Planet Antispam
September 02, 2010
Recently, creators of Fake Anti Virus software have been getting quite creative and somewhat “professional” in designing the look and feel of their fake software.
Today I came across one with sounds.
Whenever the malware does a fake scan and finds something wrong with the user’s computer, a lady’s voice (in typical GPS style, I might add) booms out “New virus found!!”
If that’s not irritating enough, you get to hear her sweet voice again when she pesters you to “Please activate your Antivirus software”.
But don’t let her melodious voice fool you; she’s certainly out to get you.
Sophos detects this piece of malware as Mal/FakeAV-EI.
September 02, 2010 05:17 AM
September 01, 2010
Seth's Blog: The corporate conscience:
‘Corporations don’t have a conscience, people do.
That means that every time you say, “It’s just my job,” or “My department has a policy,” or “All I do is work here,” what you’ve done is abdicated responsibility—to no one.’
September 01, 2010 04:00 PM
When a user of a large mail system such as AOL, Yahoo, or Hotmail reports
a message as junk or spam, one of the things the system does is to look
at the source of the message and see if the source is one that has a
feedback loop (FBL) agreement with the mail system. If so, it sends a
copy of the message back to the source, so they can take appropriate
action, for some version of appropriate.
For several years, ARF, Abuse Reporting Format, has been the de-facto
standard form that large mail systems use to exchange FBL reports about
user mail complaints.
Until now, the only documentation for ARF was a draft spec
originally written Yakov Shafranovich in 2005, and occasionally updated
originally by him and later by other people including myself.
Earlier this year, the IETF chartered a working group called MARF which
took that draft, brought the references up to date, stripped out a lot
of options that seemed useful five years ago but in practice
nobody ever used, and this week it was finally published
as RFC 5965.
ARF (or now MARF) is quite simple, a version of the existing Multipart/Report
message format that includes information about the report, such as the
address of the recipient, descriptive text for a human reader, and
a copy of the offending message.
Having a standard format for reports, simple though it is,
makes them much easier to process.
For my tiny system, for example, nearly all of the trickle of reports are
about mailing list messages. When a FBL report arrives, an automated
script looks at the report and the message, and in the usual case that it's
from a mailing list, it creates an unsubscribe request to remove the
person from the list.
Otherwise, it passes the message along to the human manager so I can decide
what, if anything, to do about it.
Larger mail systems also use them to collect statistics about their
mail-sending customers.
The IETF process works particularly well when it standardizes existing
practice, and ARF/MARF is an excellent example of that.
The differences between the earlier drafts and the final version make it
clearer and more precise, and it's now a proper standard we can cite:
Abuse Reporting Format! Ask for it by name: RFC 5965!
September 01, 2010 03:11 PM
DarkReading: Major Disruption of Pushdo Botnet Wasn't The Original Goal:
“The researchers who successfully shut down much of the Pushdo botnet’s infrastructure last week didn’t go in planning to take down a large chunk of the botnet — that was a secondary but major byproduct of some related botnet research they were conducting.”
September 01, 2010 02:57 PM
KISSmetrics Marketing Blog: An Open Letter to Marketers Who Abuse Social Media for Selfish Gain:
“We’re not going to give you another self-righteous argument about how you can’t make money with social media. We’re not going to sermonize about the pitfalls of sleazy marketing. We’re not going to tell you you’re ruining opportunities for all of the other marketers out there who are trying to do things the right way.
You’ve probably heard enough of that, and it doesn’t matter anyway.
No, the honest truth is that it’s just a bad business strategy, and eventually you’re going to get burned.”
September 01, 2010 02:00 PM
ARF (Abuse Reporting Format), a simple specification that enables senders of email abuse reports (like, spam complaints and feedback loop reports, for example) to easily and appropriately encapsulate those reports in a way that ensures the receiving site will have all the information it needs to properly parse the report and identify the responsible party or process.
ARF was already on track to become a standard, as multiple ISPs' feedback loops were already in ARF format. Now, that process has taken a more formal step forward, as RFC5965 was just published by the IETF: An Extensible Format for Email Feedback Reports.
September 01, 2010 09:34 AM
August 31, 2010
You might have been considering implementing a hosted spam filtering solution such as GFI’s Max MailEdge service, but are unclear as to how it works, and what reprecussions it might have on your existing IT infrastructure.
Simply put, the majority of hosted or cloud-based spam filtering works by redirecting incoming e-mails directly to the appointed service provider instead. This is achieved by appropriately modifying the IP address listed under the MX configuration of the company’s domain. As a result, e-mails that come in are forwarded to the service provider’s servers first, before being rerouted to the “real” e-mail server.
Today, I’ve listed some important factors of a hosted spam filtering deployment that the technical manager will be interested in.
Freedom from the burden of processing spam
One of the key advantages of using a hosted provider to tackle spam is how it allows businesses to offload the computational and storage demands of eliminating spam to a service provider. Unlike the hard to predict costs of operating and maintaining servers over any length of time, hosted spam filtering providers charge a fixed rate per protected mailbox, which serves to eliminate hidden or unanticipated costs. Ultimately, this allows businesses to better track and budget for the cost of properly equipping each employee in the company.
Bandwidth and DDOS protection
One facet that is usually missed out in a hosted spam filtering deployment is the greatly reduced bandwidth required for the e-mail server. Assuming the company e-mail server is hosted in a data centre, this translates into direct savings on the billable bandwidth since only e-mails that have been cleaned are forwarded to the mail server. This reduction in network traffic is true even in servers deployed on the local area network and which will be evidenced by faster Internet connectivity in the office.
In addition, the use of a hosted spam filtering service also grants an implicit defence against denial of service attacks that are propagated against the e-mail domain. Obviously, this does not stop a malicious hacker or entity from directly targeting your e-mail server’s IP address. It does however form an additional layer of defence against DDOS, and should be more than adequate against casual or widely targeted spamming.
Platform Neutrality
One of the greatest advantages of a hosted spam filtering service is its platform neutral nature. All messaging systems are supported by default, ranging from Microsoft Exchange, Lotus Notes, to standard POP or IMAP servers. This includes more sophisticated deployments involving BES implementations of BlackBerry smartphones or Exchange Sync clients like the iPhone.
The only real prerequisite to use hosted spam filtering is that the protected e-mail address must belong to a company-owned and managed domain, in order to allow the MX configuration to be modified accordingly. E-mails flowing in will be automatically forwarded to the service provider, which will eventually route processed e-mails back to the correct e-mail server.
Ease of deployment
All it takes is a signed service contract and the appropriate modification of MX records to enable hosted spam filtering, making it a trivial matter to implement. The reverse is true of a self-deployed solution; companies usually have to either acquire physical severs (or provision virtual ones), purchase the correct number of client access licenses, followed by the installation and configuration of the appropriate spam filtering software. And I’ve not even got started about setting up the appropriate level of failover redundancy or the training and lead time required of the technical staffers running it on a day-to-day basis.
On the other hand, hosted spam filtering can be implemented without extraneous training for already overwhelmed IT managers or system administrators. In fact, the correct information and authorization to modify the MX records could even allow service providers to setup and enable their service – remotely.
Flexible and versatile
Finally, the nature of hosted spam filtering allows for great flexibility and versatility in how it is deployed. For example, users can concievably “stack” multiple providers in a chain, or opt to channel e-mails through another server (or service provider) for archival first, or even reroute new e-mails to a different server for the purpose of rolling out a new e-mail server. The list goes on.
This clean separation between the various components of your e-mail subsystem means there is no need for corporations to be concerned about operating system security patches or updates to the spam filtering software inadvertently “breaking” any part of your precious e-mail infrastructure.
Conclusion
Of course, while the controls and spam filters afforded by the hosted spam filtering services are generally excellent, there are also advantages to running a self-deployed spam filtering server as well. Next week, I shall be looking at some of the features that an IT manager will want to look for in a self-deployed system, so stay tuned!
Liked this post? Get more anti-spam related news from AllSpammedUp.com!
Some Reasons to Consider Hosted Spam Filtering
August 31, 2010 02:44 PM
Here's Ken Magill's take on Co-RegData.com theft of my blog content.
(xx301yz89901112aaaah33q3q3qbw)
August 31, 2010 02:51 PM
Reading through Brian Kreb’s blog last week, he has an interesting post up on the White House’s call upon the industry on how to formulate a plan to stem the flow of illegal pharmaceuticals:
The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications.
The invitation, sent via e-mail on Aug 13 by White House Senior Adviser for Intellectual Property Enforcement Andrew J. Klein, urges select recipients to attend a meeting on Sept. 29 with senior White House and cabinet officials, including Victoria Espinel, the Obama administration’s intellectual property enforcement coordinator.
“The purpose of this meeting is to discuss illegal activity taking place over the internet generally, and more specifically, voluntary protocols to address the illegal sale of counterfeit non-controlled prescription medications on-line,” the invitation states.
Klein did not return calls seeking more information. A spokeswoman for the White House Office of Management and Budget confirmed the event, but declined to offer further details. The meeting appears to be a continuation of the administration’s Joint Strategic Plan on Intellectual Property Enforcement, an initiative unveiled in June that promised to “address unlawful activity on the internet, such as illegal downloading and illegal internet pharmacies.”
According to the World Health Organization, approximately 8 percent of the bulk drugs imported into the United States are counterfeit, unapproved, or substandard, and 10 percent of global pharmaceutical commerce — or $21 billion — involves counterfeit drugs. LegitScript.com, a verification service for online pharmacies, is currently tracking more than 45,000 rogue Internet pharmacies.
It is unclear to me whether or not the goal of this initiative is to stem the flow of online crime in general or to reduce the flow of illegal pharmaceuticals flowing into the United States (since presumably this cuts into the profits of large pharmaceutical companies… who would naturally want to see their profit margins increased in return for pledging their support for health care reform that was passed earlier this year). Assuming that the target of this are the online pharmaceuticals, there are a few things I can think of. Unfortunately, a three hour meeting really isn’t enough to get this off the ground because it is a series of interconnected events that would need to take place. Anyhow, here’s a list of things I’d do:
- Stopping illegal pharmaceuticals piggy-backs onto stopping illegal <anything> on the ‘net. Spammers who advertise illegal software, or fake degrees, or fake enlargement pills, or fake mortgages are all basically doing the same thing. So, any strategy that is aimed at stopping those other things will extend to stopping fake pharmas as well. My point here is that concentrating only on fake pharmaceuticals may exclude strategies that scale to others.
- Registrars need to get their act in gear. When a website advertising cheap Viagra goes up, somebody somewhere needs to register that site. Whoever registers is needs to do a better job of verification of the identity who registered it. The problem here is that so many of these sites are registered by registrars in foreign countries which is outside the jurisdiction of the US. However, just like in the Wizard of Oz, there’s no place like home and the government can pressure domestic ones to do better proactive abuse mitigation.
- WHOIS protected services are questionable. I don’t deny the need for WHOIS-protected services in some cases. However, any time I am looking up a suspicious site and the WHOIS registration is protected, that’s pretty much all I need to make the determination that the site is abusive. It doesn’t cost much to shield your WHOIS information. If you want to do it, that’s fine but there should probably be a stricter set of criteria who shielding your information like this requiring you to jump through a couple of more manual hoops.
- Crack downs on spammers will go a long ways. One of the chief mechanisms of advertising illegal pharmaceuticals is through the use of spam. We all get it in our inboxes. Of course, there are other avenues of advertisement such as black search engine optimization. However, because it is not particularly difficult to send out a lot of spam and make money off of it, and because there is little chance of repercussion, spammers continue to do it. If law enforcement had more resources dedicated to prosecuting spammers such that it became more de-incentivized, then the supply part of the equation would start to dry up. In other words, putting spammers in prison will help in this regards, and this requires a prioritization of law enforcement resources. Whether or not they are willing to divert resources from one area of law enforcement to another is an open question.
- Perhaps walled gardens are a good idea. In Australia, some ISPs kick infected computers off of their network if the ISP can detect that the machine connecting to it is infected with malware. Or, they redirect them to a sandbox and alert the user that they cannot continue until they clean their system. If more ISPs made this a policy, then maybe we’d have less malware abuse flowing back and forth in cyber space. I don’t think I’d want government to enforce this, but perhaps ISPs might be willing to voluntarily comply with this.
This is a small list of things that could be done but by no means it is exhaustive. Running up-to-date software is a good idea, and so is running the latest patched version of one’s software. What other ideas do you have to cut down on the flow of illegal online pharmaceuticals?
August 31, 2010 04:14 AM
Most typical modern malware variants tend to hide critical parts of their functionality (strings, URLs/IPs of its dodgy servers, etc.) using some form of encryption. In most cases only trivial algorithms are used. However, these suffice as the intention is usually not to create unbreakable encryption, but merely to obscure their malicious intent from anti-virus engines.
Although some authors choose to cloak their malware in complete paranoia, such as the ZBot family that encrypts everything with an industry-standard RC4 implementation with enormously long keys, typically, you would not find anything more serious (such as AES, or BlowFish) even in the most complex of polymorphic viruses.
The most overwhelmingly-common method of string encryption is to use an XOR operation with a key. A big appeal of this technique is that the same simple operation can be used to perform both encryption and subsequently decryption of the data, ie: E[i] = (E[i] Xor Key) Xor Key.
But sometimes it is not just simple, its even more than simple - where there is no need for ANY decryption key to decrypt data!
While analyzing one of the recent samples, I found a very curious encrypted string (hexadecimal representation):
67 02 11 17 0C 01 08 0F 0E 49 5E 18 18
In the line above there is one single encrypted string. You don’t need any additional key to decrypt it - it is all available using a very simple algorithm. The decrypted string is:
67 65 74 63 6F 6E 66 69 67 2E 70 68 70 ; getconfig.php
To transform this string from the original, each byte is decoded by performing an xor operation with the previous byte (first one is not encrypted); so:
0×67 xor 0×02 = 0×65 (”e”), 0×65 xor 0×11 = 0×74 (”t”), …
Brilliantly simple although this will not hamper Sophos detecting it (Troj/Agent-OFC).
PS Other strings from this malware which uses this encryption technique include:
&hddsz=%I64x
ntd11.dll ; (sic)
htmlfile
Installer\Products
SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers
ROOT\CIMV2
Error setting admin rights
… and so on (about ~100 different strings)
August 31, 2010 01:33 AM
August 30, 2010
Following in the footsteps of Lethic, Waledac, Mariposa and Zeus, yet another botnet has been infiltrated and shut down (even if temporary) – Pushdo. Pushdo is a family of malware, and Cutwail is the spamming software that spreads its payload across the Internet. From The Register:
Security researchers have disrupted the botnet known as Pushdo, a coup that over the past 48 hours has almost completely choked the torrent of junkmail from the once-prolific spam network. Researchers from the security intelligence firm LastLine said that they identified a total of 30 servers used as Pushdo command and control channels and managed to get the plug pulled on 20 of them. As a result, the torrent of junkmail spewing from it dropped to almost zero on Thursday, according to figures from M86 Security Labs.
Also known as Cutwail, Pushdo has long maintained a strong presence in the rogues gallery of the security world. It is known for spam that attempts to trick recipients into installing malware and it also excels at hiding itself from intrusion-prevention systems, security researches have said. Its output has varied over the years with estimates as high as 20 percent of the world's spam at some points.
…
The disruption is good news, but it also highlights the uphill challenge white hats face in severing menaces from the net. Some of the host providers contacted by LastLine ignored the request to disconnect the malicious servers, despite receiving a fair amount of data documenting their bad deeds
My own statistics on Cutwail from March-June 2010 suggests that it was the 3rd largest botnet after Rustock and Lethic. Cutwail more closely resembles Lethic in that it sends a lot of spam to multiple recipients in each email envelope. It still trails Rustock but not by a large margin. In terms of unique IPs, both Cutwail and Lethic had about the same amount, but Lethic sends way more spam per IP than Cutwail does. In terms of country of origin for IPs that are spamming (not C&Cs), I see the following:
- South Korea
- China
- United States
- India
- Brazil
Regarding this particular takedown, typically what tends to occur in instances like these is that the spam operation from a particular source (botnet, ISP, etc) is disrupted for a small period of time. Then, gradually, spam levels return to their former levels. This is because bots that are sending the spam are attempting to call home to their C&Cs but because they cannot connect to anything, there is nothing to do. It’s like a military unit out in the field awaiting orders but radio communications are down at central command.
The botnet operators then have to rebuild their infrastructure. They start sending out new pieces of malware, creating new C&C nodes and send out even more malware to get hosts infected to send out spam. The previous nodes are orphaned unless they have code installed that can phone home and update themselves. Of course, as any programmer knows, writing software that automatically updates is easier said than done. Once this new malware filled with C&C nodes reappears, and new hosts start spamming again, the botnet has rebuilt itself and usually the authors have learned a thing or two from the previous time and have made their code a bit more resilient with some redundancies built it. That’s the unfortunate part of takedowns – they work for a while but the next time it promises to be less easy. You don’t get two McColo’s in a row.
August 30, 2010 05:55 PM
My old friend Mike Horwath relates his tale of Newegg.com doing just about everything wrong in response to a spam complaint. Spamming him again after he contacted you, then holding up the phrase "you've been removed" as if it means you've really resolved the issue, implying that the mail must be OK because it "is CAN-SPAM compliant," implying that the spam reporter is lying about the mail being spam, etc.
The smarter among us already know that mail is not spam just because it is CAN-SPAM compliant. Mike doesn't care that the mail was CAN-SPAM compliant, and neither do ISPs. They care about permission and relevancy -- two areas in which Newegg.com has let Mike down with this issue.
August 30, 2010 06:30 PM
Google announced that it has fixed a bug that caused a small percentage of GMail accounts to send the same email messages over and over again. The unending barrage of messages caused some of the affected accounts to be blacklisted by services such as SORBS.net and Backscatterer.org and left users wondering if their computers had been infected with some kind of malware or hacked.
“The problem with Google Mail should be resolved,” Google’s tech support staff wrote. “We apologize for the inconvenience and thank you for your patience and continued support. Please rest assured that system reliability is a top priority at Google, and we are making continuous improvements to make our systems better.”
Some affected users who use GMail for business purposes were embarrassed and left having to explain to clients and colleagues who were no doubt annoyed by the flood of duplicate messages. Google has not provided any details about the bug or what might have caused it, and it’s not known if they provided assistance in getting blacklisted users off those lists.
It’s estimated that about 2.5% of GMail’s roughly 160 million users (as reported by the Wall Street Journal) were affected. That may not sound like much, but it equals about 4 million users whose accounts were turned into mail bombing machines by the bug. That’s a lot of email.
Google probably wishes the timing had been better as the bug hit in the same week they had called a press conference to announce that Google Voice and GMail have been integrated.
Liked this post? Get more anti-spam related news from AllSpammedUp.com!
GMail Bug That Turned Some Users Into Spammers Fixed
August 30, 2010 01:31 PM
The folks over at InformationWeek are reporting that the Pushdo botnet has been crippled. Thanks to a combined effort on the part of several security researchers, Pushdo, also known as Cutwail, has had the majority of its command and control servers shut down. Pushdo pumps out enormous amounts of spam, much of it malicious, and is responsible for a massive DDoS against hundreds of commercial and government websites earlier this year.
Compromised computers spew spam.
“We identified a total of 30 servers used as part of the Pushdo/Cutwail infrastructure, located at eight different hosting providers all over the world,” said Thorsten Holz at cybercrime intelligence service LastLine. “We contacted all hosting providers and worked with them on taking down the machines, which lead to the take-down of almost 20 servers. Unfortunately, not all providers were responsive and thus several command & control servers are still online at this point.”
The shutdowns resulted in Pushdo’s huge flood of spam sharply plummeting.
Is this a good thing? Of course. Will it last? Not likely.
Botnet herders have learned from the McColo shutdown. Their command and control systems have become more complex and widespread so that when something like this happens, they are usually back in business within days rather than weeks or months. Many botnets are not programmed with long lists of domains so that if they try to connect to one and get no response they can move on to the next one and so on until they are able to connect.
It will be interesting to see how long it takes Pushdo to bounce back!
Liked this post? Get more anti-spam related news from AllSpammedUp.com!
Pushdo Botnet Crippled
August 30, 2010 10:48 AM
Don't be taken in by this variation of the 419 lottery scam. The text portion of the message is as follows:
Dear Winner,
Find attached your winning Notification,in the Shell 2010 Online drwas.
Do contact our payment Manager for the immediate release of your funds.
Name: Attorney Cynthia Benton
Email address:[removed]@yahoo.com.hk
Phone/Fax: +44-7624-[removed]
Congratulations!!!!!
Shell Payment Department London.
30/08/2010
The message includes an image containing the Shell corporate logo:
Greedy recipients of this message won't realize that the email address of their contact is a free account from Yahoo! Hong Kong. Think for a minute: Why would a gigantic oil corporation not use its own email system for this highly valued award? (And, if you knew how to read email headers, you'd also ask why Shell Oil U.K. would send you a prize winning notification through a botnet computer in Taiwan.)
If you get sucked into communicating with these crooks (the phone number is for a cell phone, by the way), they'll get you to fork over all kinds of fees and taxes out of your own money, and you'll never see a dime of the award money. It doesn't exist. Shell Oil does not give away money like this. This scam has been running for years and years under the guise of other corporate and government sponsorships.
That's right, hit Delete. Now.
August 30, 2010 07:11 AM
August 29, 2010
Here's the body of a phish purporting to tell me about a $386 refund from
the Canada Revenue Agency. Even disregarding the signature that says
Internal Revenue Service, check out that alt text and file name for the image.
After the last annual calculations of your fiscal activity we have
determined that you are eligible to receive a tax refund of $386.00
Please submit the tax refund request and allow us 6-9 days in order to
process it. <br />
<br />
A refund can be delayed for a variety of reasons. For example
submitting invalid records or applying after the deadline.
<br />
<img height="340" alt="Fake CRA site"
src="http://video.itworldcanada.com/ITBUimages/Jan19/fake_cra.jpg"
width="450" /><br /> To access the form for your tax refund, please
<U><a
href="URL of phish site">click
here</a></U> <br />
<br />
Regards, <br />
Internal Revenue Service
August 29, 2010 11:11 PM
Krebs on Security: White House Calls Meeting on Rogue Online Pharmacies:
“The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications.”
August 29, 2010 10:07 PM
Security Labs: 419 scams go phishing:
‘The scam we describe in this blog is quite interesting because it is combines a typical 419 scam with a phishing attack. After the initial communication with the scammer, the victim receives a phishing email claiming to be from PayPal indicating that the scammer “PayPaled” the money to the victim. Here is the long story.’
August 29, 2010 09:06 PM
Terry Zink: Russian cybercrime is organized / Russian cybercrime is not organized:
“…the more I read, the more I see conflicting views on the state of the criminal cybercrime world. On the one hand, the Russian criminal cybercrime underworld is a scary, organized place where people are actively trying to do the rest of us harm. On the other hand, there is the position that that position is an exaggeration of what it is actually like and that it’s a bunch of ragtag folks who have some advanced computer skills but they are not formally organized.”
August 29, 2010 06:01 PM
Terry Zink: A bit more on Rustock:
“Rustock is, of course, the largest botnet out there but it depends on how you count it, as I have iterated in the past. If you count by number of unique IPs, then it is the largest botnet by a large margin. If you count by the number of email envelopes, it is still the largest by a large margin. However, each email envelope can have multiple recipients (receivers on the RCPT TO). If you count the each recipient as 1 message, then Rustock is the second largest botnet, trailing Lethic by a large margin.”
August 29, 2010 03:00 PM
Spam Wars: Repeat After Me: "The From Field is Forged" :
“Spammers and crooks know it: Lots of email recipients treat the From: field as if it must be telling the truth. If an email message that makes it to your inbox says it’s from Joe Blow, well, by God, it’s from Joe Blow.
This blind faith about unsolicited email messages is what gets so many computer users into trouble.”
August 29, 2010 02:00 PM
The following internet advice, which may have a subject title such as above, could just get you killed.
Like any other middle aged, balding, over-weight chap my mother still worries about me. So when her friend sent this to her and many other people, she forwarded it to me first:-
Just in case!!!
Let’s say it’s 6.15pm and you’re going home (alone of course), after an unusually hard day on the job.
You’re really tired, upset and frustrated.
Suddenly you start experiencing severe pain in your chest that starts to drag out into your arm and up into your jaw. You are only about five miles from the hospital nearest your home. Unfortunately you don’t know if you’ll be able to make it that far. You have been trained in CPR, but the guy that taught the course did not tell you how to perform it on yourself.
HOW TO SURVIVE A HEART ATTACK WHEN ALONE
Since many people are alone when they suffer a heart attack, without help, the person whose heart is beating improperly and who begins to feel faint, has only about 10 seconds left before losing consciousness.
However, these victims can help themselves by coughing repeatedly and very vigorously. A deep breath should be taken before each cough, and the cough must be deep and prolonged, as when producing sputum from deep inside the chest.
A breath and a cough must be repeated about every two seconds without let-up until help arrives, or until the heart is felt to be beating normally again. Not sure I can cope with this - takes me more than 2 seconds to draw breath these days.
Deep breaths get oxygen into the lungs and coughing movements squeeze the heart and keep the blood circulating. The squeezing pressure on the heart also helps it regain normal rhythm. In this way, heart attack victims can get to a hospital. Tell as many other people as possible about this. It could save their lives!!
A cardiologist says if everyone who gets this mail sends it to 10 people you can bet that we’ll save at least one life.
Rather than sending jokes (not sure I agree with this part - keep on sending them they’re probably stopping me getting a heart attack) please contribute by forwarding this mail which can save a person’s life….If this message comes around you ……more than once…..please don’t get irritated…..U need to be happy that you are being reminded of how to tackle….Heart attacks….AGAIN…
It sounds very plausible and if true would be worth spreading to as many people as possible. But I told my mother not to send it on to anyone until I checked it out. I went straight to the British Heart Foundation website and other sources which revealed that this is dangerous advice and to all intents and purposes not true (except in the most extremely limited of contexts):-
IS47 Cough Cardiopulmonary Resuscitation (IS47_Cough.pdf)
Cough cardiopulmonary resuscitation
What is ‘cough cardiopulmonary resuscitation’?
There is a theory circulating from an uncertain source that you can stop yourself from having a heart attack by practising a technique called ‘cough cardiopulmonary resuscitation’ (sometimes called ‘cough CPR’ or ‘self CPR’). It suggests that coughing vigorously when you think you may be having a heart attack can return the electrical activity of the heart to normal.
The British Heart Foundation (BHF) is not aware of any evidence to support this theory and ‘cough CPR’ should never be used as a first aid technique.
What is the source of the ‘cough CPR’ technique?
You may have heard about ‘cough CPR’ or ‘self CPR’ from an email about an article called How to survive a heart attack when alone. According to the email, the article was originally published in a newsletter from Rochester General Hospital in the USA. However, the hospital claims that they have no knowledge of the source. The email says that vigorous coughing when experiencing sudden, severe chest pain (the classic symptoms of a heart attack) may help to restore or improve the circulation of blood, by maintaining the heart’s normal electrical activity. The advice is very loosely based on reports of people who have used coughing to maintain some sort of cardiac output during cardiac arrest. There is no evidence to support this.
So what should I do if I think I am having a heart attack?
If you experience heaviness or tightness in the chest, accompanied by sweating, sickness, or feeling faint or breathless, you may be having a heart attack. You will need emergency treatment to stabilise your condition, so you need to call 999 for an ambulance immediately.
For more information
———————
www.bhf.org.uk/doubtkills
For more information on what to do if you think you are having a heart attack.
Resuscitation UK Council
www.resus.org.uk
So remember, always verify internet advice if it is not directly from a trusted source.
Please note that Sophos does not certify any medical advice given above.
August 29, 2010 12:53 PM
August 28, 2010
threatpost: Anti-Phishing Group Targeting Fax-Based Scams:
“The heyday of faxing may have passed twenty years ago, but scam artists haven’t given up on the old technology, especially when it comes to wheedling personally identifiable information out of unsuspecting office workers. Now a leading anti-phishing group is tackling the problem of fax based phishing scams.”
August 28, 2010 10:03 PM
threatpost: DLL Hijacking: Facts and Fiction:
“The reality is anyone who can stumble through the DLL project wizard in Visual Studio can write an ‘exploit’ for this vulnerability, and when the dust settles the lists will look a bit silly — virtually every Windows application will be found to be vulnerable in one way or another.
Does it matter? Yes. Is it cause for concern? Probably. Should we all panic about this new ‘glut of zero-days’? Not at all.”
August 28, 2010 08:03 PM
DarkReading: Careful With That Third-Party Web Widget:
“As more businesses continue to use third-party code in their websites and import content from other sites, the security of their visitors increasingly relies on others.”
August 28, 2010 07:02 PM
SophosLabs: It’s that time again…:
“It’s back to school time! I thought I might use this as a reminder to talk to your kids about computer security. We drill it regularly to our employees and readers, but honestly, kids need to be taught about this as well.”
August 28, 2010 03:54 PM
MillerSmiles provides its weekly phishing analysis for the week of 21st August 2010 to 28th August 2010
August 28, 2010 12:00 PM
August 27, 2010
An interesting phish was just escalated to me for analysis. Well, ironic more than interesting.
Looking at the following phish:
The message is a typical phish with clues to its nefarious origins.
Dear Valued Customer,
Your New Online Statement Summary is now available to view online.
So, go and take a look, it’s there to keep you in the know by detailing your transactions.
Please remember to always keep your receipts safe, check them off against your statement and dispose of them carefully.
If you spot a transaction that you don’t recognize you can get help from the link on your statement,
if anything still seems wrong contact us straight away.
Log on to view your account statement
Sincerely,
TD Canada Trust
The link pointed to the images folder of a WordPress blog. The funny thing was that the blog is a ‘leg and stocking’ fetish site.
Unfortunately, there were no phish net stockings!
August 27, 2010 03:32 PM
Apple’s walled garden, also known as the iTunes store, showed a crack this week when reports began flooding the Internet of compromised accounts being used to siphon money from PayPal for unauthorized purchases at the online music outlet.
Sums charged to PayPal varied, but one iTunes customer claimed $4700 had been debited to his account through the Apple store by parties unknown. Other users reported more modest thefts–$500, $650 or $1000.
Although the bandits were exploiting connections between iTunes and PayPal, they exhibited behaviors associated with credit card scammers. For instance, they always spent less than $100 on an item. That’s a tactic used to stay off the radar screen of fraud trackers. It’s also a significant cut off point for merchants. At $100 or above, they’ve got to foot the bill for a fraudulently purchased item.
PayPal has denied its systems had been breached. “We’ve looked into this extensively, and want to assure you that: 1) the PayPal system itself has not been compromised and continues to be secure; and 2) if you have been affected by this issue, the criminals behind it have not taken over or logged into your PayPal account,” the company’s chief information security officer Michael Barrett wrote in a blog.
While PayPal was advising its customers to report their problems to the company so they could be reimbursed for any money they may have lost to scammers, Apple passed the buck to others. “We’re always working to enhance account security for iTunes users,” it said. “If your credit card or iTunes password is stolen and used on iTunes you should contact your financial institution about chargebacks for any unauthorized purchases.”
While not officially commenting directly on the security of iTunes, off the record, the company discounting breach speculation. “There’s no security hole in iTunes, and if you’ve been unfortunate enough to have hundreds of dollars in unauthorized purchases charged to your iTunes account, it’s likely because you’ve fallen victim to a bot attack or phishing scam-a variation on the one that’s been around for years now,” John Paczkowski wrote in All Things Digital.
“Sources close to Apple tell me iTunes has not been compromised and the company isn’t aware of any sudden increase in fraudulent transactions,” he added.
If neither iTunes nor PayPal were compromised, password theft via a phishing scam or malware infection seems like a logical inference. Indeed, it’s one a number of unnamed security experts cited when contacted by reporters following the story. But there were some oddities in the transactions involved that didn’t seem to fit a straight password pilfering scam.
For example, all the unauthorized transactions were tied to PayPal. If the scammers stole iTunes passwords in a phishing scam, why were the only users victimized those who made iTunes purchases with their PayPal accounts?
The receipts generated by the unauthorized purchases were also queer. When purchases are made at the iTunes store, a receipt is generated and sent to the purchaser. Such receipts were received by the victims of this scam. However, a comparison of subject lines in receipts performed by Charles Arthur at The Guardian revealed an interesting disparity.
When an item is bought with a credit card at iTunes, the subject line usually says “Receipt for your payment to iTunes Store.” When it’s bought with PayPal, the subject says reads, “Receipt for your payment to iTunes.” What Arthur discovered was that while PayPal was used to make unauthorized purchases, the receipts generated from those purchased contained credit card subject lines.
Despite the lingering questions about the break-in, the consensus still seems to be that they involved compromised passwords and those passwords were obtained by phishing or other forms of Net mischief.
For consumers who want to avoid becoming victims of online scammers, PayPal’s Barret offers these tips:
- Use a safe password: use a strong password which includes a combination of upper and lowercase letters and numbers. But don’t use the same password for every online account you have. That’s basically like using the same key for your house, your car, your office and your safety deposit box. If you lose that key, you’re in trouble.
- Protect your computer: use a modern, supported operating system such as Windows 7 or Apple’s OS X Snow Leopard. You should also use an updated Internet browser that blocks fraudulent websites, like Internet Explorer 8, Safari 5, Firefox 3 or higher. As always, keep your antivirus software updated.
- Don’t click on links in email: never click on links in email and then enter your username, password or other sensitive information – even if the email looks like it’s from your bank, an e-commerce site, the IRS or popular sites like PayPal.
- Use common sense: if you wouldn’t do something in the offline world, don’t assume it’s safe online. If a stranger walked up to you at a gas station and said, “Please give me the key to your house; I need to make sure there are no burglars there,” you’d probably tell him to go take a hike. Likewise, if you get an email, phone call or some other unexpected message demanding that you turn over your username and password, don’t do it. Trust your instincts.
Liked this post? Get more anti-spam related news from AllSpammedUp.com!
Phishing primary cause of bogus iTunes charges
August 27, 2010 01:08 PM
Co-regdata.com seem to be pirating content from my own site here at Spam Resource dot com.
Example stolen content: http://www.co-regdata.com/2010/08/27/ken-magill-returns-45th-edition/
That seems to be a duplicate copy of my post about Ken Magill's new website. Oddly, they removed Ken's website URL and replaced it with their own.
If you're looking for a reputable co-reg data provider or lead generation partner, co-regdata.com might be a poor choice. If they're taking my content and using it in an unethical manner, without my consent, that doesn't give me high confidence about their ethics when it comes to lead generation.
(Thanks for reporter Ken Magill for giving me a heads up about these guys.)
August 27, 2010 11:23 AM
