Microsoft shuts down spam network, reduces worldwide spam by 39%

by Shijaz Abdulla on 20.03.2011 at 10:56

Microsoft Digital Crimes Unit (DCU), working together with the US Federal law enforcement units has brought down Rustock, the world’s largest email spam network.

Rustock, a botnet, that controlled around 2 million zombie machines worldwide, was sending out up to 30 million spam email messages each day into cyberspace.

no-spamRustock was taken down piece by piece – the master controllers (botnet controllers that sent out commands to compromized ‘zombie’ machines) were identified. Microsoft, working together with the US Marshall Service, seized some of these machines in the US for analysis and collaborated with the Netherlands police to disable some of the controllers outside the US.

Microsoft then worked with service providers to black hole IP addresses that were being used to control the botnet, and with the Chinese CN-CERT to block registration of domains that could be used for these purposes.

Microsoft provides the best anti-spam solution available in the market today, and also provides a variety of best-in-class unified threat management, rights management, secure remote access and anti-malware solutions. For more information, check out the Forefront website, or speak to your Microsoft representative.

Further reading:

How to make an SPF record

by Shijaz Abdulla on 16.03.2008 at 13:06

Sender Policy Framework (SPF) is a mechanism used to help prevent spam. Basically, an SPF record is a record in your organization’s DNS server that announces to the world the IP adddreses from which you normally send out email.

Hence, if another server receives email supposedly from your SMTP domain, the server first checks if the session was established from one of the IP addresses you listed in your SPF record. If not, the message is mostly likely spam.

So how do you define an SPF record. This can get a little tricky. But Microsoft has a wizard that lets you create an SPF record easily. Check it out:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Update 7/22/2016: The above link is dead. Consider this wizard instead: http://www.spfwizard.net/

Special thanks to Debra Peterson from WhoIsHostingThis for spotting the broken link.

Cisco Inflicts DoS upon itself, Google follows suit

by Shijaz Abdulla on 11.08.2007 at 03:02

» This is the Power of the Network. Now?!?
In a bizarre incident, Cisco inflicted a Denial-Of-Service (DoS) upon itself earlier this week, which resulted in the company’s entire website, Cisco.com, to go down for several hours!

Apparently a “human error” during a preventive maintenance caused an electrical overload in that caused Cisco.com and other applications to go down. Due to severe impact of the overload, redundant mechanisms were also impacted, as per the Cisco blog.

A lesson for the rest of us: Even though redundant systems were in place, the entire site did go down!

Redundancy = Fault tolerance? Think again.

» Google shoots itself in the foot
In another turn of events, Google identified one of its own blogs as spam by mistake and deleted it! And here’s the best part — somebody named Srikanth then registered the freed blog URL for himself and put his own comments there!

Wow, that must be one heck of a spam filtering technology they’ve developed! – if it can’t tell the difference between one of its own blogs and ordinary spam.

Friendly fire?

More Nigerian email hoaxes

by Shijaz Abdulla on 28.01.2007 at 18:12

Most of us are already aware of email hoaxes involving Nigerian beneficiaries asking you to help them get their money and offering you a copious sum for the “assistance”. Well, here’s an all-new range of hoaxes. These target job seekers!

Click on image to zoom

Here’s the text of the email message (I’ve marked the ridiculous parts in red , my comments are in red italics: hope you enjoy it!)

JOBREF:CH/21563
DATE: 28/01/07
CLIENT/EMPLOYER:CNL(CHEVRON NIGERIA LIMITED)
LABOUR CONSULTANT: WWW.NAUKRIGULF.COM
RECRUITMENT AGENCY: UNION RECRUITMENT CONSULTANTS
ATTN:ENGR……… , (What a beautiful way to address you!)

At UNION RECRUITMENT CONSULTANTS we specialise in engineering career moves
for professionals engaged in the E&P sector. Interestingly, most of
our clients are not actively looking for a new job, but are keen to
consider the right opportunity.
We listen carefully to what is important to you with regard to
career, family and lifestyle. We then use our connections and
investigative skills (yeah, right) to identify interesting opportunities that meet
your criteria. Some of the moves we engineer are ‘in-country’, but
the vast majority are international placements (world wide) with
some of the best companies in the industry.

DETAILS:
union recruitment consultants; with the mandate to recruit expatriate
services employees’ for the fulfillment of the requirements of nlng “GAS FLARING PROJECT (what the hell is that???) in Nigeria, seek to write your consent after recommendation from our labour consultants (http://www.naukrigulf.com/) recent expatriate vacancies with
our client.

CNL intends to invite prime experienced individuals/expatriates
capable of rendering expertise services in fields below:
a) Petroleum Engineering
b) Drilling Services
c) Civil Engineering
d) Computer Engineering
e) Architect Engineering
f) Marine Engeenering (hmmm…)
g)Mechanical Engineering
h)Electrical Engineering
i)Electronics-Telecommunication Engineering
j)Surveying Engineer
k)Aerospace Engineering (all this for a GAS FLARING project!!!)
And others (what was that supposed to mean?)

PROJECT SHALL REQUIRE:
A cooperate project management team, engineering, procurement,
construction, transportation and installation, safety, drawing,
Designs, Geological services,maintenance and commissioning.
Entitlement, Compensation and Benefits packages include:
. A very attractive net salary paid in US$, Sterling or Euros
equivalent depending on employee
home country and currency preference.
. Quality single or family housing accommodation in company
community.

. Free medical care in Nigeria for employee and family.
. Excellent educational assistance benefits with family status
employment.
. Paid airfares allowing full flexibility with holiday travel. (whats that?)
. Personal effects shipment and excess baggage allowances.
. Full access to some of the finest and social recreational
facilities in Nigeria.
CONTRACT DURATION:
Level 1: 12 Months, (One Year) and renewably only on satisfactory
performance by employee.

Level 2: Full time
Interested candidates must have not less than 3 years experience in
any of the above listed fields.
Interested candidates should forward their resumes/CV with
verifiable reference(s) as word attached document to:
EMail:unionrecruitment_consultants@yahoo.com (Why yahoo.com?)
Interested candidates are also required to contact our Nigerian
Local Office strictly for the purpose of this project.

CONTACT: DR.OGBUJA OKEMINI
Head Of Union Recruitment Consultants (Why is the head of Union Recruitment Consultant contacting you directly?)
Nigeria.
TEL: (+234) 80-64438276
FAX : (+234)82-30 856

**ends**

This is the second hoax mail I’ve received in the past two weeks. The earlier one was supposedly from Shell UK. I thought I’d join in the fun and sent my CV across. Immediately after, I get my “employment agreement” with a whopping salary attached to it – with NO interview. The contract shows Shell UK website is at http://www.shelluk.com/ – there is no such web site!! Two days later somebody calls me on my phone – out of the blue – and tells me I need to sign the document and send them back. Then an “attorney” would contact me, to discuss “what I should do to get my work permit”. Oh yeah – and that’s where the money part comes.

So next time you receive anything in your email, be very sure whom you’re dealing with!

Update:

  • There is also a new scam going around from Omni Hotel, Canada. It’s fake. More info here.

Fake Microsoft emails

by Shijaz Abdulla on 21.01.2007 at 17:52

Today I received a mail, supposedly from Microsoft, regarding a “security vulnerability”:

Click on the image to zoom

It had an EXE attachment “installation689.exe”. The message was written in the kind of language Microsoft uses to communicate with its customers – clear, courteous and concise explaining clearly what the update is for, etc. The first thing a novice (or even an intermediate) user would do, is to download the attachment and install the patch.

It even had the classic Microsoft footer:

Click on the image to zoom

Now, there are a few things that are revealed upon closer examination:

  • The “from” address is suspicious: Network Security Center [xclocltwp@confidence.microsoft.net]. (Hmmm…)

  • It addresses you as “MS” customer. It also uses terms like “MS Internet Explorer” and “MS Outlook”. Microsoft officially doesnt use “MS” to address itself :). (Hmmm Hmmm…)

  • Microsoft NEVER (never never ever) sends an update out to its customers as an email attachment.

  • Microsoft update files normally have a filename that start with the letters “KB” followed by the KB article number.

What a clever way to outwit the unsuspecting user! So those of you out there, beware of stuff that comes in your e-mail! Think twice before you run an EXE attachment.

From my experience, 9 out of 10 EXE attachments are viruses. Sometimes they appear to come from people you know, because they are actually sent by malicious programs that have already infected their machines.