At the end of 2010, we saw a resurgence of some vintage tactics spammers used three or more years ago to bypass content-based spam filters. In particular, three old ploys were revived for use in conjunction with newer trends (like falsifying alerts from social networking sites) for some fresh spam tactics, as seen in the Commtouch Q4 2010 Internet Threats Trend Report.

The first all-too-familiar tactic spammers revived in recent months is the use of hidden text. Fonts are shrunk down as small as possible and changed to white so as to make them invisible to the reader over an email background. Random typing that’s invisible to the eye but visible to spam filters is inserted in the middle of words that are standard red flags to Bayesian, heuristic, and other content-based spam filters. To the recipient, words simply appear to have sporadic, erroneous spaces in them; to the spam filter, however, those spaces are actually several characters, making the words unrecognizable, and therefore not cause for a block or re-direct into a junk mail folder.

A second tactic seen again at the end of 2010 after some time is the use of Google’s cache tool to sneak spam website links past content-based anti-spam technology. Google is, by default, a white-listed, or acceptable, domain to most spam filters. By going to a website through Google’s cached version link, the resulting URL begins with the Google domain name. By turning this URL into a hot link in an email, many spam filters are accepting, while the recipient is still taken to the spammer’s intended address via a typically seamless redirect.

The third vintage spam tactic enjoying new life since the end of 2010 is known as ASCII art. This refers to the careful arrangement of computer characters (letters, digits, and symbols) to form a larger representation of an image. Just type “ASCII art” in as a Google image search to see plenty of impressive examples. Using ASCII art, spammers can create representations of letters and words without actually typing those words. Hence, content-based spam filters remain unaware of the words and phrases that a human reader will see.

These revived spam tactics underscore the ongoing need in 2011 for an email security system that doesn’t rely solely on content-based methodologies. Effective spam filtering products have a multi-tiered approach that evaluates the validity of an incoming email message based on a variety of factors.

Related posts:

1. Current Spam Trends: What are the Hot Spam Topics?

Perhaps you’ve been staggering around, drooling, staring off into space, and pawing without coordination at miscellaneous objects within your reach. Perhaps you’re a zombie. Perhaps it’s Monday morning, Jim’s still lurking around the coffee pot, and the idea of discussing your weekend with Jim makes you twitch with sensations of oncoming spontaneous combustion, so you haven’t had your coffee yet. Perhaps I’m already getting way off-topic and thinking about the wrong sort of zombies.

Many people assume that spam’s primary purpose is to sucker you into buying supplements that will fail to make any of your various organs grow larger. But a significant chunk of the spam circulating out there in the email ether has one directive: hijack new email accounts to proliferate the spread of more spam. Computers taken over in this way become part of what’s known as a robot network, or botnet, and are often referred to as “zombies.”

Spammers commonly use spam messages to bring more random, under-protected email accounts into the ranks of their zombie armies. Many botnets are comprised of tens or hundreds of thousands of the millions of home and business computers that have been compromised, and they are the source of the overwhelming majority of all spam, as the Federal Trade Commission reported in a recent consumer alert.

Your home or office computers can be turned into botnet zombies without your ever knowing. There are a few indications that may arise, including a significant slow-down in the machine’s performance, mysterious emails stored in your sent-mail folder, or baffling complaints about the spam “you” have been sending lately. However, even if you find out that spammers have hijacked your email account, damage was likely already done.

The leading anti-spam email protection technologies today make use of a method known as IP address reputation filtering. Basically, they keep track of what email accounts at specific IP addresses are up to, identifying those that act legitimately and those that act according to spammer patterns. Reputations are thus established for IP addresses, and spam filters consider a sender’s trustworthiness when deciding whether an incoming message is spam. If your home or business computers become zombies, you’ll eventually develop a bad reputation and your emails will be bounced or sorted into spam folders. Consequences can range from slightly inconvenient to completely devastating for personal and professional email uses alike.

As a zombie, your computer may also give a spammer access to files stored within and email addresses in your contact lists. “You” may suddenly start sending your recovering gambling addict boyfriend emails promoting online casinos, or encouraging your grandmother to start purchasing her life-saving medications directly from some guy in a barn in Bolivia. Imagine the interesting interactions you’ll have when your work email account starts sending special offers to your boss and your client roster. You may also find that your host or ISP isn’t particularly happy with you, which can result in your website being shut down or your internet account cancelled.

Being a zombie is so often glorified, what with getting to eat brains and all. But when your computer is taken over by a spammer and hooked into a botnet, life as a zombie can be a lot less glorious. Usually, all it takes is one wrong click. Be on guard, educate your employees about spam threats and signs of malware infection, and invest in up-to-date anti-spam filtering.

No related posts.

The internet is becoming more hazardous to daily users, even those who take care to avoid the sort of websites typically associated with malware infections. In fact, malware infections are now considerably more likely to occur by visiting a compromised legitimate website than by opening a web page created to deliver malware, according to the MessageLabs Intelligence 2010 Annual Security Report. Last year, MessageLabs found 42,926 domains spreading malicious software, most of which were legitimate sites.

Commtouch’s Q4 2010 Internet Threats Trend Report outlines the type of sites most often compromised with malware. Pornographic sites are the perennial leader in this respect, followed by parked domains, computers and technology sites, business sites, and then education sites. The report also identifies the sites most often compromised with phishing ploys recently. The leading threat in this respect is gaming sites, with shopping sites, health and medicine sites, computer and technology sites, and business sites rounding out the top five.

Malware spread among peer-to-peer (P2P) websites that facilitate content and file sharing is a leading threat heading into 2011. In the second half of 2010, 3.2 million malware attacks were launched each month from P2P platforms, notes the Outcomes for 2010 and Predictions for 2011 report issued by Kaspersky Lab. The types of web-based threats spreading via P2P networks are practically all-encompassing; file viruses, a variety of worms, SMS fraud programs, backdoors, and Rogue AV software are all being seen in this context.

We’re also currently seeing a spike in ploys to get internet users to unwittingly download malicious software of their own volition. This has prompted cyber-criminals to further employ blackhat SEO techniques, disruptive ads, and unwanted re-directs to bring traffic to sites of infection.

The Koobface malware, whose name is a play on “Facebook,” is a current notable example of threats that trick users into downloading the infection. Commonly, victims received a message from friends on Facebook alerting them to a video posted on Blogger in which they were shown. Anxious to see themselves, users would follow the link to Blogger, unaware the message was inauthentic and originating from a friend’s hacked Facebook account. To see the video, the victim was prompted to download a necessary plug-in, which contained the Koobface malware.

One particularly alarming new threat, especially to industrial companies, is malware like the recent Stuxnet worm. Malware like this example has been targeting programmable logic controllers (PLCs), which are computers that operate the automated functions of electromechanical processes. The Stuxnet worm is the most significant web-based attempt at industrial sabotage we’ve seen, and the implications are quite dire, even posing very real threats to worker safety.

Also disturbing is the breakdown in 2010 of the guarantees associated with digital signatures and digital certificates, notes the Kaspersky Lab report. The former attest to the legitimacy of a message and its sender, while the latter establish the credentials of parties involved in web-based transactions. Currently, cyber-criminals are demonstrating the ability to create or obtain (legally or illegally) these online assets. The uses are varied and dangerous, compromising online transactions and facilitating fraud, as well as providing ways to fool and bypass the security measures in place on web-based applications.

The Kaspersky Lab report also identifies a key threat to watch for now, which it dubs Spyware 2.0. More sophisticated malware is already being employed with the one goal of illegally obtaining any and every piece of information possible, and this threat promises to increase in the foreseeable future. This new class of spyware indiscriminately steals all private information it gains access to, be it user names and passwords, financial data, contact lists, proprietary secrets, or anything else. Of course, the uses for this information vary, but all of it can be used for a cyber-criminal’s financial gain. The consequences of such malware infections can be ruinous for an individual or a company, with the latter possibly being exposed to major public relations nightmares and legal action.

The current climate of web-based threats is certainly not a pleasant one. And from the looks of things, it will continue to get worse before it gets better. One disturbingly clear fact is that we can no longer rely solely on our common sense to avoid malware and other online threats, as they are now lurking on legitimate sites across the web. This underscores the need for up-to-date information and for advanced, state-of-the-art malware protection.

Related posts:

1. Malware Threats Are Becoming Increasingly Common and Diversified
2. A Global View of Malware Threats: Which Countries Spread Them and Which Countries are Victimized?

Whether the message invites you to view someone’s webcam, prolong your erection, or watch “young girlz get raped,” adult content spam is becoming increasingly explicit, graphic, and offensive. It’s also becoming more common. Spam email accounted for 85 percent of all email, or 134.3 billion messages in November 2010, according to Cisco IronPort SenderBase Security Network. Considering adult content spam accounts for nearly six percent of that 134.3 billion, there is a tremendous amount of porn staring the average unprotected email user in the face.

How does that affect your organization?

Whether your organization is large or small, adult content spam is much more than a nuisance: it decreases employee productivity and morale, wastes resources, and may expose you to legal liability. Employers of all sizes have been found liable for failing to protect their employees from sexual or otherwise offensive electronic images and preventing inappropriate email usage.

Imagine this scenario: One of your employees, Steve X, arrives at your company on a Wednesday morning, eager to begin his day. He boots up his computer and signs into his email, just like any other morning. On this day, however, he opens an email message containing obscene text and the pornographic image of a young-looking girl. Steve X, being devoutly religious and the father of a 15-year-old girl, is extremely offended. In fact, he is sickened and outraged.

Scenarios like the one above occur frequently, with more than 25% of workers receiving offensive or sexually explicit emails on a regular basis, according to Michael R. Overly, an attorney and Certified Information Systems Security Professional. When an employee is subjected to disturbing messages and images, especially when it happens repeatedly, your company can be held liable for sexual harassment due to a hostile work environment.

Sexual harassment? Because of spam emails?

Yes. Employers who fail to protect their employees from a hostile work environment created by sexually explicit and offensive spam emails can be found indirectly liable for sexual harassment. While direct liability generally results when a supervisor sends sexually offensive text or images directly to a subordinate, indirect liability results when an employer fails to take all possible steps to secure the safety and comfort of his employees. If one or more of your employees has complained about sexually explicit spam emails and you did not take immediate steps to prevent future problems, your employee can sue you.

Fortunately, you can help protect yourself and your organization from liability by proactively working to minimize emails threats. By taking action, you can avoid or strongly mitigate any liability you may potentially face if one of your employees decides to sue.

* Develop a comprehensive email policy that outlines your organization’s position against sexual harassment and lists examples of inappropriate conduct. Distribute this policy to every employee and display it in highly visible areas of your workplace. Include a disclaimer and warning that employees using the Internet do so at their own risk.

* Provide training for all employees at all levels of your organization. Instruct your employees on the best methods of responding to offensive email messages and make reporting such messages as simple as possible.

* Use spam filtering technology and other up-to-date email security products to ensure your employees and your organization are protected at all times.

The time and money needed to protect your employees and organization from spam is trivial compared to the potential legal and financial risks posed by adult content spam.

No related posts.

Outgoing email rejections are becoming increasingly common, and while this is good news in the fight against spam, it can hurt your business if your emails are not reaching their intended targets. One reason for the increase in rejections is that growing numbers of incoming mail servers are rejecting emails from outgoing servers without a valid PTR record.

A PTR record, or pointer record, enables someone to perform a reverse DNS lookup. This allows them to determine your domain name based on your IP address. Because generic domain names without a PTR are often associated with spammers, incoming mail servers identify email from hosts without PTR records as spam. If you do not have a PTR, these same servers may identify legitimate emails from your business as spam and block them from reaching your customers.

Why Are PTR Records Important?

There is no requirement that you have a valid PTR record, but you may be unable to successfully send email to certain sites if you do not.

PTR records are most commonly used by spam filters to determine the suspiciousness of an email. Because spammers are more likely to use fake domain names and dial-up IP addresses, they are considerably less likely than legitimate organizations to have a valid PTR record. If a spam filter determines that your PTR record is generic or invalid, it is more likely to classify your email as junk mail. Blocked emails can result in lost business, damaged relationships with clients, and wasted time.

Unless you are certain that you have a valid PTR, do not assume your business is not at risk simply because you’ve received few complaints about missing emails; you may still have a problem. Because many organizations do not have matching PTR records, including those that use dynamic IP addresses, many spam filters use this criteria as part of a weighted algorithm in an attempt to reduce false-positives. Therefore, some or most of your emails may be getting through, leading you to erroneously believe your company is not being negatively affected. Unfortunately, it may take only one blocked email to seriously harm your organization.

In some cases, your email will be summarily rejected if you do not have a valid PTR record. AOL, for example, rejects email messages without valid PTRs. To avoid triggering spam filters, your PTR record should match with the host name on port 25 when the receiving server returns a verification check.

Contact your ISP to verify you have a valid PTR record or to request they create a PTR for your mail server IP address. PTR records are not created when you register your domain name; it is the responsibility of your ISP to create them. If your business uses a dynamic address and you cannot obtain a PTR, you can work around the problem by sending your outgoing mail through a server that does have a valid PTR record.

Ideally, you should stick to one PTR unless your business has a specific need for more than one. While DNS does not restrict the number of PTR records associated with each reverse DNS entry, having multiple records for a single IP address is generally a bad idea.

No related posts.

Because there are no barriers to entry, spammers and scammers are free to set up Facebook accounts to spread malware and phish for valuable information. In addition, Facebook is so user-friendly, people with no internet know-how or computer savvy join and participate. This stocks the social networking site with potential targets who lack the appropriate caution and skepticism about unknown links and messages, making it a particularly appealing place for cybercriminals.

The problem is so rampant the Detroit Free Press labeled Facebook “a veritable cesspool of spam.” In recent times, spammers have tried links that allegedly identify profile stalkers, show top-secret photos of Osama bin Laden’s body, and add a dislike feature to user accounts. Spammers even resort to mimicking anti-spam measures, with new fraudulent links claiming to be a way to verify the user’s account so spam accounts can be found and deleted.

With its growing reputation as a prime hunting ground for cybercriminals, Facebook just unveiled new safeguards to protect its users. One such measure is an integration of Web of Trust. This service relies on user ratings of websites from its community to determine whether websites are trustworthy. You can look up specific sites at http://www.mywot.com, or add software to your browser to stay informed about websites while you surf the web. Now, Web of Trust technology is available as a Facebook add-on, warning users about untrustworthy links posted on the site.

Facebook also implemented new clickjacking preventions that identify links on the site that claim to go somewhere they do not. When users click such links, a warning box pops up, giving the option to cancel or confirm the click. There is also a new layer of protection for users attempting to copy a malicious link from the site into their browser’s address bar. A pop-up box warns that the URL appears to contain dangerous code.

In an attempt to cut down on hacked accounts, Facebook added an optional safeguard for when accounts are accessed from unusual locations. Users can opt in to the service, which sends a confirmation code to the mobile device attached to the account whenever someone tries to log on from an unknown computer. Internet security experts recommend signing up, which can be done through your account settings.

Remember, though, that no matter what Facebook and other social networking sites do to protect you from spammers and scammers, cybercriminals always find a workaround or new tactics. The best defense is simply common sense and a healthy skepticism.

When you’re unsure about something a friend posted, ask them if it’s legitimate before clicking. Read the comments below links before clicking, as other users often warn about malicious posts before the item is deleted. Be wary of shared links that seem uncharacteristic of a friend, or that nobody comments on even though they seem comment-worthy. Never attempt to make changes to your account through links posted on your homepage or friends’ walls. Make all such changes via your account settings and privacy settings links.

No related posts.

The computer scientists from the University of California who made news in 2008 for determining that one in 12.5 million spam email messages yielded a sale are at it again. The team, comprised of staff from UC, Berkeley and UC, San Diego, believes they have found a viable way to end spam for good.

In recent times, we’ve witnessed increasing prosecution of spammers and cyber criminals, as well as more significant action against spam affiliate programs and computer networks. Most notably so far this year, the world’s most prolific botnet, Rustock, was taken offline in March by a cooperative effort between such unlikely partners as Microsoft, U.S. Marshals, Pfizer, Dutch law enforcement, and the University of Washington.

While it feels good to cheer on these anti-spam assaults, there’s no denying they are ultimately a losing battle. The holes left in spam networks invariably turn into vacuums quickly filled by other spammers. Such efforts ultimately amount to bailing water out of a sinking ship while ignoring the leak.

The reality is that spam will continue as long as it remains profitable. And though spam may seem laughable and pointless to you and me, it often turns a nice profit for successful spam entrepreneurs.

Almost three years ago, the team of UC computer scientists released their findings on spam success rates. The results were determined by hijacking the Storm botnet, one of the biggest and baddest botnets at the time. After infiltrating the botnet, they simply used it to do what it did best: send out massive quantities of spam. The team discovered that one in 12,500,000 spam emails got a response.

And while that does not sound too impressive, sending spam is an almost entirely automated process that costs practically nothing. More importantly, spammers are able to distribute spam in staggering quantities. In 2010, botnets sent out an average of 71.1 billion spam emails a day, according to the MessageLabs Intelligence 2010 Annual Security Report. Most of it originated from the 10 leading botnets. So, with one of every 12.5 million making a sale, that comes to 5,688 sales daily.

The UC researchers also found during their 2008 experiment that the average sale was for $100. To further extrapolate, that means botnets generate $568,880 a day in sales. That works out to almost $208 million a year.

Now, instead of peddling spam, the UC computer scientists welcomed as much of it as possible into their inboxes. For three months, they received it and opened it all. Then, to add to the insanity, they systematically made purchases from the websites advertised in the junk emails. You can read the full paper they published on their research’s purpose, methods, and findings at http://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf.

The team ignored the already extensively studied aspect of spam distribution. Instead, they set out to identify a “bottleneck” in the process of monetizing spam. This refers to a behind-the-scenes step in the financial process where spammers have such limited options that their ability to make money could reasonably be disrupted.

They located such a step. They found that only three financial companies processed 95 percent of the credit card transactions with which they purchased spam-advertised pharmaceuticals and supplements. These three companies are based in Denmark, Azerbaijan, and the West Indes.

Of course, it’s not possible to prevent every financial institution around the globe from handing money over to spammers. The international community could certainly put pressure on these companies to stop facilitating the exchange of money between online shoppers and spammers. This would take time, however. And in that time, spammers would find alternatives.

It is more practical to stop credit card issuers from settling transactions with financial companies that deal with spammers. If Western banks refuse to settle payments with banks determined to support the spam infrastructure, spam would instantly become almost entirely demonetized. The UC team also asserts that a financial blacklist of spam-supporting financial institutions can be easily established and kept up-to-date.

It will certainly prove challenging to make such a plan reality. But if it can be set in motion, spam might be rendered unprofitable and as useless as it is annoying. It remains to be seen how Western banks and politicians will respond to the information and suggestions put forth by the UC computer scientists. Still, it’s reassuring to know there is a possible light at the end of the tunnel.

No related posts.

Recently, phishers have been creating public documents and forms via cloud computing resources to harvest email addresses and associated passwords. Cloud computing allows people to access, create, and save personal files remotely without downloading software or purchasing licensing rights, as with a word processor.

Internet security firms uncovered a recent bout of spam email messages warning the recipients that they have exceeded their email account’s storage space. They are then instructed to follow a link to confirm their account’s validity by entering their email address and password into a Google Doc. Failure to comply will allegedly result in the closing of their email account–an age-old tactic built in to phishing ploys.

The Google Docs that harvest the personal information were created via cloud computing resources, for free. The advantage is an immediate air of legitimacy. Unsuspecting victims see a real Google Doc, with valid links to information about the program and cloud computing resources right on the page. The phishing ploy is located at the recognizable address spreadsheets.google.docs. Even somewhat savvy users can be fooled, as these cloud pages are displayed at an https:// address, which is for many web users a signal that the page is safe and secure.

Those who enter their email address and password into the provided fields on the Google Doc form and press submit send this information directly to the phishers.

Common sense should still win out if you receive one of these emails leading to a phisher’s cloud page. The emails contain most of the hallmarks of spam. They have typos, misspellings, and grammatical errors. The emails are impersonally addressed to “User,” “Account Holder,” or other vague terms. Likewise, they include impersonal signatures such as “System Administrator” and “System Administrator Center.” Links contained in the body of the email go to a different domain than the email was sent from.

Keep in mind that no email service providers will request that you enter your password anywhere other than the sign-in page to your account. Also, they won’t make random threats to close your account for exceeding a storage limit or other ridiculous reason.

It’s now important that the same skepticism you apply to email messages be employed when visiting web pages hosted on cloud computing servers, too. Certainly this is only the beginning of a new online security concern. Spammers, phishers, and other cybercriminals will undoubtedly continually find new and creative ways to defraud careless and unsuspecting web users via cloud computing resources.

No related posts.

With the combining of two of today’s most significant spam trends — targeting social network users and sending pharmaceutical spam — Google+, which is Google’s new social networking site, has joined the ranks of brands spoofed by spammers. Email messages from Google+ are now being fraudulently replicated in a major spam campaign.

The spam emails in question resemble legitimate messages a person may receive from a friend who uses Google+. The messages, which invite the recipient to check out the new social networking site, have subject fields like “Welcome to the new Google+ project.” The body of the spam contains a welcome, a default silhouette-style profile picture, and an invitation to view or comment on the fake user’s activity on the site. It then has a blurb about the site still working out some kinks and a large button to “Learn more about Google+.”

These spam messages are relatively well written by spam standards, mostly lacking the usual typos and spelling and grammatical errors. They appear to be written by a native English speaker, and they contain a realistic footer that includes the Google+ logo and an option to unsubscribe from further contact.

While this is the first large-scale spam campaign exploiting the Google+ brand name, it is not surprising, nor will it be the last. Social networking sites are some of the most-targeted by spammers, phishers, and other cybercriminals. Month after month, Facebook appears on the top 10 list–often even in the top 5–of websites most often targeted by phishers.

The current spam campaign is not particularly malicious. The emails seen so far simply redirect to websites selling pharmaceutical products, including spammer favorites such as Viagra, Cialis, and Levitra. Most are mock Canadian pharmaceutical websites, an all-too-familiar aspect of this category of spam. No malware or phishing ploys associated with this campaign have been reported as of this writing.

By the end of 2010, pharmaceutical spam accounted for more than 40 percent of all global spam in circulation. It remains the single most prevalent type of spam to this day.

You may wonder how many people who think they’re about to investigate a new social networking site will spontaneously decide to purchase pharmaceutical sexual enhancers or other drugs. Not many, to be sure. But a handful of recipients will undoubtedly buy something or at least bookmark the sites for future use. In large enough numbers, with spam messages sent out by the millions or even billions each day–at no cost to the spammers–a few emails will invariably be successful, yielding a profit.

If you receive an email purporting to be from Google+, or any other social networking site, always verify that it’s from somebody you know and confirm that it was sent to you with his or her knowledge. Though the current spam campaign contains nothing more than an annoying redirect, new campaigns spoofing Google+ will certainly arise in the near future that contain malicious files and attempts to phish personal information.

No related posts.

A massive fake IRS spam email campaign is currently delivering the Zeus Trojan horse onto domestic hard drives. Zeus, primarily an engine for financial fraud, has been plaguing the public since 2007. In a spam campaign that’s been going on through the latter half of June, email users are now downloading the malware contained in mock tax-related messages.

Experts note that the malicious messages are relatively well written, by spam standards. Still, some of the spelling and grammatical errors typical to spam written by non-native English speakers are present.

The messages appear to originate from the irs.gov domain, informing the recipient that there was some sort of problem processing their tax return payments. The subject line generally reads “Your IRS payment rejected,” “Federal Tax payment rejected,” or something similar. A PDF file is attached to the email.

The body of the email refers the recipient to the PDF for details about why their tax payment was problematic. Upon downloading the file, the user downloads the Zeus malware. Zeus uses keystroke logging, form grabbing and other tricks to gain access to private data such as credit card numbers, bank account information, and account passwords.

With the fear of an audit or entanglement with the IRS so well ingrained in the American psyche, this particular tactic is finding moderate success for a spam campaign. Such successes have built up the Zeus bot’s reputation over the past few years, making it one of the most infamous and dangerous malicious programs out there. It has been used in several dozen attacks and infected many millions of computers around the world.

Back in May, a version of the Zeus crimeware kit’s source code was leaked. It sprung up on numerous underground forums frequented by spammers, hackers, and cybercriminals. Previously only available at a steep price, the sudden availability of such malicious source code immediately worried internet security experts and cybercrime law enforcement agents. This latest fake IRS spam campaign may be the work of people who newly acquired the code.

Supporting this theory is the fact that there is a key mistake in the malware coding that gives researchers hope for determining who is behind the attack. While there are generally safeguards set in place to prevent the same person from repeatedly downloading the binary to collect samples for study, an oversight in the current campaign provides an easy loophole, facilitating study.

Like so many other spam campaigns today, the fake IRS emails make use of URL shortening. Typically, the spammers ensure that the same person cannot follow the shortened link pointing to the malware servers more than once. However, an oversight in the coding of this campaign allows the user to add on a special character to the end of the shortened URL, such as a plus sign or an asterisk, and follow the link to the malware servers repeatedly.

Thanks to this mistake, promising research is already underway to find those responsible for the latest attack of the Zeus bot. But spammers and cybercriminals usually prove resourceful. As word circulates about the specifics of the current spam campaign and the coding error, those behind the attack will no doubt alter their methods, change their servers, and clean up their code. Common sense and caution remain the public’s best chance at avoiding infection by Zeus or other malware.

Related posts:

1. Imposters Send Spam from Fake Apple Online Store