SpywareInfo Home
March 19, 2003

Fighting spam has turned into a full-scale war

Spam accounted for 43% of all emails delivered in the United States in February 2003 according to spam filtering company Brightmail. Spam is sent in such staggering amounts that it regularly overwhelms network bandwidth and crashes even the most robust mail server hardware. Soon, fully half of all email in the United States will be spam. The problem is so bad that there is a very real danger of email being abandoned as a means of communication according to the Washington Post.

From the Washington Post

The flood of unsolicited messages sent over the Internet is growing so fast that spam may soon account for half of all U.S. e-mail traffic, making it not only a hair-pulling annoyance but also an increasing drain on corporate budgets and possibly a threat to the continued usefulness of the most successful tool of the computer age.

Spam continues to defy most legal and technical efforts to stamp it out. The surge has spurred calls for national legislation, but deep divisions remain regarding what constitutes spam and how best to regulate it. In the meantime, spammers, Internet providers, company network administrators and anti-spam vigilantes are locked in a ferocious electronic arms race.

Many spammers have become so adept at masking their tracks that they are rarely found. They are so technologically sophisticated that they adjust their systems on the fly to counter special filters and other barriers thrown up against them. They can even electronically commandeer unprotected computers, turning them into spam-launching weapons of mass production.

Read the rest of this article

Mailwasher Pro 3.0 Released

Permlink | Top

mailwasher

The wait is finally over! Firetrust has released the new Mailwasher Pro!

MailWasher Pro works directly with your e-mail server, exactly like your e-mail program does. But there is one important difference: you can tell MailWasher Pro to delete a message at the server, without downloading it - or you can bounce an e-mail back to the sender so that it looks as though your address is not valid.

MailWasher Pro retrieves information about all the e-mail on the server. With that information (some of which is also processed by MailWasher Pro) you can decide what to do with each individual e-mail - download, delete, or bounce back.

If you check your accounts with MailWasher Pro first, you can delete or bounce the e-mail you do not want. Then, when you use your e-mail program, it downloads only the remaining emails, those that you want to read.

MailWasher Pro can be thought of as a "first line of defense" which can weed out junk, large wasteful attachments, and potentially harmful viruses.

I made a contribution to the author of Mailwasher last year when it was still free, and because of that I've received a complimentary license for this new pro version. I've been using it since it came out last week and this thing is amazingly cool and extremely useful.

Mailwasher is an enormous time saver. I don't have to waste time downloading all of my email, then deciding what I didn't want. I just delete unwanted messages right off the server. Who wants to download 10 Klez-infected emails at 140KB each?

Mailwasher lets you bounce unwanted email so that it appears as if your address doesn't exist. However, I would recommend against using it for spam or virus emails. Spammers don't use real reply addresses and neither do emails carrying viruses. However, if there is someone you'd rather not receive email from, bouncing their messages is a great option to have. I used it to bounce those hundreds of unwanted spams from bluebottle.com a while back.

The new version has a preview pane that lets you read each email in plain text before deciding if you want to delete it or not. If the email turns out to be spam from a raunchy porn site, you aren't forced to look at a huge, obscene pornographic image because Mailwasher Pro will show only plain text. You can even look at the full source code including headers if you want. The filter sidebar lets you "drag and drop" an email right into the blacklist or friends list. You can also edit, delete, or add new customized filters.

When you first run it, it can import all of your existing email account settings from Outlook, Outlook Express, Netscape Messenger and Eudora Mail. It can check a large number of email accounts on a schedule or on demand, and you can exclude accounts which you don't use very often. It can also check, delete, and even bounce hotmail messages.

Last month, 43% of all email, some 227 billion messages altogether, were junk. The spam problem is getting so bad that you have to use something to make getting to your real email quicker and easier. Mailwasher is the best way to do that as far as I'm concerned.

I helped beta test the free version for several months and I was more than happy to support the author with a contribution. If that hadn't qualified me for a free copy of Mailwasher Pro, I'd have bought it anyway. It's well worth the money and it more than pays for itself in reducing the time lost dealing with garbage mail. This is software that is worth buying.

We have made a deal with Firetrust to provide a $10.00 discount on every copy of Mailwasher Pro for visitors of SpywareInfo for the next seven days. This is a service we provide every week for our visitors and readers. Every week we will arrange a nice discount on a popular piece of software exclusively for our readers and promote it throughout the week.

This helps us pay for this web site without putting nasty cookie-setting Doubleclick banner ads everywhere. It also helps our regular readers buy some of the expensive security software recommended on the downloads page. If you see something there (or elsewhere) that you'd like to see discounted, let us know.

There is a free trial version available if you'd like to try it before buying. If you still aren't sure about this program, try it free and see for yourself. If you don't like it, toss it. If you agree that it's well worth the (nicely discounted) price, remember to use this discount code (SWI1XY6) when buying to get $10.00 off. Just make sure you buy it before March 26 or you won't get the $10.00 discount.

Get Mailwasher Pro now Discount Code (SWI1XY6) | This offer ends March 26, 2003.

If you run your own web site, you can also help promote this fantastic program and get the word out about it. They have an affiliate program which gives you all the materials you need, including graphics to use in your links. Signing up is very quick and easy. Sign up here to be a MailWasher Pro affiliate.

Thinking of buying something advertised through spam? Think again

Permlink | Top

Never, ever, ever reply, respond or interact in any way with a spam message except to delete it (or to report the spammer if you're feeling vengeful). If you so much as open the spam, you could be letting the spammer know that you opened their message when it suddenly loads vile pornographic images or hidden web bugs from the internet.

It can also be downright dangerous to open spam. The message might launch javascripts which could perform any number of nasty tricks, such as home page hijacking. It could even launch activex scripts which could install viruses, spyware, or hijackware onto your computer. These are not theories. These are things which happen to people who come begging for help at the SWI support forums every day.

You should also never even consider buying anything advertised through spam. Doing so only encourages more spam. "Spammers exist because people buy from them. It typically takes from 1,000 to 10,000 spams to make one sale. If you buy from a spammer, you are PERSONALLY responsible for the next 1,000 to 10,000 spams sent... Including the porn spam sent to your kids." according to Paul Myers, author of the marketing newsletter Talkbiz.

Still not convinced? Still tempted by the opportunity to *ahem* "grow as a person"? Then perhaps you should read the conclusions reached by Wired.com's Michelle Delio last month. She decided to see just what happens when you try to buy the products and services being pitched in all those spams.

First and most importantly, Delio found that replying to spam will always result in more spam. The reason for that is that spammers do not make money by selling whatever they're advertising in the spam. They make money selling your email address to other spammers. In fact, 56% of the spammers in the Wired News test never replied to requests for more information on their product or service. They just simply sold the test email address to other spammers.

Sixteen percent of the offers promoted in the spam messages were totally bogus. The only spam that didn't turn out to be bogus and delivered exactly what they promised was of the pornographic variety.

To top it all off, take a wild guess what Wired found at the end of their investigation. The test computer used for the testing was filled with spyware and browser hijackers. So, still think that it's ok to buy from spam? Then you and the spammer probably deserve eachother.

You can read the full article at Wired.com

Kazaa's "Partner" Opens Security Hole

Permlink | Top

http://www.securityfocus.com/bid/6543/discussion/

A vulnerability has been discovered in KaZaA related to the displaying of advertisements. It has been reported that KaZaA advertisements [provided by Cydoor] are rendered in the MSIE local zone. This presents a security risk as it is possible for malicious advertisement content to execute arbitrary commands on client systems. This issue may also be exploited to disclose the contents of system files.

This may allow unknown and untrusted remote content to compromise a users system.

Workaround:
The following workaround has been suggested by David Krum: [It would be easier to just use Kazaalite than to follow this workaround. Same result, less risk]

Remove the permissions from the %windir%\AdCache directory or %windir%\system32\AdCache. This will also cause KaZaA to show no advertisements at all.

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

I strongly suggest that Kazaa not be used at all. The problem is no longer just the ton of spyware that is installs. There is also this and other security risks.

Spyware-free alternatives http://www.spywareinfoforum.info/articles/p2p/

Web users under siege

Permlink | Top

There is an excellent article that will appear in the April 2003 issue of PC World Magazine which details the various threats facing anyone who uses the internet these days. The article discusses everything from spam, viruses, and spyware to hackers and online auction scams. You can also read it online at http://www.pcworld.com/howto/article/0,aid,109364,pg,1,00.asp. I highly recommend that everyone go and read it.

Earthlink's Pop-up Blocker A Trojan?

Permlink | Top

PBS's Robert Cringely has published a rant about Earthlink's much-hyped pop-up blocking service. According to him, the Earthlink software is little more than a trojan. Cringely reports that the pop-up blocking software actually pops up its own ads pitching Earthlink products and services. Reportedly the software also hijacks multiple internet settings and even secretly installs other software on the computer using an auto-updater program.

Earthlink's pop-up blocker for Windows computers is, in essence, a trojan -- innocent appearing code that carries with some hidden pathogen. Earthlink's Pop-up Blocker may stop any pop-ups from www.bigboobies.com, but it generates its own pop-up ads for Earthlink, itself. But it gets worse. What most people have installed is a beta copy of Pop-up Blocker. Now Earthlink members with Windows computers are being told that the beta has expired and they should download the permanent version.

Don't do it.

The so-called "permanent version" is a 14 megabyte suite of applications called Total Access 2003 that replaces your FTP client, your e-mail client, your PPPoE application, your browser preferences, your search engines, and more. It "takes over your computer" on boot-up, according to Earthlink, providing a tool bar and other unwanted, undocumented features.

Read the entire article at PBS.org

Spybot 1.2 Released

Permlink | Top

Spybot version 1.2 is out of beta and ready for public release.

From the author:
We are proud to announce that Spybot-S&D 1.2 is ready for the public! Over the past two month, we've been working hard to add some nice new features as well as to make the whole thing easier for newbies. Here's a short list of the most important changes:

Introduced Easy mode for newbies, Advanced mode for pros
Improved detections to avoid false positives (MD5 checksums)
Improved detection mechanisms for morphing files (dynamic checksums)
Added new Immunize section as a preventive measure against spyware
Improved help (including description of each page, quick help & help buttons on each page)
Added silent mode command line parameters
Fixed some problems appearing as Zugriffsverletzung
Improved readability for blind users
Improved and printable logs
Fixed bug that prevented all user accounts to be scanned
Improved support for running on non-admin account
Added support for external file viewers
In the update bar to the right you'll also see the updates coming with version 1.2, including more than a hundred new dialer variants and improved detections for some other threats.

Update instructions: all update servers will have the update from any 1.1 release to 1.2 from now on. If you cannot use the integrated update function, you can download it directly from the web site.

http://spybot.eon.net.au/index.php?lang=en&page=download

NOTE: I've tried repeatedly to download this through the internal updater and haven't managed it yet. The servers are badly overloaded, so you may want to give it a day or two to let things settle down.

Mozilla 1.3 Released

Permlink | Top

Mozilla 1.3 is now available for download. First there was image blocking, then came pop-up blocking, and now we have junk-mail filtering (AKA "spam controls"). Mozilla 1.3 also offers image auto-sizing, an API for rich text editing in webpages, newsgroup filters, dynamic profile switching, nearly 2000 bug fixes, and much more. See the release notes for additional information.

We have a large thread running at the forums about this new version. Also in that thread is a post with some awesome speed tweaks for Mozilla, Internet Explorer and Opera. Even if Mozilla doesn't interest you, you should at least read that one post because those tweaks bring an immediate and noticeable increase in browsing speed.

For the most part, the consensus is that this is a very good improvement to an already great browser. I had been using Opera 7 as my default browser for the last month or so, but with the speed of Mozilla 1.3, I've switched back to Mozilla as default.

If you get Mozilla, you should also check out these extremely cool add-ons. Prefbar, which one of my message board members told me about, and Multizilla, which I've used for many months and which now also includes Googlebox. Googlebox is almost an exact duplicate of the Internet Explorer google bar. All of these are also discussed on the message board. There's a bunch of other very cool add-ons for Mozilla at http://multizilla.org.

Site News

Permlink | Top

The SWI web site is going to be moving servers sometime in the next couple of weeks. Last week, SWI was hit with a denial of service attack. There were so many simultaneous requests for files that it nearly crashed the server the site is hosted on. To keep the server running, my web host temporarily suspended the web site, which may have caused some of you to see an error saying that no such site existed on the server. Later, after the host reactivated the site, I closed down the support forums since that is what uses the most bandwidth and server resources on the site (we didn't realize it was an attack until later and didn't realize it was over with).

After examining the server logs and the headers of an email from someone claiming responsibility, it appears that the attack originated in Switzerland from the Cablecom ISP. I have have contacted Cablecom to have them terminate the account of the person using that particular IP address at that particular time.

I'd been planning to move the site to a newer, faster, less-crowded server anyway, and this was the final straw. Many of you donated via Paypal or mailed checks to help me pay for moving to the more expensive server, and again I thank all of you very much for helping. I don't know "when" this will happen, but it will be very soon.

They're telling me that the new server will have the same sort of software that I use now. That is very good news because it means that I don't have to edit every PHP script on every page of the web site, redo my configuration at the forums, and a million other little things. When requests for the site are switched from the current server to the new one, hopefully there will be no noticeable interruption. My fingers are crossed.


I will be working on something new for the Harvester Project very soon. I've come up with an idea that should a lot more effective at stopping email harvesting than what we're currently doing. The current methods will annoy email harvesters, but it won't stop it altogether, not by a long shot. The new method will a big improvement and I hope to get to work figuring out how to do it very soon.

For those of you who have signed up and not gotten linked yet, I am extremely sorry. I will get to that in the next couple of days.

If the project doesn't suit you or if you don't have a web site, that's fine. You can still get some satisfaction using Mailwasher to boot spam off your email server.


Those of you who didn't get their newsletter last week, I'm sorry about that. Those of you who got it twice, I'm twice as sorry. My email server crashed as I was sending the issue, which resulted in many of you (about 1,000 I think) not getting it. I decided to try it again, and when I did the blasted thing crashed on me again. I gave up on it at that point.

Just more proof that I definitely need to switch to a better server. Hopefully this issue will get sent without a problem. If you get it twice again, you'll know why.


If you're reading this online, mouse over some of the links. I just included a very cool mouseover effect that I first found at http://nslog.com/. It's not every link, only those I specify. Unfortunately, it's causing a javascript error of some sort. If anyone out there knows javascript and would like to help me figure it out, please check out this message board post. Thanks in advance.

The Legal Stuff

Permlink | Top

Linking/Quoting Guidelines

I don't mind people quoting these newsletters on message boards, personal blogs, and newsgroups. However, I ask that anyone doing so link to the online version of whatever they're quoting. At the top of each section is a link to the permanent location of the newsletter with an anchor tag that brings the browser right to that section. Please link either to the page or to the specific anchor. If quoting the lead section, link to the page itself.

I also ask that you quote no more than one section at the time. This is copyrighted material, and I do not authorize anyone to copy the entire newsletter anywhere. Link to the page instead. If I find an entire issue of my newsletter on your bulletin board, I will be contacting you about it, so save me the trouble and replace it with a link or remove it entirely please.

If you want to publish something from SpywareInfo on your web site, please contact me for permission first. Emailed permission is required before any material from SpywareInfo can be republished elsewhere (message boards, personal blogs, newsgroups excluded).

Subscription Management

There really is no management. If you want off this list, click on the link all the way at the bottom of this newsletter. That will remove your address. If you want to change your subscribed address, unsubscribe the current address, then subscribe the new one.

If you're reading this online and want to get on the list, enter your address below and press the "Subscribe" button. You will receive emailed instructions for confirming your subscription request. Signing up an address that doesn't belong to you will result in my beating you with a tire iron.


Be aware that most web email services screw up the style sheet used for this newsletter, and that Hotmail strips it off entirely. One web based email service which seems to have no problem with the newsletter is MyWay.com. Also be aware that this newsletter tends to set off spam filters. I refuse to modify it to pass those filters because that's not my problem. I could care less if a spam filter doesn't like the newsletter. Check with your email provider to see if they filter your email. If they do, see if you can have them whitelist the newsletter. The address the newsletter comes from is admin@spywareinfoforum.info and the IP address of the mail server is 208.251.150.135.

Do not sign up an address which uses an auto-reply of any sort. This specifically includes "out-of-office" auto replies. The newsletter goes out in the middle of the night, so obviously you will not be in the office and I don't want to know about it from 500 different people. Also do not sign up an address which requires I answer a question, input some access code, click a special link, or any other such nonsense. If you believe the address you wish to use will be spammed or sold by me, don't subscribe. Just read it online. For more information, read SpywareInfo's privacy policy.

Replying and forwarding

If you wish to reply to this newsletter, please keep the following in mind.

One, I get a godawful amount of email each day. On top of that is the spam I get which various people have been kind enough to sign me up for. For these reasons, I may or may not reply to your email depending on how grouchy I am when I read it. I also much prefer dealing with people at the message boards.

Two, if you do reply to this, please do not include the body of the newsletter itself. Violators will have their email address sold to lop.com (kidding).

Three, technical support is not provided through email. I used to do this, but I no longer can. Please use the message boards for all technical assistance. Thank you.

Please do not forward this newsletter to anyone. It is a large email full of HTML and advertisements. To some people, getting an email like this one forwarded to them would be considered spam. There is an anchor link at the top of each section which links directly to that item online. The newsletter itself will always be located at http://www.spywareinfoforum.info/newlsetter/.

That's all folks .....

SUBSCRIBE
TO THE
SPYWARE WEEKLY!

Email Address

Support SpywareInfo with PayPal or Amazon - it's fast, free and secure!
Support SpywareInfo

Tech Tips from Lockergnome.com
GnomeTomes

Privacy news
Privacy News


All material on this web site is copyrighted
© 2001-2003 by Mike Healan. ® All rights reserved.