Technology

The business and culture of our digital lives,
from the L.A. Times

« Previous Post | Technology Home | Next Post »

More spammers now selling semi-real stuff

June 16, 2008 | 12:22 pm

Security researcher Patrick Peterson CORRECTION JUNE 16: An alert reader pointed out that we are now among those who have botched the reporting on some of Google's findings about malware. An original version of this post from June 11 said that more than 1% of the first listings link to dangerous pages. In fact, it's more than 1% of all search results. The "I'm Feeling Lucky" button can be hijacked, other researchers say, but that's a separate issue.

-----

We reported this morning on a new study by Cisco Systems' IronPort mail-security unit. (IronPort security researcher Patrick Peterson, at left.) The final version of the paper is now available, although you have to register before you can download it. The document is a deep dive into one of the most effective Trojan horses of all time, known as Storm.

The most interesting part isn't the technology, although that's quite impressive. And certainly other spam operations have by now captured more computers in unwitting homes and offices to turn them into spam-spewing zombies.

What's most interesting is the convincing link between Storm and a thriving real business, albeit one devoted to manufacturing imitations of branded pharmaceuticals. It's not that the Eastern European author or authors of Storm suddenly wanted to go legit. But they realized that the best way to make money from spamming was to have merchant credit card accounts, which means they can't simply rip off all of their customers.

So voila: When you order the drugs, you usually get roughly the right amount of the active ingredient. Though we don't recommend trying that.

Two other tidbits from the report: The bad guys have defeated the CAPTCHA system: the muddled letters and numbers that, in theory, only humans can decipher in order to open e-mail accounts.

And they have also gotten slick enough at search-engine optimization that more than 1 in 100 of the links returned to users in Google search results contained malware. So before you click on Google's "I'm feeling lucky" button, please consider whether you really mean it.

-- Joseph Menn

Photo: IronPort

More in: Google, Joseph Menn, Security

Post a comment
If you are under 13 years of age you may read this message board, but you may not participate.
Here are the full legal terms you agree to by using this comment form.

Comments are moderated, and will not appear until they've been approved.

If you have a TypeKey or TypePad account, please Sign In





Comments

Not a bad read, but there is NO mention in the entire 16 page PDF document about "the bad guys defeating the CAPTCHA system", so I'm not sure where you got that idea.

Posted by: PERRYinLA | June 11, 2008 at 02:56 PM

Thanks for catching my slip-up. For some reason, that finding was touted in the press release but not the final report. And while the report is on the IronPort site, for some reason the press relase is only on IronPort parent Cisco's site. Here it is, though: http://newsroom.cisco.com/dlls/2008/prod_061108c.html.

Posted by: Joseph Menn | June 11, 2008 at 03:17 PM



Advertisement


Recent Posts
A twist on broadcast journalism and sports writing |  November 27, 2009, 6:00 am »
So long, Cyber Monday?  |  November 26, 2009, 5:00 am »
'Turkey' searches on Google experience annual surge |  November 26, 2009, 4:00 am »





Archives