convincing spam from CNN
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: new convincing spam from CNN
Re: new convincing spam from CNN
07-08-2008 12:51 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Out of interest, what would peoples' thoughts be if we were to move away from Postini and try another spam solution?
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: new convincing spam from CNN
07-08-2008 1:16 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
More than 1,000 hacked sites serving up phony update; Adobe issues warning
Gregg Keizer
August 6, 2008 (Computerworld) More than a thousand hacked Web sites are serving up fake Flash Player software to users duped into clicking on links in mail that's part of a massive spam attack masquerading as CNN.com news notifications, security researchers said today.
The bogus messages, which claim to be from the CNN.com news Web site, include links to what are supposedly the day's Top 10 news stories and Top 10 news video clips from the cable network. Clicking on any of those links, however, brings up a dialog that says an incorrect version of Flash Player has been detected and that tells users they needed to update to a newer edition, said Sam Masiello, vice president of information security at Denver-based security company MX Logic Inc.
One distinguishing feature of the attack, Masiello added, is the endless loop it uses to frustrate victims. If user clicks "Cancel" in the dialog that prompts for an update, another pop-up appears, said Masiello, that tells the victim that they have to download it to view the video. Clicking "Cancel" there returns the user to the first dialog.
"It puts you in this perpetual loop, so your only options are to kill your browser [session] or be browbeaten into installing it," said Masiello.
MX Logic has detected more than 160 million spam messages in the fake CNN.com attack in the past 48 hours, he said. "It's not slowed down at all," Masiello said.
Yesterday, Bulgarian security researcher Dancho Danchev reported finding more than 1,000 hacked sites hosting the fake Flash Player update.
Hackers are getting brazen and apparently aren't afraid to disclose the addresses of the sites they've compromised by embedding them in the spam they're spreading, he said. "Malicious attackers have been building so much confidence in this risk-forwarding process of hosting their campaigns, that they would start actively spamming the links residing within low-profile legitimate sites across the Web," Danchev said in a blog post on Tuesday.
Adobe Systems Inc. is aware of the malware posing as its Flash Player, and on Monday it warned users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than Adobe.com," said David Lenoe, the company's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc.) -- if you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious."
People who approved the download of the bogus flash.exe file instead received a Trojan horse -- identified by multiple names, including Cbeplay.a -- that in turn "phones home" to a malicious server to grab and install additional malware, said Danchev.
Masiello said MX Logic is still investigating, and it has not been able to pin down what malware -- other than the fake Flash Player -- was actually installed on victims' PCs.
http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9111858
Re: new convincing spam from CNN
07-08-2008 1:33 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have to say moving away from postini might be the best thing. I've seen no improvement since April things seemed OK from about mid Jan to start of April then got worse. But as I haven't been analysing things in any depth like mikeb and others that is only my gut instinct, based on my experience with the levels of spam I've had, which is small in comparison to others, and the many similar situations that others have posted here on the forum.
Re: new convincing spam from CNN
07-08-2008 7:00 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Bob Out of interest, what would peoples' thoughts be if we were to move away from Postini and try another spam solution?
That would be a knee jerk reaction and a bad choice, this is not a postini problem, as I said my postini account I have through my employer is blocking all these, so the reason why these messages are being delivered to PN users is a PN self inflicted problem. Let's address that problem shall we?
SW.
3Mb FTTC
https://portal.plus.net/my.html?action=data_transfer_speed
Re: new convincing spam from CNN
07-08-2008 8:45 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: spraxyt Thanks, that's useful information.
Are you able to run the filter retrospectively on your Mac Mail Inbox to check if you have any older (legitimate) mail with the Xfilter header?
David
I've now 'forced' Mail to check all my inboxes/mailboxes on my computer and the filter caught nothing else.
Personally I'd be happy for anything marked 'X-Pstn-Xfilter: y' to be directed to our Spam folders. Enough legitimate stuff gets marked Spam 1 and gets sent there after all, and I can whitelist any genuine addresses if I wish.
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
Re: new convincing spam from CNN
07-08-2008 8:50 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Please Plusnet, fix the problem where it appertains to you - Postini itself is fine.
Re: new convincing spam from CNN
07-08-2008 8:56 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Shame that unsubscribable stuff gets marked spam because people are too lazy to unsubscribe, but I can live with that. Postini seems to remove most, if not all, of the real rubbish we used to get.
Full Fibre since September 2023
Mac OS14 and Firefox user with latest versions of both
Re: new convincing spam from CNN
07-08-2008 9:06 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
bobp
Re: new convincing spam from CNN
07-08-2008 9:17 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: new convincing spam from CNN
07-08-2008 9:27 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
![Smiley Smiley](/html/@39650D28FE4EA73A5BA77CFD0A477003/images/emoticons/smiley.gif)
At work, I have an Orange account. Despite their Spam filtering, I get more Spam than genuine e-mails in my Inbox, mostly (for some strange reason) with French headers.
![Undecided Undecided](/html/@B2520ED9758574DA4DA10314C4B1AB94/images/emoticons/undecided.gif)
Although I have to say, they are now identifying the CNN ones as Spam. What Plusnet needs to be able to do is block an obvious, newly identified attack by the words in the header immediately.
I've not forgotten last Xmas, when a sustained attack suddenly blitzed our Inboxes
(see eg http://community.plus.net/forum/index.php/topic,58788.0.html )
![Angry Angry](/html/@8746C25E4D2FCE77DBF681B64ABA6B5A/images/emoticons/angry.gif)
I am still querying why it is worth reporting wrongly identified Spam / Not Spam, as it is clear that Plusnet are unable to actually do anything except open discussions with Postini.
Re: new convincing spam from CNN
07-08-2008 11:02 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I think treating the X-pstn-xfilter: y header to be spam is a good idea. I've not had any false positives as yet, and it's been 100% successful in identifying the latest batch of CNN spam.
We're now at a situation where Postini is performing adequately, and this change will allow Plusnet to mirror Postini's fast reactions with a global pattern match rule. I think that you should be looking at alternatives all the time but now is not the appropriate time to jump ship without properly testing alternatives.
B.
Re: new convincing spam from CNN
07-08-2008 11:15 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It just needs a few tweaks, please sort it out.....
BTW I am still getting the CNN mails today, lots of them.
Re: new convincing spam from CNN
07-08-2008 12:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I left plusnet around a year ago (after almost 10 years) but kept my email account. I'm now with adsl24 and have a uni based email address, neither of which has had a single instance of this new email and very rarely do I ever get spam from them. There isn't a day goes by that I don't receive spam through plusnet.
I don't care what methods plusnet uses to remove spam, the fact is, it should just do it.
ps. I received 2 instances of this email while typing this message.
2 seconds later... 5 more!
Re: new convincing spam from CNN
07-08-2008 12:21 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: new convincing spam from CNN
07-08-2008 12:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I thought there might be some way of blocking the header as obviously it comes from loads of different addresses. But apparently not
I did not not risk allowing in into Outlook
I t has happened last 3 or 4 days.
Recently I have been pretty free of spam - there is no other spam getting through.
So I felt that this might be a new phenomenon and a sinister one.
I use CNN regularly so I knew they would not send this type of email .
Whoever is doing it has big ideas .
I hope it gets stopped soon
Before I came here i pent some time getting muddled with Plusnet email help -
Glad I came here. We need to be updated about this sort of thing because people are at serious risk from it.
Cameron
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: new convincing spam from CNN