Tag Archives: Spam

Washington state AG and Facebook target social media spammers

Alleged “Likejackers” agree to root out Facebook spam

Adscend Media LLC also pays $100,000 in attorneys’ fees to state

SEATTLE – The owners of a California-based online marketing company have agreed to stop spamming Facebook users. The details were revealed today in a settlement – a consent decree – between Adscend Media LLC and the Washington State Attorney General’s Office.

“Today’s settlement puts a stop to Adscend’s ‘likejacking’ and other misleading tactics that led Facebook users to fork over personal information or buy subscription services from sites that appeared to be recommended by friends,” said Washington State Attorney General Rob McKenna.

In January, McKenna’s office and Facebook sued Jeremy Bash and Fehzan Ali, the owners of Adscend Media LLC for initiating posts to Facebook pages that appeared to offer visitors an opportunity to view scandalous or provocative content. However, before being able to view the content, a series of required steps lured Facebook users into eventually visiting commercial websites. Other tactics included “likejacking,” in which Facebook users were tricked into clicking the “like” button, inadvertently spreading the sales pitches to friends.

Adscend, hired to promote products, in turn does business with “affiliates” who create attention-getting marketing messages. Too often, according to the Attorney General’s Office, those messages amounted to social media spam.

http://www.atg.wa.gov/pressrelease.aspx?&id=29716

http://nakedsecurity.sophos.com/2012/05/08/facebook-clickjacking/

Microsoft Security Intelligence Report Volume 12 Released

Microsoft Security Blog

Today we released the latest volume of the Microsoft Security Intelligence Report (SIR) containing a large body of new data and analysis on the threat landscape. This volume of the SIR includes:Latest industry vulnerability disclosure trends and analysis

  • Latest industry vulnerability disclosure trends and analysis
  • Latest data and analysis of global vulnerability exploit activity
  • Latest trends and analysis on global malware and potentially unwanted software
  • Latest analysis of threat trends in more than 100 countries/regions around the world
  • Latest data and insights on how attackers are using spam and other email threats
  • Latest global and regional data on malicious websites including phishing sites, malware hosting sites and drive-by download sites

In addition, we have included a section in the report focused on how the threat called Conficker continues to propagate.

http://blogs.technet.com/b/security/archive/2012/04/25/microsoft-security-intelligence-report-volume-12.aspx

Fake “Important Account Information from Verizon” carries Zbot

Heads up from the Microsoft Malware Protection Center.

Friendly spam carries Zbot
This morning I spotted a few messages from my mobile carrier in my email inbox. This was not surprising as, only a few hours prior, I had logged into the carrier’s website to pay the monthly bill. The standard mode of operation for my provider is to receive a bill via email, and a confirmation message after paying the bill, also through email.

Today, however, one message stood out in several ways. First, the subject line was quite varied from what I was expecting to see:

Important Account Information from Verizon Wireless TRACK-ID: 15730301098

At this time, there is limited detection among vendors – we identify it as PWS:Win32/Zbot.gen!Y.

http://blogs.technet.com/b/mmpc/archive/2011/12/06/friendly-spam-carries-zbot.aspx

Careful out there.

Rejected Federal Tax Transaction Scam

A malicious scam which continues to do the rounds with three caught by my spam filter, the transaction ID changes.

How does IRS e-file work?A. You or your tax professional, prepare your tax return. In many cases, the tax professional is also the Electronic Return Originator (ERO) who is authorized to file your return electronically to the IRS. Ask your tax professional to file your return through IRS e-file.You sign your electronic tax return by either using a Self-Select PIN for e-file for a completely paperless return, or by signing Form 8453, US. Individual Income Tax Transmittal for an IRS e-file Return.See ” If the return is electronic, how do I sign it?” for more information.After you sign the return using a Self-Select PIN or Form 8453,the ERO transmits the return to the IRS or to a third-party transmitter who then forwards the entire electronic record to the IRS for processing. Once received at the IRS, the return is automatically checked by computers for errors and missing information. If it cannot be processed, it is sent back to the originating transmitter (usually the ERO) to clarify any necessary information. After correction, the transmitter retransmits the return to the IRS. Within 48 hours of electronically sending your return to IRS, the IRS sends an acknowledgment to the transmitter stating the return is accepted for processing. This is your proof of filing and assurance that the IRS has your return information. The Authorized IRS e-file Provider then sends Form 8453 to the IRS.If due a refund, you can expect to receive it in approximately three weeks from the acknowledgment date – even faster with Direct Deposit (half the time as when filed on paper). If you owe tax, see “What if I owe Money?” for payment options available this year.

Internal Revenue Service,
Metro Plex 1,
8401 Corporate Drive, Suite 300,
Landover, MD 20785

Forbes. 6/23/2011
http://www.forbes.com/sites/kellyphillipserb/2011/06/23/tax-scams-making-the-rounds-again/

Ach ‘payment canceled’ spam

Resurgence of malicious ACH spam, the digit number changes randomly from email to email.

Keep your anti-virus application up-to-date and if the spam does arrive in the email box don’t click on links within or open any attachment.

The bad guys goal is to install a Zbot variant of a password stealing Trojan that also contains back door functionality. In other words the criminal gains unauthorized access and control of the infected computer.

Reference:
http://garwarner.blogspot.com/2011/05/ach-spammer-switches-to-shortened-urls.html

http://labs.m86security.com/tag/malicious-spam/

Microsoft: Rustock Civil Case Closed

The Official Microsoft® Blog

Rustock Civil Case Closed: Microsoft Refers Criminal Evidence to FBI
22 Sep 2011

As you may have read in this morning’s edition of CNET, on Sept. 13th, Judge James L. Robart, of the U.S. District Court for the Western District of Washington ruled that the domain names and Internet protocol addresses used to host the botnet would be effectively removed from the defendants’ control. This case not only enabled the take down of a botnet known to be one of the single largest sources of spam on the Internet, but it is now helping to ensure that this botnet will never be used for cybercrime again. However, we’re not stopping here.

We are also turning over all of the evidence we collected during discovery and our investigation to the FBI, to help ensure those responsible for operating the Rustock botnet are held accountable for their actions. It is important to note that Microsoft ‘s $250,000 reward offer for information that leads to the arrest and conviction of Rustock’s operators remains in effect, but now any tips should be sent directly to the FBI at MS_Referrals@ic.fbi.gov.

Article:
http://blogs.technet.com/b/microsoft_blog/archive/2011/09/22/rustock-civil-case-closed-microsoft-refers-criminal-evidence-to-fbi.aspx

Certifiedbug, July 18, 2011. Microsoft Offers $250,000 Reward for Information on Rustock