Joe Wein’s blog

Barely had Google announced its new browser Chrome, that malware senders responded by sending out fake emails claiming to provide an installer for the new software. Here is a German message I received:
From: “Steffen Neukirch” <beta-team@google.de>
To: spamtrap-email-address
Sent: Friday, September 05, 2008 09:26
Subject: [PR] Neuter Webbrowser Chrome erhältlich
Sie benötigen einen JavaScript-fähigen Browser, um diese Software herunterzuladen. [...]

[Read more →]

Today I received a couple of near identical emails in Portuguese that differed only by the (forged) sender address:
From: “Fernanda” <fernandinha@globo.com.br>
To: <joewein@pobox.com>
Sent: Thursday, September 04, 2008 06:29
Subject: Por favor veja isso!!!
Você acredita que essas coisas ainda acontecem no Brasil?
Eu não posso acreditar…
Se você quiser, assine e repassse!
Tratamentos Desumanos.wmv (153,0 KB)

Google [...]

[Read more →]

Earlier this summer a friend told me about a way to keep emails out of the Gmail spam filter, which unlike that of Yahoo! Mail can not be disabled. By setting up a filter rule (say, the email contains certain words) and specifying the “Never send it to spam” action for messages that match the [...]

[Read more →]

Today I was contacted by someone about a domain flapstate.com which was still on my spam list from spam received last year. It looks like since then the domain had expired and been deleted, but then registered by a new owner for what appears to be a scam.
The same scam also uses domains

mdanclub.com
wayizer.com
wayate.com
coralnic.com
grigga.com
srcify.com
azureclub.com
flipality.com

and [...]

[Read more →]

A recent malware spam takes a new approach to hijacking your computer.
From: Internal Revenue Service [mailto:jim.lanton@irs.com]
Sent: Thursday, July 03, 2008 10:25 AM
To: User@CompanyName.com
Subject: Re: Company report for CompanyName
To : Firstname Lastname
The report is attached.
You need to complete the fields about CompanyName income.
Jim Lanton
IRS Fraud Department
© 2008 Internal Revenue Service All Rights Reserved.

At [...]

[Read more →]

I recently came across spam that was offering “Google Earth 2008″. In case you don’t know, Google Earth is a free beta product by Google that lets you view satellite images of our planet, probably including a view of your own rooftop.
“Why would someone other than Google promote Google Earth, a product that makes [...]

[Read more →]

A four-part series of blog postings at Artists against 419 discusses in detail the massive abuse of Microsoft’s OfficeLive (MSOL) webhosting service by Advance fee fraud scammers, which I mentioned in a previous blog post here. Currently I come across such MSOL domains at a rate of about two new ones per day.
As the Artists [...]

[Read more →]

Four weeks ago I reported that Yahoo seems to finally have got a handle on the problem of criminals abusing its webhosting service for posting child pornography. Alas, the porn spammer only seem to have taken a vaccation. After those 4 weeks of almost no new child porn sites, they returned. I counted 36 new [...]

[Read more →]

Nine months ago I reported about a series of child porn sites that were being illegally hosted at Yahoo’s webhosting service. At the time I was seeing about half a dozen new sites pop up every day. I am glad to report that about 4 weeks ago Yahoo finally seems to have done something to [...]

[Read more →]

Several of the main sites dedicated to fighting online scams are currently inaccessible because of a “Denial of service” (DoS) attack.
Fraudwatchers.com, aa419.org, 419eater.com and occassionally thescambaiter.com have been offline. Thescambaiter.com and 419eater.com are two of the oldest sites that fight “419″ scams (named of the section in the Nigerian penal code that prohibits fraud). [...]

[Read more →]