Malicious spam emails are a scary concept as we wrote in our Antivirus Aids Spam Fight article less than two weeks ago. This is where spam messages are laden with attachments carrying Trojans and viruses attempting to infect your computer. If they succeed (by getting past your antivirus defences and convincing you to open them) they turn your computer into a spam zombie which then sends more spam on behalf of the spammer. That’s if you’re lucky. Some malicious spam messages will infect your computer and attempt to steal your private data, including credit card and online banking details. Others will steal other personal information which can be used to forge your identity.

The reason for the steep rise in malicious spam levels is because of a recent spate of malicious spam emails. Specifically, two big malware spam attacks earlier this year, the Penguin Panic Trojan (responsible for 27% of malicious spam) and the Win32/Haxdoor Trojan (responsible for 12% of malicious spam), caused huge surges in the numbers of spamware blocked. This also represents a significant change in direction for spammers as spamware had previously almost exclusively attempted to zombify computers to use them in the propagation of spam. With the Penguin Panic Trojan attacking iPhones, evidence suggests that spammers are changing tact and looking for new platforms to exploit, including social networking communities like Facebook.

Most spam is still being produced in the USA (almost 20%), with the usual suspects of China, Brazil, Russia, India, Italy, Argentina, Italy, South Korea, Turkey and now Thailand and Columbia also sending significant amounts of spam.

Anti spam filtering services and anti virus services report that their filters continue to stop the same levels of spam as before the indictment, suggesting that simply prosecuting so called spam gangs alone, is not an effective solution.It may be that the continuation of spam levels may be as a result of the tens of thousands of HerbalKing zombied computers on the Internet being configured to send their queue of spam messages regardless of whether the HerbalKing servers are running or not.

If this is the case, we may possibly see a resulting reduction in spam levels in due course as theses zombies are either patched with anti virus tools or exhaust their existing spam message queues. As we have said before, we will continue to monitor this story and post updates here.

Just don’t do it. Ever. There is nothing to be gained from responding to spam email at all. By now, most of us know that spammers speculate when they send us spam, by guessing thousands of email addresses. Most of the spam they send ends up nowhere as they are addressed to mailboxes that don’t exist or are stopped by anti spam filters. However, when spam messages do get the past spam blocker, and does get through to our mailboxes, one of the most surefire ways to confirm to spammers that they have found a live email account, is to send them a reply of any sort.

So don’t reply advising them that they must have got the wrong address (they didn’t) and definitely don’t try to unsubscribe from their fake email list. These actions will just get you more spam as the only thing it does is confirm your address is live. The spammers will then sell this information to other spammers at a premium, and you’ll find that more of their spam heads your way.

So does that mean you should never unsubscribe from email lists? Well, no. We’re just saying that if you don’t remember signing up for that particular newsletter then, chances are you didn’t. It’s another trick of spammers and anti spam agencies have been advising email users about this for many years. The best thing you can do with spam is just delete it. Better if you can delete it without even opening the message. Better still is to tag it as spam if your email programme supports this. Doing so tells the anti spam software that the message is spam and trains it to better detect it as spam the next time it arrives

The truth is that anybody can receive backscatter because spambots often forge the senders address in messages they send. If a spambot on your computer sent a message to an address (which does not exist) and forged my address as the sender, I will receive the bounceback. Naturally, I would also be scratching my head as I struggle to recall sending a message to somebody I don’t know offering to sell them an authentic Rolex watch I don’t have. And at a mere $200!

Our spam filter service and other spam blocker services of any merit are already stopping backscatter reaching end user mailboxes. If you are experiencing problems managing your anti spam solution, or if it is not sufficiently filtering backscatter, consider a free 14 day trial of our service.

Al Iverson and Terry Zink have been writing about backscatter for years. See the Al Iverson article for an excellent definition of backscatter.

Apparently we all receive several unnecessarily CC, BCC and Reply-To-All messages at work each day which significantly cuts down our productivity. These, coupled with the equally unnecessary “thanks for that” and “no problem, anytime” responses to replies, can quickly add up to several hours a month in wasted time processing them.

In his article, Email Hell for Forbes, Ross Mayfield, writes that Basex Research calculates these interruptions are costing industry up to $650 billion each year in lost productivity. They also estimate that the average corporate employee will send and receive a staggering 228 email messages per day by 2010.

Mayfield suggests that businesses can reduce this email overload by transferring some of the need for these messages to be transmitted via email very easily. Companies can post the replies to questions on their blog or use Web 2.0 interactivity to publish and distribute answers preemptively.Of course, this is not going to be suitable for every type of situation, but can encourage companies to look at new approaches to communication.

As unsolicited email spam continues to tangle with spam filters and anti spam blockers, perhaps the first thing we can all do at work, is think twice before spamming our colleagues, clients and suppliers with unnecessary messages. Ross Mayfield’s Email Hell article suggests various additional approaches businesses can take and makes interesting reading.

If you are a webmaster or manage your own domain, one of the easiest things you can do quickly and cost effectively to reduce spam, is to stop using catchall email forwarding on your domain. Catchall mailboxes receive such high volumes of spam for two reasons;

1) Spammers take guesses at email addresses on your domain. They use dictionaries to prepend any word or name to your domain name as well as other methods where they employ clever tools to guess at other possibilities such as james.smith@yourdomain.com or jsmith@yourdomain.com. These tools can also generate countless other variations of an email address before then sending several thousand spam emails to your email server.

2) They also send spam messages to other people supposedly from guessed mailboxes on your domain. When these messages are bounced they end up coming back to your domain and if you keep catchall forwarding on, they ultimately arrive in your inbox. This technique is one of several forms of ‘backscatter`, a phenomenon which has been annoying and puzzling many email account owners for years.

Of course, the address the spammer tried to send a message to was probably also an invalid address, so this server may also bounce back the message, ensuring that the message continues to loop around causing endless backscatter. You can considerably reduce the amount of spam you receive by disabling catchall forwarding and thereby only receiving email sent directly to the addresses you have setup on your domain. A message sent to an address which you haven’t expressly setup is returned to the sender advising them that the address does not exist.

This is the correct functionality and prevents the increase and spread of spam.

In the old days computer viruses were computer viruses and antivirus programs protected your computer against them. In that bygone era spam was spam and was filtered by anti spam filters and software. And never the twain did meet. Today, as spammers constantly conjure up more sophisticated and cunning schemes to get into our mailboxes and convince us to open their messages, the lines have become extremely fuzzy and the two forms have merged.

Spammers now send us spam containing viruses in order to infect our computers with their spam bots, the intention being to turn our computers into zombies which then send out more spam on their behalf, courtesy of you and me. It has indeed gone full circle. Spammers spam us with viruses which in turn spam us with more viruses. And so it continues ad infinitum. 

In the latest of these techniques spammers have developed a new trick where their spam email appers to come from Microsoft, advising us of a new important Windows security update. By opening the attached .exe file we can supposedly quickly patch our computer and protect ourselves from the new Windows vulnerability. Not so. In fact, the .exe file contains the Win32/Haxdoor Trojan which proceeds to steal passwords and private details such as financial information and personal identifiable data, sending them to the criminal spam gangs. Christopher Budd, a spokesperson from the software giant responded by reminding users that the software giant never delivers Windows updates via email, these are only distributed through the Windows Update tool built into the Windows operating system itself.

“As a matter of company policy, Microsoft will never send you an executable attachment… If you get an e-mail that claims to be a security notification with an attachment, delete it. It is always a spoof”

Remember the good old days when spam just tried to sell us anatomy enlarging pills or pump & dump stocks? How I long for those days again because now, spam has mutated. Today, spam is bent on infecting our computers and stealing from us. How times have changed for the worse! 

Antivirus software always comes with a scheduler and usually these are set to update automatically straight out of the box. Yet some users actually turn this feature off, sometimes when troubleshooting an issue, and often forget to turn it back on. We can’t stress enough how important it is to keep your antivirus software updated, especially as a spam prevention measure.

So today’s lesson? Remember to keep your antivirus software updated, preferably opting for daily updates and at a time of day when you are likely to be using your computer. And crucially, don’t open attachments ending in .exe. Nobody really sends them anymore and most email programmes won’t even let us attach them meaning that if you get one, it’s unlikely that a real person has sent it. Even if it appears to have been sent by somebody you know, delete it without opening it. Don’t say we didn’t warn you!

“The #1 worst spam gang on the Internet for much of 2007 and 2008, and active since at least 2005, has been indicted by the US Federal Trade Commission (FTC) in conjunction with simultaneous charges in New Zealand and possibly Australia & India”

In a preliminary action on Tuesday, the FTC succeeded in convincing a US district court to freeze the assets of the group, known collectively within the anti spam industry as HerbalKing, and order them to shut down operations immediately. It is reported that the group had sent billions of spam email messages over the past 2 years on subjects ranging from replica jewelry, to fraudulent slimming pills and penile enlargement products, just to name a few. In ordering that HerbalKing cease their operations immediately the court may have succeeded in immediately and significantly reducing the levels of spam circulating on the Internet.

This is a huge victory for the anti spam effort and for the Internet community at large. However, it is feared that HerbalKing may have invested its assets in offshore bank accounts, thus effectively cancelling out any effect of a freeze on their assets in the USA.

As this is an early phase in the civil action, penalties and/or fines will not be handed down until much further in the case but, at Remote Anti Spam, we’re hoping that the US court in Illinois takes this opportunity to make a serious statement and show a committed intent to bringing down spam rings wherever they operate.

Sources: Spamhaus, NY Times

One of the most effective techniques spammers use to gather email addresses is to scan the Internet with programs called spiders (or bots). These spiders crawl the Internet looking for email addresses on web pages and online services. We all use Internet services on a regular basis and very often find that we’re required to sign up with an email address to gain access to a service we want to use. The problem is that some of these services then publicise our email addresses for others on the Internet to see. Why not give this a quick test; search for your email address in Google and If it turns up anywhere, then you can be pretty certain that spammers have already scanned that web site and retrieved your email address. Whether you’re a webmater that has your email address on your web site or in whois, or a normal web user with an account on facebook, myspace or linkedin, the chances of your email address being published somewhere is very high.

So what can you do about this? Well if you’re a webmaster you have a little bit more control than the normal web user as you’re able to make changes on your web sites. Some social networking sites are now employing techniques to protect their members’ email addresses, while others are dragging their heels to do so.Even if your social networking sservice doesn’t provide any protection technique, most do atleast allow you to set your email address as private so that only people you have accepted as friends can see it. You should be able to find this option in your account settings.

One of the methods being used more widely now is email address image conversion. This involves converting your email address into an image file such as a jpg or gif and uploading it to your web sites. The automated robots that spammers use to crawl the internet for addresses can’t read the text on image files very easily (at the moment) and this means that they won’t see your email address sites they crawl. Take a look at the following example,

The example above for the address you@yourdomain.com was generated by SafeMail which goes one step further, providing you with automatically generated links which allow you to paste the image code straight into your web page. The best thing about this technique is the simplicty of it. There are now several web sites available to do this automatically for you. We have suggested our favourite for you below.

• SafeMail

SafeMail makes it very simple to convert your email address in seconds and then download the resultant image file. SafeMail carries a declaration that they will not abuse your email address.

Just to ensure that your email address will be safe with this serviceswe tested it with a specially created email address and monitored it for 2 weeks to see if it received any spam. After all, you’re giving your email address to these sites to convert it to an image, who is to say they won’t store it and send you spam? We didn’t receive any spam in the 2 week test and are pretty sure (at the time of writing) that your address will be safe with SafeMail. If this changes, we will let you know.

Another technique being used by spammers is that of embedding malicious code within the HTML source of some email messages so that the code is run when the email opens.

Security experts have also identified a rapidly increasing trend in phishing scams exploiting the current global financial turmoil. Phishing scammers are sending messages appearing to provide advice or services able to assist people with concerns over their mortgages, savings and investments.

Some sources have reported that there has been a 101% increase in the number of zombified computers sending spam in the last month, possibly a sign that spammers are realising an opportunity to benefit from the current financial crisis affecting everybody.

Here at Remote Anti Spam we are working closely with our partners and developing new rules and techniques to detect and block this surge in spam and malicious content. In the meantime we encourage our customers and all email users to exercise caution when receiving messages from people they are not familiar with, especially if those messages contain .zip or .rar files (whether password protected or not).

Crucially, users should also ensure that their antivirus software is up-to-date with the very latest definitions and antivirus software engines.