Spam: January 2007 Archives

Brian Krebs links to the XRumer auto-submitter in an entry in the Washington Post Security Fix. Its interesting to see the software that is out there for pumping spam into on-line bulletin boards.

XRumer, uses search engines to gather target forums, it then automates the registration and posting of the spam. They brag in the feature list that they can get around captchas, and email verification. There is a long video demonstrating its use.

Brian Krebs links to the XRumer auto-submitter in an entry in the Washington Post Security Fix. Its interesting to see the software that is out there for pumping spam into on-line bulletin boards.

XRumer, uses search engines to gather target forums, it then automates the registration and posting of the spam. They brag in the feature list that they can get around captchas, and email verification. There is a long video demonstrating its use.

According to a Government Computing News article, the Coast Guard is requiring all of its computer users to "take mandatory training on how to avoid fake e-mail messages that try to acquire sensitive data in a technique known as phishing and even more highly targeted attacks known as spear phishing."

That reminds me of a anecdote I heard recently where the Air Force gave anti-phishing training, and then followed up with a test phishing email purportedly from a high ranking officer. Because of the power of the rank of the email they still got a very high click through rate. Obviously more training was needed. That or a better filter.

According to various web reports, Google was using javascript to store your Gmail address book while you're logged in. As a result if you are logged into gmail, any other website you visit could request your Gmail addressbook.

This flaw has now been resolved, but it does give one pause about the danger of javascript.