We’ve just seen a new trojan come up. The various virus databases failed to pick it up (well, the dozen or so that we tried it with), with the exception of BitDefender which picked it up via heuristic detection. The Social Engineering component is quite good - as shown below. Who would expect a virus from HMRC.
(more…)

Phishing, scamming and cross-site scripting (XSS) attacks were first used to steal passwords from web-based mail and banking resources.
And from the beginnings of small offences, a new generation of hackers have appeared to trick people to steal money. Launched on bigger scales each time, profits are gaining.
(more…)

An article in the Guardian (Jan 12th) claimed that spam is dead. To test this theory, we compiled a week’s spam from last year and compared them with a week of this year’s spam from a well known email address that has been receiving spam for many years.

(more…)

From the mostly unmentioned, but kinda always knew dept:

Many things in the real world are not binary, but in the security world you can be reasonably happy with sharp distinctions between the good and the bad.
(more…)

We passed a new milestone the other day. 70,000 unique IPs listed in our database of recent spam senders (this is an aged database - if we don’t see any spam after three days, then the IP is dropped - you can access this information in the sbl.internetdefence.net RBL).
(more…)

We’re now seeing a reasonably large number of delivery/non-delivery reports coming back to “joe-job” addresses - the made up addresses that spammers use as the “envelope from” address.
(more…)