Tag: spam

Top Nigerian spammer arrested

11-spam-03A top Nigerian spammer has been arrested making it possible for thousands of people to get the millions he has stolen. All you need to do is send your banking details to the address at the bottom of this article.

The 40-year-old man, known only as “Mike” is alleged to head a network of 40 individuals behind global scams worth more than $60m. He used malware to take over systems to compromise emails, and specialised in romance scams. In one case, a target was conned into paying out $15.4.

Nigeria’s anti-fraud agency was also involved in the arrest.

While Nigeran spam is considered something of a joke by most of the millions of people who receive scam emails in their inbox every day – but they only have to be believed by a tiny percentage of people. Oddly these are the same target market used by Apple and Donald Trump’s political campaign

Recently the campaigns have become more malicious, sometimes hijacking someone’s PC or luring stupid internet users into believing they have found love online with the aim of emptying their bank accounts.

“Mike” also allegedly ran a money laundering network in China, Europe and the US.

“The network compromised email accounts of small to medium-sized businesses around the world including in Australia, Canada, India, Malaysia, Romania, South Africa, Thailand and the United States,” it said.

They are currently out on bail as investigations continue, police said. After all he is not a flight risk.


Nigerian spammer made fortune in Texas

cowboy blogIn case you are wondering how anyone falls for Nigerian spammers, apparently the secret is to target people in Texas.

Police have finally arrested Amechi Colvis Amuegbunam, 28, of Lagos, Nigeria. He was arrested in Baltimore and the cops  charged him with scamming 17 companies out of more than $600,000. His secret was to hit North Texas businesses.

He remains in federal custody in Dallas. If convicted, he faces up to 30 years in prison and a fine of up to $1 million.

Instead of the usual “I am a lawyer acting for the estate of an African prince” Amuegbunam just spoofed email addresses which looked like they came from corporate executives. To make the emails look authentic he transposed a couple of letters.

Employees wired him money thinking it was an official letter.  The FBI issued an alert earlier this year about the new cyberattack it called the “Business Email Compromise”. The FBI said it is a “growing fraud that is more sophisticated than any similar scam the FBI has seen before”.

But really, it is still the basic premise and should never have happened.  The only thing different thing is that the scammers do their homework and have better mastery of English.

The Dallas investigation began in 2013 when two North Texas companies reported falling victim to the scheme, each losing about $100,000, according to an FBI complaint.

The FBI has identified five other conspirators who live in Nigeria who are subjects of the investigation.

The FBI said criminal groups usually target businesses that have foreign suppliers or regularly make wire transfer payments.


Euro-cyber crims arrested

Iarrestnspector Knacker and his fellow constables in Italy, Spain, Poland, Belgium and Georgia have dismantled a group of cybercriminals who are suspected of committing financial fraud involving emails.

More than 49 suspected members of the criminal group have had their collars felt,  and 58 properties were searched. Authorities seized laptops, hard disks, telephones, tablets, credit cards and cash, SIM cards, memory sticks, forged documents and bank account documents.

It was coordinated by Europol’s European Cybercrime Centre (EC3) and Eurojust, led by the Italian Polizia di Stato (Postal and Communications Police), the Spanish National Police, the Polish Police Central Bureau of Investigation, and supported by UK law enforcement bodies.

Investigations have revealed international fraud totalling EUR 6 million, accumulated within a very short time.

The group used man-in-the-middle attacks against medium and large European companies through hacking (malware) and social engineering techniques.

Once access to companies’ corporate email accounts was secured, the offenders monitored communications to detect payment requests.

The company’s customers were then requested by the cybercriminals to send their payments to bank accounts controlled by the criminal group. These payments were immediately cashed out through different means. The suspects, mainly from Nigeria, Cameroon and Spain, transferred the profits outside the European Union through a sophisticated money laundering network.

It was a pretty impressive operation, given the fact that it was carried out by the same branch of the Italian police force who can’t stop parcels being stolen from the Rome post office.

A coordination centre was established at Europol’s headquarters in The Hague. Representatives from law enforcement agencies participating in the action day were present in the coordination centre, facilitating international information exchange along with Eurojust. At the same time, Europol specialists provided operational support on the ground in Italy and Spain, through the deployment of Europol mobile offices.


Chrome updates serving up adverts

Spammers are using a feature in Chrome to fill victims’ browsers with unwanted adverts.

Chrome has a feature which silently automatically updates everything including extensions, meaning that it is up to the user to decide if the owner of an extension is trustworthy.

But Chrome users are finding that ownership of a Chrome extension can be transferred to another party, and users are never informed when that happens.

Malware and adware vendors are apparently showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome’s update service, which sends the adware out to every user of that extension.

According to Ars Technica  it is not exactly Google’s fault but vendors are exploiting Google’s extension system to create a subpar browser.

Google has said that it is aware of the problem and said that Chrome’s extension policy is due to change in June 2014. The new policy will require extensions to serve a single purpose which will mean the end of the adverts.

If your machine is full of ads, you might want to disable your extensions, particularly the more obscure ones. It is just another way that advertising people screw up life for the rest of us and are part of the reason we can’t have nice things. 

Spam protects people from NSA spooks

It turns out that one of the best weapons that ordinary people have against NSA spying is spam.

According to the Washington Post NSA’s data-collection activities spend most of their time unable to find the good stuff because they are clogged with spam.

The NSA collects hundreds of thousands of address books and contact lists from e-mail services and instant messaging clients per day and is capable of building a map of a target’s online relationships.

However, the spooks are fast discovering that the bulk of those relationships are with firms wanting investment or to increase the size of people’s penises. That is because often email inboxes are packed with spam, or, as in the case of one Iranian address, hijacked by spam malware.

According to the post, the Iranian account began sending out bogus messages to its entire address book and connected to thousands of Yahoo e-mail users.

The NSA dutifully started spying on the inboxes of all the thousands of people who were receiving the spam.

The spam that was not deleted by those recipients kept being scooped up every time the NSA’s looked at it.

From September 11, 2011 to September 24, 2011, the NSA daily collected somewhere between 2GB and 117GB of data concerning this one Iranian address.

If this pattern were repeated a million or so people, the entire NSA database would be packed full of meaningless spam that would tell the spooks nothing about terrorism or crime. 

Google claims Gmail spam monopoly

Google has started putting adverts in the space reserved for e-mail messages in Gmail users’ inboxes.

While Google has been installing adverts alongside Gmail messages for years, these new ads appear as messages that can be opened like e-mails and forwarded to others.

The adverts appear in the new “promotions” tab of Gmail’s new multi-tab interface, and they’re marked with a pale yellow background and labelled “ad” just in case you can’t spot them.

In a statement, Google said that the ads are part of the Promotions tab in the new inbox in Gmail. You can see the old style of advert if you disable the Promotions tab.

The adverts are likely to hack off those who came to Gmail because it is so good at weeding out spam. Now it seems that Google has purged inboxes from spam to peddle spam of its own.

Google said that the advertising will keep Google and Gmail free to use. It said that it worked hard to make ads safe, unobtrusive, and relevant.

Google also said the new ads are more relevant than earlier Gmail ads. They replace the old-style ads above the inbox or to the right of messages unless people disable the Promotions tab.

Apparently the adverts can’t be marked as spam, but if you close them they will go away – until you refresh the browser.

Users can go to Gmail’s ads preferences manager to block specific advertisers. 

Spam scammers ape Venezuelan Chavez's buddies

Con artists immediately began tailoring mass mailouts around the death of Venezuelan president Hugo Chavez when the news broke, according to a report from Kaspersky Lab.

As soon as Chavez died, scammers started thinking of ways to exploit his death. In one instance, Kaspersky found someone claiming to be a Venezuelan official looking to recover money after sellign diesel fuel to South Sudan. Kaspersky said the first emails didn’t offer a reward – but later on, when interest was picqued, the spammer would discuss “cash”.

In another case, scammers pretended to be emailing on behalf of the head of Chavez’ security detail. The line of logic was that this trusted friend of Chavez – who does not exist – was keeping a fortune safe in the bank for Chavez’s secret lover – and this is where you help.

Recipients were told they could have 25 percent of the secret treasures for transferring the cash out of the country.

Elsewhere in its latest spam report, Kaspersky found that the US and China were battling for the questionable honour of biggest spammers – but in March, China won out, sending out a quarter of all junk email.  The US, however, set off most email antivirus alarms for the month, taking 13.6 percent of the share. Altogether, China and the US produced 43 percent of spam.

Phishing doubled over February, with social networks still the most effective model for snagging passwords. 

Spam wars erupt in Holland

A spam-a-lam-a-ding- dong has erupted between a group dedicated to fighting spam and a Dutch outfit which hosts a few spammy sites.

According to the New York Times, it has escalated into one of the largest computer attacks on the internet, causing widespread congestion and jamming crucial infrastructure around the world.

Apparently the attacks are becoming increasingly powerful, and computer security experts worry that if they get worse people may not be able to reach basic internet services.

It all started when Spamhaus added the Dutch company Cyberbunker to its blacklist, which is used by email providers to weed out spam.

Cyberbunker is based in a five-storey former NATO bunker and offers hosting services to any website ”except child porn and anything related to terrorism”.

Soon after, Spamhaus, which is based in Europe, said the attacks began. So far they had not stopped the group from distributing its blacklist.

Patrick Gilmore, chief architect at Akamai Networks told the New York Times that Cyberbunker was just mad and that the organisations thinks it should just be allowed to spam.

The attacks are generated by botnets, and they were noticed last week by Cloudflare, an internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target.

It appears to have become the largest publicly announced DDoS attack in the history of the internet.

This is not the first time that Spamhaus, one of the most prominent groups tracking spammers on the internet has been hit by denial-of-service attacks from spammers.

But in this attack it seems that Spamhaus was hit with a far more powerful strike that exploited the Domain Name System. This means that the only way to stop the attack is turn off the web.

In the latest incident, attackers sent messages masquerading as ones coming from Spamhaus, to those machines, which were then amplified drastically by the servers, causing torrents of data to be aimed back at the Spamhaus computers.

Spamhaus asked Cloudflare for help and the attackers began to focus them and the companies that provide data connections for both Spamhaus and Cloudflare.

Someone claiming to be a spokesperson for the attackers,  Sven Olaf Kamphuis, said the attacks were against Spamhaus for abusing its influence.

He said that Spamhaus was not supposed to determine what happens on the internet.

Cyberbunker brags on its website that it has been a frequent target of law enforcement because of its ”many controversial customers”. The company claims that at one point it fended off a Dutch SWAT team which found it could not enter the bunker by force. 

Groupon bitten by watchdog down under

Online coupon outfit Groupon is in hot water with Aussie regulators after its “newsletters” were categorised as spam.

The Australian Communications and Media Authority has issued a formal warning to Groupon after receiving shedloads of complaints from consumers who attempted to unsubscribe from the online retailer’s newsletters.

It appears that if you provided an email address to Groupon, you ended up subscribed to multiple newsletters that were sent to them either daily or weekly.

Those who attempted to unsubscribe from the newsletters were only unsubscribed from one of them, and continued to receive other Groupon newsletters.

Now the ACMA found it was “reasonable for individuals to expect they would be unsubscribed from all newsletters unless they were advised otherwise”. It was also concerned that unsubscribe requests made to Groupon were not actioned within five business days, as required by the delicious sounding Spam Act.

The ACCC and state consumer groups allegedly receive up to 140 complaints a month about group buying sites such as Groupon, Cudo, Spreets and Living Social and the watchdog said that it was keeping a close eye on the outfit.

The ACMA’s unsolicited communications manager, Julia Cornwell McKean, told the Sydney Morning Herald that it received a high number of complaints about group-buying sites because of the large volume of emails they typically send.

However, she was satisfied with the way Groupon had responded to the ACMA warning, saying it had since “moved towards best practice marketing”. 

Spam industry recovers from Grum

It seems that the spam industry has quickly recovered from the death of the Grum botnet.

Troy Gill, a security analyst with AppRiver, told SecurityWeek that it only took the spam industry a week to recover from the loss of Grum. While Grum itself is as dead as a dodo, spam levels remain the same.

It might have something to do with the fact that spammers have moved away from big botnets for spam delivery in favour of smaller more easily managed botnets.

This means that if one is taken out, it makes very little impact to spam levels. Spam customers just go elsewhere and find another supplier.

But Grum showed that there needed to be a change of tactics from those security companies that want to kill off the spammers. While they managed to take down Grum they did not stop the techniques the operators had used to infect victims and build the botnet in the first place. The shut down has yet to create any arrests.

Instead Grum’s operators were allowed to learn from their mistakes and worked out how the security companies tracked them.

According to Gunter Ollmann, vice-president of research at Damballa, the new improved botnets are proving a major headache because they are protected from the errors that allowed the coppers to find their command and control servers.