recentpopularlog in

charlesarthur : spam   24

Spam in your Google Calendar? Here’s what to do • Krebs on Security
Brian Krebs:
<p>all that a spammer needs to add an unwelcome appointment to your calendar is the email address tied to your calendar account. That’s because the calendar applications from Apple, Google and Microsoft are set by default to accept calendar invites from anyone.

Calendar invites from spammers run the gamut from ads for porn or pharmacy sites, to claims of an unexpected financial windfall or “free” items of value, to outright phishing attacks and malware lures. The important thing is that you don’t click on any links embedded in these appointments. And resist the temptation to respond to such invitations by selecting “yes,” “no,” or “maybe,” as doing so may only serve to guarantee you more calendar spam.

Fortunately, the are a few simple steps you can take that should help minimize this nuisance. To stop events from being automatically added to your Google calendar:

• Open the Calendar application, and click the gear icon to get to the Calendar Settings page.<br />• Under “Event Settings,” change the default setting to “No, only show invitations to which I have responded.”</p>

Apple had a problem with this in 2016; now it's Google's turn to be targeted, which is happening (and Google says it's working on a fix).
google  calendar  spam 
6 weeks ago by charlesarthur
February 2013: Why email spam is on the decline • Fortune
Dan Mitchell, in February 2013:
<p>Those weird little ads on the right side of your Facebook page—the ones depicting ugly shoes or pitching iffy continuing education degrees—are partly the result of the changing economics of both spam and online advertising in general.

Email spam became a huge business—and a huge problem for both Internet users and network managers—because marginal costs are near zero. Once a sleazy pitch for gray-market Viagra or a porn site is written, the additional cost of each spam message sent is almost nothing. Sending out millions of emails doesn’t cost much more than sending out just one. Very few people fall for the usually scammy offers, so sending them in bulk is necessary to actually snag paying customers.

But improvements to spam-blocking technologies, together with ever-cheaper “legit” advertising have worked to decrease email spam, according to a report from Kaspersky Lab, a maker of antivirus software. “With the emergence of Web 2.0,” the report states, “advertising opportunities on the Internet have skyrocketed: banners, context-based advertising, and ads on social networks and blogs.”

The percentage of email identified as spam is still huge—72.1% in 2012, according to the report. But it’s been dropping every year recently, and is the lowest it’s been in five years.</p>

Wonder how this looks now. Facebook is definitely not too troubled about who advertises there; it's only if they have huge problems - such as some cryptocurrency ads - that they block them. Statista, meanwhile, has some stats <a href="">saying that spam now is about 56% of email</a>.
spam  facebook 
10 weeks ago by charlesarthur
AT+T starts blocking robocalls automatically, no opt-in required • Android Police
Manuel Vonau:
<p>Robocalls are a problem almost everyone in the US can relate to, and the fact that carriers weren't allowed to block suspected spam calls without the explicit opt-in from customers for a long time hasn't exactly improved the issue. An FCC ruling in June changed legislation around that, and AT+T was quick to act on it. The company is now automatically blocking calls it suspects as spam or fraud.

The service will be enabled for new customers right away and will roll out to existing lines "over the coming months." In contrast to AT+T's current Call Protect app, this upcoming blocking method doesn't require you to install anything on your phone and will be provided on an opt-out basis, meaning users of the network should see a significant drop in spam calls going forward without having to take any action themselves.</p>

Be interested to know how they identify the spam calls. There's definitely a story to be written there, and in (in the UK) British Telecom's efforts on this, because it seems to have made some progress in recent months preventing nuisance and spam calls.
telephone  spam 
july 2019 by charlesarthur
Endless AI-generated spam risks clogging up Google’s search results • The Verge
James Vincent:
<p>Just take a look at <a href="">this blog post</a> answering the question: “What Photo Filters are Best for Instagram Marketing?” At first glance it seems legitimate, with a bland introduction followed by quotes from various marketing types. But read a little more closely and you realize it references magazines, people, and — crucially — Instagram filters that don’t exist:
<p>You might not think that a mumford brush would be a good filter for an Insta story. Not so, said Amy Freeborn, the director of communications at National Recording Technician magazine. Freeborn’s picks include Finder (a blue stripe that makes her account look like an older block of pixels), Plus and Cartwheel (which she says makes your picture look like a topographical map of a town.</p>

The rest of the site is full of similar posts, covering topics like “How to Write Clickbait Headlines” and “Why is Content Strategy Important?” But every post is AI-generated, right down to the authors’ profile pictures. It’s all the creation of content marketing agency Fractl, who says it’s a demonstration of the “massive implications” AI text generation has for the business of search engine optimization, or SEO.

“Because [AI systems] enable content creation at essentially unlimited scale, and content that humans and search engines alike will have difficulty discerning [...] we feel it is an incredibly important topic with far too little discussion currently,” Fractl partner Kristin Tynski tells The Verge.

To write the blog posts, Fractl used an open source tool named Grover, made by the Allen Institute for Artificial Intelligence. Tynski says the company is not using AI to generate posts for clients, but that this doesn’t mean others won’t.</p>

I'm only slightly surprised nobody has realised this earlier. (Of course the AI-generated blogpost has an AI-generated author pic.) Google must be having meetings about how to tackle it, because it's surely only a few months away. Philip K Dick's world of computer-written newspapers feels very close.
ai  machinelearning  spam  seo 
july 2019 by charlesarthur
Facebook finds hack was done by spammers, not foreign state • WSJ
Robert McMillan and Deepa Seetharaman:
<p>Internal researchers now believe that the people behind the attack are a group of Facebook and Instagram spammers that present themselves as a digital marketing company, and whose activities were previously known to Facebook’s security team, said the people familiar with the investigation.

Facebook has previously said it was working closely with the Federal Bureau of Investigation on a criminal probe into the incident.

The incident immediately raised questions about the hackers’ motivation, in part because Russian and Iranian operatives have in the past used social media, including Facebook, to cause mischief in the U.S. Other countries, including North Korea and China, have in the past been accused of cyberattacks for various purposes.

The stolen tokens are digital keys that allowed the hackers to access any part of a user’s Facebook account, and would be of great use to state-sponsored attackers looking to conduct espionage, according to security researchers.

However, the Facebook internal probe suggests the goal of the hackers was financial, not ideological, the people said.

The hackers accessed only a limited subset of the data they could have taken, Facebook said last week. Instead of accessing personal messages, they accessed contact details—including phone numbers and email addresses—gender, relationship status, and search and check-in data belonging to 14 million users. For another 15 million users, only names and contacts were accessed; and the attackers didn’t obtain personal information from 1 million people affected by the breach.</p>

Lot of effort to go to for some customer data.
facebook  spam  hack 
october 2018 by charlesarthur
Chartbreakers: how spammers are gaming the podcast charts • Chartable
Dave Zohrob on how a podcast called "Bulletproof Real Estate" abruptly zoomed to the top of the iTunes charts:
<p>I wanted to see how this cluster of podcasts [in the top of the Apple podcast charts] related to other top shows on the charts, like Serial and Joe Rogan. I grabbed them all for the top 50 podcasts and made another network graph:

<img src="" width="100%" />

Again, every box on the graph represents a podcast, and every arrow represents a recommendation. The chart easily breaks into four clusters, and we can draw some quick conclusions from them.

First, there's one “main cluster” that includes most popular shows. You can see some natural sub-clusters—for example, one sub-cluster around Joe Rogan includes similar talk shows; another around Someone Knows Something includes true crime shows.

Clusters 1, 2, and 3 are completely disconnected from the main cluster. There are zero recommendations in common between them. Bulletproof Real Estate lives in Cluster 1. You can see by the density of connections that the isolated clusters also have many more connections between the shows than even the most popular sections of the main cluster.

The isolated clusters are highly interconnected, but with very different subject matter. For example, Breaking the Underdog Curse for Chiropractors is related via subscriptions to many podcasts from both Clusters 1 & 2, but has little in common with them in terms of subject matter. The same goes for shows like Winning with Shopify, an ecommerce podcast, and This is Hot Bowga, "home of THE greatest hunting podcast ever created," in Cluster 3.

So, what can we conclude from this network graph? Here's my take:

If the podcast charts are based on subscription velocity, it's highly likely that some or all of the podcasts in the isolated clusters have artificial subscriptions.</p>

Spammers, basically.
Spam  podcasts 
october 2018 by charlesarthur
Facebook closed 583m fake accounts in first three months of 2018 | Technology | The Guardian
Alex Hern and Olivia Solon:
<p>Facebook said the overwhelming majority of moderation action was against spam posts and fake accounts: it took action on 837m pieces of spam, and shut down a further 583m fake accounts on the site in the three months. But Facebook also moderated 2.5m pieces of hate speech, 1.9m pieces of terrorist propaganda, 3.4m pieces of graphic violence and 21m pieces of content featuring adult nudity and sexual activity.

“This is the start of the journey and not the end of the journey and we’re trying to be as open as we can,” said Richard Allan, Facebook’s vice-president of public policy for Europe, the Middle East and Africa.

The amount of content moderated by Facebook is influenced by both the company’s ability to find and act on infringing material, and the sheer quantity of items posted by users. For instance, Alex Schultz, the company’s vice-president of data analytics, said the amount of content moderated for graphic violence almost tripled quarter-on-quarter…

…Facebook also managed to increase the amount of content taken down with new AI-based tools which it used to find and moderate content without needing individual users to flag it as suspicious. Those tools worked particularly well for content such as fake accounts and spam: the company said it managed to use the tools to find 98.5% of the fake accounts it shut down, and “nearly 100%” of the spam.

Automatic flagging worked well for finding instances of nudity, since, Schultz said, it was easy for image recognition technology to know what to look for. Harder, because of the need to take contextual clues into account, was moderation for hate speech. In that category, Facebook said, “we found and flagged around 38% of the content we subsequently took action on, before users reported it to us”.</p>

That's pretty good work by the AI, though of course we don't know how many fake accounts it missed.
facebook  fake  spam 
may 2018 by charlesarthur
Hundreds of thousands of spam listings on Google “My Maps” • Terence Eden's Blog
Terence Eden:
<p>Back in 2007, Google introduced "My Maps": "Easily create custom maps with the places that matter to you. Allow friends to see and edit your maps, or publish them to the whole world."

Like most Google products, it was effectively abandoned after launch - receiving a superficial update in 2014. Now it is a haven for spammers and fraudsters.
<img src="" width="100%" />
Even Google's mighty AI is unable to detect this complex spam...
<img src="" width="100%" />

How big a problem is this? Pretty big.
<img src="" width="100%" />

Each of those "My Maps" contains a link to a dodgy site delivering dubious downloads. There is, of course, no "report spam" button on these maps. Even if there were, I'm not sure I could be bothered to do Google's job for them.

Naturally, people have reported this spam to Google many times before, but Google show no signs of removing it.</p>

Oddly enough, the BBC consumer programme You And Yours had an item on the same day about <a href="">scammers who had changed the phone numbers for contacting UK Job Centres</a>: normally they are freephone numbers, but the scammers changed it so they would get paid. How? By editing details on Google map listings, which of course "Anyone can edit!"

Google's MyMaps thing has been a complete pain for years because it scales so badly: the likelihood of malicious actors is far bigger than the ability of checkers to catch them.
google  maps  spam 
april 2018 by charlesarthur
10 ways a website can betray your privacy • Tech Radar
Gabe Carey has the full list, but this one caught my eye:
<p><strong>5. Selling your personal information</strong>

Whenever you purchase something at a store and are asked to provide your email and/or mailing address, you run the risk of that company selling off your personal information to advertisers – it’s why you sometimes get unsolicited emails in your inbox from senders you’ve never heard of, and don’t recall giving your details to. 

Larger, well-known companies don’t normally engage in this practice as they have reputations to protect. However, any company is vulnerable to data breaches, and should one occur there’s no telling how widely your private information could be disseminated.</p>

Come on. Data breaches are not the source of all the crap of “you subscribed!” that plagues our inboxes. It’s companies taking your data and shamelessly selling it. The only way to track this is to add elements onto your email address (Gmail lets you add characters after a and it will reach you) to find and block the perpetrators. But that then makes it hard to remember your login details.
Websites  spam 
march 2018 by charlesarthur
Automation and the use of multiple accounts • Twitter Developer blog
Yoel Roth:
<p>Keeping Twitter safe and free from spam is a top priority for us. One of the most common spam violations we see is the use of multiple accounts and the Twitter developer platform to attempt to artificially amplify or inflate the prominence of certain Tweets. To be clear: Twitter prohibits any attempt to use automation for the purposes of posting or disseminating spam, and such behavior may result in enforcement action.

In January, we announced that as part of our Information Quality efforts we would be making changes to TweetDeck and the Twitter API to limit the ability of users to perform coordinated actions across multiple accounts. These changes are an important step in ensuring we stay ahead of malicious activity targeting the crucial conversations taking place on Twitter — including elections in the United States and around the world.

Today, we’re sharing details about those changes, as well as important guidance for developers on how to comply with these rules…

Do not (and do not allow your users to) simultaneously post identical or substantially similar content to multiple accounts. For example, your service should not permit a user to select several accounts they control from which to publish a given Tweet.</p>

Something of a stable door/horse move, but if it prevents amplification by automated accounts then it's welcome. (And as some pointed out, this tells you how the Russians at the Internet Research Agency were doing it.)
Tweetdeck  twitter  spam 
february 2018 by charlesarthur
Facebook turned its two-factor security 'feature' into the worst kind of spam • Gizmodo
Kate Conger:
<p>Sometimes, Facebook will send emails to users warning them that they’re having problems logging into their accounts, Bloomberg reported last month. “Just click the button below and we’ll log you in. If you weren’t trying to log in, let us know,” the emails reportedly read. Other times, Facebook will ask for a user’s phone number to set up two-factor authentication—then spam the number with notification texts.

I’ve been getting these text-spam messages since last summer, when I set up a new Facebook account and turned on two-factor authentication. I created the new profile with somewhat vague intentions of using it for professional purposes—I didn’t like the idea of messaging sources from my primary Facebook account, where they could flip through pictures of my high school prom or my young nephews. But I didn’t end up using the profile often, and I let it sit mostly abandoned for months at a time.

At first, I only got one or two texts from Facebook per month. But as my profile stagnated, I got more and more messages. In January, Facebook texted me six times—mostly with updates about what my ex was posting. This month, I’ve already gotten four texts from Facebook. One is about a post from a former intern; I don’t recognize the name of one of the other “friends” Facebook messaged me about.

The texts are a particularly obnoxious form of spam, and instead of making me want to log into Facebook, they remind me why I’m avoiding it. It’s painful to see my ex’s name popping up on my phone all the time, and while my intern was great at her job, I’m not invested in keeping up with her personal life.</p>

The texts will actively turn people away from using 2FA, which is a really bad move. (You can use the Authenticator app to do 2FA for Facebook, rather than letting them text. They still haven't figured out how to spam you there.)
Facebook  2fa  spam  text 
february 2018 by charlesarthur
Please don't kill the blogs • Seth's Blog
Seth Godin:
<p>I'm aware that you don't charge the people who use GMail for the privilege. In fact, we're the product, not the customer. Your goal is to keep people within the Google ecosystem and to get the writers and marketers who use email as a permission asset to instead shift to paying money (to Google) to inform and reach their audience.

So you invented the 'promotions' folder.

It seems like a great idea. That spam-like promo mail, all that stuff I don't want to read now (and probably ever) will end up there. Discounts on shoes. The latest urgent note from someone I don't even remember buying from. The last time I checked, you've moved more than 100,000 messages to my promotions folder. Without asking.

Alas, you've now become a choke point. You take the posts from this blog and dump them into my promo folder--and the promo folder of more than a hundred thousand people who never asked you to hide it.

Emails from my favorite charities end up in my promo folder. The Domino Project blog goes there as well. Emails from Medium, from courses I've signed up for, from services I confirmed just a day earlier. Items sent with full permission, emails that by most definitions aren't "promotions."

Here's a simple way to visualize it: Imagine that your mailman takes all the magazines you subscribe to, mixes them in with the junk mail you never asked for, and dumps all of it in a second mailbox, one that you don't see on your way into the house every day. And when you subscribe to new magazines, they instantly get mixed in as well.

It's simple: blogs aren't promotions. Blogs subscribed to shouldn't be messed with. The flow of information by email is an extraordinary opportunity, and when a choke point messes with that to make a profit, things break.

The irony of having a middleman steal permission is not lost on me. That's what you're doing. You're not serving your customers because you're stealing the permission that they've given to providers they care about it. And when publishers switch to SMS or Facebook Messenger, that hardly helps your cause.</p>

I don't use Google's Inbox for pretty much this reason - I have stuck with the classic old version. But I use the web interface as rarely as possible; you can get IMAP (also free!) on your computer or phone, and then you can triage as you like.

But Google doesn't really care about blogs; if it did it wouldn't have killed Reader.
google  email  filter  spam  blogging 
january 2018 by charlesarthur
Spam is back • The Outline
Jon Christian:
<p> an individual who posted on a blackhat hacker forum that he could sell a database of tens of millions of US phone numbers, complete with associated email and postal addresses, told me that though he himself is annoyed by robocalls, he does what he needs to in order to earn a living. He obtains phone numbers from data sellers and lead generation sites that offer users free stuff in exchange for giving up their contact information, he said, and insisted that though he’s been slapped with fines in the past, he now complies with laws governing the sale of phone numbers.

“I mean I see it as a tool to help marketers find the right person,” said that man, who identified himself as Brian Masin during a Skype chat interview.

Masin, who said he’s based in the DC metro area and made as much as $160,000 per year in the internet marketing business, though not all from selling phone numbers, also mused that “if you buy homesec[u]rity online then you deserve” to get “duped.”

In addition to the FTC, a number of app developers and people like telecom consultant Roger Anderson, who created a posse of phone bots designed to waste robocallers’ time by pretending to be human, have all taken up the fight — but today, the calls still persist.

The second coming of spam isn’t just robocalls, of course. It’s rampant on Twitter, for example, where vast botnets boost follower counts for money and push political propaganda. It crops up on Tinder and OkCupid, where bots with voluptuous profile pictures stumble through flirty banter — “I am totally a sex addict" — and inevitably send links to websites that demand credit card numbers. Ashley Madison, a hookup site for extramarital affairs that gained notoriety when its user data was stolen in 2015, harbored millions of “sexbot” accounts intended to sucker users into paying for premium membership.

The volume of spam email has leveled off overall, and Google says it can detect 99.9 percent of spam and phishing attempts in Gmail. But what email spam is left has become more sophisticated and criminal.</p>

Spam never went away, it just mutated. It's like E.coli - its presence is an indicator of a sort of health.
internet  spam  email  security 
december 2017 by charlesarthur
Keeping your company data safe with new security updates to Gmail • Google Blog
Andy Wen is senior product manager for Counter abuse technology:
<p>Machine learning helps Gmail block sneaky spam and phishing messages from showing up in your inbox with over 99.9 percent accuracy. This is huge, given that 50-70% of messages that Gmail receives are spam. We’re continuing to improve spam detection accuracy with early phishing detection, a dedicated machine learning model that selectively delays messages (less than 0.05% of messages on average) to perform rigorous phishing analysis and further protect user data from compromise.

Our detection models integrate with Google Safe Browsing machine learning technologies for finding and flagging phishy and suspicious URLs. These new models combine a variety of techniques such as reputation and similarity analysis on URLs, allowing us to generate new URL click-time warnings for phishing and malware links. As we find new patterns, our models adapt more quickly than manual systems ever could, and get better with time.</p>

I see very, very few phishing emails on my Gmail account. I see a fairly constant amount of spam on it, though, despite marking the stuff (always claiming to be from department stores, and not being addressed to my ur-address) as junk consistently.

That spam hasn't become a bigger, or even overwhelming slice of email is a success for all the organisations such as Spamhaus fighting it.
google  gmail  email  spam 
june 2017 by charlesarthur
Old nemesis spam becoming significant way for attackers to subvert data • Network World
Michael Cooney:
<p>"The ongoing expansion of domain name choices has added another instrument to the spammer’s toolbox: enticing recipients to click through to malicious sites, ultimately allowing attackers to infiltrate their networks,” wrote Ralf Iffert, Manager, X-Force Content Security in a blog about the spam findings. “More than 35% of the URLs found in spam sent in 2016 used traditional, generic top-level domains (gTLD) .com and .info. Surprisingly, over 20% of the URLs used the .ru country code top-level domain (ccTLD), helped mainly by the large number of spam emails containing the .ru ccTLD.”

Iffert continued: Even the lesser known domains are already well-established in spammers’ business model. Of the top 20 TLDs used in spam emails, X-Force observed seven new gTLDs in the top 10 ranks of the overall list: .click, .top, .xyz, .link, .club, .space and .site.

The new, generic top-level domains let spammers vary their domain URLs and thus bypass spam filters and some new gTLDs can cost as little as $1 to register, making them more lucrative to spammers who can automate the registration of hundreds of domains a day, Iffert wrote.</p>

So at least that will gladden the hearts of the registrars of gTLDs. Though one could imagine that companies might start setting up filters to block out non-standard gTLDs.
gtld  spam 
march 2017 by charlesarthur
Spammergate: the fall of an empire • MacKeeper™ blog
Chris Vickery:
<p>A cooperative team of investigators from the MacKeeper Security Research Center, CSOOnline, and Spamhaus came together in January after I stumbled upon a suspicious, yet publicly exposed, collection of files. Someone had forgotten to put a password on this repository and, as a result, one of the biggest spam empires is now falling.

Additional coverage can be seen over at <a href="">CSOOnline</a>.

The leaky files, it turns out, represent the backbone operations of a group calling themselves River City Media (RCM). Led by known spammers Alvin Slocombe and Matt Ferris, RCM masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends.</p>

This might even give MacKeeper some redemption. It knows all about <a href="">leaking millions of user records from unsecured databases</a>. Though it's still ahead on <a href="">losing lawsuits from the FTC where it pays a $2m settlement</a>.
security  spam 
march 2017 by charlesarthur
Researcher breaks reCAPTCHA using Google's speech recognition API • Bleeping Computer
Catalin Cimpanu:
<p>A researcher has discovered what he calls a "logic vulnerability" that allowed him to create a Python script that is fully capable of bypassing Google's reCAPTCHA fields using another Google service, the Speech Recognition API.

The researcher, who goes online only by the name of East-EE, released proof-of-concept code on GitHub.

East-EE has named this attack ReBreakCaptcha, and he says he discovered this vulnerability in 2016. Today, when he went public with his research, he said the vulnerability was still unpatched.

The researcher was not clear if he reported the bug to Google. Bleeping Computer has reached out to the researcher to inquire if Google was, at least, aware of the issue.

The proof-of-concept code the researcher released allows attackers to automate the process of bypassing reCAPTCHA fields, currently used on millions of sites to keep out spam bots.</p>

Oops. But logical. Only works against the latest version of reCAPTCHA. But even so.
google  recaptcha  spam 
march 2017 by charlesarthur
Google is battling a Russian spammer over the use of the letter 'G' • Motherboard
Joseph Cox:
<p>Google is probably pretty pissed off. An alleged Russian spammer recently used a domain strikingly similar to to flood websites' analytics <a href="">with unwanted pro-Trump messages</a>, and Google is now trying to wrest control of the URL.

But Vitaly Popov, the site's owner, is not giving up without a fight, no matter how unlikely he is to win.

Late last month, Google filed a complaint with an arbitration forum over Vitaly's ɢ domain. As you might notice, the "G" in ɢ looks a little off. That's because Popov registered the website back in March 2016 with the Latin version of the letter, meaning he can produce a URL that looks very similar to, but that sends visitors elsewhere. Popov has done the same for the "K" in lifehacĸ

"Google requests that the Panel issue a decision that the Domain Name registration be transferred to Google," the company's complaint, provided to Motherboard by Popov, reads. (A member of the arbitration forum, called ADR Forum, confirmed that there was an ongoing dispute between Google and Popov).

In its complaint, Google claims that Popov's phony domain redirects visitors to a landing page with a slew of dodgy pop-ups, including one that asks for a Windows username and password.</p>

Spam has moved on a bit.
google  spam 
february 2017 by charlesarthur
Fighting iOS Calendar Spam • The New York Times
<p>Q. I have been getting spam invitations to my iOS calendar recently. They come from Chinese accounts and their subjects are for super-discounted Ray-Bans and the like. Is there any solution to this?</p>

Yes, there are a few, and the NYT has them.
apple  icloud  spam 
november 2016 by charlesarthur
Two years spamming spammers back • Medium
Brian Weinreich:
<p>I created a bot to respond to these types of emails…
<p>"Sarah": My husband dead two years ago and the family members wants to kill me and my children and seat on the inheritance he left for us with bank here l am now in a hiding with my kids and the documents of inheritance is with us…

Bot: Very nice! Where abouts are you located?</p>

(Jump to to <a href="">see how this conversation continued…</a>)

^ that’s the Sp@m Looper. It’s a service I made that puts spammers (and scammers) in an email loop with a bot that regularly asks the spammer questions.</p>

<em>Finally</em> a real use for chatbots.
chatbot  spam 
september 2016 by charlesarthur
“Spam King,” who defied nearly $1B in default judgments, sentenced to 2.5 years • Ars Technica
Cyrus Farivar:
<p>A Las Vegas man known as the "Spam King" was sentenced Monday to 2.5 years in federal prison. He pleaded guilty last year to one count of fraud.

The federal judge in San Jose, California also ordered Sanford Wallace to pay over $310,000 in restitution.

Prosecutors wrote that by his own admission, Wallace executed "a scheme from approximately November 2008 through March 2009 to send spam messages to Facebook users that compromised approximately 500,000 legitimate Facebook accounts, and resulted in over 27 million spam messages being sent through Facebook’s servers."</p>

Wallace is spam-famous back to the 1990s; constantly annoying, not giving a damn about anyone. Even 36 months isn't going to make much difference, I'd wager. There's a book extract about him <a href="">here</a>.
sanfordwallace  spam 
june 2016 by charlesarthur
Facebook ‘Spam King’ guilty for sending 27 million messages » Bloomberg Business
Joel Rosenblatt:
A Las Vegas man pleaded guilty to sending more than 27 million unsolicited messages through Facebook Inc. servers after gaining access to about 500,000 accounts on the social network, according to prosecutors.

Sanford Wallace, 47, known as the “Spam King,” admitted to his mass spamming in 2008 and 2009 while pleading guilty Monday to fraud and criminal contempt, San Francisco U.S. Attorney Melinda Haag said in a statement.

Oh, but that's not nearly enough context. Sanford Wallace has been a spammer for absolutely ages; he goes back to the neolithic age of the web. Read <a href="">the Wikipedia entry</a>. And reflect: once a spammer, always a spammer.
august 2015 by charlesarthur
US DOJ accuses three men in largest email breach 'in the history of the Internet' » GeekWire
Frank Catalano:
The indictments against two Vietnamese citizens and a Canadian citizen — operating from Vietnam, the Netherlands, and Canada — alleges the trio were involved in hacking at least eight U.S. email service providers, spamming tens of millions of email recipients, getting money from affiliate relationships for spammed products, and laundering the proceeds.

“The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers,” U.S. Assistant Attorney General Caldwell said in a statement. “This case again demonstrates the resolve of the Department of Justice to bring accused cyber hackers from overseas to face justice in the United States.”

The Department of Justice (DOJ) estimates the accused allegedly took in approximately $2 million through the affiliate marketing sales linked to spam. One of the three is said to have already pleaded guilty.

Brian Krebs suggests it was a breach of the email marketing company Epsilon in 2011 - whose servers were then hijacked to send the spam. A reminder that spam is still big, big business.
march 2015 by charlesarthur
Botnet summary 2014 >> Spamhaus
To nobody's surprise, botnet activity appears to be increasing. The majority of detected botnets are targeted at obtaining and exploiting banking and financial information. Botnet controllers (C&Cs) are hosted disproportionately on ISPs with understaffed abuse departments, inadequate abuse policies, or inefficient abuse detection and shutdown processes. Botnet C&C domains are registered disproportionately with registrars in locations that have lax laws or inadequate enforcement against cybercrime.

In 2014, Spamhaus detected 7,182 distinct IP addresses that hosted a botnet controller (Command & Control server - C&C). That is an increase of 525 (or 7.88%) botnet controllers over the number we detected in 2013. Those C&Cs were hosted on 1,183 different networks.

spam  botnet 
january 2015 by charlesarthur

Copy this bookmark:

to read