OK, so we buried the quiz for Commtouch swag at the end of a long post, during the quietest week of the year. We’ve learned our lesson and extended the deadline to January 15. Just try - you’ve got nothing to lose, and the opportunity to win some free Commtouch goodies. I won’t tell you what we’ll send (isn’t it fun to have a surprise in life?), but in our inventory we have all the usual stuff with the Commtouch logo proudly emblazoned on it.
Just when you thought it was safe to go in the water…it seems like new phishing schemes are popping up all over the place.
The latest target?
When we logged into the Commtouch Twitter account, we noticed the warning message to users. (Kudos to twitter for being proactive and warning its users!) Apparently the scam targets twitter users via direct messages; the direct messages proclaim that a blog post has been written about you or that funny pictures of you have been located online.
If you click on the link provided in suspect messages, you are directed to a landing page that looks exactly like the Twitter home page. If you look more closely, however, you realize that the URL is something like this: http:// twitter . access - logins . com. According to the Commtouch data center, this domain is classified as ”fraud/phishing” and it turns out that the domain has been set up to mock the appearance of Twitter in hopes of stealing user names and passwords from people who may not realize they’ve been duped.
In case you accidentally became a victim and your account is used to perpetuate the scheme, twitter will “proactively reset the passwords of the accounts.” Don’t worry though, you can reset your password by contacting twitter to reset your password.
While this was a phishing scam, plain and simple, using techniques we are familiar with from spam and IM, there are other web security holes inherent in the Twitter platform. ZDNet blogger Jennifer Leggio (aka @mediaphyter) wrote a overview of Twitter and other social networking sites and how they handle the glaring security hole that is URL re-directs. Because of the nature of Twitter, condensing thoughts into 140 character snippets, URLs are often automatically condensed using a service like tinyurl which redirects to longer addresses, making them easier to use with a smaller number of characters. As seen in the above example (just under the text box), if a URL is condensed using tinyurl, there is no way to really know where it is pointing before you click it, unless you are using a Twitter add-on such as Power Twitter. In an attempt to overcome this issue, Twitter has added an “expanded URL” feature to its search page so savvy users can at least see what URL they will be going to (even if they don’t know if that URL is safe or not), but this feature is still not available on individual tweets from the regular Twitter site.
For more information on the Twitter phishing scam, see the Twitter blog. Also visit the Commtouch Web site for more information about how Commtouch GlobalView URL Filtering can identify malicious URLs and protect against schemes like this, blocking harmful sites at the zero hour, often long before users are exposed to them.
Are you on Twitter? Follow Commtouch and stay up to date with the latest Internet security threat trends.
Classmates.com has become the latest target in the trend of spam sent from what appears to be legitimate sites. What an emotional roller coaster! Imagine getting nostalgic, dusting off your old yearbooks, digging out your prom dress…
..you go to download the files to watch a little film clip announcing your high school reunion…you anticipate the tube socks and tight-rolled jeans…
…and instead of seeing your old friends and their big hair and braces, you realize you’ve infected your computer with a nasty Trojan.
In the email example depicted above (click the image to enlarge), the recipient receives a link to a “video” followed by a link to an “Adobe Installation” site.
If the recipient clicks through to the the (fake) “Classmates” landing page, he or she sees what looks like a video invitation, that requires a media player to view. However if the so-called media player is downloaded, the recipient receives a malware file that will wreak havoc on his or her computer.
Things to consider before clicking on links and downloading files from “Classmates” or other such sites:
The conclusion? It looks like playground pranks have been taken to another level.
Commtouch’s partner Hauri, from Korea, came out with their new ViRobot Mail Security just in time for the holidays, for that favorite IT Manager on your gift list.
The Hauri product has Commtouch Anti-Spam integrated in it.
A few nights ago, the Commtouch Israel team and our partners/spouses had a chance to kick back, enjoy some great food and enjoy each others’ company without once talking about the latest version release, or our new web security product, or what kind of malware we’ve been blocking lately (ok, these subjects might have come up once or twice…;)
Of course, the evening would not be complete without an entertainment program, which in our case was the game show 1 vs. 100, Commtouch style, complete with cheesy announcer (I kept cracking up every time he opened his mouth), and push-button voting from the stands.
Kudos to Gabriel, Lior and Shlomo, three reluctant winners of the game.
Here are some pics from the event:
Don’t we look like a fun-loving (and food-loving) group?
We all had such a good time trying to figure out the answers to 1 vs. 100 that I thought I’d share the fun with the blogosphere. Try your hand with the questions below, and the first three who answer all the questions correctly will receive a random piece of swag with Commtouch’s logo on it (you’ll have to send me your real name & address of course - I’ll contact you if it’s you). This is just for readers of the Commtouch blog, qualified infosec folks, partners, customers, investors, etc., NOT random people from freebies sites, so don’t even think of posting this on a freebie site. And I’m limiting this to the first 3 people who answer correctly, and closing the quiz on December 31. BTW Commtouch employees and their relatives are not eligible to participate (sorry guys).
Here’s the quiz:
We recently got really curious and translated some German spam to see what it is they were trying to sell. We ended up finding that the cultural differences between German-language and English-speakers carries all the way over into the world of spam, beginning with the fact that the email - selling sexual enhancers - was written in third person to denote respect. How many polite spam messages selling sexual enhancers have our English-language readers seen lately?
One of the paragraphs reads:
Life is too short – enjoy it to the fullest.
Money can’t buy everything! (like) the potency and steadfastness of over 30 minutes now!
And another part reads:
Money comes and goes – (but the) unforgettable sex experience remains forever, and after all this is the next best thing in the world!
Order today and forget your disappointments, persistent fears of failure and repeating embarrassments!
Gee thanks for reminding us all of our disappointments, fears of failure…and especially our repeating embarrassments! That DEFINITELY makes us want to buy your product.
We clicked the link to see where we’d end up and lo and behold…the link took us directly to the same Canadian Pharmacy that has been spamming folks in English for ages with messages like “Impress your girlfriend.” So spammers are segmenting their target markets with different messages just like legitimate marketers.
Here is a sample sexual enhancer message in German.
Cousin Kimmy just sent me a link to a Hallmark holiday e-card. How sweet!
…wait a minute…
I don’t think it’s really from Hallmark.
…wait a minute…
I don’t even have a cousin Kimmy!
Malicious code writers are at it again this holiday season. The latest trend is a plain text or very simple email that looks like it has been sent from a legitimate e-card source. When an unsuspecting recipient clicks on the link, Trojan software is downloaded onto the computer. Sometimes a user may be prompted to download some sort of plug-in to receive the holiday greeting, or the link may simply lead to a site that downloads the Trojan automatically.
Holiday greeting schemes and Trojans are old tricks, so how are these messages getting by email filters? Some content-based filters won’t block messages that appear to be coming from legitimate sites, in order to avoid blocking legitimate messages (i.e. false positives).
So what are we trying to tell you?
That is an example of a fake notification. Looks legitimate, doesn’t it? Legitimate card sites will never ask you to download things. Beware!
Trojans, eh? Never look a gift horse in the mouth…
In the spirit of the holiday, Commtouch has chosen to make a donation to a charitable organization on behalf of our business partners and friends. We considered many options and decided upon a very worthy organization called Trickle Up. According to their Web site, Trickle Up aims to “empower people living on less than $1 a day to take the first steps out of poverty, providing them with resources to build microenterprises for a better quality of life.” Together with local agencies, Trickle Up provides “business training and seed capital to launch or expand a microenterprise, and savings support to build assets.”
In 2007, Trickle Up launched more than 11,000 microbusinesses, and their statistics are impressive: 9 of 10 Trickle Up businesses continue after the first year, 7 of 10 microentrepreneurs increase their family’s food intake, 5 of 10 are able to send more children to school, 5 of 10 are able to buy better clothing for their families, 85% of Trickle Up businesses are lead by women and 10% of the people served by Trickle Up have a disability.
Some examples of the Trickle Up impact include:
Trickle Up empowers women—who make up 70% of the world’s poorest people—to become leaders in their communities through business training and membership in savings groups. With the profits from her rickshaw business, Ajmeri Bibi now saves money each month, sends her two youngest children to school and has become a local women’s health advocate. -India
Rosa Pichaya Pichaya, seated at her loom, is the treasurer of a women’s weaving collective in Comalapa. Through Trickle Up’s support, the women are turning traditional skills into profit-making businesses that improve their quality of life. Prior to receiving Trickle Up support, the women relied on middlemen, who sold their products and provided the materials they needed on credit. Now, the members of the collective sell their own products and buy their own materials, resulting in higher profits. -Guatemala
Aïssata Ballam, treasurer of her savings group in Horogundé, Mali, holds her group’s savings box. As Trickle Up members save a portion of their earnings, funds are collected in this box and later used to provide small loans to members for reinvestment in their microenterprises. Fastened by three locks belonging to three separate key holders, the savings box can only be opened when the members meet. Locks help ensure that the women have a safe place to save, which helps to reduce their vulnerability. -Mali, West Africa
Seed capital is just one of Trickle Up’s three program components. Trickle Up also offers business training to plan, launch, market and maintain a sustainable livelihood. Here, two Ugandan women learn how to save a portion of their earnings through membership in a savings group so that their profits will provide access to more capital. - Uganda, East Africa
A donation has also been made to Charity Navigator, without whose tools, this process would have been much more difficult. Charity Navigator works to advance a more efficient and responsive philanthropic marketplace by evaluating the financial health of over 5,300 charities. Their user-friendly site is can be sorted by charity name, location or type of activity. They also feature valuable opinion pieces, donation tips, and rankings of efficient and inefficient organizations. Charity Navigator assisted our search and made the decision-making process that much simpler.
Commtouch wishes all of our partners and friends…and everyone around the world…a happy and healthy new year.
Messaging Architects, a Commtouch licensee, announced a new release of its M+Guardian extreme email firewall solution, which incorporates Commtouch Zero-Hour Virus Outbreak Protection. This is a signature-less process for proactively scanning the Internet and identifying virus outbreaks the instant they appear and before signature updates are typically available. To see how the Zero-Hour product stacks up against other AVs and can complement them, visit the Commtouch Malware Outbreak Center.
Recently, we’ve seen spammers exploiting legitimate tools (or what appear to be legitimate) for illegitimate activities like we mentioned with Google Docs, Flickr, Blogger and Blogspot. The common theme here? In each case, the spammers tried to cloak the fact that they are actually spammers, in order to circumvent automated anti-spam engines that use traditional content-filters.
The other day we saw another such attempt to exploit Google Docs. The email appears to have been sent from Google Docs using their “Share” function. Additionally, every recipient is a Gmail user! We did a double-take until we saw the subject line: “Hello, are you ready?”
Ha! Maybe we are…and maybe we aren’t! What’s it to you!? …and what exactly are we getting ready for?
We then looked at the text of the message and saw two completely unconnected “services” being offered - both prescription drugs AND gambling! All in one email. It’s kind of like those gas stations in the middle of nowhere that also sell fireworks…some things just don’t go together!
And the icing on the cake? The “Marry” Christmas at the end. “Marry” Christmas to you too! Maybe if you’re nice, Santa will bring you spell check…
