Blogs

【Notice of the federal Department of Justice】Such kind of frauds usually use phone or letter to thieve people’s identity and backing accounts. While consumers are the most obvious victims, the threat spreads far wider. Scammers are more targeted to company’s founders or finance managers. They send out an email that mail header contains receiver’s full name to lure these executives to open it. With email title usually pretends to be the name of some government agencies or the federal Department of Justice, it’s easy to win trust. The email is not asking for remittance or revealing personal information but to injure the recipient’s PC. When they open the attached files, Trojans will be implanted to steal commercial or financial information in order to obtain greater profit. Information likes merger news, business secrets or financial statements are the scammers’ target.
Cellopoint Lab says that staff did not have sufficient knowledge of fraud to identify the indicators that fraud may have been committed. Hackers can easily pass through the security firewall of hardware and software; and scam the personal account passwords and financial information. They can thieve or modify important information which causes poor reputation and it just get more serious as other forms of hacking attacks.

General mail counterfeiting practices include:
1. Header fraud: the mail subject is disguised as official document title, such as "2007 employees’ welfare purchase program", "XX general manager’s open letter to employees", "Information Center bulletin."
2. Bogus sender: pretend as colleagues, competitors, vendors, customers, or government institutions.
3. Content falsification: hackers intercept legitimate mail, doctor with the email content then sent to the recipient.
4. Fake URL links: lure users to click on a fake website.
5. Embedded e-mail form: a form with user’s input was transferred back to hackers.

Cellopoint Lab explains that the fundamental solution is to add identity verification to email, made it identified as a truly genuine sender / sending unit, and its content without being altered. Certificates can be applied on as email digital signatures. Sending email with digital signatures provides the Integrity of email, Authentication and Non-Repudiation. Just like a confirmation of the identity of senders or a security label, it prevents mail counterfeiting effectively.

Stat from Cellopoint Lab shows that Spammers raise spam attacks on the eve of the major national holidays has become a trend. The Storm Worm, dormant for several weeks, had come back. With Halloween spam email, it spread out everywhere and caused personal data leaking. Researcher of Cellopoint said that during the traditional holidays, such as Halloween, Thanksgiving and Christmas, etc., the social engineering is most effective. People are not guarded against of email with subjects “Halloween Party”. When they click it on, a downloader tries to grab Trojans without awareness, the computer will become a member of a zombie network, controlled by the Spammer to distribute more spam. In two weeks ago, the outbreak of the large number of pump-and-dump mp3 spam was through this way.

Thanksgiving Day and Christmas is around the corner, are you well prepared? Cellopoint e-mail firewall is a front-end mail gateway for your enterprise setting to the gateway to prevent all types of viruses, worms and Trojan horses into the mail servers. It protects all corporate network endpoint safety, and blocks the infecting opportunity from the source to reduce the burden on MIS and enhance corporate efficiency.

Since the outbreak of PDF in the recent months, people have been informed that they don’t need to worry too much on the security issues. There was no threat could be found in this type of attachments. But this has not lasted for too long, last week, Adobe released the latest patch to fix vulnerability. Hackers exploit the program's "mailto" command and send out bulk e-mails with dangerous PDF attachments. Due to it was told that the only risk to open it was fraud, the operating system that was still remained safe, people paid less attention about the PDF attachments. In fact, users are exposed the theft of large number of personal data are thieved.

From the view of Cellopoint Lab, applying patch as soon as possible is essential, but the best way is to stop from the source. Blocking malicious email from the flooding into inboxes and protecting users from threaten by virus, Cellopoint Email Firewall perfectly combines the anti-spam and anti-virus engines, stops malicious email at gateway layer, effectively alleviates the loading of mail servers and protects email clients. With intelligent content analysis technologies Cellopoint Email Firewall provides 9 layers protections and 7 X24X365 global real-time monitoring services. It can meet various network environments for quick installation and setting.

CGAC (Cellopoint global anti-spam center) detected a latest twist on pump-and-dump spam – audio (mp3) aimed at stirring up the stock. Spammers used the loophole that the current market that all anti-spam engines are unable to know the contents of voice files, they started delivering mp3 email. As users are not wary of audio email, spammers move to use it to entice victims. Such letters are usually no text content with the title is "Cool ringtones", "Wedding Music", and so on. By using social engineering practices, spammers induced the recipient to open it. Users paid less attention to mp3 files. After playing, a voice reads the pump-and-dump pitch. Current spam filtering products are no way yet to identify the content of audio files, and spammers are transforming the voice format and file size into circumvent anti-spam products scanning.

“The spam trend is almost expected” said by Cellopoint technology officer, pointed out that from images to PDF files and then to audio, spammers looked every chance to scam the money. In order to prevent audio spam, the content scanning cannot be relied solely, we must combine with the characteristics analysis and 7 * 24 * 365 monitoring at the first time to prevent mail servers and recipient mailboxes from spam entering. Cellopoint global anti-spam Center (CGAC) provides zero-day time protection through real-time monitoring and immediately updated ICA database effectively stopping the outbreak of the new twist on PDF and audio spam. Cellopoint reduces industry mainframe bandwidth depletion and mail load, and improves efficiency in the use of email, and prevent recipient exposed to the risk of phishing trap.

Trojan horse, the old way but is not out-of-date. While the detection rate has been increased by Anti-virus programs and more transactions security checks are adopted by financial institutions, the hackers must go to another door. The internet scammers turn to choose a simple and effective way – pump and dump though a flood of image spam-circulated.

At first Spammers pick a stock as a target and they buy it in a low price, then pumping it by sending mass spam. After the price is pumped up by the buying frenzy they create, the spammers quickly dump it for huge profits. It spreads news to drive up stock prices and gets extravagant profits through investors. Once spammers sell their shares, the price typically falls and people were stuck with the loss. In order to break through the traditional Anti-SPAM defense, they send an image or PDF Type spam disseminating different stock information. The targets are usually OTC stocks or microcap such as Pink Sheet instead of large trade volume of listed stock. Small equity units, low-priced, easy speculation are their characteristics. Such method is a legal gray area, which is not directly scamming money or stealing account information. In a technical point of view, having a PDF is much easier than writing a malicious backdoor programs and even not illegal.

Stat form CGAC (Cellopoint Global Anti-SPAM Center), many free mailboxes which using famous anti-spam software is unable to stop PDF spam effectively growing number of spam are put in user’ new-mail box. Recently, a large number of PDF spams are advocated an obscure stock -- Synegrate Corp. (SYGT.PK). During five days before outbreak of news, price of this stock has gone up from 5 to 19 cents of US dollars, profit has estimated more than hundreds of thousands of dollars. Cellopoint Lab examined for a large number of PDF spam and recorded feedback from the clients, we found that ICA feature database interception rate is 100 per cent. Cellopoint can effectively stop such PDF Spam from entering the client's mailboxes and prevent customers from mistakenly believing this kind of information.

Stats from Cellopoint global anti-spam Center (CGAC) shows the original form of PDF-spam had rapidly developed in different ways. The virus will mutate, so will spam. These changes still break through Anti-SPAM software and plague receivers. How to response to the latest PDF Spam variation and intercept them has become the important indicator among Anti-SPAM vendors.

During the first half of this year, PDF spam takes image spam’s place. Spammers change their tactics to various social engineering methods in a bid to get through anti-spam filter. When many anti-spam vendors claim that they can resolve Image SPAM, Spammers turn to deliver spam in PDF form. They even try to pack PDF spam as ZIP. Traditionally, collecting semantics or classification database is a temporary approach; it neither catches up with spam nor meets the performance requirements. This only makes the IT staffs completely exhausted.

The spam source, content and format changes frequently, but the behavior is similar, said by the spokesman of Cellopoint Labs. Whether the form of PDF variation or the recent outbreak of ZIP Spam bombs, all could be summed up special signs and had their own characteristic rules contributing ICA database. Adopting Cellopoint 7 * 24 * 365 full-time monitoring and automatic update services will effectively stop spam variant at 100 per cent and effectively protect the enterprise from spam attacks.

From text based spam to HTML, image to PDF, what’s the next?

August 1, 2007 Cellopoint Global Anti-spam Center (CGAC) announced the new ICA pattern for new type of ZIP spam. Following PDF spam, ZIP forms of spam have recently emerged, said by the head of CGAC. The ZIP spam contains a text or MS Office document with a stock promotion. Usually the attachment is no password protected; the mail Body is blank, and Subject might be the ZIP file name or empty.

Recipients must download the compressed file and decompress it then they are finally able to view the contents inside. The ZIP spam becomes a cumbersome email. Spammers sometimes also alter files types, like WINRAR disguised as ZIP. For those users cannot open them with the decompress tool built-in Windows, it takes much more time to cope with ZIP spam. The size of attachments is often small, but with mass inbound traffics would have huge effects in the whole mail system and the Intranet.

According to the report form Cellopoint on August 1, 2007, most of the recipients are not treating PDF and ZIP as spam before opening it. Spammers use social engineering variation to figure out how to reduce users’ psychological defense. Therefore, a breakthrough in the successful interception rate is higher than the Image spam. With various Anti-Spam products in support of resisting PDF spam, spammers increasingly adopt ZIP spam attacks. It’s easily bypassed by Anti-SPAM products. Users should be vigilant.

Founded in 2003, Cellopoint is a supplier of E-mail Security and Management. Headquartered in Taipei, Cellopoint has laboratories across Taipei and Hsinchu cities of Taiwan, collectively called Cellopoint Global Anti-spam Center (CGAC) that serve clients spanning small & medium enterprises (SME), large-scale firms, schools and government institutions, etc.