Shocking proof of a connection between spammers and pirates!
Get your e-script at no charrge.
first ten picks of the day in the marrrrrket
Category: Spam
Mailer-Daemon’s Aunt Edna
Here’s a gem from today’s postmaster mail:
Mailer-daemon, You’ve received a postcard!
You have just received a virtual postcard from Aunt Edna!
Uh huh. I know some software projects have enough history to have family trees, but this seems just a bit too unlikely!
Spamming for God (multicultural edition)
Various outlets have reported on the recent appearance of evangelical spam—unsolicited bulk email which promotes religious messages instead of advertising products. It’s been pointed out that since CAN-SPAM refers to commercial mail it can’t be used to stop people who bombard you with other types of messages.
I’ve seen 419 scams with religious trappings for months. These are the usual “Help me smuggle $20 million out of my country” ploys with the added twist of “Oh, I’m a missionary” or “I’ll donate it to an orphanage” or “You can trust me, I’m a Christian,” usually tied to a middle-eastern nation where Christians are in the minority (because Nigeria is so passé). Of course the only thing the scammers really worship is the almighty X-MILLION US DOLLARS. It’s a cheap sympathy ploy, nothing more, made obvious by the fact that, well, it’s a scam!
Today I saw a new variation on that tactic: instead of appealing to Christians, this one was appealing to Muslims. It was all about some Muslim convert in Cuba who had been abandoned by his Catholic family and just needed to transfer $12 million out of the country… all sent from a UK-based email account.
On a side note, I’ve found myself wondering lately why so many of these seem to come from European ISP Tiscali, particularly Tiscali UK. (One came through yesterday with 119 copies of the standard footer!) I assume they must provide easy-to-get email accounts, or perhaps connectivity for a lot of Internet cafés. It also suggests that quite a few of these scammers aren’t anywhere near the (mostly) third-world nations where they claim to live.
Spyware and Spoofing and Spam, Oh My!
CAN-SPAM one year later: more spam than ever. Spam has more than doubled from 15 billion messages in 2003 to an estimated 35 billion in 2004. Is anyone really surprised? From the article: “The FTC says the goal of the act was never to cut down on spam but to give recipients control via the opt-out component.” Hmm, that might be part of why groups like Spamhaus were calling it the “You Can Spam” act. (via The War on Spam)
Webroot identifies the Top 10 “Most Unwanted” Spyware programs, using the “P-I Index…. P is for prevalence, I is for insidiousness.” The “winners” include pop-up generators, keystroke loggers, autodialers and the like. (via Aunty Spam’s Net Patrol)
Finally, there are several fixes and work-arounds for the pop-up window spoofing vulnerability I wrote about last week. There’s the all-inclusive method: close all other browser windows. Netcraft reports that Opera has issued a fix (7.54u1) and Safari is safe if pop-up blocking is enabled. I just got an email indicating that KDE has released a fix for Konqueror (expect that to start hitting distributions this week). No word yet on Firefox or IE, and while Microsoft has its monthly patch day tomorrow, I wouldn’t expect this to show up quite that soon.
Quantum Spam?
OK, chalk this one up in the “What the heck?” column:
The limitation of the Photon Hypothesis
According to the electromagnetic theory of light, its energy is related to the amplitude of the electric field of the electromagnetic wave, W=eE^2(where E is the amplitude). It apparently has nothing to do with the light’s circular frequency v.
To explain the photoelectric effect, Einstein put forward the photon hypothesis. His paper hypothesized light was made of quantum packets of energy called photons. Each photon carried a specific energy related to its circular frequency v, E=hv. This has nothing to do with the amplitude of the electromagnetic wave.
And so on. It triggered a number of spam tests, including forged headers, a failed SPF check, and appearances in both Razor and DCC, which means a lot of other people got the same mail. It’s plain text, no attachments, and the only link in the message is to a physics site. As near as I can tell, someone’s just randomly sending out a physics paper by email. That leads to the question: why?
Distributed Blog Spam
Yesterday morning, I remarked to Katie that it seemed odd that with the vast number of “zombie” computers infected with remote control programs via viruses, trojans, spyware, etc., their primary use so far has been sending spam. After 7-odd years of distributed computing projects ranging from demonstrating weaknesses in encryption schemes to searching for extra-terrestrial radio signals via SETI@Home, and reports that access to zombie nets is selling on the black market, you’d think someone out there would be trying to crack into the DoD or something. (That last link refers to phishing attacks, but the current form of phishing is very tightly coupled with spam.)
Last night I saw proof that zombies are at least branching out a little: they’re not just being used for email spam, but they’re also being used for comment spam. Starting around 8:30, someone started posting pairs of comments every 20-30 minutes. The content and links were identical each time, except for some random numbers in the (probably bogus) email and at the end of the body… but the IP address was different each time.
I caught it around 10:00, added “poker” to the list of moderation triggers, figured they’d give up when they saw their comments weren’t posting, and after another 3 pair (that’s not a legal hand, is it?) I just closed comments on the two posts.
Update 6pm: After a long afternoon dealing with server recovery issues, I checked my email and found about 40 “Please approve…” notices, starting around 1:45 and running all afternoon. All from the same blog spammer. A bit more aggressive than yesterday’s, because they hit a new post every time, but this batch all went straight into moderation. You’d think after you posted 20 comments and none of them showed up, you’d get the clue that it’s not worth posting 20 more…
Update 9am: I installed a plugin last night to block those comments from even reaching the moderation queue. Then laaate last night I noticed that it was screwing up comments with apostrophes, so I disabled it. The moderation notices started coming in immediately. 60 of them from around midnight to about 6am this morning. And none were ever displayed on the site. (Thank you, WordPress!)
Points for honesty?
This showed up in the spamtraps today:
Subject: Truth of the matter
Dear Sir,
This letter can only define Nigeria Scam, a.k.a. 419. If this mail look like scam to you delete it, we are looking for serious minded person.
As we all know, top officials do loot funds out of the country with non-residence foreigners. When they try and fail, the world hears it as fraud/scam, but when they go through, nobody or a newspaper writes it.
This trade is huge here and people are making lots of money out there in most foreign countries. Though the government are mapping out sophisticated strategies to checkmate unauthorized dealers. From the president to the cleaner in the house, they are all into this trade.
And so on.
This has got to be the most brazen variation I’ve seen — and the first one that admits what it is up front. Of course it goes on to try to convince you that no, this one’s the real thing, we’re only trying to cheat other people, not you, because you wouldn’t fall for that sort of thing, would you?
I’m trying to figure out whether the proper response to this is “WTF” or “O_o” or just “Unbe-flipping-lievable.”