Re: phishing and comment spam

[Cardoso <cardosolistas () contraditorium com>]

Initiatives like akismet (http://akismet.com/) are very effective
against comment spam, and since web comments are not sensitive as
email, a few false positives are not the end of the world.

Problem is: It costs CPU and small rent-a-host servers can't handle it. 

A Movable Type blog that I take care almost died, because someone was
spamming it's trackback interface with undreds of messages. No processes
left to legitimate users.






On Wed, 21 Jun 2006 16:29:10 -0500 (CDT)
Gadi Evron <ge () linuxbox org> wrote:

GE> Today we received one of the first phish attempts to be made as a web spam
GE> (comment spam / blog spam) attempt.
GE> 
GE> I wasn't convinced, and thought that perhaps it was a way to gather and
GE> verify RELEVANT online identities. Someone put me straight. It's phishing.
GE> 
GE> I've often in the past had run-ins with the good folks in the anti virus
GE> realm back between 1996 and 2005 who thought Trojan horses and then
GE> spyware were not part of their business. Years later the AV business
GE> people ruled it is part of their business and ran to catch up. Same with
GE> botnets.
GE> I've often had friendly discussions with anti spam folks who said phishing
GE> isn't part of the spam problem, or interesting to them. Or that if spam is
GE> done on a medium other than email, it obviously isn't spam and needs a new
GE> name.
GE> 
GE> They were wrong. I wasn't very smart in how I approached the subject
GE> matter, though.
GE> 
GE> Today, most anti spam experts consider phishing a priority. Today, Trojan
GE> horses, bots and spyware are considered a priority with AV-ers.
GE> 
GE> Web related spam is still in the terminology and turf fighting stage, but
GE> with the increasing ROI and interest combined with the decreased success
GE> of other mediums over time, we can see the results for our selves.
GE> 
GE> Where there is ROI, the Bad Guys adapt. The Good Guys are a step behind
GE> regardless of faith, as we are inherently reactive. Still, we should stop
GE> being surprised. :)
GE> 
GE> Today, phishing makes the transition to yet another medium, which is
GE> comment spam.
GE> 
GE> Here is a quote of the phish, as it came in the comment spam earlier
GE> today:
GE> 
GE> "HEllo, i just wanted to say, after 3 years of playing neopets,
GE> i have
GE> gotten bored with it and have decided to quit. insted of letting my
GE> neopoints and items just sit there and rot, i am gonna give them away. in
GE> my years of playing i have made about 6 million neopints and have a couple
GE> million neopoints worth of items. all you need to do is send me your
GE> screenname and password so i can put the stuff in your account and a
GE> reason stating why i should give you my hard earned items."
GE> 
GE> So, we start with neopets and move on to the rest. Welcome phishing to yet
GE> another distribution channel, the world of comment spam.
GE> 
GE>     Gadi.
GE> 
GE> _______________________________________________
GE> Full-Disclosure - We believe in it.
GE> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
GE> Hosted and sponsored by Secunia - http://secunia.com/
GE> 

Allgemeinen Anschulterlaubnis
Cardoso <cardoso () pobox com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299
vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/