Internet Domain Registry

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 29 October 2007

First 2008 Presidential Spam Campaign?

Posted on 02:44 by Unknown
Does Ron Paul suddenly have a strong support base among foreign computer owners with strange names and multiple personalities? or is it possible we have the First 2008 Presidential Spam Campaign?

I thought it odd when I logged in to my computer this morning and found an email in which someone declared Ron Paul to be the winner of the Republican Debate yesterday, but then, I have all sorts of odd friends. By the time I had received my fifteenth copy of the email, I knew this was something more than a deluded pseudo-Republican. I thought at first this was a virus, but now it seems to be a plain ole Spam Campaign.

The question, I suppose, is what should be done about it? Will we see fans of other campaigns hiring out spam campaigns devoted to extolling the views and records of their candidates? Will there be an evolving message body on the Ron Paul spam to keep pace with the upcoming events on the campaign trail? Its too early to tell, but we will continue to document the trend from the Spam Lab at UAB.

Here's the body of the email . . .




Hello Scott, 
 
Ron Paul is for the people, unless you want your children to 
have human implant RFID chips, a National ID card and create 
a North American Union and see an economic collapse far worse  
than the great depression. Vote for Ron Paul he speaks the  
truth and the media and government is afraid of him. This is 
the last honest politican left to bring this country out of 
this rut from the War Profiteers and bush Administration has 
created. Get motivated America, don't believe the lies of the 
media he has also WON the GOP Debate On Sunday! Value Freedom 
and Liberty instead of corporate lies and corruption. Bypass  
this media blackout they are doing to Ron Paul, tell your family  
and friends and get involved in a local group at meetup.com make  
your voice heard! He will end the War In Iraq immediately,  
He will eliminate the IRS and wasteful government spending, and  
eliminate the Federal Reserve and restore power to the people  
and the only person not a member on the CFR. Can any other runner  
make these claims or give Americans the true freedom we were all 
raised to believe? We are all economic slaves to the banks and the 
illegal federal Reserve. This is why our currency is worth nothing 
because of Hidden Inflation Tax and the IRS taking everything 
you make! 
 
** RON PAUL WILL STOP THE IRAQ WAR IMMEDIATELY! ** 
 
He has NEVER voted: 
* to raise taxes 
* for an unbalanced budget 
* to raise congressional pay 
* for a federal restriction on gun ownership 
* to increase the power of the executive branch 
 
He HAS voted: 
* against the Iraq war 
* against the inappropriately named USA PATRIOT act 
* against regulating the internet 
* against the Military Commissions Act 
 
He will eliminate the IRS, Wasteful Government Spending &  
Stop The Iraq War Immediately! 
 
Most importantly, he voted NO on anything in Congress that  
is not allowed by the Constitution. And he Despises any 
politican that does not do their job for the people and lives 
up to the constitution!  
 
Google.com & Youtube.com Search: "Ron Paul" 
Join The Revolution! 
 
*************************************** 
We Need A Real President That Will Restore And Protect 
Americans! Stop The War! Protect Our Borders! 
*********VOTE RON PAUL 2008************
ubPOJg





The subject line seems to be selected from a small number of subject lines, and then appended with a random character cluster (perhaps to break spam filters?):

Subject lines:

Vote Ron Paul 2008! ZyhYKbw

Iraq Scam Exposed, Ron Paul TLshVzn

Ron Paul Exposes Federal Reserve bpIHP

Ron Paul Stops Iraq War! gPsLhM

Iraq Scam Exposed, Ron Paul wjtsLBp

Ron Paul Stops Iraq War! LcskHxT

Government Wasteful Spending Eliminated by Ron Paul vpntZRr

Vote Ron Paul 2008! pboLKjr

Who Is Ron Paul? ZTobxay

Ron Paul Exposes Federal Reserve JrZXihF

Ron Paul Stops Iraq War! LyNdrha

Ron Paul Eliminates The IRS! fiqfRZZ

Government Wasteful Spending Eliminated by Ron Paul BtkmlDF

Ron Paul Wins GOP Debate! HMzjoqO

Ron Paul Exposes Federal Reserve SBHBcSO

Government Wasteful Spending Eliminated By Ron Paul mEoHUiR

Government Wasteful Spending Eliminated By Ron Paul HRAyaaI


The spam seems to invent a random first and last name, and combine that with a true email address from the infected machine. Here are sample senders from my inbox:


curtice andrzej - sph@research-int.com - [77.181.200.157] (Germany)

byrann shan - phyllis@faxsav.com - [86.9.35.98] (the UK)

humbert jerrimy - alessand@tvldyn.com - [87.210.63.248] (the Netherlands)

jamey jamal - fataneh@i-qts.com - [124.84.175.218] (Japan)

algernon heung-do - melville@surecom.com - [124.84.175.218] (Japan)

christoforo sharad - fang@ohiohills.com - [124.84.175.218] (Japan)

fabe rosemary - hywel@msn.com - [124.84.175.218] (Japan)

hamil orlando - osulliva@surecom.com - [58.140.151.170] (Korea)

cristobal dai - irma@seagate.com - [58.140.151.170] (Korea)

frants cresswell - aziz@3com.com - [190.86.81.131] (El Salvador)

claudius quinn - avi@shoyher.com - [200.166.91.2] (Brazil)

chaim billie - mukund@atomis.com - [200.166.91.2] (Brazil)

chris field - hal@connecthouston.com - [79.3.4.33] (Italy)

alonso sidharta - cindy@e-business-associates.com - [58.141.39.110](Korea)

linn ming-hor - jikun@four-soft.com - [196.207.13.18] (Nigeria)

jerad anant - gorog@franceloisirs.com - [218.209.109.27] (Korea)
Read More
Posted in | No comments

Friday, 26 October 2007

How Many Websites Can a Hacker Hack without Being Prosecuted?

Posted on 14:35 by Unknown
Apparently the answer to that is TENS OF THOUSANDS, or more.

IskorpitX, the tutor of an entire generation of Turkish hackers, will shortly be able to claim that he has broken into 200,000 websites. (He's currently at 191,000 according to one popular hacker watching website).

Brasilian hacker, Fatal Error, runs a distant second, having broken in to "only" 32,000 websites according to the same source.

Wouldn't you say that would make them "targets of interest" for law enforcement activity? Sadly, that is not the case. Perhaps, you think to yourself, they have only attacked "low value" websites. Perhaps they are brand new to the scene? If only that were the case! Fatal Error, who lists many US Government websites, and even my home state of Alabama government websites, among his victims, has been actively attacking websites since 2002.

IskorpitX has been defacing websites since at least 2003, and has the governments of Argentina, Australia, Brazil, China, Columbia, France, India, Italy, Korea, Malaysia, Peru, the Philippines, Thailand, Venezuela and South Africa among his many victims. Of course the US government is on the list as well (such as the National Endowment for the Humanities), as well as Harvard University and Bank of America.

IskorpitX even has his own YouTube videos!

http://www.youtube.com/watch?v=ahqSeJvM2XU

http://www.youtube.com/watch?v=jTah9ckvV3Y

Other Turkish "Cyber Warriors" have even done television news interviews about why they hack websites!

http://www.youtube.com/watch?v=w4QgEsuTZrM


Here's one interesting hacker this week and the victims which are still laying around in Google's Cache:

I found it interesting because this hacker is doing SQL Exploits such as we've seen on several high profile attacks in the past including the National Institutes of Health and the United Nations. In this case, a content management system is being SQL injected to replace "titles" of things with the name of the hacker.

Google for the string "OwneD by RootDamages by FasT", and you'll find some interesting victims among the 26,100 pages being returned.

How about The Department of Veterans Affairs and their Cooperative Studies program?

www.vacsp.gov/news.cfm
www.csp.gov/news.cfm

(Although the Malaysian government also got a visit:

www.mygeoportal.gov.my/faq.cfm

Or the Michigan Bar Association?

www.michbar.org/news.cfm

Systems Integrator "Regan Technologies"?

www.rtcorp.com/news.cfm

The Esalen Center for Theory & Research still has pages with the title "OwneD by RootDamages by FasT", such as:

http://www.esalenctr.org/display/confpage.cfm?confid=10&pageid=105&pgtype=1

As does Applied Robotics:

http://www.arobotics.com/about/company_news/news_details.cfm?ID=17

But they weren't just limited to News articles. I think I'd feel very safe using a shopping cart where every product in the online store had been renamed to "OwneD by RootDamages by FasT", such as those at MetroPole360:

http://www.metropole360.com/productcat.cfm?productCatID=3

But you don't have to be a business to have an insecure webserver. Just ask the National Limousine Association, or the NorWest Dog Training Club:

http://209.85.165.104/search?q=cache:d_YOcnX94A4J:norwestdogtraining.co.nz/Newsletter.cfm

http://209.85.165.104/search?q=cache:aN6AmMtGh0kJ:www.limo.org/scriptContent/t_inside.cfm

One subject "that comes up over and over again on Ducati Online" is "OwneD by RootDamages by FasT" according to this news article:

http://www.ducati.net/faq.cfm?id=4

They're even having a conference on the topic in Brasil at the Psychology Congress. September 7th was their conference on "OwneD by RootDamages by FasT". They expected 6 thousand people to attend.

So how many websites will these hackers be allowed to deface before someone decides to arrest them?
Read More
Posted in | No comments

Monday, 15 October 2007

Is Your Fifth Grader Smarter Than a Laughing Cat?

Posted on 06:27 by Unknown
Have you seen the television show "Are You Smarter Than a Fifth Grader?" I've been thinking about a variation of that question as I consider the newest version of The Storm Worm.

This morning on the "Good Morning, Alabama" show as I discussed the Storm Worm, the weatherman laughed and said "Fortunately, I pretty much stay awy from laughing cats". So do most adults with bank accounts. Ask the question another way though. "Is there anyone who uses your computer who is into laughing cats?"

Laughing Cat Storm Worm


Twenty of the Twenty-nine anti-virus products I scanned this particular virus with (using Virus Total), did not report an infection. As of this writing, ClamAV, F-Prot, F-Secure, Microsoft, Panda, and Symantec were among the anti-virus programs who said "No Virus Found" to this current malware. ( Click for Results of this scan.)

Previous versions of the Storm Worm have used things such as Greeting Cards, an NFL Game Tracker, Labor Day greetings, Fourth of July greetings, and even Virus Alerts as means to trick people into visiting the malware site.

UAB's Computer Forensics research area will continue to study and document the storm worm until we can find a way to identify the criminals and bring them to justice.

I'll be giving a Public Lecture on Botnets this Friday (October 19th) at the Hull University Center Auditorium.
Read More
Posted in | No comments
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

Popular Posts

  • Happy New Year! Here's a Virus! (New Year's Postcard malware)
    I've been busy this week looking at the various defacements (see ComputerWorld , and ABC News ) and other cyber attacks (see yesterday...
  • From Russia, With Love . . . new Postcard spam spies on your PC
    Isn't it nice to have friends who send you postcards? The UAB Spam Data Mine is especially fortunate in that way. Beginning the evenin...
  • New Year's Waledac Card
    We haven't seen a new version of Waledac since Independence Day (July 4, 2009), but it looks like its back! I'm on vacation today, s...
  • Top Brands Imitated by Malicious Spam
    WebSense recently released an InfoGraphic titled "Top Five Subject Lines in Phishing Emails." for January 1, 2013 through Septemb...
  • Tempting Photo Attachments Lead to Fake AV
    One of today's largest malicious spam campaigns continued an occasional theme we've been seeing for a few weeks. A subject line, fo...
  • What about the Social Security Numbers? (The Utah Data Breach and your SSN)
    The Utah Data Breach This week the continuing saga of the Utah Medicaid Data Breach continued to unfold. If you haven't been following...
  • Stop the Rumors: Quit SMSing about WalMart Gang Initiations
    My daughter and her teenage friend were sitting on the couch watching TV today when they began getting text messages on their phone. Here...
  • Minipost: IPR Center celebrates Cyber Monday
    The National Intellectual Property Rights Center (IPR Center) announced today that in celebration of Cyber Monday, they have Seized 82 Domai...
  • ACH Spammer switches to Shortened URLs
    For many weeks now the spammers behind one particular malware family have been fighting a running battle to keep their malware-hosting domai...
  • Work at Home . . . for a Criminal?
    How do you tell if a "Work at Home" invitation is a scam? Here's a clue: It comes in your email. In today's Blog, I tho...

Categories

  • china
  • computer security careers
  • conficker
  • cyberwar
  • digital certificates
  • facebook
  • fake av
  • gumblar
  • koobface
  • law enforcement
  • malware
  • pharmaceuticals
  • phishing
  • public policy
  • spam
  • twitter
  • twitter malware
  • waledac
  • zbot

Blog Archive

  • ►  2013 (21)
    • ►  December (4)
    • ►  November (1)
    • ►  October (1)
    • ►  September (1)
    • ►  August (3)
    • ►  July (1)
    • ►  June (1)
    • ►  May (5)
    • ►  April (3)
    • ►  March (1)
  • ►  2012 (18)
    • ►  August (1)
    • ►  June (1)
    • ►  May (7)
    • ►  April (2)
    • ►  March (7)
  • ►  2011 (28)
    • ►  November (3)
    • ►  October (1)
    • ►  August (4)
    • ►  July (6)
    • ►  June (1)
    • ►  May (2)
    • ►  April (2)
    • ►  March (6)
    • ►  February (1)
    • ►  January (2)
  • ►  2010 (80)
    • ►  December (6)
    • ►  November (10)
    • ►  October (6)
    • ►  September (12)
    • ►  August (5)
    • ►  July (4)
    • ►  June (11)
    • ►  April (7)
    • ►  March (8)
    • ►  February (4)
    • ►  January (7)
  • ►  2009 (92)
    • ►  December (12)
    • ►  November (11)
    • ►  October (16)
    • ►  September (7)
    • ►  July (5)
    • ►  June (10)
    • ►  May (2)
    • ►  April (6)
    • ►  March (7)
    • ►  February (6)
    • ►  January (10)
  • ►  2008 (101)
    • ►  December (7)
    • ►  November (17)
    • ►  October (11)
    • ►  September (10)
    • ►  August (22)
    • ►  July (12)
    • ►  June (3)
    • ►  May (7)
    • ►  April (5)
    • ►  March (2)
    • ►  February (1)
    • ►  January (4)
  • ▼  2007 (31)
    • ►  December (3)
    • ►  November (9)
    • ▼  October (3)
      • First 2008 Presidential Spam Campaign?
      • How Many Websites Can a Hacker Hack without Being ...
      • Is Your Fifth Grader Smarter Than a Laughing Cat?
    • ►  September (2)
    • ►  August (5)
    • ►  July (5)
    • ►  January (4)
  • ►  2006 (5)
    • ►  December (2)
    • ►  October (3)
Powered by Blogger.

About Me

Unknown
View my complete profile