Internet Explorer.

More to the point, it pulled up Internet Explorer 2.0.

You see, that machine has some leftover files from a previous OS, and somehow the GDI+ utility picked up on that copy of iexplore.exe. Of course, it could barely handle the vulnerability info page — no ActiveX of course, and it even displayed raw JavaScript code at the top of the page because it wasn’t hidden inside a comment! (Even Lynx can handle that now!)

But once I fired up IE6 to actually run the test, I figured as long as I had the old one running, why not check a few site layouts? Or some browser sniffers, and see what it claimed and what it could handle?

Almost nothing, as it turns out. It couldn’t even find any of the sites I tried. And from the way it couldn’t find them, I realized exactly what was missing: it couldn’t handle virtual hosts. Continue reading

ยปAll pages site-wide with this tag