Category Archives: Spam and scams

Gameover botnet targeted in takedown effort

An international law enforcement project to disrupt the Gameover botnet is underway.

Gameover, aka Gameover Zeus or GOZ, is currently installed on up to a million computers worldwide. The botnet is rented out for malicious purposes, including harvesting private information, sending spam email, denial of service (DoS) attacks, extortion, and distribution of various kinds of malware, including the awful CryptoLocker [1,2] ransomware.

This effort to disrupt GOZ has already been very successful: the botnet’s owners are no longer able to control clients. As for Cryptolocker, newly-infected machines can no longer communicate with their controlling servers, which means they are safe, at least for now. Infected machines that are already encrypted are not affected and must still pay the decryption ransom or lose all encrypted information.

Brian Krebs provides additional details on his Krebs on Security blog.

Update 2014Jun09: Brian Krebs has a behind-the-scenes look at what went into this takeover. To this point, the takeover seems to have been 100% effective, but the botnet developers may have more moves left.

Cryptolocker malware is getting worse

A new variant of the nasty malware known as Cryptolocker is appearing on the Internet. Cryptolocker – once it infects your computer – encrypts all your files and then demands money to decrypt them. If you fail to pay within a specified time period, your files become permanently inaccessible.

The new version of Cryptolocker can apparently spread itself via portable media such as thumb drives. It is also often disguised as a software activation program for Photoshop and Microsoft Office on file sharing sites. The original Cryptolocker typically arrived in the form of a fake PDF file.

Disguising Cryptolocker as a software activation program is a particularly devious way to spread the malware. Every day, thousands of people who can’t afford the massively overpriced Office and Photoshop look for alternative ways to use that software, and now those people are going to be risking more than the ire of Microsoft and Adobe.

More holiday scam emails

SANS reports on a holiday-themed scam email showing up in inboxes recently. This one purports to be from a major retailer such as Costco or Walmart, and tries to trick the recipient into clicking a link related to a phony undelivered package.

If you receive such an email, just delete it. If you think the message may be legitimate, don’t click the link; contact the retailer by telephone or go to their official web site and contact them using information provided there.

Two posts on the SANS ISC blog dig into the technical details of this scam.

Canada’s new anti-spam law

Canada is late to the game when it comes to anti-spam laws, but with the recent passing of the “Canadian Anti-Spam Legislation” (CASL), it’s about to get a lot harder for spammers to do their work here (yes, I’m in Canada).

As with other anti-spam laws, the focus of CASL is consent. The following activities will become illegal with the new law: sending a commercial electronic message to a recipient without the recipient’s consent; installing software on a recipient’s computing device without their consent; and altering electronic messages during transmission without the recipient’s consent.

Other activities that will become illegal with the new law include: collection of personal information through access to computing devices; and harvesting electronic addresses from the Internet through automated methods for the purposes of building bulk email recipient lists.

There is no set timeline for enforcement of CASL to begin, but it should be within a few months, and certainly by the end of 2013. Once the law becomes official (comes into force), immediate compliance is expected. However, there will be a three year transitional period during which consent may be assumed for existing relationships.

Several different agencies will be involved in enforcement of the new law: the CRTC, the Competition Bureau, and the Office of the Privacy Commissioner.

Additional highlights:

  • Any commercial electronic message is assumed to be illegal, although there are exceptions.
  • Potential recipients of commercial electronic messages cannot be added to recipient lists automatically. Explicit consent to receive such messages must be given by the potential recipient. In other words, commercial email list subscription must be “opt-in” instead of “opt-out”.
  • Software must not be installed automatically on customer computers. This part of the law is meant to curtail the forced installation of unwanted software along with other (wanted) software.

The new law will present serious challenges to commercial organizations, so it would be wise for all such organizations to begin assessing its impact immediately. Penalties will typically take the form of very steep fines: up to ten million dollars.

An official FAQ for the new law is available.