Internet Security

We found a massive spam operation — and sunk its server

For ten days in March, millions were caught in the same massive spam campaign. Each email looked like it came from someone the recipient knew: the spammer took stolen email addresses and passwords, quietly logged into their email account, scraped their recently sent emails and pushed out personalized emails to the recipient of that sent…


For ten daysin March, millions were caught in the same massive spam campaign.

Each email looked like it came from someone the recipient knew: the spammer took stolen email addresses and passwords, quietly logged into their email account, scraped their recently sent emails and pushed out personalized emails to the recipient of that sent email with a link to a fake site pushing a weight loss pill or a bitcoin scam.

The emails were so convincing more than 100,000 people clicked through.

We know this because a security researcher found the server leaking the entire operation. The spammer had forgotten to set a password.

Security researcher Bob Diachenko found the leaking data and with help from TechCrunch analyzed the server. At the time of the discovery, the spammer’s rig was no longer running. It had done its job, and the spammer had likely moved onto another server — likely in an effort to avoid getting blacklisted by anti-spam providers. But the server was primed to start spamming again.

Given there were more than three million unique exposed credentials sitting on this spammer’s server — hosted onintelimost.com, we wanted to secure the data as soon as possible. With no contact information for the spammer — surprise, surprise — we asked the hosting provider, Awknet, to pull the server offline. Within a few hours of making contact, the provider nullrouted the server, forcing all its network traffic into a sinkhole.

TechCrunch provided a copy of the database to Troy Hunt. Anyone can now check breach notification site Have I Been Pwned to see if their email was misused.

But the dormant server — while it was still active — offered a rare opportunity to understand how a spam operation works.

The one thing we didn’t have was the spam email itself. We reached out to dozens of people to ask about the email they received. Two replied — but only one still had a copy of the email.

The email sent by the spammer. (Image: supplied)

“The same mail appeared on three occasions,” said one of the recipients in an email to TechCrunch. “The subject was related to an email I had sent previously

Read More

Be the first to write a comment.

Leave a Reply

Internet Security

Twitter admits it used two-factor phone numbers and emails for serving targeted ads

Twitter has said it used phone numbers and email addresses, provided by users to set up two-factor authentication on their accounts, to serve targeted ads. In a disclosure Tuesday, the social media giant said it did not know how many users were impacted. The issue stemmed from the company’s tailored audiences program, which allows companies…


Twitterhas said it used phone numbers and email addresses, provided by users to set up two-factor authentication on their accounts, to serve targeted ads.

In a disclosure Tuesday, the social media giant said it did not know how many users were impacted.

The issue stemmed from the company’s tailored audiences program, which allows companies to target advertisements against their own marketing lists, such as phone numbers and email addresses. But Twitter found that when advertisers uploaded their marketing lists, it matched Twitter users to the phone numbers and email addresses users submitted to set up two-factor authentication on their account.

The issue was addressed as of September 17, the disclosure said.

Two-factor authentication is an important security feature that makes it far more difficult for hac

Read More

Continue Reading
Internet Security

Messaging app Kik shuts down as company focuses on Kin, its cryptocurrency

Updated with comment from Kik Kik Interactive CEO Ted Livingston announced today that the company is shutting down Kik Messenger to focus on its cryptocurrency Kin, the target of a lawsuit filed by the Securities and Exchange Commission. The company’s team will be reduced to 19 people, a reduction that will affect more than 100…


Updated with comment from Kik

KikInteractive CEO Ted Livingston announced today that the company is shutting down Kik Messenger to focus on its cryptocurrency Kin, the target of a lawsuit filed by the Securities and Exchange Commission. The company’s team will be reduced to 19 people, a reduction that will affect more than 100 employees, as it focuses on converting more Kin users into buyers.

“Instead of selling some of our Kin into the limited liquidity that exists today, we made the decision to focus our current resources on the few things that matter most,” Livingston wrote in a blog post, adding that the changes will reduce the company’s burn rate by 85%, enabling it to get through the SEC trial.

In an email to TechCrunch, a company spokesperson said “We can confirm that the Kik Messenge

Read More

Continue Reading
Internet Security

This game uses troll tactics to teach critical thinking

The best medicine against online disinformation is an informed society that’s thinking critically. The problem is there are no shortcuts to universal education. Enter Finnish Public Broadcasting Company, Yle, which is hoping to harness the engagement power of gamification to accelerate awareness and understanding of troll tactics and help more people spot malicious internet fakes.…


The best medicine against online disinformation is an informed society that’s thinking critically. The problem is there are no shortcuts to universal education.

Enter Finnish Public Broadcasting Company, Yle,which is hoping to harness the engagement power of gamification to accelerate awareness and understanding of troll tactics and help more people spot malicious internet fakes. It has put together an online game, called Troll Factory, that lets you play at being, well, a hateful troll. Literally.

The game begins with a trigger warning that it uses “authentic social media content” that viewers may find disturbing. If you continue to play you’ll see examples of Islamophobic slogans and memes that have actually been spread on social media. So the trigger warning is definitely merited.

The game itself takes the form of a messaging app style conversation on a virtual smartphone in which you are tasked by the troll factory boss to whip up anti-immigrant sentiment. You do this by making choices about which messages to post online and the methods used to amplify distribution.

Online disinformation tactics intended to polarize public discourse which are depicted i

Read More

Continue Reading
Internet Security

Police hijack a botnet and remotely kill 850,000 malware infections

In a rare feat, French police have hijacked and neutralized a massive cryptocurrency mining botnet controlling close to a million infected computers. The notorious Retadup malware infects computers and starts mining cryptocurrency by sapping power from a computer’s processor. Although the malware was used to generate money, the malware operators easily could have run other…


In a rare feat, French police have hijacked and neutralized a massive cryptocurrency mining botnet controlling close to a million infected computers.

The notorious Retadup malware infects computers and starts mining cryptocurrency by sapping power from a computer’s processor. Although the malware was used to generate money, the malware operators easily could have run other malicious code, like spyware or ransomware. The malware also has wormable properties, allowing it to spread from computer to computer.

Since its first appearance, the cryptocurrency mining malware has spread across the world, including the U.S., Russia, and Central and South America.

According to a blog post announcing the bust, security firm Avast confirmed the operation was successful.

The security firm got involved after it discovered a design flaw in the malware’s command and control server. That flaw, if properly exploited, would have “allowed us to remove the malware from its victims’ computers” without pushing any code to victims’ computers, the researchers said.

The exploi

Read More

Continue Reading