Tuesday, July 05, 2005

Stupid Spam

Stupid spam? We all receive it, I'm sure.

I mean the kind of spam email that is so obviously malicious, evil, con artist, or got a computer/network bomb hidden inside it, waiting for some fool to open it, open its attachment, or click-select a link contained in it.

Stupid spam: the false email trying to trick you into opening it.

When you open it to read it, you are sending a signal back to the spammer that your address is valid and active. Then your email address gets sold to other spammers, cyber-vandals, digital bandits, and perhaps computer terrorists.

Don't even open any email from any unknown sender.

Or from a known sender, when it doesn't seem right.

For example, I don't have an eBay account or a PayPal account. So when I see emails in my inbox, with subjects regarding updating or verifying an account, I know it's spam or virus email.

What if I did have a eBay or PayPal account?

First, I would not give them my email address. If you have to, then at least don't open any email from them.

Instead, if you think an email is legit from them, delete the email unread, and visit their site, and check on your account, to see if it needs any attention or correction.

Some stupid spam I've found recently.

I won't make any comments. Just look at these and figure out for yourself why I refused to open and read them, why I deleted them.


SENDER: Adorno

SUBJECT: Cheating on your wife?


SENDER: Halperin

SUBJECT: Take action now, eliminate the threat


SENDER: (unknown sender)

SUBJECT: (no subject)


SENDER: Dorothy Golden

SUBJECT: Additional Agreement #284-907 Do you wish to see and join sex with porn stars?


SENDER: support[at]paypal[dot]com

SUBJECT: PayPal Security


SENDER: c snell

SUBJECT: links


SENDER: blake [at] spreadfirefox [dot]com

SUBJECT: [spread firefox] Trotz Stellanabbau


SENDER: info[at]eBay[dot]com

SUBJECT: eBay PowerSeller Invitation


SENDER: --Mar.iah--



SENDER: chris smith




SUBJECT: Security Update!

Now, let me conclude with an excerpt

from an article at eWEEK.com:

"Email Hoaxes Spread Latest Threats"
by Michael Myser
June 29, 2005



Celebrity trials and current events are again the vector for virus and malware writers hoping to infect distant computer systems.

This week, e-mails claiming Pope John Paul II was murdered, Michael Jackson has died, and Osama bin Laden has been captured all tempt recipients to open the attached file or link for details, which launches the W32/Kedebe-F worm. ADVERTISEMENT

First reported Tuesday by security firm Sophos Plc. in the United Kingdom, the worm disables security software and then creates its own messaging engine to spread itself via e-mail and peer-to-peer networks.

Sophos also said a separate e-mail scam appeared this week, which poses as a virtual postcard but in fact infects users with several Trojan horse programs that can record and pass on personal details and bank passwords.

Although if a system is infected, the results can be devastating, for the most part the hoaxes are utilizing code that's been used previously and hence users are protected if they have updated virus definitions and Microsoft Corp. patches.

PointerRead details here about a smart-phone Trojan horse that poses as an anti-virus application.

"These aren't that much different in behavior from a lot of the others we see, and they're again using some sort of hook to get people to open them," said Ted Anglace, a senior security analyst in Sophos' Boston office. Anglace said enterprises could be a bit more vulnerable, as most do not typically use automatic updates from vendors, leaving a slight window in which systems can be infected.

eWEEK.com Special Report: Worm Attacks

The postcard e-mails tell recipients they've received a postcard and give a Web site link where the user can view the postcard. The site hosts the malicious code and installs the Clsldr-D Trojan and six others that can exploit Microsoft software vulnerabilities.

A third e-mail hoax purports to be a Microsoft Security Bulletin, encouraging users to immediately install the update, which spreads an SDBot variant, potentially giving attackers full unauthorized access to the computer.

The SDBot is designed to help establish botnets, which can be used to send spam or launch distributed denial-of-service attacks against corporations and Web sites. Security firm Websense Inc. reported the scam Tuesday as well.

Social engineering scams have long been a favorite tool of virus writers hoping to create widespread havoc. Mentioning everything from the FBI to famous figures like Paris Hilton and Anna Kournikova, the hoaxes often prey on the fears, desires and popular-culture interests of computer users to draw them into the scams.


[signed] Steven Streight aka Vaspers the Grate


No comments: