Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious E-Cards - An Analysis of Spam

Posted by Hemos on from the dissecting-the-spam dept.

smashr writes "I ran across this article the other day which is a rather clear analysis of a piece of malicious spam the author received. While most of us simply hit the delete key, the author has taken the time to see exactly what is going on when an innocent user clicks on one of these fake e-cards that are going around. From Russian spyware sites to over-writing wmplayer.exe this particular piece of spam is a rather nasty one."

10 of 482 comments (clear)

  1. Spylog is not spyware! by tgma · · Score: 5, Informative

    While I commend the original article as an interesting dissection of an attempted attack via spam, the heading is a little sensational. It mentions Russian spyware sites, but the site in question is Spylog.com, a reputable Russian monitoring site. Not everything on the Russian internet is malicious, and Spylog does some good work on reporting statistics about the Russian internet.

    Just a minor correction.

  2. Re:A little bit unfair to Outlook by GigsVT · · Score: 5, Informative

    How do you think Outlook displays mail? Last I checked, it embeds the IE control.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  3. Re:The most frightening bit here by ggvaidya · · Score: 5, Informative

    I think you have to be Administrator for the re-write to work. Then again, most of the people I know run as administrator, so ...

  4. noHTML for Outlook Express by TasosF · · Score: 5, Informative

    Quote from that article:

    Conclusion

    If you're still using Outlook and Internet Explorer, this is a good time to find alternatives (I suggest FireFox and Thunderbird). Crackers and spammers are getting more and more sophisticated, and are finding ways to fool even experienced and skilled computer users.

    Or alternatively,

    you can use an HTML disabler like noHTML for Outlook Express

    --

    Massive by Design

  5. Re:Redndant, I know. Don't run as Administrator. by krray · · Score: 5, Informative
    I've said this before and I'll say it again. Run a current version of Windows and run your programs as a regular user, not as a "power user" or as "administrator."

    Tell you what sparky -- YOU try that across a enterprise type installation. Actually there is ONE (1) remaining application running across any of my networks that requires Windows (2K) boxes to remain until something else is phased in: AUTOCAD.

    Go ahead -- try to install and run AutoCAD (2004 release) with Architectural and Mechanical desktops loaded ... as a regular user. I'd love to see you get AEC content networked and working on a local machine as a regular user. Good luck.

    Fortunately the engineering types are special. They've got TWO computers now. 90% of their work is done on CAD which is Windows right now -- the other 10% they tap the Mac for services (file processing, email, web, word, whatever).

    Every other sub-system requiring Windows has been replaced (for us -- started in 2000) and I have to agree with you 100% otherwise: regular users have no reason to run anything as administrator or "root". Just can't do that in the Windows world...

  6. If you use Outlook for your mail.. by JasonUCF · · Score: 5, Informative
    You need SpamBayes. The beautiful folks behind it have included an Outlook plugin. Now you can knock your bayesian filter self out with a self contained easily run end-client solution. In smaller words, no need for anything fancy from your ISP, just install, plug, and play. In the few days I have used it my spam has literally dropped to 0. Spams are nailed before I even see them show up in the INBOX (it's that fast).

    Go check it out. It's really, really, good, and free, as in, well, um, beer?

    I have spent too many hours building elaborate rule sets, banning Class A IP's, keyword filters, etcetera. The spam still gets through and it carries nasty payload half the time. Bayesian...bayesian... bayesian...

  7. Re:Turn off HTML viewing in your email client! by simp · · Score: 5, Informative

    Switch off HTML formating for Outlook.

    See http://support.microsoft.com/default.aspx?scid=kb; EN-US;307594 on how to do it.

  8. Re:Turn off HTML viewing in your email client! by JPriest · · Score: 5, Informative
    There is a client called pocomail that I use that is pretty safe. It has an intuitive spam filter, you can script it to do about anything with mail, and it has a simple filter setup for sending messages from X to folder Y.

    spam filter:
    "viagra", +9
    "herbal", +6
    "natural", +6
    "to be removed", +5
    "free", +2
    "!!!", +2

    You get the point. You can toggle things like loading external graphics etc. It is really a mail client for power users. Shareware, but one of the few programs I ever purchased.

    --
    Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
  9. Re:Spam in Outlook by MooCows · · Score: 5, Informative

    This argument has been going on forever.
    And, IMHO, is only partly correct.
    Windows and it's apps have many "by design" security flaws.

    Short list:
    - Horrible data-binding in many apps (IE/Outlook/etc)
    - Enabling scripts in emails to run in the local zone
    - No warnings for insecure passwords
    - NetBIOS open by default for the internet
    - IIS, period
    - Null sessions
    - Password hashing flaw (l0pth)

    Some of these are fixed, some are not.

    Apache runs on the majority of servers, and it isn't by far hacked as much... just figure.

    --
    The path I walk alone is endlessly long.
    30 minutes by bike, 15 by bus.
  10. Re:Turn off HTML viewing in your email client! by EasyTarget · · Score: 5, Informative

    I've been usuing The Bat (www.ritlabs.com) for about 5 years now, and it's great. No worms, no virii, no pop-ups, no crap. I view all my email as text. And they've been continuously improving the product.

    Where to start.. I finally ditched the Bat! after my five years last week.. and good riddance.

    The UI has not evolved, sure lots of new features get added over the years, but they all end up as hacks into an already clumsy interface.

    The UI is a classic case of a few -really- good features (I do appreciate them) surrounded by poo. Auto-formating in the text is useless, NEVER paste some code and try to annotate it, turning it off leaves everything else looking ugly. Even Outlook manages to format it's messages better.

    The UI displays a classic 'designed by the developers' illness. They can't see it's flaws because they're too embedded in the development. If they'd just employ a professional UI designer to re-jig it, and actually do the things suggested, then it would be a world-beater.

    And you now have to upgrade ($$$) to the latest version to stay current. It's just the same as the old one, hardly any worthwhile new features. A money-spinning enforced upgrade of the most cynical sort.

    If you want it's fantastic filtering systems, wonderful templates, clever widgets, superb PGP support etc.. and are prepared to put a lot of effort and patience into learning and using it, then I heartily recommend it.

    If all you want to do is write emails to people, and read ones you receive, save yourself time and money by looking elsewhere.

    --
    "Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes