Spyware, Adware News

Spam king Sanford Wallace and phishing buddy Walter Rines hijacked some 300,000 MySpace accounts and sent hundreds of thousands of spam messages and comments across the service. They got their punishment: a whopping $225 million judgment in favor of MySpace, Information Week reports.

MySpace decided to sue when it discovered the duo had lured MySpace users into revealing their login information through phishing sites. After obtaining user IDs and passwords, the pair distributed messages to the users’ friends list with links to various Web sites involving gambling, pornography and ringtones. According to court documents, Wallace and Rines distributed 735,925 messages during the scam and earned over $500,000 in the process.

A blog purporting to be from Sanford Wallace (The site registration address matches the address on the court docuuments.) Says:

I am amazed whenever I read an article written about the latest crimes I’ve committed and the latest court orders I’ve broken.

I don’t even learn about most of these claims until I read about them somewhere on the Internet. I live a low profile life. In the meantime, the world around me apparently still blames me for every spam and phish page on the Internet.

Please, move on to the real spammers.

..I am still waiting to be served. And I haven’t been hiding either. The whole case was one big PR move..

source:

www.crn.com/security/207800154

government.zdnet.com/?p=3813

blogs.pcworld.com/staffblog/archives/006956.html

http://en.wikipedia.org/wiki/Sanford_Wallace

No Comments yet »

The scams rely on a technique known as social engineering to trick computer users into divulging personal information that the cybercriminals or their customers can use to bilk unwary taxpayers.

The new phishing scams use spam e-mails to gull prospective refund recipients into providing their bank account information and other personally identifiable data via a fraudulent form that is attached to the original message by a hyperlink.

“To convince consumers to reply, the e-mail warns that a failure to complete the form in a timely manner will delay the issuance of the rebate check,” the bureau said in a warning.

The bureau urged people to use caution when dealing with e-mail from unknown senders, repeating the frequently heard warning that such electronic messages often include malware. The FBI notice also included examples of the types of deceptive wording the phishing e-mails have used.

The latest FBI warning about the online flood of fraudulent tax refund e-mails comes on the heels of a rising tide of IRS-related online fraud, as reported by GCN. The recent notice follows earlier warnings on the same topic by MX Logic, which predicted the fraud tactic earlier this year.

The bureau’s fraud notice also echoes IRS’ own anti-phishing warnings and actions against IRS spoof sites. The IRS recently stated that the number of bogus IRS sites has increased twelvefold this year over last year.

source:

FBI Warns of Phishing Scam Related to Economic Stimulus Checks

IRS Warns of New E-Mail and Telephone Scams Using the IRS Name; Advance Payment Scams Starting

www.gcn.com/online/vol1_no1/46255-1.html

No Comments yet »

Panda Labs posted a report about a string of Phishing kits discovered recently, which unlike some of their better known counterparts are free to use. The news is not groundbreaking, but it does serve as a reminder that nowadays anyone can get in to the act of performing criminal activities online.

Panda Labs is reporting on the discovery of free Phishing kits that allow criminals, both professional and script kid in nature, to spoof bank pages and emails, online pay platforms, GMail and Yahoo accounts, online games (Xbox password theft) and blogs (Fotolog access credentials).

Upon accessing a URL that contains the kits, users obtain the files to create a fraudulent mail; one file allows them to spoof mails of banks, pay platforms etc., and the other allows them to create a fraudulent page that resembles the original. Additionally, the kit includes a PHP program, which is also free, to send emails from the spoofed page.

“The really amazing thing is, these kits are free,” explains Luis Corrons, Technical Director of PandaLabs. “Due to the simplicity of the tools, the number of Phishing attacks increases, causing companies and consumers large losses. According to a study conducted by Gartner, Phishing attacks caused U.S. consumers losses for US$3.2 billion in 2007.”

source:

http://pandalabs.pandasecurity.com/archive/Scampages.aspx

thetechherald.com/article.php/200820/948/Panda-Labs-locates-phree-Phishing-kits

No Comments yet »

Identity theft is the fastest growing crime in cyberspace. In real life social situations, your identity cannot easily be stolen because you are identified by your appearance, your voice, your manner of speech, your habits and so on. Anyone who knows you should be able to tell at once whether it is you or some other person.

But on the internet, your name, looks, voice, habits etc. are not revealed. You are identified only by your electronic signatures, which can easily be forged by those who know how to do such things. And this may lead to financial loss and other trouble.

Imagine that in real life someone goes to a friend of yours, claims to be none other than you, and asks to borrow money. He will be instantly rejected because your friend knows that it isn’t you but some other person posing as yourself. But on the internet this is not so easy to find out. Anyone who is able to steal and use your electronic signature virtually becomes you, for all practical purposes. If that person has your credit card number or social security number, for instance, he or she can easily use that to make financial gains, to your detriment.

How to Prevent Identity Theft
How do you prevent against identity theft? There are a number of procedures that experts recommend. You cannot totally control whether your identity will be stolen or not, but following these shall at least minimize the risks.

First, use passwords to lock down all aspects of your online presence. You need to be specially careful about your social security number and your credit card number. Your telephone accounts can also some time be under threat, so it is best not to ignore those either.

What is a good password? If you use one that is easy to remember, then it will be easy to break, too. Do not use your mother’s maiden name or the name of your first school, or any such real information that can be fairly easily retrieved by a diligent cracker. Rather, use combinations of letters, numbers, spaces and punctuation marks to make it nearly impossible to break. And make it as long as possible – the longer the better. Remember, you shouldn’t write down your passwords anywhere, specially not on your desktop pad or on a file on your hard drive. These can be easily accessed by a determined person.

Secondly, use software like GPG (GNU Privacy Guard) to protect your privacy through strong encryption. This type of program can encrypt all your files and folders in a way that only one who knows the password should be able to access them. They can also encrypt your e-mail too, so that only the authorized recipient would be able to read them and anyone trying to intercept them midway shall only find a handful of jumbles.

Identity theft can also occur through insecurely handled real-life hard copies of important documents. Use a high quality paper shredder or incinerator to dispose of all your trash – you never know what little sliver of paper contains enough info to let your personality be hijacked. If you use traditional mail, drop your letters only at securely located mailboxes, and collect them personally from the post office.

1 Comment »