My MovableType spam defenses have kind of run amok. It was letting through a ton of spam which led me to disable anonymous comments. For its next trick it decided to trash valid comments. The first method used for trashing valid comments was a rule that http:// shouldn’t appear in the commenter’s name field. That …
One of our users is a victim of backscatter and has been reporting them to the abuse mailbox at work. Backscatter is the unsolicited mail that occurs when a spammer sends out email as you and poorly configured email server return all manner of notices to you. Its funny to watch the Barracuda spam firewall …
Today’s SANS handler diary notes a SPAM storm is effecting the availability of mail servers at some companies in Canada. Its always amusing to note spammer mistakes in formulating the email addresses. In this case it looks like they are using $firstname$randomword$lastname. That’s not going to work very well. The sheer volume, is causing some …
F-Secure is reporting in their blog that they are seeing spam in FDF file attachments. FDF files will open in Adobe Reader. Spammers are using this as their latest attempt to bypass spam filters.
Interesting article about an ITWeek writer and an email blacklist. He learns he’s blacklisted. He wonders how this can be, but ultimatly he tracks it down. interesting stuff.
Brian Krebs links to the XRumer auto-submitter in an entry in the Washington Post Security Fix. Its interesting to see the software that is out there for pumping spam into on-line bulletin boards. XRumer, uses search engines to gather target forums, it then automates the registration and posting of the spam. They brag in the …
According to a Government Computing News article, the Coast Guard is requiring all of its computer users to “take mandatory training on how to avoid fake e-mail messages that try to acquire sensitive data in a technique known as phishing and even more highly targeted attacks known as spear phishing.” That reminds me of a …
Continue reading ‘GCW: Coast Guard Mandates Anti-Phishing Training’ »
According to various web reports, Google was using javascript to store your Gmail address book while you’re logged in. As a result if you are logged into gmail, any other website you visit could request your Gmail addressbook. This flaw has now been resolved, but it does give one pause about the danger of javascript.
iDefense is connecting the Stration virus with the recent rise in spam volume according to an article in Information Week.
John Graham-Cumming blogs on a new animated gif techniques spammers have used to thwart OCRing. His entry a day earlier is interesting also.