If you have a Facebook account, and most of you do now a days, its getting tougher to to know if an email from them is legit.  Below is an example of such email that is NOt legit.  If this or any other type of email make it past your spam filters, there are way to find out if its legit before you go clicking on any links.  The first thing you might notice is the blank picture and the user name of Facebook Support.  That alone should make you aware that something is not right.

When it comes to social networking, the spammers and hackers are usually only one step ahead of the good guys.  Why is that?  And when you take out trash the night before garbage day, you can always tell that the animals got to it, by the mess they leave on the ground next to the can.   Same thing happens when you take down a spammer, a new one take its place.  Are Twitter users under attack?  Again?  Read on...

They're at it again!  The spammers from China are floating their junk accross the internet in hopes of someone seeing their advertisements.  We do understand that everyone does have a right to advertise, but this is illegal in the way they go about it.  They have now sucessfully gained access to hotmail's mail server and are pumping out millions of junk mails everyday.  The names and email address's they use are in the headers of the emails that are sent out.  Example below demonstrates it fairly well.  If you follow the header and url, you will notice that it is definately spam without a question on your mind.

AOL User Accounts Under Attack!

It seems that as of lately we have been seeing more and more spam E-Mail from AOL users.  These spam messages have been very subtle in that they only have a single url in the message.  These links mostly resolve to spyware and malware sites that try to infect your computer while visiting their site(s).  Do yourself a favor and immediately delete these messages as soon as you see them in your inbox.  Do not bother trying to track them down as they are actually going thru AOL's servers.  The only thing you can do, is if you happen to know this person's email, is to ask them to check their machine for virus's, spyware and malware.    If you are constantly receiving these spam messages, then send a raw copy with the header to abuse@aol.com.  Hopefully they (AOL) will get the message to tighten their filters.

Facebook users under attack?  It would appear that the three million users that Facebook has under its skin, are serpentinely being duped into clicking on the link found in an email being sent to them.  In this mass mailing, users are asked to update their account information before they are allowed to login, by clicking on the link provided in the email. 

If your interested in learning how to take down a spammer, read on.  The information that will be provided in this article will only get you started.  Over the years we have had several people ask us to help them deal with a spammer or or bot master.  Most of what we do is investigative work.  By that we mean actually pulling apart the emails or decompiling the bots that we catch.  Granted decompiling is a job that most users cannot do themselves, but the pulling apart emails, you can.

First off, you need to copy your entire spam email message over to plain text file.  An example in how to do this using Microsoft Outlook Express.  The easiest way to do this is to right click on message in the top window, above the preview window, and click on properties.  Then click on details.  After that, you can now see the full raw email with headers.  Right click in that window and select all and the right click again and select copy.  Now your ready to paste that over to a blank text file.  Open up windows explorer and either find a directory that is suitable or create one to place all your investigative work in. 

If your like everyone else, you not immune to the phishing tactics of the scammers or spammers that send you daily junk that tots messages about your banking services being updated.  We have decided to take one such phishing email apart and show you just how crafty these criminals really are.  We start off by receiving the spam message in our inbox like the one below.

If your curious about the bad effects that rouge online pharmaceuticals have, then you must read this report from KnujOn.  They go into depth on the how the criminals are getting away with breaking the laws.  Let us know what you think, by posting your comments in the forums.

News Alert

http://www.icann.org/en/announcements/announcement-07aug09-en.htm

GNSO Fast Flux Hosting Working Group Publishes Final Report

7 August 2009

The Fast Flux Hosting Working Group has just submitted its final report to the GNSO Council.

In May 2008, the GNSO Council launched a Policy Development Process (PDP) that tasked a Working Group to answer a number of questions related to fast flux hosting. Fast flux hosting is a technique that utilizes short Time To Live settings and frequent updates of DNS records to increase a domain’s resiliency. It has legitimate uses, but is widely known as a tactic cybercriminals use to enhance their phishing and pharming gains. The questions the Working Group addressed included:

As more and more spammers and scammers are creating fake sites on the internet these days, its getting even more difficult to know where to report these problems to.  We here at Spacequad AntiSpam Services are more than happy to help out in forwarding your legit complaint thru to the proper channels.  In order for us to help you, we must have some information from you:

Your real full name

Working email address

Mailing postal address (Optional) 

A raw copy of the spam mail that includes:

All header information in tact without modifications or removals

The body of the spam mail

Any of the above information missing or scrambled, will not be processed.

Forward your mail on to spam@spacequad.com and we will also make available all copies on the website  minus any personal identifiable information leading back to you.  Any comments or problems , you can contact us thru our link in the menu above.

MSN was recently attacked on July 13th by a group of Chinese hackers.  This band of miscreants were able to successfully infiltrate MSN's WebMail server to send thousands of emails to various victims around the world using the Hotmail mail servers.  When reporting this this abuse to the Hotmail team, we were rerouted to a help group forum.  This is not good practice to be shunned by turning away a report that was just to notify them of the problem.  Read the full article for more.

It seems that there are a few spammers out there that like to consider themselves above average when it comes to sending illegal email.  These spammers are using a mail server that has been altered to change the header information to suit their needs.  Plus now they are feeling pretty confident that these bogus email, also known as backscatter email, are getting through to the intended recipient.  Trust me, that is the farthest from the truth.  These backscatter email are being trashed or in some cases, not even allowed to connect here.  So do us and every other person that has an email account some place in this world a favor, stop wasting your time, because we'll never see them.  See below for more information and how these creeps make the bogus email work.

Spacequad has now implimented OpenID for easier login capabilities.  So if you have an OpenID account, this means that you can now use it here. 

As of February 12, 2009, Spacequad AntiSpam Services will now start keeping records of websites that host spam.  We are doing this now to allow website owners the opertunity to check this list everyday if they wish, to be alerted that their website has been compromised.  Once put on this list, the URL will not be removed until the spam has been removed from that website listed.  To be removed, the spam messge must be removed, along with the website being secured against further spam postings.  If you are running Snitz Forum software, you are strongly encouraged to update your files, as spammers have discovered security holes that allow them to spam your website.  To be removed, the above conditions must be met and you must contact us with a request.  Only then, once verified, will we remove your domain URL.  To check if your on this list, click here.

Update:

All spam postings made to Spacequad will also be copied and sent to Knujon for further processing.  From there, it will most like put more pressure on the sites hosting the spam within the forums to clean it up.  It could also result in the end domain thats being advertised to be terminated.

Livesearcher.com, a known spammers domain has now been suspended due to excessive spam activities. For almost a year now, the owners of the domain were using techniques such as hacking into forum boards around the world to lay the ground work for their advertising. They would either hack the domain server or just upload their content onto open unprotected sites and display their spam messages. These messages in turn would have a hyperlink associated with their spam messages that would either reroute the visitor back to livesearcher.com or thru to another compromised website that would have the links on that site, then linking back to livesearcher.com.

A recent article that was put out by ICANN reads as follows. The article was mirrored here to allow readers to fully digest and get the story. We wish everyone that is interested in it, please send in your comments or Comments on the Initial Report should be sent to fast-flux-initial-report@icann.org. Original artical can be seen at ICANN. Public comments sent to and received by ICANN, can be accessed at http://forum.icann.org/lists/fast-flux-initial-report

Background

Fast flux refers to rapid and repeated changes to A and/or NS resource records in a DNS zone, which
have the effect of rapidly changing the location (IP address) to which the domain name of an Internet host
(A) or name server (NS) resolves. Although some legitimate uses for this technique are known (see
below), it has within the past year become a favorite tool of phishers and other cyber-criminals who use it
to evade detection by anti-crime investigators.