Technology, Books and Other Neat Stuff

I just got a piece of phishing spam that (wait for it!) purported to be a "Secure Message from Alliance & Liecester".

Ah!

At last one honest enough to admit that he's lying.

I've recently configured our mail server to use a mix of different real time block lists to stop spam hitting our mail boxes - with most of the success coming from using Spamhaus' blended Zen block list (which mixes known spammer addresses with known zombie senders).

It's cut down spam significantly (from around 500 messages a day in my spam quarantine folder to about 40 or so)- but I'm sure there'll always be the odd false positive. So if you're getting mail bounces from us with a 550 SMTP-error message indicating you're on one of the block lists I'm using, try sending mail by another route, or let me know so I can whitelist you...

Oh, and if your mail server (or better still, your upstream ISP) gives you the option of using a RBL, I recommend turning it on. It'll save you a lot of time dealing with spam, and quite a bit of disk space.

I was just going through the spamtrap on our mail server to hunt for false positives (someone has to get their hands dirty with the stuff, and there are usually one or two in amongst the rubbish^*), and I noticed the latest tranche of Stormbot spam had generated headers were all war and rumours of war.

Storm currently pumps out spam with headers that pretend to be surprising news stories, with the intent that you'll click on the URI in the message and get hit by a drive-by malware download - and it really pumps them out. Most of the spam I see in the spamtrap these days is a mix of 419 and pharmacy scammery and Storm-bait messages.

And then I realised that there was an upside to this latest batch of Storm headlines: "What if they held a war and everyone thought it was spam?"

If only.

^*Which means IMF is giving us a false positive rate of below 0.3%. Not bad for a mailserver's built-in anti-spam tools)

Today I got spam from "Terry Gilliam".

I guess it beats making movies for the Hollywood machine. Or perhaps he's raising money to finish "Don Quixote"...

If you send email to the Royal Mail opt out address to stop "Door to Door" deliveries of unaddressed junk mail, they'll just email you back a form to fill out.

I've taken the liberty of putting it here for you all to use, without having to send the email. Just print it out, fill it in, sign and send off. Unfortunately you'll need a stamp - I can't do that bit for you!

If you want to opt out of other junk mail (the stuff that comes addressed to you), then you'll need to register with the Mailing Preference Service.

( Here's the form for opting out of Door to Door mail deliveries. )

Hopefully, things like this will stop the Royal Mail from threatening the jobs of postmen who are just trying to help their customers.

Following links from the ever helpful Lifehacker, I came across Siteadvisor.

Currently in beta, it's a tool that informs you whether the link you've followed (or even are about to click on) points to a site that delivers malware, or spams you when you give it a registration email.

It's not too obtrusive - though it does add a rating icon to links on Google. You can use a JavaScript-driven pop-up to drill down to find out what was seen as to give a site a bad rating, whether it's sending spam or downloads with embedded spyware.

Rather useful - and available for both IE and Firefox.

Put this one on your parents' PC!

You'll be pleased to know that this blog gets a clean bill of health!

Phishing mail in my spam trap, headed "2006 Barclays Security Update.". So far so good. (Hint to phishers, I don't bank with Barclays, so any mail like that is going to be ignored. The social engineering skills of these mass mailers, pah. In my day...)

Anyway, the message went on to read:

Dear customers:

Wells Fargo is proud to announce about their end of the year Upgrade. We updated our new SSL servers to give our customers a better, fast and secure online banking service as soon as the new year begins, (2006).

Due to the recent update of the servers, you are requested to please update your account info at the following link.

[phishing links deleted, even though I know none of my readers would click on them - but it's not worth giving the scum even one drip of my meagre Googlejuice]

Thank you,

Wells Fargo - Online Banking

Hmm. Since when did Barclays become part of Wells Fargo?

Note to phishers: when editing someone else's phishing mail, edit more than the headers and the URIs. Or at least get some understanding of the international banking market...

Doh.

...ego-surfing my Technorati watchlists, I found at least two Blogger sites were copying my (and others content) for pages that had nothing else but vast swathes of Google AdSense advertising. I've been splogged.

Spam blogs or "splogs" are getting more and more prevalent, and they're being automated.

Grrr. Not much I can do about that...

It looks like the recent outbreak of near zero-day attacks on Windows 2000 systems has degenerated into a bot war between different gangs of system hijackers.

This time it isn't about who can compromise the most machines - it's, as they say, all about the benjamins. Spammers and phishers hire botnets to send their mails, while extortionists use them to run DDOS attacks. Apparently it costs only $350 to hire a network of 5,500 compromised systems...

One thought: if the price is so low because there are so many infected machines out there, then monitoring the market prices for botnets will be a good indicator of how well security systems are working. The less machines infected, the higher the price...

There's also an interesting SFnal thought here. I've been playing with the idea that fast burn singularities are inherently unstable - especially once they've built computronium Matrioshka brains around their home stars. While I've speculated that this instability is due to light speed lag leading to wars over computational resources, there's a possibility in massive (and literal!) identity theft...

I seem to be getting a lot of spam wrapped up in text from various pieces of pirate fiction...

Like this piece here:

that's it! cried one of Levasseur's officers. And Cahusac added: Captain Blood, and I had hoped that we might be friends. But since Colonel Bishop set his foot upon the crossbar, and leaned over his will you came. I am not the man with whom a woman can play fast aside to give her passage. She took it, chin in the air, and eyes A note for you from the Deputy-Governor, said the master shortly, smoke his pipe and tend his geraniums on this evening of all motive Blood, himself, had refused to render any account of his that any course that were not in honour would be possible to me?the devil may you be? he asked. boucans or their logwood, or else sail out of the Caribbean Sea.dirty thief who has brought all this about. What could you have early resolved that the boy should follow his own honourable was past, you would not afterwards admit to him that he was so and waved a hand in implied resignation. The Deputy-Governor mind and plan coherently what was to be done. Also he must consult

What's more, they seem to be spam advertising pirated software...

(one for tamaranth to avoid!)