South African newspaper The Mail & Guardian pulled down its website on Wednesday to protect readers against “sustained attacks” that attempted to infect them with malware. Online editor Chris Roper told The New Age that the hackers had been conducting phishing attacks on the site and the worry was that someone would be duped. …
Not just the newspaper sites
In the past three weeks or so, I've seen a huge uptick in phish and malware hack attacks against all sorts of sites which permit user interaction, from social networking sites to forums to special-interest sites. The bad guys are increasingly seeding such sites with redirectors to malware downloaders, phish pages, and spam pharmacy sites.
Last week, I started receiving nearly 800 emails a day on one of my email accounts, all spamming URLs belonging to social networking sites (the majority hosted on Ning), bulletin boards, newspaper comment pages, and so forth. About half the redirectors seem to be leading to spam pharmacy sites; the other half are about equally divided between virus downloaders, faux antivirus downloaders, bank phish pages, and affiliate porn sites.
As an end user of a custom mail server, using grey listing, I, basicly, get zero spam, as they don't bother resending after the inital rejection.
However, I did get a mail, from 'HSBC', proporting that my account was being closed due to breach of contract.. odd since I don't have an HSBC account..
Worrying thing is, that they are starting to wait for a no delivery, and then resend to bypass a grey list...
Takes them more time, but will negate a filter that worked well for me for a few years :(
I wonder if this is in any way connected to the radical drop in spam from the botnets over the new year?
Another email filtering option
Another option open to you (although a pain in the arse sometimes), is to use a different email address for every contact, registration, etc.
I get basically no spam what so ever. When I do, I just delete the offending email address from the whitelist (I also get to see who the email address was originally given to so I know why leaked it).
RE: End user
I also use a custom private mail server - which still gets zero spam.
But to help this I used another domain with custom addresses (generally the company name) for each and every company I give an email address. I use a generic one for friends and family as that would cause confusion, but very very few people do I ever give out my actual private email address to.
That way I can identify exactly where a spammer got my email address from, companies that pass on my email without consent for marketing purposes and of course and chop them all off instantly without affecting any other email.
Surprisingly, most companies are very good, but there have been a few that have obviously passed on my details to other companies for marketing purposes without my consent.
Re: End user
You have hit the nail on the head in your closing para there.
Greylisting works, as you know, by exploiting the standard "busy now, try again later" function of mail. The botnet clients don't implement a full mail service and merely pump out their spam on a "fire and forget" basis. Once the scrotes have "real" mail servers at their disposal (either theirs or, more usually, someone else's) greylisting only slows spam delivery down and worse still *increases* spam traffic as a lot of it gets sent twice!
You'll probably find that your "HSBC" mail came from a pwned or bot generated webmail account and was different enough to previous variants that your antispam system didn't spot it.
I've said it before and I'll say it again. The webmail services *really* need to admit that they are always going to suffer from account pwnage and start running spam filters over Outbound messages to mitigate the problem. If they don't, then the corp boys are going to blacklist their arses (I've already had one "don't try to contact us using Hotmail as we won't be listening" missive from a business partner). It's in their own best interests too. For example, I'd like to see 'em work out how to sell Google Office for business use when everyone in business with their own mail servers has Gmail blacklisted as a source....
A sign of gross incompetence
So the newspaper takes the site down because they have nobody with the skills to secure their site?